Solved

PDC DNS issues

Posted on 2007-03-24
5
1,542 Views
Last Modified: 2008-05-31
We have been having some serious issues with our Primary Domain Controller (Win 2k3). I believe I have found the root of the issue, but am unsure how to resolve it. For some reason, my PDC is not adding a DNS suffix to itself. This holds true when I try to change the Operations Master in AD Domains and Trusts, try to connect to a Domain Controller using AD Domains and Trusts, or even when it registers itself in DNS on it's own server. This what I'm getting for the PDC:

server1

Every other DC looks like this:

server2.domainname.com

I tend to believe this is causing all of my permissions errors for AD on the domain. I have run dcdiag /fix and netdiag /fix, and get the same failure everytime. The big hangup I'm having currently is my PDC is returning:

"*** Warning: could not confirm the identity of this server in the directory versus the names returned by DNS servers. If there are problems accessing this directory server then you may need to check that this server is correctly registered with DNS

Please help me get going in the proper direction.

Thanks,

Colin
0
Comment
Question by:novoconst
  • 3
5 Comments
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Try using netdiag /fix to and see if this can resolve the issue.

By the way you don't have a PDC. What you have is a Domain Controller that happens to host the PDC emulator role. PDCs and BDCs went out with NT4.
0
 

Author Comment

by:novoconst
Comment Utility
Thanks for the reply.

As mentioned above, I have run netdaig /fix numerous times without any positive results. Here is the log for the netdiag /fix I ran after your post.


.....................................

    Computer Name: server1
    DNS Host Name: server1
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : EM64T Family 6 Model 15 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB911564
        KB925398_WMP64
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : LAN

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1.domainname.com
        IP Address . . . . . . . . : 192.168.42.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 192.168.42.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : WAN

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1
        IP Address . . . . . . . . : ############
        Subnet Mask. . . . . . . . : ############
        Default Gateway. . . . . . : ############
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : {F1070CE9-E301-432A-B948-1D42CA8533AE}

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1
        IP Address . . . . . . . . : 192.168.42.120
        Subnet Mask. . . . . . . . : 255.255.255.255
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9214FC7A-148B-4319-9890-7E57F84EBCC6}
        NetBT_Tcpip_{EBC47FE8-0830-4EA9-B580-7E5BE3903B54}
        NetBT_Tcpip_{F1070CE9-E301-432A-B948-1D42CA8533AE}
    3 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'server1.domainname.com.'. [RCODE_SERVER_FAILURE]
            The name 'server1.domainname.com.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.gc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.9afa6df2-9fff-4ff7-aa84-95c523676789.domains._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry 89abb4e2-fa04-44f1-b5ef-9f23b111d22a._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Hamilton-Court._sites.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Hamilton-Court._sites.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Hamilton-Court._sites.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.ForestDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.DomainDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '192.168.42.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9214FC7A-148B-4319-9890-7E57F84EBCC6}
        NetBT_Tcpip_{EBC47FE8-0830-4EA9-B580-7E5BE3903B54}
        NetBT_Tcpip_{F1070CE9-E301-432A-B948-1D42CA8533AE}
    The redir is bound to 3 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9214FC7A-148B-4319-9890-7E57F84EBCC6}
        NetBT_Tcpip_{EBC47FE8-0830-4EA9-B580-7E5BE3903B54}
        NetBT_Tcpip_{F1070CE9-E301-432A-B948-1D42CA8533AE}
    The browser is bound to 3 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] The default SPN registration for 'HOST/server1' is missing on DC 'server1'.
    [FATAL] Cannot do NTLM authenticated ldap_bind to 'server5.domainname.com': Invalid Credentials.
    [FATAL] Cannot do Negotiate authenticated ldap_bind to 'server5.domainname.com': Invalid Credentials.
    [WARNING] Failed to query SPN registration on DC 'server5.domainname..com'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
 
LVL 11

Accepted Solution

by:
AnthonyP9618 earned 500 total points
Comment Utility
Is this server pointing to itself for DNS resolution?

From your post...

Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1
        IP Address . . . . . . . . : ############
        Subnet Mask. . . . . . . . : ############
        Default Gateway. . . . . . : ############
        Dns Servers. . . . . . . . :

You either didn't add #### to cover the IPs for the DNS Servers, or there's no entries for DNS resolution.

In any case, can you paste the results of an ipconfig /all here?
0
 

Author Comment

by:novoconst
Comment Utility
I just checked the card settings for the WAN card mentioned above (I did hide the public IPs with ###). Here is ipconfig /all:

Ethernet adapter LAN:

   Connection-specific DNS Suffix  . : novoconstruction.com
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter
   Physical Address. . . . . . . . . : 00-19-BB-2D-6C-C6
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.42.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.42.1

Ethernet adapter WAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter #2
   Physical Address. . . . . . . . . : 00-19-BB-2D-6C-B6
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 66.7.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 66.7.***.***

The server in question is running NAT via RAS.
0
 

Author Comment

by:novoconst
Comment Utility
Anthony's post got me rolling in the right direction, as I was missing the DNS entry after rebuilding TCP/IP. This however, is what appended my DNS name to make a proper FQDN:

http://support.microsoft.com/?id=257623&sd=RMVP

Hope this helps someone else, it has been a miserable last couple days.

Colin
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now