Biofilminc
asked on
DNS and DHCP errors
I have 2 problems that may be related. I recently had my main DC go down. So I seized all the roles. Printing and file shareing work just fine.
I am logged in as an administrator.
DHCP:
I setup dhcp on my secondary DC that is now my main DC. Setup scope and server options. When I go to authorize the server the red arrow never goes away and it continues to say "A DHCP server must be authorized" If I go into manage authorized servers I see the DC with the new DHCP is the only thing in the list.
DNS:
The DC is set to use itself for dns.
When I try and create a primary zone that "Stores the zone in Active Directory" After a few minutes I get an error that says " The zone cannot be creates The data is invalid.
If I uncheck the Active Directory box I don't get an error.
I have been searching this problem for hours and can't solve it.
I am logged in as an administrator.
DHCP:
I setup dhcp on my secondary DC that is now my main DC. Setup scope and server options. When I go to authorize the server the red arrow never goes away and it continues to say "A DHCP server must be authorized" If I go into manage authorized servers I see the DC with the new DHCP is the only thing in the list.
DNS:
The DC is set to use itself for dns.
When I try and create a primary zone that "Stores the zone in Active Directory" After a few minutes I get an error that says " The zone cannot be creates The data is invalid.
If I uncheck the Active Directory box I don't get an error.
I have been searching this problem for hours and can't solve it.
ASKER
I am setting it to replicate between domain controllers, but it is also currently the only DC.
When I get the screen to select the forest or Domain controllers the domain doesn't show, instead it says NULL
I will run DCdiag and netdiag when I get back in the office, in an hour or so.
When I get the screen to select the forest or Domain controllers the domain doesn't show, instead it says NULL
I will run DCdiag and netdiag when I get back in the office, in an hour or so.
Hmm okay, then we'll need the diagnostics, there's something beneath the bits we have above that's causing the error.
Chris
ASKER
Here is my DCdiag:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
The host 39aba4bb-465d-4a54-9799-ad
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(39aba4bb-465d-4a54-9799-a
couldn't be resolved, the server name (dc1.BioFilmInc.local) resolved
to the IP address (192.168.1.12) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... DC1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Skipping all tests, because server DC1 is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BioFilmInc
Starting test: CrossRefValidation
......................... BioFilmInc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BioFilmInc passed test CheckSDRefDom
Running enterprise tests on : BioFilmInc.local
Starting test: Intersite
......................... BioFilmInc.local passed test Intersite
Starting test: FsmoCheck
......................... BioFilmInc.local passed test FsmoCheck
--------------------------
And here is my netDiag:
..........................
Computer Name: DC1
DNS Host Name: dc1.BioFilmInc.local
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB938464
KB941202
KB941569
KB941644
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951698
KB951746
KB951748
KB952954
KB953838-IE7
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : LAN Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.1.12
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Primary WINS Server. . . . : 192.168.1.11
Dns Servers. . . . . . . . : 192.168.1.12
IpConfig results . . . . . : Failed
Pinging the Primary WINS server 192.168.1.11 - not reachable
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0E43727B-188D
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.12'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0E43727B-188D
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0E43727B-188D
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for host/dc1.BioFilmInc.local.
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Thanks so much for any help. I really appreciate it.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
The host 39aba4bb-465d-4a54-9799-ad
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(39aba4bb-465d-4a54-9799-a
couldn't be resolved, the server name (dc1.BioFilmInc.local) resolved
to the IP address (192.168.1.12) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... DC1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Skipping all tests, because server DC1 is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BioFilmInc
Starting test: CrossRefValidation
......................... BioFilmInc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BioFilmInc passed test CheckSDRefDom
Running enterprise tests on : BioFilmInc.local
Starting test: Intersite
......................... BioFilmInc.local passed test Intersite
Starting test: FsmoCheck
......................... BioFilmInc.local passed test FsmoCheck
--------------------------
And here is my netDiag:
..........................
Computer Name: DC1
DNS Host Name: dc1.BioFilmInc.local
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB938464
KB941202
KB941569
KB941644
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951698
KB951746
KB951748
KB952954
KB953838-IE7
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : LAN Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.1.12
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Primary WINS Server. . . . : 192.168.1.11
Dns Servers. . . . . . . . : 192.168.1.12
IpConfig results . . . . . : Failed
Pinging the Primary WINS server 192.168.1.11 - not reachable
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0E43727B-188D
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.12'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0E43727B-188D
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0E43727B-188D
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for host/dc1.BioFilmInc.local.
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Thanks so much for any help. I really appreciate it.
ASKER
Also on my ISA server when I try and add a group or user to the vpn it shows that I can search the AD and shows my domain name but It never actually searches AD it just says its not found. If I click advanced it says the server is not oprtational.
Dont know if any of this helps
Dont know if any of this helps
Okay, go with the standard primary zone, set it to permit non-secure updates. Then restart the NetLogon service and run "ipconfig /registerdns".
Once done, run DCDiag and NetDiag again?
Chris
ASKER
Same error on dns "The zone cannot be created. The Data is invalid". I can still add it without AD support.
The standard primary zone is the version without AD support :)
I'd just like to get a DNS service up and running, even without AD integration, so we can hopefully see what the rest of the server is up to.
Chris
ASKER
DNS is up and running without AD support.
Great, make sure you restart NetLogon and run "ipconfig /registerdns", the make sure it creates an _msdcs folder in the DNS console (under the new forward lookup zone), then it's time to run DCDiag and NetDiag again.
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hey,
For the zone you're trying to create, is that set to replicate to "All Domain Controllers in the AD Domain" or one of the other options?
You might want to run DCDiag and NetDiag to see what it thinks is wrong, that you can't authorise DHCP either does point to a deeper problem.
Chris