Solved

NSLOOKUP Failure - Failure for a very simple domain structure using Windows Server 2003 R2

Posted on 2007-12-07
16
1,652 Views
Last Modified: 2013-12-23
I have a domain comprising just two machines, the domain is called myDomain.local

One machine is running a 32-bit version Windows Server 2003 R2 Enterprise Edition, SP2, this is the Primary Domain

Controller.  This I refer to as server1, 10.x.x.50

The second machine is running 64-bit version of Windows Server 2003 R2 Standard x54 SP2, I have run dcpromo to promote this

machine to be a backup domain controller.  This I refer to as server2, 10.x.x.49

Windows Firewall is disabled on both machines.  Both machines are running Windows Update so have the latest patches and

security updates.  Both machines are on the same subnet, 255.255.255.0, the default gateway on each machine is 10.x.x.1

I have a host of problems, all of which would appear to revolve around DNS and AD configuration.

Problem 1:
----------
My Application event log on the 64bit/BDC machine has repeated entries for this error:

<<
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
>>


Problem 2:
----------
My System event log on the 64bit/BDC machine has repeated logs such as:

<<
Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      24
Date:            07/12/2007
Time:            10:41:12
User:            N/A
Computer:      LGXSERVER2
Description:
Time Provider NtpClient: No valid response has been received from domain controller server1.mydomain.local after 8 attempts

to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a  new

domain controller from which to synchronize.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
>>

&

<<
Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      29
Date:            07/12/2007
Time:            10:41:12
User:            N/A
Computer:      LGXSERVER2
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are

currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
>>

&

<<
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            07/12/2007
Time:            10:00:03
User:            N/A
Computer:      LGXSERVER2
Description:
The dynamic registration of the DNS record 'mydomain.local. 600 IN A 10.102.116.49' failed on the following DNS server:  

DNS server IP address: 10.102.116.50
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the

domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the

Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about  DCDiag.exe, see Help and Support

Center. To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command

prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows  Server

Resource Kit CD.
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00                     ..      
>>


Problem 3
---------
I can't install MSMQ on the 64bit / BDC machine, I get an error message:

<<
Message Queueing Client Setup Failure

Message Queueing configuration object in Active Directory was not created.
Error Code: 0x8007052e
Error Description: Logon failure: unknown user name or bad password.
>>



DNS configuration
=================
DNS is only installed on the PDC.  I do not have any "Reverse Lookup Zones" configured.   I have two forward lookup zones:

_msdcs.mydomain.local
mydomain.local
In the roof of this, I have 11 records, including:
      server1      | Host(A) | 10.x.x.50
      server2 | Host(A) | 10.x.x.49




DNS Client service is running on both the PDC and BDC.  The DNS Server service is running on the PDC.

The Network properties on the PDC specify a single DNS server, 127.0.0.1.  The network properties on the BDC again have a

single server, and that is the 10.x.x.x address of the PDC


Network Configuration
=====================
Both servers have TCP/IP, Reliable Multicast Protocol, NWLink IPX/SPX/NetBIOS and NWLink NetBIOS protocols installed and

the 'Client for Microsoft Networks' client installed.


Diagnostics
===========
If I run "nslookup" on server1 (32bit / PDC), I get the result:

Default Server: localhost
Address: 127.0.0.1


If I run "nslookup" on server2 (64bit / BDC), I get the result:

*** Can't find server name for address 10.x.x.50: Non-existent domain
Default Server: UnKnown
Address: 10.x.x.50


0
Comment
Question by:lgxsupport
16 Comments
 
LVL 4

Expert Comment

by:tomo999
Comment Utility
What are your DNS settings on the network card set to?
0
 
LVL 1

Expert Comment

by:NCSITS
Comment Utility
The DNS entry for server1 should be its IP address (10.x.x.50). The address currently in use is the loop-back address and I don't think you can use that in DNS. It does look as though your AD configuration is wrong. If you've just built this network and have no data or users in place I'd start again from scratch and ensure that server1 is working correctly before adding server2. This would be easier than trying to diagnose and repair problems in DNS.
0
 

Author Comment

by:lgxsupport
Comment Utility
tomo - I detailed the DNS settings for each network connection in the original email.  Server1 was set to 127.0.0.1, whilst server2 was set to 10.x.x.50

I've now implemented the suggestion from NCSITS and changed the setting from 127.0.0.1 to 10.102.116.50.  This used to work, I'm not sure what I did to cause it to break, or whether it was caused by the installation of a patch via Windows Update.

I'm happy enough with how server1 is working, its perfectly fine for what I need it to do.  the problem is only with server2, I'd be reluctant to rebuild this box as we had a bit of an up-hill struggle getting it working initially (our first go at working with a 64bit platform)

Thanks for the swift response btw.
0
 
LVL 1

Expert Comment

by:NCSITS
Comment Utility
Ok, so Server1 appears to be running correctly. What problems still remain ?. BTW, I think I would remove AD from server2, reboot it and re-install AD. I think that may fix most if not all of your problems
0
 

Author Comment

by:lgxsupport
Comment Utility
Sorry, all the problems that I am having were / are on server2, changing from 127.0.0.1 to 10.x.x.50 on server1 hasn't made any difference so far.

When I run dcpromo on server2 (and I don't tick the option that this is the last domain controller on the opening page), I get an error message returned:

<<
Active Directory Installation Wizard

A domain controller could not be contacted for the domain mydomain.local that contained an account for this computer.  Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.

"The security database on the server does not have a computer account for this workstation trust relationship"
>>
0
 
LVL 1

Expert Comment

by:NCSITS
Comment Utility
So if you do a nslookup on server2 do you get an error when nslookup starts ?. If you dont then what happens if you do an nslookup for server1 and server2 ?.

Are you using integrated DNS or the trad primary/secondary model ?
0
 
LVL 1

Expert Comment

by:NCSITS
Comment Utility
It looks as though the DNS configuration went wrong somewhere along the line and it's the inability of server2 to contact the DNS service which is preventing the removal of AD. The following link may be of some use :-http://support.microsoft.com/kb/332199/en-us. I think you are going to have to forcibly remove AD from server2, remove and re-add it to the domain,and finally re-install AD.

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:lgxsupport
Comment Utility
Yes, as reported initially, if i run nslookup on server2, I get the following:

*** Can't find server name for address 10.x.x.50: Non-existent domain
Default Server: UnKnown
Address: 10.x.x.50

if I enter "server2", I get:

server: Unknown
Address: 10.x.x.50
Name: server2.mydomain.local
Address: 10.x.x.49

If I enter "server1", I get:

server: Unknown
Address: 10.x.x.50
Name: server1.mydomain.local
Address: 10.x.x.49


Not too familiar with nslookup, but I would have thought it *should* have returned:

server: Unknown
Address: 10.x.x.49
Name: server2.mydomain.local
Address: 10.x.x.49


On the initial search.
0
 

Author Comment

by:lgxsupport
Comment Utility
Sorry, can you clarify what you mean when you say I should try to "forcibly remove AD from server2", the ONLY way I know how remove AD would be through dcpromo - or do you mean wipe the box and reinstall from scratch?
0
 

Author Comment

by:lgxsupport
Comment Utility
Ignore last comment, just reading content from link now.
0
 
LVL 1

Expert Comment

by:NCSITS
Comment Utility
In my last post there is a url to a Microsoft article which explains how to forcibly remove AD from a machine when problems such as network conectivity, DNS issues prevent dcpromo from working
0
 

Accepted Solution

by:
lgxsupport earned 0 total points
Comment Utility
sorry, see previous post.

OK, I forcibly removed AD, rebooted.  I then deleted server2 from the domain using server1

I then joined server2 back in to mydomain.local again and rebooted.  However, the results of the nslookup are no different than before.  Not fussed about promoting server2 to be a backup domain controller (at least not at this stage).

What are you thoughts on the nslookup results above?  Thanks in advance
0
 

Author Comment

by:lgxsupport
Comment Utility
No objections from em
0
 

Author Comment

by:lgxsupport
Comment Utility
ME* even
0
 
LVL 1

Expert Comment

by:Vee_Mod
Comment Utility
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now