Solved

DNS won't install properly on my new W2K3 Server AD domain controller

Posted on 2007-11-19
20
751 Views
Last Modified: 2012-06-21
I just installed Active Directory on a Windows Server 2003 Member Server.  I called the domain PEA.local.  The machine on which the domain is installed I have named PEA1.

Now I'm trying to join a Windows Vista client to the domain and I get the error "An Active Directory Domain Controller for the domain PEA.local could not be contacted."

Details on the error message include:

>>>>
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain PEA.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.PEA.local
>>>

When I go into my Event Viewer on the new PEA Domain Controller, sure enough there are lots of DNS-related error messages.  For example:

Under DNS Server (6 warnings) -
"The DNS server encountered error 32 attempting to load zone _msdcs.PEA.local ..."

Under System, one error:
"The dynamic registration of the DNS record '_ldap._tcp.PEA.local. 600 IN SRV 0 100 389 pea1.PEA.local.  failed on the following DNS server:  
DNS server IP address: <UNAVAILABLE>

Under Application, several warnings, e.g.:
"MS DTC could not correctly process a DC Promotion/Demotion event.  MS DTC will continue to function and will use the existing security settings."

I'm sure the clues are here if I could understand what they all point to.  Thanks.
0
Comment
Question by:Dwight Baer
  • 8
  • 7
  • 3
  • +1
20 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 200 total points
ID: 20317770
on the server. Run ipconfig /registerdns

restart the netlogon and dns services

when you configure the client, make sure it points only to the server

make sure the server looks only at itself

if all that fials, uninstall DNS, reinstall and start from the top again :)
0
 
LVL 7

Assisted Solution

by:mcse2007
mcse2007 earned 100 total points
ID: 20317784
Have you install the DNS service ? If yes, have you configure the primary zone in your DNS server (ie PEA.LOCAL) ?

DNS installation and configuration: http://support.microsoft.com/kb/814591

Also, have you configure your DNS service with static ip address ?
 
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20317790
you cant have AD up and runing without DNS installed....and DCPromo is a much better way of creating your initial DNS zones as it integrates it much cleaner
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20317808
you can install AD without DNS running but you cannot join clients to your domain since they need the DNS service for name resolution !
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20317815
well you are basically shooting yourself in the foot really :) with a shotgun no less!
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20317847
what make you say that ?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20317853
well if you install AD without DNS you might as well manufacture a car with no wheels
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20317854
i wasnt taking a personal shot
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20317879
well .......you can have AD up and running without DNS...dcpromo will installed successfully. The reason why you need to install DNS is for your name resolution (e.g hostname to an ip address and that's all the DNS does).
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20318149
i am well aware :) but the entire AD backend is built on DNS
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 200 total points
ID: 20318361

Jay's first steps are quite right, of course check the state of the DNS Service as well. Although from the errors you're getting it looks like you don't have a DNS Server assigned in TCP/IP configuration.

Follow those steps, if that fails DCDiag and NetDiag should be run on a DC to gather failures (which we can all help you troubleshoot).

The importance of functional DNS in an AD Domain cannot be understated.

AD stores Service Locator Records (SRV) in DNS. Without those AD simply won't work correctly, clients and servers will fail to find Kerberos Services, Replication between DCs in a multi-DC environment will fail, etc, etc.

It is too limiting to say DNS is there only to provide Hostname to IP Resolution in an AD Domain.

Chris
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20318479
hey chrsi,  what do you make of this "you cant have AD up and runing without DNS installed".

dcpromo will  successfully install without fully functioning DNS.

No one is disputing the significance of DNS and its role to play in AD infrastructure but the error reported all pointing to one source, DNS issue !

no matter how you do the below, unless your DNS is properly configure you won't solve the issue !!!!!!!!!!!!!!!!!!!!!!!!!!!!


Run ipconfig /registerdns

restart the netlogon and dns services

THAT'S WHY THE LINK WAS SUPPLIED ABOVE !!!!!!!!!!!!!!!

No matter how many PCs and Servers you have, if you cannot resolve the hostname into IP address these boxes cannot be member of your domain...you have to start here. No further elaboration I've supplied above because this is not DNS competition but a forum to help fellow IT that requires assistance.

0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 200 total points
ID: 20318596

Hey mcse2007,

It's just a difference of views on Use and Installation. You're both right depending on perspective, so there's little point in arguing over it.

> No matter how many PCs and Servers you have, if you cannot resolve the
> hostname into IP address these boxes cannot be member of your domain..

Service Records sit before that, which makes them equally or more important. For example, you could happily resolve a Server Name to an IP (hostname resolution), but missing Service Records would still prevent the domain functioning as expected.

Anyway, hopefully the author will respond with how he got on. And hopefully it'll be working and you'll both get your answers accepted. I don't mind at all about my comments, they're slight and were only intended as clarification.

If the problem persists I've no doubt that you will both continue to collaborate with James and solve the problem.

Chris
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20318674
hey crhis,

You are referring to DC that is promoted to AD whereby the DNS is properly configure which has the SRV record of DC.

But i'm talking about workgroup clients/servers attempting to join the domain by resolve the domain (hostname) into IP address! There SRV records will not end up in DNS unless they find the domain name by resolving the hostname into IP address !

sure Jay, you are well aware of successful installation of AD without fully functioning DNS...otherwise you wouldn't answered my comment...hey right !!!!!!!!!!!!!!!!!!!!!
0
 

Author Comment

by:Dwight Baer
ID: 20320917
Wow!  Thanks for all the feedback guys!  

I've copied all the comments above into a Word document and I'll sort it out and get back shortly.

Dwight
0
 

Author Comment

by:Dwight Baer
ID: 20322612
OK ... I can now join the domain.  THANKS for all the help!

I ran:

ipconfig /registerdns

And then I restarted the netlogon and dns services, as instructed above.
Now other machines can join the domain.

For my own future reference here are some further thoughts and comments:
In Event Viewer, under File Replication Service, the following warning appeared at 9:02:31 today:
"The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PEA1. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost."

Then, at 9:02:32 today, the following Information message appeared:
"The File Replication Service is no longer preventing the computer PEA1 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL. "

Here is the definition of an SRV record from Wikipedia:
"An SRV record or Service record is a category of data in the Internet Domain Name System specifying information on available services. It is defined in RFC 2782. Newer internet protocols such as SIP and XMPP often require SRV support from clients. Client implementations of older protocols (e.g. LDAP, SMTP) may have SRV support added to it."

MenandMice.com provides the following definition of an SRV record:
"SRV Record: Also known as a Service record. An SRV record is intended to provide information on available services. A SRV record has four fields and a unique system for naming. The naming system is an underscore followed by the name of the service, followed by a period, and underscore, and then the protocol, another dot, and then the name of the domain. The four fields are.

1. Priority, just a in MX records

2. Weight, used to determine relative capacity between to SRV fields with the priority. Hits will be assigned proportionately by weight, allowing a powerful and a weak server to share appropriate loads.

3. Port, the port of the service offered

4. Hostname

For Example

_http._tcp.example.com. SRV 10 5 80. www.example.com"

My initial error mesesage was:
>>>>
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain PEA.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.PEA.local
>>>
For starters, we have to interpret the record named above in a backwards way.
Where I find that record, now that DNS works, is, under "DNS Management":
_msdcs.PEA.local --> dc -->  _tcp --> _ldap.  
When I examine the Properties of the _ldap record above, sure enough it is a Service Location (SRV) record in the domain PEA.local.


0
 

Author Closing Comment

by:Dwight Baer
ID: 31410063
I wish I'd had this dialogue years ago!  ... Dwight
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20323772
"""sure Jay, you are well aware of successful installation of AD without fully functioning DNS...otherwise you wouldn't answered my comment...hey right !!!!!!!!!!!!!!!!!!!!!"""

Im not sure how to take that.....is that a shot implying i didnt know that fact? or am i taking it wrong
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20324109
move on dude the issue was resolved !!!!!!!!!

no offence mate !
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20324126
ill take your word on it.
0

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now