Start Free Trial

asked on

DNS Problem I give up!!

Hello I am having this huge problem that I cant figure out how to fix...I am trying to join a windows xp system to my domain but i get an error message every time (error message below).

Funny thing is that the DC is also a DHCP Server and the xp machine can get fine an automatic ip and dns server settings...the DC can ping the xp machine and viceversa...i can also access the DC shares from the xp machine and open files even though the xp machine is setup as a workgroup...error message:

Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name mydomain might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mydomain:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

mydomain
. (the root zone)

For information about correcting this problem, click Help.

when i go to the dns management console on the server and expand my "forward lookup zone" then when i try to expand "mydomain.com" it is not letting me!!...there is no "+" sign to expand the "mydomain.com" folder meaning that there are no _msdcs _sites _tcp __udp etc folders....none of those folders exist.........could that be the reason to my problem??..if so how do i get them back? dont they get created automatically?

I have un-installed and reinstalled DNS as microsoft said in http://support.microsoft.com/kb/310568 but it does not solve the issue, microsoft also asks to modify some registry entries but those registry keys are not in the server... I do not know what else to do I give up..help me please...........is there a way to un-instal dns totally so that when i re install it it wont remember past settings?? i dont know what to do

How many DC's do you have? It sounds like you have only one.

First off all if you are using AD integrated DNS, point the DC to itself for DNS.
Next Make sure you have the DHCP client running on the domain controller. Even though you have a static IP, the DHCP client is responsible for registering SRV records.
Now stop the netlogon service on the DC.
Do an: Ipconfig /registerdns
Now start the netlogon service.

Wait a few minutes and look in DNS and see if the SRV records appear.

See this as well:
http://support.microsoft.com/kb/264539

ASKER

Thanks for the reply, yes I only have 1 DC
I am using AD integrated DNS and it is pointing to itself for DNS in its TCP IP properties
In the services windows DHCP client is running and is setup as "automatic"
I have stopped the netlogon service on DC
Did a ipconfig /registerdns

waited 10 minutes...

nothing :-(

Do you a file called netlogon.dns located in c:\winnt\system32\config

If so open the file with notepad. Does it look like it has SRV entries?

it should look something like this:
_ldap._tcp.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.f9130fa7-4ad6-4149-b112-b9d5a82ea9f7.domains._msdcs.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
fc313fd9-ffe4-4383-bef4-5bc123c9648a._msdcs.yourdomain.com. 600 IN CNAME yourdc.yourdomain.com.
_kerberos._tcp.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_ldap._tcp.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_kerberos._tcp.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_kerberos._udp.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_kpasswd._tcp.yourdomain.com. 600 IN SRV 0 100 464 yourdc.yourdomain.com.
_kpasswd._udp.yourdomain.com. 600 IN SRV 0 100 464 yourdc.yourdomain.com.
_ldap._tcp.DomainDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.ForestDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_kerberos._tcp.default first site name._sites.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_kerberos._tcp.default first site name._sites.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.DomainDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.ForestDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.gc._msdcs.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.gc._msdcs.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
_gc._tcp.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
_gc._tcp.default first site name._sites.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
yourdomain.com. 600 IN A 192.168.0.1
gc._msdcs.yourdomain.com. 600 IN A 192.168.0.1
DomainDnsZones.yourdomain.com. 600 IN A 192.168.0.1
ForestDnsZones.yourdomain.com. 600 IN A 192.168.0.1

You restarted the netlogon service right?

Hey guys,

Just a quick question.

Is the Domain Name like this:

mydomain

Or like this:

mydomain.com

From the error message you're receiving above it suggests it's the former. If that is the case extra configuration steps will be necessary. Windows doesn't like Single Label Domain Names:

http://support.microsoft.com/kb/300684

If that's not the case then ignore that and I'll leave you in Pber's capable hands :)

Chris

ASKER

Pber yes I did restarte the service...here is the output of my netlogon.dns file:

mydomain.com. 600 IN A 192.168.1.100
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver.

Are per Chris's suggestions (BTW: thanks Chris)...Are you using a single Lable domain name?

Also I noticed your netlogon.dns doesn't have FQDN's for the server name (i.e. dellserver.). It should be dellserver.mydomain.com.

Do you have the DNS suffix correctly configured as "mydomain.com" in the TCP/IP settings on the DC?

Note the DNS suffix can be configured a few ways:

One: in the TCP/IP settings DNS TAB in "Append these DNS suffixes (in order)"

two: in the TCP/IP settings DNS TAB in "DNS suffix for this connection"

Also make sure the DNS suffix appears in the system properties page. Right click My Computer, Properties, Network Identification, Properties. At this point is should be the same location that you use to add the machine to the domain. Click the More button.

The "Primary DNS suffix of this computer" be mydomain.com. You should also check the checkbox there are well, but that isn't a deal breaker. Just prevents this entry from being wrong if you switch domain membership.

ASKER

In the DC TCP IP Properties DNS suffix for this connection is blank
Register this connections addresses in DNS is checked

What do you mean if I am using a single label domain name? How do I check that?....(sorry new to this)

Should I edit my netlogon.dns and add dellserver.mydomain.com?

Thanks for all your help guys

ASKER

Pber the "properties" button on the network identification tab is grayed out, I cannot click on it... :-)..

should i add mydomain.com to both of those locations?? : "Append these DNS suffixes (in order)" and in "DNS suffix for this connection"?? or only in one of them?

Well from looking at your netlogon.dns. Your FQDN should be mydomain.com and that is what should be entered in as your DNS suffix. I don't know if this is your actual production name, or if you changed it to protect your network. That same information should also show up in your DNS in your forward lookup zone.

As per Chris's post above. A single label domain will just be "mydomain." with nothing at the end. A normal domain would be "mydomain.com" or "mydomain.local" or "mydomain.int". Don't confuse this with the NetBIOS name which is usually the the single label domain. In this case "mydomain".
What you setup AD, it asks for a FQDN domain name and the NetBIOS domain name.

If your domain is actually "mydomain.com" Enter that in the suffix information as per my previous post and redo the ipconfig /registerdns and the restarting of netlogon.

As far as the suffix, either or both will work. I usually only configure the "DNS suffix for this connection".

Normally that shouldn't be grayed out unless you have certificate services installed. It should tell you why it is grayed out right under that grayed out area.

ASKER

ok I just entered the DNS suffix for this connection: mydomain.com...

how do i know if i am using a single label domain?

ASKER

the properties button is grayed out and there is no explanation below.....the text to the left of that button that says "to rename this computer or join a domain click properties" is also grayed out.,,doesn't this make sense since it is a domain controller? isn't that why is grayed out?

I think you are mydomain.com.

Reason being, your netlogon.dns says that as well as the forward lookup zone indicates that as well.

did you do the registerdns and netlogon restart?

ASKER

yes I did......... :-(...........I guess there is no way to fix this unless i totally un install DNS in a way where when I reinstall it wont remember prior settings or configuration that way i can start fresh

Just to make sure. Have you made sure Dynamic Updates is set to Secure Only on the Forward Lookup Zone for your domain?

Are you still without a Primary DNS Suffix?

If it won't let you change the computer identity it suggests that there's something there to stop it. The reason normally appears just beneath the Change button.

For example, if you have a Certificate Authority installed it'll say:

Note: The identification of the computer cannot be changed because:
- The Certification Authority Service is installed on this computer.

Do you have anything like that?

Chris

ASKER

yes Dynamic Updates is to secure only on the forward look up zone on the domain.....
I added the primary dns suffix in tcp ip properties dns tab..i added my domain.com...
I do not have anything below the properties button.........nothing at all.........i thought it was normal that the button is grayed out since that server is the domain controller....

That shouldn't be the case. You can change the name of a Domain Controller using that button. You just get a warning message stating the limitations of the action.

Admitedly there are better ways to rename a DC, but since we just want access to the Primary DNS Suffix it would help for it to let you in.

If would be worth checking the netlogon.dns file in config again. If it's still listing "dellserver." without the domain name suffixed onto the end then you will still need a way to change it.

Chris

ASKER

If you are referring to the very first line of that netlogon.dns file : mydomain.com. 600 IN A 192.168.1.100

I have manually edited that line using notepad to say dellserver.mydomain.com. 600 IN A 192.168.1.100

ASKER

There is no explanation on why the properties button is grayed out :-(

ASKER

The vent log shows error 1004 and 1004:

The DNS server could not open the file dns\mydomain.com.dns. Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

The DNS server could not find or open zone file dns\mydomain.com.dns. in the %SystemRoot%\System32\Dns directory. Verify that the zone file is located in this directory and that it contains valid data.

ASKER

this is what my file looks like:

dellserver.mydomain.com. 600 IN A 192.168.1.100
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver.

Odd that you're getting the could not open file error. We should probably have a look at flushing out the DNS information entirely and adding it back in.

First, lets have another quick look at that Primary DNS Suffix. If you run "ipconfig /all" the first bit of information it shows you includes the Primary DNS Suffix. Could you confirm what that is at present?

That's just in case it's right and not reporting correctly in netlogon.dns. If it's right there then we can stop worrying about the greyed out Change button.

Moving on, if you want to completely delete the information from DNS there's a little KB article to follow:

http://support.microsoft.com/?kbid=305967

It applies to Windows 2000, and domains upgraded from Windows 2000. If you don't see the zone there just yell and I'll tell you where the 2003 version hides.

Hopefully Pber will be back soon as well, two minds are better than one :)

Chris

ASKER

This is what i get when i do an ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dellserver
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - onboard:

Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-C0-9F-23-5B-55
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.100

C:\Documents and Settings\administrator.SDCSERVER>

ummmmm i just noticed that the very last word in that text above says "SDCSERVER" shouldnt that say DELLSERVER???...does this matter at all??

No, don't worry about that bit. I just don't like the complete lack of DNS Suffix, it's just not a good sign.

I didn't realise it was a 2000 box, that would explain why we can't change the domain information. Although you did link it into the 2000 AD area, so I don't have much of an excuse.

I would be reluctant to try to change the primary DNS suffix in the registry if it's refusing to allow it in the GUI, more likely to break something there.

We could manually enter the Service Records and attempt to bring a new Domain Controller online beside the current one. That may allow you to demote this one, fix the problem and promote it again.

Chris

ASKER

Thanks for the advice however I do not have another server available to bring online. :-( I wold be willing to change the DNS suffix in the registry to see if that works. ..in the tcp ip properties should I check "use this connections DNS suffix in DNS registration" box??.....should i also add "my domain.com in "append these DNS suffixes (in order)???...........as of now the boxes that i have checked are "append primary and connection specific dns suffixes" with append parent suffixes of the primary DNS suffix also checked....

reister this connections addresses in DNS is checked also
use this connections DNS suffix in DNS registration is checked as well

DNS suffix for this connection says my domain.com

ASKER

more weird things............now when i tried to open AD users and computers i get an error:

---------------------------
Active Directory
---------------------------
Naming information cannot be located because:

The network path was not found.

Contact your system administrator to verify that your domain is properly configured and is currently online.
---------------------------
OK
---------------------------

then there is a red x next to ad users and computers

The connection specific suffixes are used by the DNS Resolver, but not really by the server system. They won't change the values it's trying to write back into DNS and such.

Okay, well we still have a number of things open to us. I don't think we've had one yet, so could you run DCDiag please? Really only interested in the failures generated from that.

And don't worry too much about the lack of a physical server. VMWare (or MS Virtual Server) are going to give us everything we need for temporary measures. We need to get that box working first though.

Chris

ASKER

here are the results of DCDIAG:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>dcdiag

Domain Controller Diagnosis

Performing initial setup:
An error cocured during DNS host lookup

C:\Documents and Settings\administrator.SDCSERVER>

:-) this is not good, should i just demote this server to a regualr server and then install cdpromo again?

Not entirely unexpected, but also not entirely helpful.

Do you need to keep what's on the domain at present? We can manually create the necessary DNS entries if it's really required, should work, but there's the chance it might not.

Chris

ASKER

here is an image of my dns..

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101909673270514418

ASKER

what do you mean by wha'ts on the domain present? u mean users created?? i can always recreate users there is only 25...i do not have group policies or anything like that....i just use that server as a DC to authenticate users to the domain so that they can access shares....and iuse it as a dns server ans as a dhcp server

ASKER

mpre config here

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101911537286320914

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101911532991353602

ASKER

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101912207301219106

ASKER

here is an output of dcdiag

Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter - onboard
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dellserver.mydomain.com
IP Address . . . . . . . . : 192.168.1.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Failed
Failed to get UDP packet size information. The error occurred was: The reque
sted service provider could not be loaded or initialized.
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'dellserver.mydomain.com.'. [DNS_ERROR_NO_TCPIP]
The name 'dellserver.mydomain.com.' may not be registered in
DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.100'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
'SDC': No DCs are up.
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'dellserver'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

ASKER

here is an output of netdiag /fix

Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter onboard
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dellserver.mydomain.com
IP Address . . . . . . . . : 192.168.1.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Failed
Failed to get UDP packet size information. The error occurred was: The reque
sted service provider could not be loaded or initialized.
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'dellserver.mydomain.com.'. [DNS_ERROR_NO_TCPIP]
The name 'dellserver.mydomain.com.' may not be registered in
DNS.
[FATAL] Failed to fix: DC DNS entry mydomain.com. re-registeration on
DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.mydomain.com. re-regis
teration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.stainlessdesign.co
m. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.mydomain.com
. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.mydomain.com. re-registeration on DNS server '192.168.1.100'
failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317
946f9cd.domains._msdcs.mydomain.com. re-registeration on DNS server '192.
168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry gc._msdcs.mydomain.com. re-regist
eration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry bff6401a-7add-4579-b4cd-c03aaedefd6e._ms
dcs.mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.stainlessdesign
.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.mydomain.com. re-registeration on DNS server '192.168.1.1
00' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.mydomain.com
. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.mydomain.com. re-registeration on DNS server '192.168.1.100'
failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.mydomain.com. re-r
egisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _gc._tcp.mydomain.com. re-registe
ration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.mydomain.com. re-r
egisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.mydomain.com. re-re
gisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.mydomain.com. re-re
gisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '192.168.1.100'.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
'SDC': No DCs are up.
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'dellserver'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

If you load nslookup and attempt to resolve host names, can you resolve non FQDN host names?
i.e.
If you do a: nslookup dellserver
Do you get an address? This would implay your connection specific suffix is working.

If not, does this work: nslookup dellserver.mydomain.com

During Disaster Recovery testing that I have done to see what happens if DNS is completely deleted and you can't restore it. I've successfully got AD back up and running by manually entering in all the DNS SRV records via the information in the netlogon.dns file. It usually takes a bit of time since you have to get all the SRV records in the right nodes.

ASKER

This is what I get when i use nslookup:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver
*** Can't find server name for address 192.168.1.100: No response from server
*** Default servers are not available
Server: UnKnown
Address: 192.168.1.100

*** UnKnown can't find dellserver: No response from server

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver.mydomain.com
*** Can't find server name for address 192.168.1.100: No response from server
*** Default servers are not available
Server: UnKnown
Address: 192.168.1.100

*** UnKnown can't find dellserver.mydomain.com: No response from server

C:\Documents and Settings\administrator.SDCSERVER>

ASKER

How can I completely uninstall DNS ( also entries form the registry) and AD? I guess I need to uninstall AD too since I cant access AD users and computers

When we are referring to "mydomain.com" you are substituting your actual domain name for that right? I noticed in your DNS screenshots you blocked out the actual name for security reasons.

ASKER

Yes that is correct

ASKER

At this point I want to completely un install AD and DNS since both of them are not working, Is there a way to remove those 2 so that when I re install the old settings wont be remembered? ( I guess I need to delete dome registry keys but cant find anywhere on line what and where those keys are

Is this a test network or is this your production? Do you have client machines on it?

Since AD is so messed up, I don't think dcpromo will work to make it a normal server as it won't be able to connect to AD to remove itself.
You might just be best off rebuilding the OS and then dcpromo it again. If you can, rebuild it as Server 2003 as AD is much better on 2003 than 2000.

ASKER

This is a production network. The server is used to authenticate users and access server shares. This server is the only Domain Controller, DNS Server Print server and DHCP Server in the network. At this point I do not think it is authenticating users and that they are able to login to their system based on local cache information in their computers. They can access shares OK. Rebuilding the entire server is not an option.

Is there a way to completely remove DNS and AD?? ( from the registry and add remove programs so that it wont remember old settings when re installed )

I agree with Pber entirely. The particular problem we bumped into here could have been resolved without rebuild with 2003.

Chris

Do you have backups of the server. Doing a restore from a point where AD wasn't messed up might be the only way.

Another attempt at DNS fix...since DNS is so messed up on that machine, try anther if possible.
Do you have another server around? If so, install DNS on that server and make a primary zone with the same name as your mydomain.com zone. Make sure you allow Nonsecure and secure updates
Now point your DC at that machine.
Do an ipconfig /registerdns on the AD machine.
Does it show up in that DNS.

If so, try re-starting your netlogon service. or doing a netdiag /fix

ASKER

I do not have a system state backup, and I do not have another server around. This network has only 10 client machines. This is why I am thinking my only option is to un -install AD and DNS completely.

So if you try to resolve any name that is currently listed in your DNS via Nslookup, you don't resolve anything?

What if you load: nslookup
then type: set d2
then enter a any host name like: dellserver, mail, marys
What do you get for results on that.

It sounds to me like you DNS server isn't running properly. If you load the DNS mmc and select the properties for the server, select the interfaces TAB, what is the Listen On set to?

ASKER

here is the output for that command

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>nslookup
*** Can't find server name for address 192.168.1.100: No response from server
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.100

> set d2
> dellserver
Server: UnKnown
Address: 192.168.1.100

------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
dellserver, type = A, class = IN

------------
socket (dg) failed: No error
SendRequest failed
*** UnKnown can't find dellserver: No response from server
>

AS far as the itnerfaces tabe it is set to "all IP addresses" is this correct??

Since your zone is AD integrated and AD can't find itself, you are in a catch 22 situation where DNS can't talk to AD to get DNS entries for AD.
Have you tried to do a reload on the DNS zone?

ASKER

Yes I deleted my forward lookup zone and recreated it. Still the automatic folders that are suppose to get created mydomain.com DO NOT get created automatically.

Ho are you creating the new zone? Primary or AD integrated?

I still think you'd have to manually add them to get it to come close to resembling normal behaviour.

Chris

ASKER

I have tried both way, Primary and AD integrated.......

Manually add what Chris?? you mean the _msdcs _sites _tcp __udp etc folders.??

That's what I'm thinking.

Try this:

Create a new Primary zone call it the same as your domain (as you have already been trying)
Once that is done, go to: c:\winnt\system32\config\
Open your netlogon.dns file and copy all the text.
Go to: c:\winnt\system32\dns\
You should have a file called: mydomain.dns <- this is the zone file for your new primary zone mydomain.com
Open that file and at the paste the text from the netlogon.dns.

The mydomain.dns file should look something this:

;
; Database file mydomain.dns for mydomain.com zone.
; Zone version: 2
;

@ IN SOA dellserver.mydomain.com. something.mydomain.com (
      2 ; serial number
      900 ; refresh
      600 ; retry
      86400 ; expire
      3600 ) ; default TTL

;
; Zone NS records
;

@ NS      dellserver.mydomain.com
;
; Zone records
;

1 A      0.0.0.0
dellserver.mydomain.com. 600 IN A 192.168.1.100
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver

Save that file and then in the DNS console, right click your mydomain.com zone and select reload
What does your dns look like?

I'm thinking it might be good to fake "dellserver." as "dellserver.mydomain.com.", otherwise it'll fail on lookup for "dellserver.".

Either that, or add a new Forward Lookup Zone called dellserver, then put the IP Address into there with no name (so it ends up with "Same as Parent Folder").

Chris

Good point.

Normally all the entries would be like this:
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.

They should look like this:
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.

Woops, a slight typo there:

Normally all the entries wouldn't be like this (missing mydomain.com as per Chris's comment):
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.

They should look like this:
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.

ASKER

pber I cant create a new primary zone with my domain name, there si already one there. It wojnt allow me to create another forwardlookup zone with the same name.....should I delete it?

Since DNS seems fried and you've deleted it and recreated it already, go ahead and delete it and do the process above. Make sure you make it a primary zone and don't store it in AD.

ASKER

ok i am trying that now....(crossing fingers)

ASKER

oh wow,,i think it worked! ,i did what you suggested...this is what mydomain.com.dns file looks like :

;
; Database file mydomain.com.dns for mydomain.com zone.
; Zone version: 1
;

@ IN SOA dellserver.mydomain.com admin. (
      1 ; serial number
      900 ; refresh
      600 ; retry
      86400 ; expire
      3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS      dellserver.mydomain.com

;
; Zone records
;

1      A      0.0.0.0

dellserver.mydomain.com. 600 IN A 192.168.1.100
mydomain.com. 600 IN A 169.254.188.253
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
gc._msdcs.mydomain.com. 600 IN A 169.254.188.253
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver.

below is a screenshot of what my dns console looks like, i think there are some erros on it because on the SOA and Name Server data values, mydomain,com is listed twice...(llok at link below).....can i just edit this in dns management so that it is only listed once??? or should i leave it the way it is?

http://picasaweb.google.com/carlosb2005/Carlos/photo#5102308297775190834

That's a start.

Ok, now can you resolve anything in your DNS using nslookup?

ASKER

if you look at the data values of those 2 entires you will see it says dellserver.mydomain.com.mydomain.com

i know is hard to tell because i ahve it with red over it

should i change this??

You need to correct those records, so they look like this:

@ IN SOA dellserver.mydomain.com. admin. (
1 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS dellserver.mydomain.com.

It just adds a trailing ".", that stops it suffixing "mydomain.com" onto the end of the name.

Chris

Yeah, you need to change those records via the properties of the zone. One in the SOA TAB, and the other in the Name Server TAB (change it, then click resolve, then you'll be allowed to click ok).

Once that is done, and it looks good, you can then push that setting back into the zone file via "Update Server Data file" for that zone.

Or quicker yet, just change the file as per Chris's suggestion and just do another Reload.
thanks Chris. (:

ASKER

Chirs ok this is what it looks like now please let me know if it looks ok:

;
; Database file mydomain.com.dns for mydomain.com zone.
; Zone version: 4
;

@ IN SOA dellserver.mydomain.com. admin. (
      4 ; serial number
      900 ; refresh
      600 ; retry
      86400 ; expire
      3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS      dellserver.mydomain.com.

;
; Zone records
;

@ 600      A      169.254.188.253
1 A      0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600      CNAME      dellserver.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 88      dellserver.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 389      dellserver.
_kerberos._tcp.dc._msdcs 600      SRV      0 100 88      dellserver.
_ldap._tcp.dc._msdcs 600      SRV      0 100 389      dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600      SRV      0 100 389      dellserver.
gc._msdcs 600      A      192.168.1.100
600      A      169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600      SRV      0 100 3268      dellserver.
_ldap._tcp.gc._msdcs 600      SRV      0 100 3268      dellserver.
_ldap._tcp.pdc._msdcs 600      SRV      0 100 389      dellserver.
_gc._tcp.default-first-site-name._sites 600      SRV      0 100 3268      dellserver.
_kerberos._tcp.default-first-site-name._sites 600      SRV      0 100 88      dellserver.
_ldap._tcp.default-first-site-name._sites 600      SRV      0 100 389      dellserver.
_gc._tcp 600      SRV      0 100 3268      dellserver.
_kerberos._tcp 600      SRV      0 100 88      dellserver.
_kpasswd._tcp 600      SRV      0 100 464      dellserver.
_ldap._tcp 600      SRV      0 100 389      dellserver.
_kerberos._udp 600      SRV      0 100 88      dellserver.
_kpasswd._udp 600      SRV      0 100 464      dellserver.
dellserver A      192.168.1.100

That looks good. You may also want to put the proper FQDN addresses for the dellserver. entries that Chris mentioned earlier.

thus:

;
; Database file mydomain.com.dns for mydomain.com zone.
; Zone version: 4
;

@ IN SOA dellserver.mydomain.com. admin. (
4 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS dellserver.mydomain.com.

;
; Zone records
;

@ 600 A 169.254.188.253
1 A 0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600 CNAME dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
gc._msdcs 600 A 192.168.1.100
600 A 169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600 SRV 0 100 3268 dellserver.mydomain.com.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 dellserver.mydomain.com.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_gc._tcp.default-first-site-name._sites 600 SRV 0 100 3268 dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites 600 SRV 0 100 389 dellserver.mydomain.com.
_gc._tcp 600 SRV 0 100 3268 dellserver.mydomain.com.
_kerberos._tcp 600 SRV 0 100 88 dellserver.mydomain.com.
_kpasswd._tcp 600 SRV 0 100 464 dellserver.mydomain.com.
_ldap._tcp 600 SRV 0 100 389 dellserver.mydomain.com.
_kerberos._udp 600 SRV 0 100 88 dellserver.mydomain.com.
_kpasswd._udp 600 SRV 0 100 464 dellserver.mydomain.com.
dellserver A 192.168.1.100

What does a dcdiag do now?

ASKER

dc diag still gives the error "an error ocurred during dns host lookup"..below is a link to ns lookup output and dns management...do i need the host 1 listed there?? also do i need the same as parent folder entry that points to 169.....??

http://picasaweb.google.com/carlosb2005/Carlos/photo#5102314246304895810

What about nslookup dellserver.mydomain.com

BTW, the error:

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver
*** Can't find server name for address 192.168.1.100: No response from server <- normal if no reverse lookup zone

*** Default servers are not available <- normal if no reverse lookup zone

Server: UnKnown <- normal if no reverse lookup zone
Address: 192.168.1.100

*** UnKnown can't find dellserver: No response from server <- this bothers me, it would seem that you can't even talk to your DNS server.

I suppose I should have asked this question first... What happened to make this problem occur? Do you have IPsec or TCP/IP filtering set in the TCP/IP properties of the client on the AD server?

ASKER

same result for dellserver.mydomain.com

By the way I truly aprreciate all of this help guys

ASKER

also now when i try to join a new client to the domain now at least i get asked for my user name and password..before it wouldnt do that............the only thing is that after i enter the user name and password for the admin account on the domain i then get a message back saying 'the specified server could not perform theo operation"

ASKER

still when i try to open active directory users and computers i get the error message :

Naming information cannot be located because:

The network path was not found.

Contact your system administrator to verify that your domain is properly configured and is currently online.

It would seem the client can read your DNS, but your server itself can't read DNS.
I presume if you do the same nslookup on the client, you would get a response as expected as it seems it can find the required SRV records.

Back to my previous question:
"What happened to make this problem occur? Do you have IPsec or TCP/IP filtering set in the TCP/IP properties of the client on the AD server?"

At this point (barring the responce my the question above), I would be tempted to rebuild the TCP/IP stack. This would involve deleting the NIC from device Manager and then rescanning for hardware changes. Let it rediscover the nic.
Once it does that, reconfigure the TCP/IP settings as per what they were before. DNS should pick up the NIC as you said before it was listening on all interfaces.

ASKER

Pber you are correct on your first paragraph.....seems like server itself cant read dns, doing an ns lookujp on the client i do get the same response (it doesnt work).....

I do not have an answer to what happened when this started happening..as far as i know nothing happened but we had an admin that left the company recently and who knows if he did something..

I do not have ipsec or filtering at all ...never used that..

i will uninstall the nic form dev manager then scan for hardware changes and then see what happens

just remember something...that server has 2 nics...we were using only one that was 100 mbps but recently we switch the network cable to use the other card because it is a 1000 mbps........could this have cause the problem??....

Two NICS can cause this problem. If you want to keep the 1000Mbps NIC, make sure you unconfigure and disable the 1000MBPs NIC. I'm not sure if your network, but if your switch that your DC is connected to supports Gbps Nics, then both ends should have matching configs.

i.e. The switch might have been configured at 100Mbps/Full duplex and now that you've started using the 1000Mbps NIC, the duplex is set to auto.

Make sure with your network guys what the port is set to. Chances are it is configured for 100/Full, if so set your NIC speed/duplex to match at 100/Full.
If your switch is configured as Auto/Auto, set your NIC speed/duplex to Auto/Auto.

Further to my previous post, you could use both NICs at once, following the Speed/Duplex rules that I stated earlier, but you need teaming software. Teaming allows you to use fail on fault or bandwidth aggregation to provide better availability or speeds.

I'm not sure of the model of Dell server you have. Dells use one of two NIC types, Intel or Broadcom. Each requires a different Teaming software. Intel NIC use the ProSET software to team, while Broadcom uses

Long story short, I would not team for now and see if we can get this to work without teaming.

Also make sure that since you have multiple NICS that you configure the DNS server to only listen on the configured NIC and not on all interfaces or both NICS.

ASKER

there was no switch configuration done or nic configuration........the switchb supports 100/1000 on all ports

si i guess both ends are st to auto..

the server has interl nics

where do i configure the dns server to only listen on the 1000mbps nic? i cant find it

ASKER

nevermind i found where to configure it..it is in the interface tab an it is set to listen to only 192.168.1.100........should i make the zone AD integrated?

Is AD now working?

ASKER

no it's no, i still get the error:
Naming information cannot be located because:

The network path was not found.

Contact your system administrator to verify that your domain is properly configured and is currently online.
back to top

Can you resolve yet with nslookup?

ASKER

no, cant resolve netiher :-(

If you do a netstat -e on the DC, Do you see Errors?

ASKER

funny thin is that now i see host entries in the dns forward lookup zone for my clients..so i guess now clients are registering correctly in dns....there is a while bunch of new hosts records that i did not add manually...

output for netstat -e is:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>netstat -e
Interface Statistics

Received Sent

Bytes 1699964933 353981210
Unicast packets 15811650 22950897
Non-unicast packets 59166 7349
Discards 0 0
Errors 0 0
Unknown protocols 37

C:\Documents and Settings\administrator.SDCSERVER>

ASKER

wow i was able to join the client machine to the domain!!!...........problem now is that i AD is down so I cant access users and computers to create users:-(.........

So AD is kinda up....?

It still stumps me that you can't resolve dns queries on the client and yet they are doing DDNS registration and you can add computers to the domain.

When you load the AD users and Computers, right lcick Ad users and computer at the top and select Connect to Domain and try your FQDN. If that does work, try Connect to Domain Controller and pick either just dellserver or dellserver.mydomain.com
You can also load the ADminpak.msi on a client machine and attempt to connect to the DC that way.

What kind of event log entries are you getting now?

I have to take off now for the weekend. I may check in now and then over the weekend. If not, I'll talk to you next week.

Anyhow, it sounds like we are close to getting this back up.

good luck.

ASKER

thanks.........now when i rebooted the server it can not get online:-(

I was afraid of that.

When you reboot, press F8 while rebooting and boot into Active Directory Restore mode (Essentially Safe mode for AD).

AD will not attempt to run, but you might be able to play around with the DNS suffix (the area that was grayed out).
Also we need to get this server to resolve dns because that seems to be the entire problem. The machine can't read its own dns.

You might need to boot into safe mode with networking. But see if you can ping 127.0.0.1 as well as 192.168.1.100. Also try some nslookups again.

ASKER

wish I got your message before a few things I did......from client computers I was able to ping the server but was not able to access any server shares at all...it was as if the nic card was not working but ibviously it was since I was able to ping it....anyway I made both nics to get ips and dns servers automatically....reboot it the server and nothing...for now I made the router give ips ....so now clients get ips and dns form the router..(192.168.1.1) ...i un installed dns from the server...delted the dns folder from system 32 and the dns files from the config folder....at this point I do not want this server to give ips or be the dns server since the router is doing that fine.......i just want client computers to be able to access server shares , this is critical.....im thinking aobut removing both nics from device manager and then reboot the server so that they get installed automatically and hopefully it will get an ip from the router and client computers can access the server shares..........what do u think??...if I get that to work I would dcpromo to un install ad and then reisntall ad from scratch gving it a new domain name

ASKER

I just need to do something so that client computers can once again access server shares...i need to make one of those nics to work properly...i cannot access that server anymore, I was doing that using gotomypc but the server does not go on line anymore but I have a guy that is physsically near the server and he can do whatever we need to do to it

Hey again,

Decorating this weekend, but I should be able to pop back to see how you're getting on if you're working on this now.

The problem with using the Router to handle the DNS for your network is that it won't support the service records that we had to put in manually. If it won't do that then your clients will have a lot of trouble logging on, and therefore a lot of problems accessing network resources.

At this point that may not be such a big impact of course.

What's the current state of the NICs?

All the PCs on your network are joined to the domain right? If we go down the route of redoing AD they will all need joining again. Clearly we need the NICs present for that, and it must have a static IP because we won't be able to get around the need to run DNS on the server.

Chris

ASKER

The NIC's are enabled but for some reason they are not working, I cannot get online. I don't know why all of this started when I rebooted the server. I don't want that server to be DNS server anymore nor DHCP. Clients are joined to the domain and even though the server is down they can login fine and access the internet fine. They just cant access the server shares.. I just want the nic to work again so that clients pcs can see the server and access the shares, that's all I want at this point, so im going to uninstall the nics from device manager and reboot the server so that they can get installed again automatically to see if that fixes the issue and hopefully the server will get an ip from the router and can access the internet....

ASKER

Hi guys, as I said I uninstalled DNS and DHCP server from the server. I then re-installed TCP/IP and now the nic's are working again! The server can go online and clients can access server shares. I tried re installing DNS server but when I recreate the forward lookup zone again it does not automatically re-create the subfolders and in the event viewer log i see and error that it cannot find the mydomain.com.dns file which is weird because i checked the dns folder and it is there.. it is a new created file because i deleted the old one so it is very small there are not _ldap entries or anything like that...this sucks

Sometimes if there is a slight typo in the dns file it does that.

Try re-doing the procedure again. Delete the old zone, then re-create the forward primary zone non-AD integrated. Then open the mydomain.com.dns file and re-paste the netlogon.dns info back in and then try a reload.
Essentially the info at the post above with the ID of: 19763738

ASKER

Pber is this below EXACTLY what is suppose to look like? (of course mydomain.com is replaced by my real domain name.com)

;
; Database file mydomain.com.dns for mydomain.com zone.
; Zone version: 4
;

@ IN SOA dellserver.mydomain.com. admin. (
4 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS dellserver.mydomain.com.

;
; Zone records
;

@ 600 A 169.254.188.253
1 A 0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600 CNAME dellserver.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 88 dellserver.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 389 dellserver.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600 SRV 0 100 389 dellserver.
gc._msdcs 600 A 192.168.1.100
600 A 169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600 SRV 0 100 3268 dellserver.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 dellserver.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 dellserver.
_gc._tcp.default-first-site-name._sites 600 SRV 0 100 3268 dellserver.
_kerberos._tcp.default-first-site-name._sites 600 SRV 0 100 88 dellserver.
_ldap._tcp.default-first-site-name._sites 600 SRV 0 100 389 dellserver.
_gc._tcp 600 SRV 0 100 3268 dellserver.
_kerberos._tcp 600 SRV 0 100 88 dellserver.
_kpasswd._tcp 600 SRV 0 100 464 dellserver.
_ldap._tcp 600 SRV 0 100 389 dellserver.
_kerberos._udp 600 SRV 0 100 88 dellserver.
_kpasswd._udp 600 SRV 0 100 464 dellserver.
dellserver A 192.168.1.100

Looks good. I don't know why this wouldn't load. Possible the version number needs to be higher than what your current zone is:
4 ; serial number < jack this up to something bigger than the currect zone number.

Also, you may opt to add "mydomain.com." to suffix all your references to "dellserver."

ASKER

what should I change the zone number 4 to??...5? 6? 7?

Yes to every dellserver entry I will add mydomain.com next to it

I would only change the zone number if modifying the dns file won't load or re-load. The actual number isn't too important, just as long as it is larger than the current zone number that is currectly displayed in the DNS MMC.

Make sure the when adding mydomain.com to the end of dellserver. is mydomain.com. <- note the "." at the end.

ASKER

ok I will try it, thanks :-)

ASKER

every time i re install DNS server the mydomaincom.dns file that gets created looks like the text below..is that normal?? is that what it should look like when i gets created??

;
; Database file mydomain.com.dns for mydomain.com zone.
; Zone version: 3
;

@ IN SOA dellserver. admin. (
      3 ; serial number
      900 ; refresh
      600 ; retry
      86400 ; expire
      3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS      dellserver.
dellserver. A      192.168.1.100

;
; Zone records
;

stuartw 1200      A      192.168.1.132

When you re-install DNS and recreate a zone, it will do that. Normally you don't uninstall DNS, that is a major change, so it likely will clear out the dns folder. If you just delete a zone, it usually will leave the .dns file there, so later you can re-create the zone and select the existing zone file.

You can always just modify the file as we've been doing and just select reload and it should load the new changes.

ASKER

ok here is my final mydoamin.com.dns this is exacly what I will place in the config folder....file can you please take a quick look at it and make sure its ok?....i added mydmain.com. after every entry that says dellserver except the very last line:

;
; Database file mydomain.com.dns for stainlessdesign.com zone.
; Zone version: 3
;

@ IN SOA dellserver. admin. (
      3 ; serial number
      900 ; refresh
      600 ; retry
      86400 ; expire
      3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS      dellserver.mydomain.com.
dellserver.mydomain.com. A      192.168.1.100

;
; Zone records
;

@ 600 A 169.254.188.253
1 A 0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600 CNAME dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
gc._msdcs 600 A 192.168.1.100
600 A 169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600 SRV 0 100 3268 dellserver.mydomain.com.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 dellserver.mydomain.com.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_gc._tcp.default-first-site-name._sites 600 SRV 0 100 3268 dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites 600 SRV 0 100 389 dellserver.mydomain.com.
_gc._tcp 600 SRV 0 100 3268 dellserver.mydomain.com.
_kerberos._tcp 600 SRV 0 100 88 dellserver.mydomain.com.
_kpasswd._tcp 600 SRV 0 100 464 dellserver.mydomain.com.
_ldap._tcp 600 SRV 0 100 389 dellserver.mydomain.com.
_kerberos._udp 600 SRV 0 100 88 dellserver.mydomain.com.
_kpasswd._udp 600 SRV 0 100 464 dellserver.mydomain.com.
dellserver A 192.168.1.100

good except for the SOA record (i've can load this into my dns server with no problems):

;
; Database file mydomain.com.dns for stainlessdesign.com zone.
; Zone version: 3
;

@ IN SOA dellserver.mydomain.com. admin. (
3 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ NS dellserver.mydomain.com.
dellserver.mydomain.com. A 192.168.1.100

;
; Zone records
;

@ 600 A 169.254.188.253
1 A 0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600 CNAME dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
gc._msdcs 600 A 192.168.1.100
600 A 169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600 SRV 0 100 3268 dellserver.mydomain.com.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 dellserver.mydomain.com.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 dellserver.mydomain.com.
_gc._tcp.default-first-site-name._sites 600 SRV 0 100 3268 dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites 600 SRV 0 100 88 dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites 600 SRV 0 100 389 dellserver.mydomain.com.
_gc._tcp 600 SRV 0 100 3268 dellserver.mydomain.com.
_kerberos._tcp 600 SRV 0 100 88 dellserver.mydomain.com.
_kpasswd._tcp 600 SRV 0 100 464 dellserver.mydomain.com.
_ldap._tcp 600 SRV 0 100 389 dellserver.mydomain.com.
_kerberos._udp 600 SRV 0 100 88 dellserver.mydomain.com.
_kpasswd._udp 600 SRV 0 100 464 dellserver.mydomain.com.
dellserver A 192.168.1.100

ASKER

in line 2 of the file should there be a dot after stainlessdesign??? I noticed that there is no dot in the last file thatyou posted (the second line of the file)

ASKER

line 2 of the file "stainlessdesisgn.com" should there be a dot after .com ??

nope. anything after a ";" is a comment and ignored.

ASKER

ok so the file is ready then...I will re-install DNS, after that I need to look at the zone number of the newly created zone, and if it is 3 or more then i need to edit the mydomain.comdns file to say 4 or higher correct? i would then paste the new mydomain.com.dns file in the dns folder and then reload..right?....then ill reboot the server and pray that tcp/ip wont get messed up again

If the zone loads from the mydomain.com.dns file don't mess with the serial numbers. The only reason why I mentioned that is because you were having some issues with getting DNS to load the zone several posts ago.

ASKER

It seems like it worked (partially). Clients are now showing as hosts in dns mangement , I guess they are properly registering. However hen I do nslookup it still not working.below is the outout (i did ithis form the server)

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>nslookup
*** Can't find server name for address 192.168.1.100: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.100

>

also when i try to browse through my network places from a client computer and when i go to "entire network" and click on mydomain.com i get a message that it is not available..however I can access the server from the client if click on START then click on RUN then type \\servername and hit enter.

C:\Documents and Settings\administrator.SDCSERVER>nslookup
*** Can't find server name for address 192.168.1.100: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.100

As per (https://www.experts-exchange.com/questions/22780042/DNS-Problem-I-give-up.html?cid=238&anchorAnswerId=19763949#a19763949), this is normal when you have no reverse lookup.

What happens if you try and nslookup dellserver?

ASKER

I do have a reverse lookup zone ...........however there are no pointers in it ...there are only 2 records there SOA and nameserver....if i do nslookupdellserver or nslookup dellservermydomain.com i get the same results.......should i delete and recreate the recerse lookup zone???...please look at the image below..

http://picasaweb.google.com/carlosb2005/Carlos/photo#5103757402560992082

ASKER

here is on of the reverse lookup zone...should i deleted and recreate it??...if so is there any special way I should do that?..look below please

http://picasaweb.google.com/carlosb2005/Carlos/photo#5103758394698437474

ASKER

also i do not know if it matter but the forward lookup zone zone number is 22 and for the reverse lookup zone is 1....does that matter??

The reverse looks fine.

Generally when I create a reverse lookup I'll make it for a more broad subnet range as opposed to creating one for each subnet as this will become a maintenance issue. If you have only one subnet or very few, it's not that bad. If if you have lots, you'll want to do it more general.

What I'm getting at is instead of 192.168.1.X, I'll make it 192.168.x.x (192.168.in-addr.arpa). This way it will autocreate the subnet folder under the 192.168.x.x as records are created. In this case, you should see a "1" folder under that 192.168.x.x.

If you don't plan on creating more subnets, don't worry about the above.

Once you create a PTR record for dellserver under 192.168.1.x, the nslookup errors will clear up as nslookup will be able to resolve 192.168.1.100 to dellserver.

The zone serial numbers are nothing to worry about. They increment after each change to that zone. It is used by internal DNS processing as well as it helps for DNS troubleshooting to see if your dns is updating.

ASKER

should i create the ptr record 192.168.1.100 for dellserver or for dellserver.mydomain.com??

ASKER

also should there be a "dot"? after dellserver / dellserver.mydomain.com?

ASKER

I added two pointers with out a "dot". one for dellserver and one for dellserver.myhdomain.com.... still below is what i get..did i do something wrong or do i need to ait a few minutes?

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver
Server: dellserver.stainlessdesign.com
Address: 192.168.1.100

*** dellserver.stainlessdesign.com can't find dellserver: Server failed

C:\Documents and Settings\administrator.SDCSERVER>

AFAIK all dns entries as a ".' at the end.

Reverse lookups should be FQDN. Forward lookups can be left as just the servername as DNS will make it inherit the zone name of the parent if it is left blank.

That should have been...

AFAIK all dns entries should have a "." at the end.

ASKER

shouldn't the SOA on the reverse lookup zone point to the FQDN?...it is now pointing only to "dellserver"

ASKER

the name server in the reverse lookup zone is also pointing to dellserver and not the FQDN is this ok?

Yes it should. The reverse lookup requires FQDN as it needs to know what forward zone to query.

How is your AD working?

ASKER

ok i will edit those reverse lookup zones to have the FQDN instead of just dellserver. I can access AD fine now.

That's great.

ASKER

i just saw that the reverse lookup zone is Active Directory integrated...maybe this is why nslookups are not working???? since the forward lookup zone is not Active directory integrated??...also it was not allowing dynamic updates.............should i change the reverse lookup zone to be standard primary and to allow dynamic updates??

ASKER

or will it be better if i delete the reverse lookup zone and recreate it??

Now what AD seems to be alive, we should tweak your DNS a little. Normally you would allow "Secure Only" dynamic updates. This is for security reasons. It means, just trusted computers on your AD network can do DDNS updates in the applicable zone. Non-secure and secure means anyone can insert new DNS records in your network.
Normally I would also suggest making all DNS zones AD integrated as this would optimize the DNS replication to all your DC's. Since you only have 1 DC (and with all the problem you had), this isn't a huge issue. That being said I strongly suggest getting (or at least budgeting for) a second domain controller. As you seen, this is very important to be up and having two will help lots if one starts failing.

ASKER

thanks, should i delete and recreate the reverse lookup zone?? nslookup is not working and I think thats has something to do with why my client computer cannot browse mydomain from my network places....

ASKER

there is something wrong because from the server if i go to the run window and type \\client_name i get a network path was not found message...but if i do the same thing and type the ip adress of the client instead , i can access the client fine.......I can only access the client by ip address and not name. i even addedd the pionter for the client in the recerse lookup zone but still nothing :-(........this is why i was asking if i should delete and recreate the recreate the reverse lookup zone

Lets not worry about reverse for now because that isn't needed for name to ip resolution.

If you try and do a \\client_name.mydomain.com do you get something?

I'm thinking you still have the DNS suffix problem.
What do your DCdiag and Netdiags show? Are they coming up cleaner?

ASKER

when i do a \\client_name.mydomain.com form the server it works...lol..but when i do \\client_name it doesnt work.

That is definitely a DNS suffix issue.

Since you've removed and re-installed TCP/IP several times... Do you have a DNS suffix defined as "mydomain.com" in your TCP/IP settings?

ASKER

Also in the DNS tab in the advanced tcp ip settings under DNS suffix for this connection: there is nothing there...... is blank.............

i went to the client again and when i go to network neighborhood and double click on mydomain i get the an error message.........im not able to see any of the client computers in the network however i can access them via the run windows and typing their client name

Add mydomain.com in there and see what happens.

Also this might be some help:
http://technet.microsoft.com/en-us/library/aa998420.aspx

It would seem that NV Domain doesn't contain "mydomain.com". I'm not what effect changing that via the registry would do to the domain.

ASKER

wow adding mydomain.com worked!!!!..the client can now browse mydomain via my network places and from the server i can only use client_name to access clients..NICE!!...nslookup from the server works only if i use the FQDN but it doesnt work if I just use the client name..should i even care about that?..does that mean that there is something worng??...this is great!

Where did you add mydomain.com in the suffix search order or the NV Domain?

how are your dcgiag and netdiags?

Also the dreadded reboot...

ASKER

in the dns tab....right next to "DNS Suffix for this connection:"

dcdiag output

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DELLSERVER
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
......................... DELLSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DELLSERVER
Starting test: Replications
......................... DELLSERVER passed test Replications
Starting test: NCSecDesc
......................... DELLSERVER passed test NCSecDesc
Starting test: NetLogons
......................... DELLSERVER passed test NetLogons
Starting test: Advertising
......................... DELLSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DELLSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DELLSERVER passed test RidManager
Starting test: MachineAccount
......................... DELLSERVER passed test MachineAccount
Starting test: Services
......................... DELLSERVER passed test Services
Starting test: ObjectsReplicated
......................... DELLSERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... DELLSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000583
Time Generated: 08/28/2007 13:49:53
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000677
Time Generated: 08/28/2007 13:49:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000583
Time Generated: 08/28/2007 13:49:53
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80000677
Time Generated: 08/28/2007 13:49:53
(Event String could not be retrieved)
......................... DELLSERVER failed test kccevent
Starting test: systemlog
......................... DELLSERVER passed test systemlog

Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed test FsmoCheck

C:\Documents and Settings\administrator.SDCSERVER>

netdiag output:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>netdiag
.....................................
Computer Name: DELLSERVER
DNS Host Name: dellserver
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dellserver.mydomain.com
IP Address . . . . . . . . : 192.168.1.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.1.100'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/DELLSERVER' is missing on D
C 'dellserver'.
[FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

not good uh?? :-(

ASKER

LDAP test failed and DNS test failed I guess thats not good uh??

Could be SPN related.

what is the output of an: setspn -L dellserver

ASKER

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>setspn -L dellserver
'setspn' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator.SDCSERVER>

ASKER

should that command work on a windows 2000 server?? did i have typo?

ASKER

i had to download that utility........here is the output

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Program Files\Resource Kit>setspn -l dellserver
Registered ServicePrincipalNames for CN=DELLSERVER,OU=Domain Controllers,DC=stai
nlessdesign,DC=com:
MSSQLSvc/dellserver
MSSQLSvc/dellserver:1433
SMTPSVC/dellserver
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dellserver
DNS/dellserver
GC/dellserver/mydomain.com
HOST/dellserver/SDC
HOST/dellserver
HOST/dellserver/mydomain.com
E3514235-4B06-11D1-AB04-00C04FC2DCD2/bff6401a-7add-4579-b4cd-c03aaedefd6e/mydomain.com
LDAP/bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com
LDAP/dellserver/SDC
LDAP/dellserver
LDAP/dellserver/mydomain.com

C:\Program Files\Resource Kit>

I think the connection specific dns suffix is burning us.

All instances of dellserver should have a .mydomain.com at the end.

Try adding these as see what happens with a netdiag:

setspn -a LDAP/dellserver.mydomain.com dellserver
setspn -a LDAP/dellserver.mydomain.com/SDC dellserver
setspn -a LDAP/dellserver.mydomain.com/mydomain.com dellserver
setspn -a DNS/dellserver.mydomain.com
setspn -a GC/dellserver.mydomain.com
setspn -a HOST/dellserver.mydomain.com
setspn -a HOST/dellserver.mydomain.com/mydomain.com

ASKER

shoul i enter those commands one by one in a DOS PROMPT?

Yes one by one at the command prompt. I left out a few, but those shouldn't matter in regards to getting the domain happier. We'll also clean out the bad ones after as needed.

ASKER

when i get to the 4th command (setspn -a DNS/dellserver.mydomain.com) i get an error:

C:\Program Files\Resource Kit>setspn -a DNS/dellserver.mydomain.com
Usage: setspn [switches data] computername
Where "computername" can be the name or domain\name

Switches:
-R = reset HOST ServicePrincipalName
Usage: setspn -R computername
-A = add arbitrary SPN
Usage: setspn -A SPN computername
-D = delete arbitrary SPN
Usage: setspn -D SPN computername
-L = list registered SPNs
Usage: setspn [-L] computername
Examples:
setspn -R daserver1
It will register SPN "HOST/daserver1" and "HOST/{DNS of daserver1}"
setspn -A http/daserver daserver1
It will register SPN "http/daserver" for computer "daserver1"
setspn -D http/daserver daserver1
It will delete SPN "http/daserver" for computer "daserver1"

C:\Program Files\Resource Kit>

:-(

ASKER

also the rest of the commands after the 4th one give the same error

I'm so sorry I gave you the wrong syntax, dellserver needs to be at the end of each:

setspn -a LDAP/dellserver.mydomain.com dellserver
setspn -a LDAP/dellserver.mydomain.com/SDC dellserver
setspn -a LDAP/dellserver.mydomain.com/mydomain.com dellserver

setspn -a DNS/dellserver.mydomain.com dellserver
setspn -a GC/dellserver.mydomain.com dellserver
setspn -a HOST/dellserver.mydomain.com dellserver
setspn -a HOST/dellserver.mydomain.com/mydomain.com dellserver

I have to take off for the day.
cya tomorrow.

ASKER

ok have a great day:-) talk to you tomorrow and Thanks!

ASKER

ok, all commands completes successfully, however I dont think it fixed the issue..by the way reverse lookup zone has new pointers now that got created automatically, i guess this is a good sign...here ia a netdiag: do u see anything?

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\administrator.SDCSERVER>netdiag
.....................................
Computer Name: DELLSERVER
DNS Host Name: dellserver
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dellserver.mydomain.com
IP Address . . . . . . . . : 192.168.1.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.100'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/DELLSERVER' is missing on DC 'dellserver'. [FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

Can you do a ipconfig /registerdns and restart the netlogon service.
Also do a netdiag /fix and a dcdiag /fix

Once you do that, Re-post the netdiag and dcdiag results

ASKER

should i stop the netlogon service before i do the ipconfig /registerdns??

ASKER

ok here is anew netdiag, seems ike the DNS error message is gone however there is still a SPN error..:

C:\Documents and Settings\administrator.SDCSERVER>netdiag
....................................
Computer Name: DELLSERVER
DNS Host Name: dellserver
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dellserver.stainlessdesign.com
IP Address . . . . . . . . : 192.168.1.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.10
0' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/DELLSERVER' is missing on D
C 'dellserver'.
[FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

ASKER

i just thought of something that I should have mentioned..................i have a "www" and a "mail" host entries in the forward lookup zone that point to a public ip address where my website (mydomain.com) and email are being hosted....is this related to the LDAP Test failed problem???????

That doesn't have anything to do with it.

I want to go back to the "primary dns suffix for this computer"

I'm wondering if there is a GPO that has this option enabled, but the value is set to blank and is being applied to the DC.

See this:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/92767.mspx?mfr=true

I'm not sure how many GPO's you have, but check the default Domain controller policy or whatever policies that are above or assigned to the Domain Controllers OU.
Look here:
Computer Configuration\Administrative Templates\System\DNS Client
the Primary DNS suffix should be: mydomain.com

If it was set blank, try disabling it. If it isn't set, set it to above.
Now update the GPOs via command line:

secedit /refreshpolicy machine_policy /enforce

Now look at the "Primary DNS suffix for this computer" via the GUI that was greyed out. Does it have an entry now?

ASKER

the seeting for primary dns suffix in in the default GPO is set as "not configured"...i changes that and pinted it to mydomain.com.

i did the secedit command

i then right click on "my computer" selected "properties" then in the network identification tab the "properties button is grayed out...

here is a pic of that and ipconfig: http://picasaweb.google.com/carlosb2005/Carlos/photo#5104167640657236850

What about after the dreaded reboot.

ASKER

im too scared to reboot now, that server needs to be up 100% of the time at least for another week then I can try reboot..........do you think rebooting may fix some things?

Fair enough.

So your AD seems to be kind of happy. Can you add/remove computers and users?

ASKER

Yes I can add/remove computers and users so I guess that's a good sign:-)

This works out well. I have to take off for the rest of the week.

I would stongly suggest performing a full backup (using NTbackup) of your machine and place it on DVD or TAPE media so you can recover if thing suddenly go south. You can also just do a system state backup as well (considerably smaller), but this will only cover the server and domain controller functions, not the file shares, etc.

Anyhow, I should be in and out next week. I'll check in with you on Tuesday and see how things are going.

ASKER

Thanks so much for all of your help:-)

good luck while I'm off.

ASKER

rebooted the server TCP/IP works!!

Sorry, I was out most of last week.

Anyhow, that sounds like good news. How are the dcdiag and netdiags?

ASKER

when i do a netdiag everything apsses but one thing........:

"LDAP Test..warning the default spn registration for HOST?DELLSERVER is missing on DC 'DELLSERVER'
Fatal the defaults spn's are not properly registered on any DC"s"

shouldnt say "is missing on DC 'MyDOMAIN.COM"????....why does it say "missing onDC DELLSERVER"... is that normal??....

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

OK Pber I can' t thank you enought for all of your help. Great work!!........obviously ill upgrade that server to a 2003 DC but we are going to open another location about 100 miles from where this server is......... this new location will wil have another windows 2003 now i dont know if i I should create an entire different domain name at the new location or also make it the same (mydomain.com) as where this server that gave me problem is?......or should both locations have total different domain names.....lol fun fun fun

Not a problem. Glad to help.

You probably don't want to create a whole new domain unless you have different security policies or you have a different user base. Anyhow, when you come to that and you have any questions, just post a new question and we'll give you a hand.