Solved

DNS problems event ID 5774

Posted on 2008-06-19
24
767 Views
Last Modified: 2013-11-05
I have a child domain that is getting event ID errors 5774 and 5719. Our DNS servers usually reach out to the parent domain name servers however our DNS servers are trying to access a public IP address. I don't have a public IP address anywhere in my TCP/IP settings. The public IP address appears to be one for our company. I ran DCDIAG and here is the error I received:

Testing server: DC1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxl.org could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxxl.org)
         couldn't be resolved, the server name
         (DC1.xxx.xxxxxl.org) resolved to the IP address
         (192.168.x.x) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... DC1 failed test Connectivity

We have checked the DNS servers in the parent domain that are authoritative for our domain and the public IP is no where to be found.  Anyone have any ideas on how to resolve this?
0
Comment
Question by:valicon
  • 10
  • 8
  • 3
  • +2
24 Comments
 
LVL 5

Accepted Solution

by:
MSE-JNegus earned 250 total points
ID: 21826240
I assume from your post that your DC is in a child domain called xxx.xxxxxl.org.  It has 2 DNS records it needs to register. The first is its A record which it will register with the DNS server that houses the zone for the xxx.xxxxxl.org child domain and the second the GUID DNS name which is required for replication and is registered in the msdcs sub-domain of your forest root domain (xxxxxl.org) i.e., msdcs.xxxxxl.org.

You should verify that the DNS server that houses the child domain can resolve the DNS server that houses the forest root domain.  You might have to configure a forwarder or stub zone for this.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21826268
I think what is happening is that your DNS server for the child domain is trying to locate the DNS server for the forest root domain and it is doing this using root hints and resloving a pulic addesss from the internet. Let me know if this is the case.
0
 
LVL 12

Author Comment

by:valicon
ID: 21826671
No, neither is the issue. This has worked for over 6 years.  We are not using root hints.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21826712
If you ping the FQDN of your forest root DNS server from you child DNS server do you get the internal address or the public one?
0
 
LVL 12

Author Comment

by:valicon
ID: 21827143
I get the internal IP
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21827343
How does your child dns servers locate the parent DNS server? Forwarders or stub zones?
0
 
LVL 12

Author Comment

by:valicon
ID: 21827600
We use conditional forwarding. The external IP address is that of the parent domains external DNS server. They say there was no change I their end but I beg to differ.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21827870
You could enable debug loging, under Properties, on your DNS server.  Run DCDIAG again and check the dns.log file.  This will tell you where your DNS server is getting the public IP address from.
0
 
LVL 12

Author Comment

by:valicon
ID: 21827949
Yes I plan on doing that in the morning. Hopefully we can see why this is happening.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21827984
Please let me know what you find out.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 250 total points
ID: 21828101
Hello mate :)

Have you flushed your DNS caching on each DNS server? this is probably a wise place to start intially as if there is a cached record at the root, its going to be affecting all your child domain request as you have them pumping up to the root - i would start there, and then lets take a look at a clean diag...

Also restart your  netlogon services on each DC to register all the correct records for each DC

You dont run RRAS or anything strange like that at all? and this just started randomly happening?

James
0
 
LVL 2

Expert Comment

by:mkaustubh
ID: 21830183
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 12

Author Comment

by:valicon
ID: 21830539
Hi Jay Jay,

I just flushed the cache again and restarted netlogon but the same issue. When netlogon starts the server is getting netlogon 5774 errors such as this one:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            6/20/2008
Time:            8:13:57 AM
User:            N/A
Computer:      XXX
Description:
The dynamic registration of the DNS record '_ldap._tcp.xxx._sites.ForestDnsZones.xxxxxx.org. 600 IN SRV 0 100 389 xxxx.xxxx.xxxxxx.org.' failed on the following DNS server:  

DNS server IP address: 24.xx.xxx.xx <----my dns servers are trying to register with our parent ext. dns server!
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about  DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows  Server Resource Kit CD.
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00                     ..      



DCDiag is stating the following:

Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
 
   Testing server: xxx\xxxx
      Starting test: Connectivity
         The host 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxxxx.org could not be resolved to an IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxxxxxx.org)
         couldn't be resolved, the server name
         (xxxx.xxx.xxxxxxxxxx.org) resolved to the IP address
         (192.168.x.x) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... xxxx failed test Connectivity

Doing primary tests
   
   Testing server: xxxx\xxxx
      Skipping all tests, because server xxxx is
      not responding to directory service requests


What should I try next?  Is the problem on my end or on the parent domain's end?
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21830891
Did you enable debug logging?  It will tell you exactly where your server is getting the external IP address from.
0
 
LVL 12

Author Comment

by:valicon
ID: 21833179
I did.....it is not showing where it is coming from. For some reason my name resolution traffic is going out to the external DNS server.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21833399
Can you run IP Config on your DNS server and see if it is resolving against itself (127.0.0.1) or is it pointing to the external server.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21833415
Also verify that your secondary server is not pointing to the external server.
0
 
LVL 12

Author Comment

by:valicon
ID: 21833512
No need, none of our servers point to the external server, they point to themselves and one DNS in the parent domain...
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21835523
Can you remove the entry that points to the DNS server in the Parent domain to test if it is using that?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21842517
I don't know how you connect to the forest. Is it through VPN:

The following is only if you have managed switches:

You might want to look at this: ( I have seen portfast cause errors like the ones you state. However, these errors are somewhat intermittant. They are sometimes hard to diagnose because often they don't leave event errors.)
http://support.microsoft.com/kb/247922

0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21842549
BTW: 5719 errors can be DHCP, DNS, Netlogon, or any form of AD services. For some reason, the NIC floods and only shuts down certain IP ports. So, the fact that your error is a DNS error and the article is a Netlogon error are irrelevant. 5719 errors are usually because portfast is disabled.

Portfast skips the discovery to a port handshake this process takes 50 seconds. With it enabled it goes right to passing the data on. The fifty seconds is enought time to time out on that port and flood the switch port with data packets.  This is why any port can be affected. It just happens on the port that taxes it at that particular time.

You might still be able to ping between the two servers. That uses ICMP port 123. So, traffic may be passed over that port.

All of the above reasons, make this a very tough troubleshoot.
0
 
LVL 12

Author Closing Comment

by:valicon
ID: 31468945
It turned out to be that someone placed an ISA script that was pushing all traffic out the ISA server, even DNS traffic. Thanks for the help guys. Enjoy the points :))))  Cheers Jay_Jay!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21861623
what a nice one that must have been to try and find!

Cheers mate!

James
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21862501
You know a tornado is measured by the amount of damage it can cause. I measure IT things like this on the hair scale. That one was measured Class V on the hair pulling scale.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now