Solved

PDC DNS issues

Posted on 2007-03-24
5
1,547 Views
Last Modified: 2008-05-31
We have been having some serious issues with our Primary Domain Controller (Win 2k3). I believe I have found the root of the issue, but am unsure how to resolve it. For some reason, my PDC is not adding a DNS suffix to itself. This holds true when I try to change the Operations Master in AD Domains and Trusts, try to connect to a Domain Controller using AD Domains and Trusts, or even when it registers itself in DNS on it's own server. This what I'm getting for the PDC:

server1

Every other DC looks like this:

server2.domainname.com

I tend to believe this is causing all of my permissions errors for AD on the domain. I have run dcdiag /fix and netdiag /fix, and get the same failure everytime. The big hangup I'm having currently is my PDC is returning:

"*** Warning: could not confirm the identity of this server in the directory versus the names returned by DNS servers. If there are problems accessing this directory server then you may need to check that this server is correctly registered with DNS

Please help me get going in the proper direction.

Thanks,

Colin
0
Comment
Question by:novoconst
  • 3
5 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18785826
Try using netdiag /fix to and see if this can resolve the issue.

By the way you don't have a PDC. What you have is a Domain Controller that happens to host the PDC emulator role. PDCs and BDCs went out with NT4.
0
 

Author Comment

by:novoconst
ID: 18785856
Thanks for the reply.

As mentioned above, I have run netdaig /fix numerous times without any positive results. Here is the log for the netdiag /fix I ran after your post.


.....................................

    Computer Name: server1
    DNS Host Name: server1
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : EM64T Family 6 Model 15 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB911564
        KB925398_WMP64
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : LAN

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1.domainname.com
        IP Address . . . . . . . . : 192.168.42.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 192.168.42.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : WAN

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1
        IP Address . . . . . . . . : ############
        Subnet Mask. . . . . . . . : ############
        Default Gateway. . . . . . : ############
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : {F1070CE9-E301-432A-B948-1D42CA8533AE}

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1
        IP Address . . . . . . . . : 192.168.42.120
        Subnet Mask. . . . . . . . : 255.255.255.255
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9214FC7A-148B-4319-9890-7E57F84EBCC6}
        NetBT_Tcpip_{EBC47FE8-0830-4EA9-B580-7E5BE3903B54}
        NetBT_Tcpip_{F1070CE9-E301-432A-B948-1D42CA8533AE}
    3 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'server1.domainname.com.'. [RCODE_SERVER_FAILURE]
            The name 'server1.domainname.com.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.gc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.9afa6df2-9fff-4ff7-aa84-95c523676789.domains._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry 89abb4e2-fa04-44f1-b5ef-9f23b111d22a._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Hamilton-Court._sites.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.dc._msdcs.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Hamilton-Court._sites.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Hamilton-Court._sites.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.ForestDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Hamilton-Court._sites.DomainDnsZones.domainname.com. re-registeration on DNS server '192.168.42.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '192.168.42.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9214FC7A-148B-4319-9890-7E57F84EBCC6}
        NetBT_Tcpip_{EBC47FE8-0830-4EA9-B580-7E5BE3903B54}
        NetBT_Tcpip_{F1070CE9-E301-432A-B948-1D42CA8533AE}
    The redir is bound to 3 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9214FC7A-148B-4319-9890-7E57F84EBCC6}
        NetBT_Tcpip_{EBC47FE8-0830-4EA9-B580-7E5BE3903B54}
        NetBT_Tcpip_{F1070CE9-E301-432A-B948-1D42CA8533AE}
    The browser is bound to 3 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] The default SPN registration for 'HOST/server1' is missing on DC 'server1'.
    [FATAL] Cannot do NTLM authenticated ldap_bind to 'server5.domainname.com': Invalid Credentials.
    [FATAL] Cannot do Negotiate authenticated ldap_bind to 'server5.domainname.com': Invalid Credentials.
    [WARNING] Failed to query SPN registration on DC 'server5.domainname..com'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
 
LVL 11

Accepted Solution

by:
AnthonyP9618 earned 500 total points
ID: 18786115
Is this server pointing to itself for DNS resolution?

From your post...

Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server1
        IP Address . . . . . . . . : ############
        Subnet Mask. . . . . . . . : ############
        Default Gateway. . . . . . : ############
        Dns Servers. . . . . . . . :

You either didn't add #### to cover the IPs for the DNS Servers, or there's no entries for DNS resolution.

In any case, can you paste the results of an ipconfig /all here?
0
 

Author Comment

by:novoconst
ID: 18786460
I just checked the card settings for the WAN card mentioned above (I did hide the public IPs with ###). Here is ipconfig /all:

Ethernet adapter LAN:

   Connection-specific DNS Suffix  . : novoconstruction.com
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter
   Physical Address. . . . . . . . . : 00-19-BB-2D-6C-C6
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.42.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.42.1

Ethernet adapter WAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter #2
   Physical Address. . . . . . . . . : 00-19-BB-2D-6C-B6
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 66.7.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 66.7.***.***

The server in question is running NAT via RAS.
0
 

Author Comment

by:novoconst
ID: 18787324
Anthony's post got me rolling in the right direction, as I was missing the DNS entry after rebuilding TCP/IP. This however, is what appended my DNS name to make a proper FQDN:

http://support.microsoft.com/?id=257623&sd=RMVP

Hope this helps someone else, it has been a miserable last couple days.

Colin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Learn about cloud computing and its benefits for small business owners.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question