Solved

DNS and DHCP errors

Posted on 2008-10-09
11
404 Views
Last Modified: 2012-08-13
I have 2 problems that may be related. I recently had my main DC go down. So I seized all the roles. Printing and file shareing work just fine.

I am logged in as an administrator.

DHCP:
I setup dhcp on my secondary DC that is now my main DC. Setup scope and server options. When I go to authorize the server the red arrow never goes away and it continues to say "A DHCP server must be authorized" If I go into  manage authorized servers I see the DC with the new DHCP is the only thing in the list.

DNS:
The DC is set to use itself for dns.
When I try and create a primary zone that "Stores the zone in Active Directory" After a few minutes I get an error that says " The zone cannot be creates The data is invalid.
If I uncheck the Active Directory box I don't get an error.

I have been searching this problem for hours and can't solve it.
0
Comment
Question by:Biofilminc
  • 6
  • 5
11 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22681495

Hey,

For the zone you're trying to create, is that set to replicate to "All Domain Controllers in the AD Domain" or one of the other options?

You might want to run DCDiag and NetDiag to see what it thinks is wrong, that you can't authorise DHCP either does point to a deeper problem.

Chris
0
 

Author Comment

by:Biofilminc
ID: 22681916
I am setting it to replicate between domain controllers, but it is also currently the only DC.
When I get the screen to select the forest or Domain controllers the domain doesn't show, instead it says NULL

I will run DCdiag and netdiag when I get back in the office, in an hour or so.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22681934

Hmm okay, then we'll need the diagnostics, there's something beneath the bits we have above that's causing the error.

Chris
0
 

Author Comment

by:Biofilminc
ID: 22682670
Here is my DCdiag:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         The host 39aba4bb-465d-4a54-9799-adaadbb98b00._msdcs.BioFilmInc.local c
ould not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (39aba4bb-465d-4a54-9799-adaadbb98b00._msdcs.BioFilmInc.local)
         couldn't be resolved, the server name (dc1.BioFilmInc.local) resolved
         to the IP address (192.168.1.12) and was pingable.  Check that the IP
         address is registered correctly with the DNS server.
         ......................... DC1 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC1
      Skipping all tests, because server DC1 is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : BioFilmInc
      Starting test: CrossRefValidation
         ......................... BioFilmInc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... BioFilmInc passed test CheckSDRefDom

   Running enterprise tests on : BioFilmInc.local
      Starting test: Intersite
         ......................... BioFilmInc.local passed test Intersite
      Starting test: FsmoCheck
         ......................... BioFilmInc.local passed test FsmoCheck
------------------------------------------------------------------------------------------------------------------------



And here is my netDiag:

.......................................

    Computer Name: DC1
    DNS Host Name: dc1.BioFilmInc.local
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB941202
        KB941569
        KB941644
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB943729
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB949014
        KB950759
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951698
        KB951746
        KB951748
        KB952954
        KB953838-IE7
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : LAN Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : dc1
        IP Address . . . . . . . . : 192.168.1.12
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Primary WINS Server. . . . : 192.168.1.11
        Dns Servers. . . . . . . . : 192.168.1.12

        IpConfig results . . . . . : Failed
            Pinging the Primary WINS server 192.168.1.11 - not reachable

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Failed
            The test failed.  We were unable to query the WINS servers.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{0E43727B-188D-4741-96E4-F91D6B657618}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.12'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{0E43727B-188D-4741-96E4-F91D6B657618}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{0E43727B-188D-4741-96E4-F91D6B657618}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/dc1.BioFilmInc.local.


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully











Thanks so much for any help. I really appreciate it.
0
 

Author Comment

by:Biofilminc
ID: 22682802
Also on my ISA server when I try and add a group or user to the vpn it shows that I can search the AD and shows my domain name but It never actually searches AD it just says its not found. If I click advanced it says the server is not oprtational.

Dont know if any of this helps
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 22682804

Okay, go with the standard primary zone, set it to permit non-secure updates. Then restart the NetLogon service and run "ipconfig /registerdns".

Once done, run DCDiag and NetDiag again?

Chris
0
 

Author Comment

by:Biofilminc
ID: 22682888
Same error on dns "The zone cannot be created. The Data is invalid". I can still add it without AD support.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22685381

The standard primary zone is the version without AD support :)

I'd just like to get a DNS service up and running, even without AD integration, so we can hopefully see what the rest of the server is up to.

Chris
0
 

Author Comment

by:Biofilminc
ID: 22686462
DNS is up and running without AD support.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22686964

Great, make sure you restart NetLogon and run "ipconfig /registerdns", the make sure it creates an _msdcs folder in the DNS console (under the new forward lookup zone), then it's time to run DCDiag and NetDiag again.

Chris
0
 

Accepted Solution

by:
Biofilminc earned 0 total points
ID: 22786469
Had to restore from an image
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now