zenworksb
asked on
2008 AD dns issue
I had a client where a engineer was at and he tried to install a server as asecondary gc etc. push comes to shove they force removed it from the domian and removed things from dns etc. now I can not ping the The doman controller from workstations in teh name by FQDN only by netbios name. I also cannot ping the domain. I also can not add domain groups to local groups as when I click to browse it does not show the domain. Please help I know it is a dns issue but not sure what
this is what I get from dc diag can you see anything
DCDiag - DNS on 11/12/2008 12:33:07 PM
view online documentation.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server domain-dc01.domain.local.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=d omain,DC=l ocal,LDAP_ SCOPE_SUBT REE,(objec tCategory= ntDSSiteSe ttings),.. .....
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=d omain,DC=l ocal
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=d omain,DC=l ocal,LDAP_ SCOPE_SUBT REE,(objec tClass=ntD SDsa),.... ...
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DOMAIN-DC01,CN =Servers,C N=Default- First-Site -Name,CN=S ites,CN=Co nfiguratio n,DC=domai n,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DO MAIN-DC01
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a1732d1f-fb48-4dc1-8607-a3 1989bb08a2 ._msdcs.do main.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... DOMAIN-DC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DO MAIN-DC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DOMAIN-DC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.local
Starting test: DNS
Test results for domain controllers:
DC: domain-dc01.domain.local
Domain: domain.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
Microsoftr Windows Serverr 2008 Standard (Service Pack level: 1.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 00:18:71:E9:81:36
IP Address is static
IP address: 10.6.6.115
DNS servers:
Warning:
127.0.0.1 (DOMAIN-DC01) [Invalid]
Warning: adapter
[00000006] Broadcom NetXtreme Gigabit Ethernet has
invalid DNS server: 127.0.0.1 (DOMAIN-DC01)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was not found
Warning: The Active Directory zone on this DC/DNS server was
not found (probably a misconfiguration)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.6.6.144 () [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 10.6.6.144 ()
10.6.6.175 () [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record _dcdiag_test_record in zone domain.local
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
Test record _dcdiag_test_record deleted successfully in zone domain.local
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.6.6.115 (DOMAIN-DC01)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.6.6.115
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 10.6.6.144 ()
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.6.6.144 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.6.6.175 ()
All tests passed on this DNS server
Summary of DNS test results:
Computer Domain Auth Basc Forw Del Dyn RReg Ext
domain-dc01 domain.local PASS FAIL FAIL n/a WARN FAIL n/a
......................... domain.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
this is what I get from dc diag can you see anything
DCDiag - DNS on 11/12/2008 12:33:07 PM
view online documentation.
--------------------------
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server domain-dc01.domain.local.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DOMAIN-DC01,CN
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DO
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a1732d1f-fb48-4dc1-8607-a3
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... DOMAIN-DC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DO
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DOMAIN-DC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.local
Starting test: DNS
Test results for domain controllers:
DC: domain-dc01.domain.local
Domain: domain.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
Microsoftr Windows Serverr 2008 Standard (Service Pack level: 1.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 00:18:71:E9:81:36
IP Address is static
IP address: 10.6.6.115
DNS servers:
Warning:
127.0.0.1 (DOMAIN-DC01) [Invalid]
Warning: adapter
[00000006] Broadcom NetXtreme Gigabit Ethernet has
invalid DNS server: 127.0.0.1 (DOMAIN-DC01)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was not found
Warning: The Active Directory zone on this DC/DNS server was
not found (probably a misconfiguration)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.6.6.144 () [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 10.6.6.144 ()
10.6.6.175 () [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record _dcdiag_test_record in zone domain.local
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
Test record _dcdiag_test_record deleted successfully in zone domain.local
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.6.6.115 (DOMAIN-DC01)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.6.6.115
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 10.6.6.144 ()
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.6.6.144 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.6.6.175 ()
All tests passed on this DNS server
Summary of DNS test results:
Computer Domain Auth Basc Forw Del Dyn RReg Ext
domain-dc01 domain.local PASS FAIL FAIL n/a WARN FAIL n/a
......................... domain.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
ASKER
It is for sure hosting DNS, but I think there is something wrong withteh configuration but I could be wrong. It is pointing to itself for dns and when I ping the fqdn it resolved ::1 it is wierd and what was teh command to run to see what fismo roles were beieng hosted and I will see if all 65 are on there
::1 is the loopback address in IPv6. If you aren't in an IPv6 network than disable it in the properties of the network adaptor on the DC.
To find the FSMO role holders (5 not 65) go to a command prompt and type "netdom query /domain:<domain> fsmo" where <domain> is the name of YOUR domain.
To find the FSMO role holders (5 not 65) go to a command prompt and type "netdom query /domain:<domain> fsmo" where <domain> is the name of YOUR domain.
ASKER
sorry i typoed i know it is 5 I have ipv6 unchecked that is wierd? I will run that command and post back thansk man
ASKER
all 5 fismo roles are on this server I am checking onth eipv6 now
ASKER
ipv6 is unchecked but I still get that ::1 return when pingig the name form the domain?
ASKER
i see this in eventlog ?
The dynamic registration of the DNS record '_ldap._tcp.Default-First- Site-Name. _sites.dc. _msdcs.dio br.local. 600 IN SRV 0 100 389 diobr-dc01.diobr.local.' failed on the following DNS server:
DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
The dynamic registration of the DNS record '_ldap._tcp.Default-First-
DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Open an elevated command prompt and type "net stop netlogon && net start netlogon" and hit enter. Wait for the command to complete.
Then type "ipconfig /registerdns" and hit enter.
Re-run that test and post it here. When you post the text please post it in the "Attach Code Snippet" window, that way it is more readable.
Additionally, make another post with the results of entering the command "ServerManagerCMD -query" in an elevated command prompt.
Then type "ipconfig /registerdns" and hit enter.
Re-run that test and post it here. When you post the text please post it in the "Attach Code Snippet" window, that way it is more readable.
Additionally, make another post with the results of entering the command "ServerManagerCMD -query" in an elevated command prompt.
ASKER
how do I do a elevated command prompt?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I RAN ALLTH ETHINGS YOU SAID TO RUN THNE RAN THIS
Windows\system32>dcdiag.exe /test:DNS /e /v >dns.txt
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine sERVER-dc01, is a Directory Server.
Home Server = SERVER-dc01
* Connecting to directory service on server SERVER-dc01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=diobr,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=diobr,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=diobr,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DIOBR-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER-DC01
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a1732d1f-fb48-4dc1-8607-a31989bb08a2._msdcs.dOMAIN.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVER-DC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER-DC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER-DC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : dOMAIN
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : dOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: SERVER-dc01.dOMAIN.local
Domain: dOMAINlocal
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
Microsoftr Windows Serverr 2008 Standard (Service Pack level: 1.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 00:18:71:E9:81:36
IP Address is static
IP address: 10.6.6.115
DNS servers:
Warning:
10.6.6.115 (SERVER-DC01) [Invalid]
Warning: adapter
[00000006] Broadcom NetXtreme Gigabit Ethernet has
invalid DNS server: 10.6.6.115 (SERVER-DC01)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was not found
Warning: The Active Directory zone on this DC/DNS server was
not found (probably a misconfiguration)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.6.6.144 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 10.6.6.144 (<name unavailable>)
10.6.6.175 (<name unavailable>) [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record _dcdiag_test_record in zone dOMAIN.local
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
Test record _dcdiag_test_record deleted successfully in zone dOMAIN.local
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.6.6.115 (SERVER-DC01)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.dOMAIN.local. failed on the DNS server 10.6.6.115
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 10.6.6.144 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.6.6.144 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.6.6.175 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: dOMAIN.local
dOMAIN-dc01 PASS FAIL FAIL n/a WARN FAIL n/a
......................... dOMAIN.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
Is it pointing at itself for DNS name resolution?
Is it holding all the FSMO roles?