Avatar of LaserSpot
 asked on

[FATAL] No DNS servers have the DNS records for this DC registered.

I have a DC running 64-bit Windows 2003. I ran NETDIAG from 32-bit support tools and got these messages:

DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for read
    [FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Failed
    List of NetBt transports currently bound to the Redir
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    The browser is bound to 1 NetBt transport.
    [FATAL] Cannot send mailslot message to 'xxx*' via browser. [ERROR_INVALID_F

Kerberos test. . . . . . . . . . . : Failed
    [FATAL] Cannot lookup package Kerberos.
    The error occurred was: (null)

The netlogon.dns file looks ok, I can't find much on this error. Any idea?
I'm also trying to troubleshoot an Exchange 2007 Outlook Anywhere issue, but I don't know if these errors are related.
Active DirectoryExchange

Avatar of undefined
Last Comment

8/22/2022 - Mon

Are you installing Exchange on the DC?  The first thing to check is the DNS server entry on the IP configuration page for the server.  How many NICs are installed on this sever and which services are bound to which card?

That's a start, I'll offer as much as I can as information increases.


What account did you use to run NETDIAG ? The error you get from NETDIAG usually means that your account is not a member of administrators. Run the command as domain\administrator and then observe the results. You will probably find you post the Outlook Anywhere query seperatly.

I hope this helps.

Yes, Exchange 2007 is installed on the DC. The only DNS server in tcp/ip properties is its own ip address.

It has one NIC enable, the other is disabled.
I looked Binding in Advanced Settings. The only services are:
File and Printer Sharing
Client for Microsoft Networks

I did run NETDIAG from the domain Administrator account.

This is the Outlook Anywhere issue: https://www.experts-exchange.com/questions/23317925/Outlook-rpcdiag-says-connecting.html
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

Is this your only DC?  Is DNS server "started" in the services control panel?  If you open the DNS console, what do you see listed in forward lookup zones?

Yes, it's the only DC. DNS is started; I've tried restarting DNS and rebooting the server. In DNS Manager, I have:
They're all AD integrated. I deleted the domain.com zone and restarted DNS to see it it would help; same problem.
DCDIAG passes.

Also, I also ran NETDIAG /fix, but it didn't help. All the records seem to be there under _msdcs and under domain.local and under _tcp.domain.local, etc...
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

Are you seeing any errors under the DNS event log?  Any trouble with logons?

No trouble with logons. Last week, I had:
Warning - Event ID: 3000
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate.

When I rebooted today, I had:

Error - Event ID: 4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

Error - Event ID: 4004
The DNS server was unable to complete directory service enumeration of zone domain.local.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

Later today, I had:

Warning - Event ID: 4521
The DNS server encountered error 32 attempting to load zone domain.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

This last one is probably from when I deleted this extra zone.

Has any one made and NTFS security changes in system32, thinking they would be hardening the environment?  I may be wrong of course but to me it looks like it might be a permissions issue.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

Good idea, but I don't think that's it. I checked the permissions on the netlogon.dns file and the parent folder. Administrators and SYSTEM both have full control.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.