[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

Exchange Server 2003 setup - DNS failed test in NetDiag.log

Hello - this question concerns a small office setup with 8 Windows XP Pro computers and a single server running Windows Server 2003, Standard edition, SP2 which is also the DC.  

I am working my way through the Exchange Server 2003 installation checklist and have run into an issue after running the NetDiag.exe command.  All looks good except the DNS test which comes back with the following error:

DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server 'xxx.xxx.x.xxx'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server 'xx.xx.xx.xx'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

One issue I've found so far is that there is no Reverse Lookup Zone set in DNS on this server and there is no "_msdcs.domainname.local" listing on the Forward Lookup Zone.  

Am guessing both of those issues need to be rectified but before I do that would like some expert opinions on DNS resolution.

Or, can I simply proceed with the Exchange Server 2003 installation and not worry about this - or am thinking this problem may bomb out my Exchange install....

Many thanks in advance for your help.
0
Rainman13
Asked:
Rainman13
  • 9
  • 7
1 Solution
 
DrDave242Commented:
Is the DC pointing to itself and ONLY to itself for DNS?  If not, change the DNS server values in the TCP/IP properties of the NIC to use only the server's own IP address as a DNS server, then run the following commands:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlgon

That should register the necessary records in DNS.  You may need to wait a few minutes for this to happen.
0
 
Rainman13Author Commented:
Thanks DrDave242 - I will give it a shot.  Do you think I need to also proceed with setting up a Reverse DNS Lookup Zone as well?

Rainman13
0
 
DrDave242Commented:
A reverse lookup zone is not absolutely necessary, but I'd recommend setting one up, just for completeness' sake.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Rainman13Author Commented:
DrDave242:

The primary DNS ip address in TCP/IP properties was the server' ip address and the secondary DNS was the ISP's.  I went ahead and removed the secondary DNS info, waited about 10 minutes and ran the netdiag.exe again but no luck as follows in this netdiag.log file.  

    Computer Name: DATABASE
    DNS Host Name: DATABASE.database.omahasurgicalcenter.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB911564
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB941693
        KB942615-IE7
        KB942763
        KB942830
        KB942831
        KB942840
        KB943055
        KB943460
        KB943484
        KB943485
        KB944533
        KB944533-IE7
        KB944653
        KB945553
        KB946026
        KB947864-IE7
        KB948496
        KB948590
        KB948881
        KB949014
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952954
        KB953838-IE7
        KB953839
        KB954211
        KB956390-IE7
        KB956391
        KB956803
        KB956841
        KB957095
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DATABASE
        IP Address . . . . . . . . : 192.168.2.151
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.2.1
        Dns Servers. . . . . . . . : 192.168.2.151


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{F3809F71-981C-47B2-B1F6-7F7AC3359CCE}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.2.151'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{F3809F71-981C-47B2-B1F6-7F7AC3359CCE}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{F3809F71-981C-47B2-B1F6-7F7AC3359CCE}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
 
DrDave242Commented:
You mentioned that you didn't see a forward lookup zone for _msdcs.domainname.local in DNS.  Is it there yet or still missing?  Check also for an _msdcs folder underneath the domainname.local forward lookup zone.  That's the "old" way of doing it, but it accomplishes the same thing.
0
 
Rainman13Author Commented:
DrDave242:

I just checked and there is no _msdcs.domainname.local in the Forward Lookup Zone.  It also does not exist under the domainname.local Forward Lookup Zone either.

0
 
DrDave242Commented:
In that case, go ahead and create it.  Right-click on Forward Lookup Zones and select New Zone.  Make sure you type the name correctly (_msdcs.domainname.local), make it a primary zone, integrate it with AD, and allow secure dynamic updates.  After you've created the zone, run the "ipconfig /registerdns" command on the DC, then restart the Net Logon service.  This will register all of the necessary records in that zone, but it may take a few minutes.  Refresh the DNS console every couple of minutes until you see a few records and subfolders appear inside the zone.  At that point, you should be good to go.
0
 
Rainman13Author Commented:
Thanks DrDave242!

In preparing to do this I just noticed something else which could be fundamentally wrong in the setup of DNS for this business.  When I open up Active Directory, the domain name listed (right under the Saved Queries folder) is database.domainname.com while the current Forward Lookup Zone does not have the database prefix - it only has domainname.com as the domain name.  

Prior to making the Forward Lookup Zone change you mention above, should I first change the current domain name listed in the Forward Lookup Zone to match the domain name listed as per Active Directory as above, or can that be done after the new Primary _msdcs.domainname.com is created as per your instructions?

Many thanks -

Rainman13
0
 
DrDave242Commented:
Do you want your domain to be named database.domainname.com?  It sounds like that's its name at the moment.  If you're OK with keeping it that way, change your DNS to match it.  You'll need to create a new forward lookup zone for database.domainname.com, as the exsiting one can't be renamed.  Then you'll also need to create _msdcs.database.domainname.com.  Once both zones are created, run "ipconfig /registerdns" and restart the Net Logon service on the DC.  That should register all of the DC's records in those zones.

If you would rather not use database.domainname.com as your domain name (personally, I would recommend .local or some other non-public DNS suffix for your AD domain), then the easiest way to change it will be to demote your DC and repromote it to the correct name.  This will have to be done before Exchange is installed, as you can't demote or promote an Exchange server - well, you CAN, but you'll run into trouble.  (It's also possible to rename your domain without demoting the DC, even after installing Exchange, but it can get messy.)

If you've already got users working in the domain, you'll probably be better off just leaving it as database.domainname.com, unless they don't mind the change.
0
 
Rainman13Author Commented:
Excellent - I would personally prefer a different domain as you mention, but don't know if it makes sense to invest the time & effort at this point prior to installing Exchange.  I'll go ahead and follow your instructions and will let you know!  Thanks again -

Rainman13
0
 
Rainman13Author Commented:
DrDave242:

I started down the path and I am wondering if when creating the new Forward Lookup Zone for database.domainname.com, do I create this as a "stub zone' as the _msdcs.database.domainname.com will be the primary zone?  
0
 
DrDave242Commented:
No, they're actually both primary zones, so create them both as such.
0
 
Rainman13Author Commented:
Have completed setting up the 2 new Forward Lookup Zones and a Reverse Lookup Zone and in the DNS console all looks well and fine, but no luck on DNS passing the netdiag.exe test yet.  I'll wait 30 minutes or so and try later....
0
 
Rainman13Author Commented:
Just tried it again and no joy as I continue to receive the same DNS error message in the netdiag log file.  Do I need to delete the old domain of domainname.com which was listed in the Forward Lookup Zone to begin with?  
0
 
DrDave242Commented:
You can delete it, although its presence shouldn't affect the other zones.  What do your two new zones look like now?  Do they have any records and/or folders in them at all?  Also, does "ipconfig /all" show the correct primary DNS suffix for the DC?
0
 
Rainman13Author Commented:
DrDave242:

Good news - DNS is working now as far as netdiag.exe is concerned.  I deleted the old domainname.com in the Forward Looking Zone and after a bunch of chasing around decided to delete and re-create the _msdsc.database.domainname.com and database.domainname.com as well.  After that and doing the following comands the netdiag test passed DNS.  
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlgon

Thanks for all your help and time!

Rainman13
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now