Link to home
Start Free TrialLog in
Avatar of Dwight Baer
Dwight BaerFlag for Canada

asked on

DNS won't install properly on my new W2K3 Server AD domain controller

I just installed Active Directory on a Windows Server 2003 Member Server.  I called the domain PEA.local.  The machine on which the domain is installed I have named PEA1.

Now I'm trying to join a Windows Vista client to the domain and I get the error "An Active Directory Domain Controller for the domain PEA.local could not be contacted."

Details on the error message include:

>>>>
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain PEA.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.PEA.local
>>>

When I go into my Event Viewer on the new PEA Domain Controller, sure enough there are lots of DNS-related error messages.  For example:

Under DNS Server (6 warnings) -
"The DNS server encountered error 32 attempting to load zone _msdcs.PEA.local ..."

Under System, one error:
"The dynamic registration of the DNS record '_ldap._tcp.PEA.local. 600 IN SRV 0 100 389 pea1.PEA.local.  failed on the following DNS server:  
DNS server IP address: <UNAVAILABLE>

Under Application, several warnings, e.g.:
"MS DTC could not correctly process a DC Promotion/Demotion event.  MS DTC will continue to function and will use the existing security settings."

I'm sure the clues are here if I could understand what they all point to.  Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
you cant have AD up and runing without DNS installed....and DCPromo is a much better way of creating your initial DNS zones as it integrates it much cleaner
you can install AD without DNS running but you cannot join clients to your domain since they need the DNS service for name resolution !
well you are basically shooting yourself in the foot really :) with a shotgun no less!
what make you say that ?
well if you install AD without DNS you might as well manufacture a car with no wheels
i wasnt taking a personal shot
well .......you can have AD up and running without DNS...dcpromo will installed successfully. The reason why you need to install DNS is for your name resolution (e.g hostname to an ip address and that's all the DNS does).
i am well aware :) but the entire AD backend is built on DNS
SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hey chrsi,  what do you make of this "you cant have AD up and runing without DNS installed".

dcpromo will  successfully install without fully functioning DNS.

No one is disputing the significance of DNS and its role to play in AD infrastructure but the error reported all pointing to one source, DNS issue !

no matter how you do the below, unless your DNS is properly configure you won't solve the issue !!!!!!!!!!!!!!!!!!!!!!!!!!!!


Run ipconfig /registerdns

restart the netlogon and dns services

THAT'S WHY THE LINK WAS SUPPLIED ABOVE !!!!!!!!!!!!!!!

No matter how many PCs and Servers you have, if you cannot resolve the hostname into IP address these boxes cannot be member of your domain...you have to start here. No further elaboration I've supplied above because this is not DNS competition but a forum to help fellow IT that requires assistance.

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hey crhis,

You are referring to DC that is promoted to AD whereby the DNS is properly configure which has the SRV record of DC.

But i'm talking about workgroup clients/servers attempting to join the domain by resolve the domain (hostname) into IP address! There SRV records will not end up in DNS unless they find the domain name by resolving the hostname into IP address !

sure Jay, you are well aware of successful installation of AD without fully functioning DNS...otherwise you wouldn't answered my comment...hey right !!!!!!!!!!!!!!!!!!!!!
Avatar of Dwight Baer

ASKER

Wow!  Thanks for all the feedback guys!  

I've copied all the comments above into a Word document and I'll sort it out and get back shortly.

Dwight
OK ... I can now join the domain.  THANKS for all the help!

I ran:

ipconfig /registerdns

And then I restarted the netlogon and dns services, as instructed above.
Now other machines can join the domain.

For my own future reference here are some further thoughts and comments:
In Event Viewer, under File Replication Service, the following warning appeared at 9:02:31 today:
"The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PEA1. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost."

Then, at 9:02:32 today, the following Information message appeared:
"The File Replication Service is no longer preventing the computer PEA1 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL. "

Here is the definition of an SRV record from Wikipedia:
"An SRV record or Service record is a category of data in the Internet Domain Name System specifying information on available services. It is defined in RFC 2782. Newer internet protocols such as SIP and XMPP often require SRV support from clients. Client implementations of older protocols (e.g. LDAP, SMTP) may have SRV support added to it."

MenandMice.com provides the following definition of an SRV record:
"SRV Record: Also known as a Service record. An SRV record is intended to provide information on available services. A SRV record has four fields and a unique system for naming. The naming system is an underscore followed by the name of the service, followed by a period, and underscore, and then the protocol, another dot, and then the name of the domain. The four fields are.

1. Priority, just a in MX records

2. Weight, used to determine relative capacity between to SRV fields with the priority. Hits will be assigned proportionately by weight, allowing a powerful and a weak server to share appropriate loads.

3. Port, the port of the service offered

4. Hostname

For Example

_http._tcp.example.com. SRV 10 5 80. www.example.com"

My initial error mesesage was:
>>>>
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain PEA.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.PEA.local
>>>
For starters, we have to interpret the record named above in a backwards way.
Where I find that record, now that DNS works, is, under "DNS Management":
_msdcs.PEA.local --> dc -->  _tcp --> _ldap.  
When I examine the Properties of the _ldap record above, sure enough it is a Service Location (SRV) record in the domain PEA.local.


I wish I'd had this dialogue years ago!  ... Dwight
"""sure Jay, you are well aware of successful installation of AD without fully functioning DNS...otherwise you wouldn't answered my comment...hey right !!!!!!!!!!!!!!!!!!!!!"""

Im not sure how to take that.....is that a shot implying i didnt know that fact? or am i taking it wrong
move on dude the issue was resolved !!!!!!!!!

no offence mate !
ill take your word on it.