Solved

DNS problems event ID 5774

Posted on 2008-06-19
24
770 Views
Last Modified: 2013-11-05
I have a child domain that is getting event ID errors 5774 and 5719. Our DNS servers usually reach out to the parent domain name servers however our DNS servers are trying to access a public IP address. I don't have a public IP address anywhere in my TCP/IP settings. The public IP address appears to be one for our company. I ran DCDIAG and here is the error I received:

Testing server: DC1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxl.org could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxxl.org)
         couldn't be resolved, the server name
         (DC1.xxx.xxxxxl.org) resolved to the IP address
         (192.168.x.x) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... DC1 failed test Connectivity

We have checked the DNS servers in the parent domain that are authoritative for our domain and the public IP is no where to be found.  Anyone have any ideas on how to resolve this?
0
Comment
Question by:valicon
  • 10
  • 8
  • 3
  • +2
24 Comments
 
LVL 5

Accepted Solution

by:
MSE-JNegus earned 250 total points
ID: 21826240
I assume from your post that your DC is in a child domain called xxx.xxxxxl.org.  It has 2 DNS records it needs to register. The first is its A record which it will register with the DNS server that houses the zone for the xxx.xxxxxl.org child domain and the second the GUID DNS name which is required for replication and is registered in the msdcs sub-domain of your forest root domain (xxxxxl.org) i.e., msdcs.xxxxxl.org.

You should verify that the DNS server that houses the child domain can resolve the DNS server that houses the forest root domain.  You might have to configure a forwarder or stub zone for this.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21826268
I think what is happening is that your DNS server for the child domain is trying to locate the DNS server for the forest root domain and it is doing this using root hints and resloving a pulic addesss from the internet. Let me know if this is the case.
0
 
LVL 12

Author Comment

by:valicon
ID: 21826671
No, neither is the issue. This has worked for over 6 years.  We are not using root hints.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21826712
If you ping the FQDN of your forest root DNS server from you child DNS server do you get the internal address or the public one?
0
 
LVL 12

Author Comment

by:valicon
ID: 21827143
I get the internal IP
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21827343
How does your child dns servers locate the parent DNS server? Forwarders or stub zones?
0
 
LVL 12

Author Comment

by:valicon
ID: 21827600
We use conditional forwarding. The external IP address is that of the parent domains external DNS server. They say there was no change I their end but I beg to differ.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21827870
You could enable debug loging, under Properties, on your DNS server.  Run DCDIAG again and check the dns.log file.  This will tell you where your DNS server is getting the public IP address from.
0
 
LVL 12

Author Comment

by:valicon
ID: 21827949
Yes I plan on doing that in the morning. Hopefully we can see why this is happening.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21827984
Please let me know what you find out.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 250 total points
ID: 21828101
Hello mate :)

Have you flushed your DNS caching on each DNS server? this is probably a wise place to start intially as if there is a cached record at the root, its going to be affecting all your child domain request as you have them pumping up to the root - i would start there, and then lets take a look at a clean diag...

Also restart your  netlogon services on each DC to register all the correct records for each DC

You dont run RRAS or anything strange like that at all? and this just started randomly happening?

James
0
 
LVL 2

Expert Comment

by:mkaustubh
ID: 21830183
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 12

Author Comment

by:valicon
ID: 21830539
Hi Jay Jay,

I just flushed the cache again and restarted netlogon but the same issue. When netlogon starts the server is getting netlogon 5774 errors such as this one:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            6/20/2008
Time:            8:13:57 AM
User:            N/A
Computer:      XXX
Description:
The dynamic registration of the DNS record '_ldap._tcp.xxx._sites.ForestDnsZones.xxxxxx.org. 600 IN SRV 0 100 389 xxxx.xxxx.xxxxxx.org.' failed on the following DNS server:  

DNS server IP address: 24.xx.xxx.xx <----my dns servers are trying to register with our parent ext. dns server!
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about  DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows  Server Resource Kit CD.
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00                     ..      



DCDiag is stating the following:

Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
 
   Testing server: xxx\xxxx
      Starting test: Connectivity
         The host 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxxxx.org could not be resolved to an IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.xxxxxxxxx.org)
         couldn't be resolved, the server name
         (xxxx.xxx.xxxxxxxxxx.org) resolved to the IP address
         (192.168.x.x) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... xxxx failed test Connectivity

Doing primary tests
   
   Testing server: xxxx\xxxx
      Skipping all tests, because server xxxx is
      not responding to directory service requests


What should I try next?  Is the problem on my end or on the parent domain's end?
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21830891
Did you enable debug logging?  It will tell you exactly where your server is getting the external IP address from.
0
 
LVL 12

Author Comment

by:valicon
ID: 21833179
I did.....it is not showing where it is coming from. For some reason my name resolution traffic is going out to the external DNS server.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21833399
Can you run IP Config on your DNS server and see if it is resolving against itself (127.0.0.1) or is it pointing to the external server.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21833415
Also verify that your secondary server is not pointing to the external server.
0
 
LVL 12

Author Comment

by:valicon
ID: 21833512
No need, none of our servers point to the external server, they point to themselves and one DNS in the parent domain...
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 21835523
Can you remove the entry that points to the DNS server in the Parent domain to test if it is using that?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21842517
I don't know how you connect to the forest. Is it through VPN:

The following is only if you have managed switches:

You might want to look at this: ( I have seen portfast cause errors like the ones you state. However, these errors are somewhat intermittant. They are sometimes hard to diagnose because often they don't leave event errors.)
http://support.microsoft.com/kb/247922

0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21842549
BTW: 5719 errors can be DHCP, DNS, Netlogon, or any form of AD services. For some reason, the NIC floods and only shuts down certain IP ports. So, the fact that your error is a DNS error and the article is a Netlogon error are irrelevant. 5719 errors are usually because portfast is disabled.

Portfast skips the discovery to a port handshake this process takes 50 seconds. With it enabled it goes right to passing the data on. The fifty seconds is enought time to time out on that port and flood the switch port with data packets.  This is why any port can be affected. It just happens on the port that taxes it at that particular time.

You might still be able to ping between the two servers. That uses ICMP port 123. So, traffic may be passed over that port.

All of the above reasons, make this a very tough troubleshoot.
0
 
LVL 12

Author Closing Comment

by:valicon
ID: 31468945
It turned out to be that someone placed an ISA script that was pushing all traffic out the ISA server, even DNS traffic. Thanks for the help guys. Enjoy the points :))))  Cheers Jay_Jay!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21861623
what a nice one that must have been to try and find!

Cheers mate!

James
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21862501
You know a tornado is measured by the amount of damage it can cause. I measure IT things like this on the hair scale. That one was measured Class V on the hair pulling scale.
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now