Solved

Netlogon Error on Secondary Windows 2000 Domain Controller

Posted on 2007-11-18
5
620 Views
Last Modified: 2011-10-03
Hi
we are getting these errors in the event log and are trying to work out how to fix them. we have 3 domain controllers and this is happening on our secondary remote dc. i've tried a dcdiag and netdaig and they show the blow results:


----------------------------------------------------------
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            19/11/2007
Time:            5:49:41 PM
User:            N/A
Computer:      xxxxxx
Description:
Registration of the DNS record '9dd487de-8cd4-499b-bde2-9600759ac157._msdcs.xxxxxx.com.au 600 IN CNAME xxxxx.xxxxxx.com.au.' failed with the following error:
DNS RR set that ought to exist, does not exist.  
Data:
0000: 30 23 00 00               0#..    


----------------------------------------------------------------------
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      3096
Date:            19/11/2007
Time:            5:49:41 PM
User:            N/A
Computer:      xxxx
Description:
The Windows NT domain controller for this domain could not be located.

C:\Documents and Settings\Administrator.XXXX>netdiag /fix
 
.....................................
 
    Computer Name: XXXX
    DNS Host Name: XXXX.XXXX.com.au
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB822343
        KB823182
        KB823559
        KB824105
        KB824151
        KB825119
        KB826232
        KB828035
        KB828749
        KB832353
        KB832359
        KB841356
        KB842773
        KB885836
        KB890046
        KB891781
        KB893756
        KB893803v2
        KB896358
        KB896422
        KB896423
        KB896424
        KB899587
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904368
        KB904706
        KB905414
        KB905495-IE6SP1-20050805.184113
        KB905749
        KB908519
        KB908523
        KB908531
        KB909520
        KB911280
        KB911564
        KB911567-OE6SP1-20060316.165634
        KB912919
        KB913580
        KB914388
        KB914389
        KB917008
        KB917159
        KB917422
        KB917537
        KB917736
        KB917953
        KB918118
        KB918899-IE6SP1-20060725.123917
        KB920213
        KB920670
        KB920683
        KB920685
        KB920958
        KB921398
        KB921503
        KB921883
        KB922582
        KB922616
        KB923191
        KB923414
        KB923694-OE6SP1-20061106.120000
        KB923810
        KB923980
        KB924191
        KB924270
        KB924667
        KB925398_WMP64
        KB925486-IE6SP1-20060918.120000
        KB925902
        KB926122
        KB926247
        KB926436
        KB927891
        KB928090-IE6SP1-20070125.120000
        KB928843
        KB929969-IE6SP1-20061220.120000
        KB930178
        KB931784
        KB932168
        KB933729
        KB935839
        KB935840
        KB935966
        KB936021
        KB937143-IE6SP1-20070717.120000
        KB938127-IE6SP1-20070626.120000
        KB938827
        KB938829
        KB939653-IE6SP1-20070817.120000
        KB941202-OE6SP1-20070820.120000
        KB941672
        Q147222
        Update Rollup 1
 
 
Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Netfinity 10/100 Ethernet Adapter' may not be workin
g.
 
 
 
Per interface results:
 
    Adapter : Local Area Connection 2
 
        Netcard queries test . . . : Passed
 
        Host Name. . . . . . . . . : XXXX
        IP Address . . . . . . . . : xxxxxx
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : xxxx
        Dns Servers. . . . . . . . : xxxxxx
                                     61.88.88.88
                                     192.65.91.129
                                     192.65.90.202
 
 
        AutoConfiguration results. . . . . . : Passed
 
        Default gateway test . . . : Passed
 
        NetBT name test. . . . . . : Passed
 
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
 
    Adapter : Local Area Connection
 
        Netcard queries test . . . : Failed
        NetCard Status:          DISCONNECTED
            Some tests will be skipped on this interface.
 
        Host Name. . . . . . . . . : xxxxxxxxxxxxxxxxxxxx
        Autoconfiguration IP Address : 169.254.145.156
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :
 
 
 
Global results:
 
 
Domain membership test . . . . . . : Passed
 
 
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{BD572817-A60F-4DDE-A0BE-C2A5505F4F2D}
        NetBT_Tcpip_{0F27A1F3-CA3C-44AB-BD26-8D06A7D9DB9F}
    2 NetBt transports currently configured.
 
 
Autonet address test . . . . . . . : Passed
 
 
IP loopback ping test. . . . . . . : Passed
 
 
Default gateway test . . . . . . . : Passed
 
 
NetBT name test. . . . . . . . . . : Passed
 
 
Winsock test . . . . . . . . . . . : Passed
 
 
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.10.70.1'
and other DCs also have some of the names registered.
 
 
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{BD572817-A60F-4DDE-A0BE-C2A5505F4F2D}
        NetBT_Tcpip_{0F27A1F3-CA3C-44AB-BD26-8D06A7D9DB9F}
    The redir is bound to 2 NetBt transports.
 
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{BD572817-A60F-4DDE-A0BE-C2A5505F4F2D}
        NetBT_Tcpip_{0F27A1F3-CA3C-44AB-BD26-8D06A7D9DB9F}
    The browser is bound to 2 NetBt transports.
 
 
DC discovery test. . . . . . . . . : Passed
 
 
DC list test . . . . . . . . . . . : Passed
 
 
Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'XXXX' is broken. [ERROR_NO_LOGON_SERVERS]
 
 
 
Kerberos test. . . . . . . . . . . : Passed
 
 
LDAP test. . . . . . . . . . . . . : Passed
 
 
Bindings test. . . . . . . . . . . : Passed
 
 
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
 
 
Modem diagnostics test . . . . . . : Passed
 
IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
 
 
The command completed successfully
 
C:\Documents and Settings\Administrator.xxx>dcdiag /fix
 
Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
 
   Testing server: Default-First-Site-Name\xxxx
      Starting test: Connectivity
         ......................... xxxx passed test Connectivity
 
Doing primary tests
 
   Testing server: Default-First-Site-Name\xxxx
      Starting test: Replications
         ......................... xxxx passed test Replications
      Starting test: NCSecDesc
         ......................... xxxx passed test NCSecDesc
      Starting test: NetLogons
         ......................... xxxx passed test NetLogons
      Starting test: Advertising
         ......................... xxxx passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... xxxx passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... xxxx passed test RidManager
      Starting test: MachineAccount
         ......................... xxxx passed test MachineAccount
      Starting test: Services
         ......................... xxxx passed test Services
      Starting test: ObjectsReplicated
         ......................... xxxx passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         ......................... xxxx passed test frssysvol
      Starting test: kccevent
         ......................... xxxx passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000C18
            Time Generated: 11/19/2007   17:49:41
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 11/19/2007   17:49:41
            (Event String could not be retrieved)
         ......................... xxxx failed test systemlog
 
   Running enterprise tests on : xxxxxx
      Starting test: Intersite
         ......................... xxxxxx passed test Intersite
      Starting test: FsmoCheck
         ......................... xxxxxx passed test FsmoCheck

Open in new window

0
Comment
Question by:AndrewBolzoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Expert Comment

by:bsharath
ID: 20310818
0
 
LVL 7

Accepted Solution

by:
tonyteri earned 500 total points
ID: 20314065
Hello,

For starters, let's begin by checking this:

As per Microsoft, when the Netlogon service tries to register the GUID record in the _msdcs.forestrootzone, the GUID record may not be registered if there is an MX record that is wildcard character (*). The Netlogon service does a DNS query of type ALL for the guid._msdcs.forestrootzone. If a wildcard record exists, the DNS server responds to the query with the MX server information and the dynamic update does not succeed. See this link http://support.microsoft.com/kb/325208
0
 
LVL 3

Expert Comment

by:l84work
ID: 20343846
Are you using Microsoft DNS?

ping the GUID of the DC.  If it response with a correct IP, then your DNS record is fine.  Or, you can just delete the record in DNS, and reboot the DC.  It will register itself again.

We get this event in our domain, too.  In our case, it was due to network congestion.
0
 

Author Comment

by:AndrewBolzoni
ID: 20721315
The problem ended up being a journal wrap error. i had to follow some the ms articles to rebuild the sysvol shares then it was able to resolve the rouge records. thank you to all for your assistance.
0
 

Author Closing Comment

by:AndrewBolzoni
ID: 31409896
thank you for your assistance
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question