Link to home
Start Free TrialLog in
Avatar of zenworksb
zenworksb

asked on

2008 AD dns issue

I had a client where a engineer was at and he tried to install a server as asecondary gc etc. push comes to shove they force removed it from the domian and removed things from dns etc. now I can not ping the The doman controller from workstations in teh name by FQDN only by netbios name. I also cannot ping the domain. I also can not add domain groups to local groups as when I click to browse it does not  show the domain. Please help I know it is a dns issue but not sure what
this is what I get from dc diag can you see anything

DCDiag - DNS on 11/12/2008 12:33:07 PM

 view online documentation.

 
--------------------------------------------------------------------------------
 
Directory Server Diagnosis

Performing initial setup:

* Connecting to directory service on server domain-dc01.domain.local.

* Identified AD Forest.

Collecting AD specific global data

* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......

The previous call succeeded

Iterating through the sites

Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

Getting ISTG and options for the site

* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......

The previous call succeeded....

The previous call succeeded

Iterating through the list of servers

Getting information for the server CN=NTDS Settings,CN=DOMAIN-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

objectGuid obtained

InvocationID obtained

dnsHostname obtained

site info obtained

All the info for the server collected

* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DOMAIN-DC01

     Starting test: Connectivity

* Active Directory LDAP Services Check

The host a1732d1f-fb48-4dc1-8607-a31989bb08a2._msdcs.domain.local could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

......................... DOMAIN-DC01 failed test Connectivity


Doing primary tests

Testing server: Default-First-Site-Name\DOMAIN-DC01

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

     Starting test: DNS


DNS Tests are running and not hung. Please wait a few minutes...

See DNS test in enterprise tests section for results

......................... DOMAIN-DC01 passed test DNS

Running partition tests on : ForestDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Schema

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : domain

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running enterprise tests on : domain.local

     Starting test: DNS

Test results for domain controllers:

DC: domain-dc01.domain.local

Domain: domain.local


     TEST: Authentication (Auth)

     Authentication test: Successfully completed

     TEST: Basic (Basc)

          Error: No LDAP connectivity

Microsoftr Windows Serverr 2008 Standard (Service Pack level: 1.0)

is supported

NETLOGON service is running

kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter [00000006] Broadcom NetXtreme Gigabit Ethernet:

MAC address is 00:18:71:E9:81:36

IP Address is static

IP address: 10.6.6.115

DNS servers:

Warning:

127.0.0.1 (DOMAIN-DC01) [Invalid]

          Warning: adapter

[00000006] Broadcom NetXtreme Gigabit Ethernet has

invalid DNS server: 127.0.0.1 (DOMAIN-DC01)

          Error: all DNS servers are invalid

No host records (A or AAAA) were found for this DC

The SOA record for the Active Directory zone was not found

          Warning: The Active Directory zone on this DC/DNS server was

not found (probably a misconfiguration)

Root zone on this DC/DNS server was not found

     TEST: Forwarders/Root hints (Forw)

Recursion is enabled

Forwarders Information:

10.6.6.144 () [Invalid (unreachable)]

          Error: Forwarders list has invalid forwarder: 10.6.6.144 ()

10.6.6.175 () [Valid]

     TEST: Dynamic update (Dyn)

          Warning: Failed to add the test record _dcdiag_test_record in zone domain.local

[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

Test record _dcdiag_test_record deleted successfully in zone domain.local

     TEST: Records registration (RReg)

          Error: Record registrations cannot be found for all the network

adapters

Summary of test results for DNS servers used by the above domain

controllers:


DNS server: 10.6.6.115 (DOMAIN-DC01)

1 test failure on this DNS server

Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.6.6.115

[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

DNS server: 10.6.6.144 ()

1 test failure on this DNS server

PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.6.6.144 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

DNS server: 10.6.6.175 ()

All tests passed on this DNS server






Summary of DNS test results:

Computer Domain Auth Basc Forw Del Dyn RReg Ext
domain-dc01 domain.local  PASS FAIL FAIL n/a WARN FAIL n/a

......................... domain.local failed test DNS

Test omitted by user request: LocatorCheck

Test omitted by user request: Intersite
Avatar of dfxdeimos
dfxdeimos
Flag of United States of America image

Is the remaining DC hosting DNS?

Is it pointing at itself for DNS name resolution?

Is it holding all the FSMO roles?
Avatar of zenworksb
zenworksb

ASKER

It is for sure hosting DNS, but I think there is something wrong withteh configuration but I could be wrong. It is pointing to itself for dns and when I ping the fqdn it resolved ::1 it is wierd and what was teh command to run to see what fismo roles were beieng hosted and I will see if all 65 are on there
::1 is the loopback address in IPv6. If you aren't in an IPv6 network than disable it in the properties of the network adaptor on the DC.

To find the FSMO role holders (5 not 65) go to a command prompt and type "netdom query /domain:<domain> fsmo" where <domain> is the name of YOUR domain.
sorry i typoed i know it is 5 I have ipv6 unchecked that is wierd? I will run that command and post back thansk man
all 5 fismo roles are on this server I am checking onth eipv6 now
ipv6 is unchecked but I still get that ::1 return when pingig the name form the domain?
i see this in eventlog ?

The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.diobr.local. 600 IN SRV 0 100 389 diobr-dc01.diobr.local.' failed on the following DNS server:  

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA
Open an elevated command prompt and type "net stop netlogon && net start netlogon" and hit enter. Wait for the command to complete.

Then type "ipconfig /registerdns" and hit enter.

Re-run that test and post it here. When you post the text please post it in the "Attach Code Snippet" window, that way it is more readable.

Additionally, make another post with the results of entering the command "ServerManagerCMD -query" in an elevated command prompt.
how do I do a elevated command prompt?
ASKER CERTIFIED SOLUTION
Avatar of dfxdeimos
dfxdeimos
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

I RAN ALLTH ETHINGS YOU SAID TO RUN THNE RAN THIS
 
Windows\system32>dcdiag.exe /test:DNS /e /v >dns.txt
 
 
Directory Server Diagnosis
 
 
Performing initial setup:
 
   Trying to find home server...
 
   * Verifying that the local machine sERVER-dc01, is a Directory Server. 
   Home Server = SERVER-dc01
 
   * Connecting to directory service on server SERVER-dc01.
 
   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.
 
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=diobr,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=diobr,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
 
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=diobr,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=DIOBR-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
 
   * Found 1 DC(s). Testing 1 of them.
 
   Done gathering initial info.
 
 
Doing initial required tests
 
   
   Testing server: Default-First-Site-Name\SERVER-DC01
 
      Starting test: Connectivity
 
         * Active Directory LDAP Services Check
         The host a1732d1f-fb48-4dc1-8607-a31989bb08a2._msdcs.dOMAIN.local could
 
         not be resolved to an IP address. Check the DNS server, DHCP, server
 
         name, etc.
 
         ......................... SERVER-DC01 failed test Connectivity
 
 
 
Doing primary tests
 
   
   Testing server: Default-First-Site-Name\SERVER-DC01
 
      Test omitted by user request: Advertising
 
      Test omitted by user request: CheckSecurityError
 
      Test omitted by user request: CutoffServers
 
      Test omitted by user request: FrsEvent
 
      Test omitted by user request: DFSREvent
 
      Test omitted by user request: SysVolCheck
 
      Test omitted by user request: KccEvent
 
      Test omitted by user request: KnowsOfRoleHolders
 
      Test omitted by user request: MachineAccount
 
      Test omitted by user request: NCSecDesc
 
      Test omitted by user request: NetLogons
 
      Test omitted by user request: ObjectsReplicated
 
      Test omitted by user request: OutboundSecureChannels
 
      Test omitted by user request: Replications
 
      Test omitted by user request: RidManager
 
      Test omitted by user request: Services
 
      Test omitted by user request: SystemLog
 
      Test omitted by user request: Topology
 
      Test omitted by user request: VerifyEnterpriseReferences
 
      Test omitted by user request: VerifyReferences
 
      Test omitted by user request: VerifyReplicas
 
   
      Starting test: DNS
 
         
 
         DNS Tests are running and not hung. Please wait a few minutes...
 
         See DNS test in enterprise tests section for results
         ......................... SERVER-DC01 passed test DNS
 
   
   Running partition tests on : ForestDnsZones
 
      Test omitted by user request: CheckSDRefDom
 
      Test omitted by user request: CrossRefValidation
 
   
   Running partition tests on : DomainDnsZones
 
      Test omitted by user request: CheckSDRefDom
 
      Test omitted by user request: CrossRefValidation
 
   
   Running partition tests on : Schema
 
      Test omitted by user request: CheckSDRefDom
 
      Test omitted by user request: CrossRefValidation
 
   
   Running partition tests on : Configuration
 
      Test omitted by user request: CheckSDRefDom
 
      Test omitted by user request: CrossRefValidation
 
   
   Running partition tests on : dOMAIN
 
      Test omitted by user request: CheckSDRefDom
 
      Test omitted by user request: CrossRefValidation
 
   
   Running enterprise tests on : dOMAIN.local
 
      Starting test: DNS
 
         Test results for domain controllers:
 
            
            DC: SERVER-dc01.dOMAIN.local
 
            Domain: dOMAINlocal
 
            
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Microsoftr Windows Serverr 2008 Standard  (Service Pack level: 1.0)
 
                   is supported
 
                  NETLOGON service is running
 
                  kdc service is running
 
                  DNSCACHE service is running
 
                  DNS service is running
 
                  DC is a DNS server
 
                  Network adapters information:
 
                  Adapter [00000006] Broadcom NetXtreme Gigabit Ethernet:
 
                     MAC address is 00:18:71:E9:81:36
                     IP Address is static 
                     IP address: 10.6.6.115
                     DNS servers:
 
                        Warning:
                        10.6.6.115 (SERVER-DC01) [Invalid]
                        Warning: adapter
 
                        [00000006] Broadcom NetXtreme Gigabit Ethernet has
 
                        invalid DNS server: 10.6.6.115 (SERVER-DC01)
 
                  Error: all DNS servers are invalid
 
                  No host records (A or AAAA) were found for this DC
 
                  The SOA record for the Active Directory zone was not found
                  Warning: The Active Directory zone on this DC/DNS server was
 
                  not found (probably a misconfiguration)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     10.6.6.144 (<name unavailable>) [Invalid (unreachable)] 
                     Error: Forwarders list has invalid forwarder: 10.6.6.144 (<name unavailable>)
                     10.6.6.175 (<name unavailable>) [Valid] 
                  
               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record _dcdiag_test_record in zone dOMAIN.local
                  [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
                  Test record _dcdiag_test_record deleted successfully in zone dOMAIN.local
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
 
               adapters
 
         
         Summary of test results for DNS servers used by the above domain
 
         controllers:
 
         
 
            DNS server: 10.6.6.115 (SERVER-DC01)
 
               1 test failure on this DNS server
 
               Name resolution is not functional. _ldap._tcp.dOMAIN.local. failed on the DNS server 10.6.6.115
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 10.6.6.144 (<name unavailable>)
 
               1 test failure on this DNS server
 
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.6.6.144               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 10.6.6.175 (<name unavailable>)
 
               All tests passed on this DNS server
 
               
         Summary of DNS test results:
 
         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: dOMAIN.local
 
               dOMAIN-dc01                   PASS FAIL FAIL n/a  WARN FAIL n/a  
         
         ......................... dOMAIN.local failed test DNS
 
      Test omitted by user request: LocatorCheck
 
      Test omitted by user request: Intersite

Open in new window