handsthompson
asked on
DNS server stops unexpectantly with no stop messages in Event Viewer
The environment is rather simple. Dell PE 2900 purchased new Jan 2008. Windows 2003 32bit Server R2 SP2. This server's main role is to run a Sybase db for a digital dental office. Every week or so the users complain that the system is slow and when I log into the server I see the screenshot attached. I restart DNS and the issue is resolved. Nothing really pertinent in Event Viewer. I would expect event ID 3 "The DNS Server has shutdown". I do not see that message. Events from the event viewer that are reported as errors are included in the snippet but are from Feb. 29 2008 and 1/25/2008. I can count the number of times this has happened. About 10 to 11 times this has happened. One thing kinda strange that I just noticed was a 169.x.x.x IP address on the interfaces tab as a listener. I have since removed it and believe that explains the January error.
****************************
***Start of Feb. 29, 2008***
****************************
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6702
Date: 2/29/2008
Time: 5:46:00 PM
User: N/A
Computer: DDFS01
Description:
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: b4 05 00 00 ´...
*************************
****Start of IP error****
*************************
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 410
Date: 1/25/2008
Time: 11:54:39 AM
User: N/A
Computer: DDFS01
Description:
The DNS server list of restricted interfaces does not contain a valid IP address for the server computer. The DNS server will use all IP interfaces on the machine.
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on. For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Run a dcdiag. The issue should be the two NICs
ASKER
dariusg,
Thanks for your quick reply. I have 2 NICs and as mentioned in my post I just now removed teh 169.x.x.x address. I still don't understand if the DNS Server attempts to use 169.x.x.x why that would cause the screen shot and no shutdown message in Event Viewer.
Thanks for your quick reply. I have 2 NICs and as mentioned in my post I just now removed teh 169.x.x.x address. I still don't understand if the DNS Server attempts to use 169.x.x.x why that would cause the screen shot and no shutdown message in Event Viewer.
OK, so you have removed the 169.x.x.x out of DNS then disabled the second NIC. DNS doesn't know what address to use or interface unless you tell to when you have a mulithomed server.
ASKER
I didn't not disable the second NIC. I could, however I'm trying to understand why. The second NIC doesn't have an IP address assigned to it. Why would that second NIC have 169.x.x.x assigned to it? That's a default dynamic address when DHCP doesn't respond. I did swith NICs back and forth in Feb. 2008, but not since then, so maybe it was assigned at one point?
If the second NIC isn't connected to the network or can't contact a DHCP server then Windows will assign one automatically by using the APIPA address then if this interface has the registry this interface with DNS checked under the TCP\IP properties on the DNS tab it will registry the 169.x.x.x address.
Sorry not registry but register.
ASKER
Still doesn't make sense why the service would be stopping with no notice..
Exactly what are saying is stopping, DNS? If DNS is AD integrated zones or has a conflict on the server it's running and can't find the correct information it will stop the service in some situations.
ASKER
The screenshot indicates that the service is stopped right?
From a workstation I ping ddfs01 (the hostname) and I get unknown host
I look at DNS services and again...the screenshot.
I restart DNS and all is fine and dandy.
From a workstation I ping ddfs01 (the hostname) and I get unknown host
I look at DNS services and again...the screenshot.
I restart DNS and all is fine and dandy.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Open in new window