DNS cannot find a primary authoritative DNS

This is a SBS 2003 server which has worked okay for about 3 years with some problems. I'm now trying to fixe the DNS error. the netdiag.txt

I'm not sure where to start.
Thanks for your help.
.......................................

    Computer Name: SERVERN
    DNS Host Name: servern.cleavers.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 67 Stepping 3, AuthenticAMD
    List of installed hotfixes :
   
Removed to make this list smaller    

Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : servern
        IP Address . . . . . . . . : 192.168.0.87
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.100
        Primary WINS Server. . . . : 192.168.0.87
        Dns Servers. . . . . . . . : 192.168.0.87


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{AFA1D373-8E10-472A-B055-2532CB839CE8}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'servern.cleavers.local.'. [RCODE_SERVER_FAILURE]
            The name 'servern.cleavers.local.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.0.87'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{AFA1D373-8E10-472A-B055-2532CB839CE8}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{AFA1D373-8E10-472A-B055-2532CB839CE8}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
LVL 2
pjwallisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vaidas911Commented:
Is your server the only one server in your domain infrastructure?
Is your server a DNS server for itself?
Could you please go to DNS server mmc and select properties of your server, go to Monitoring tab, select and perform both test - write results here.
0
pjwallisAuthor Commented:
Yes this server is the only one in the domain being the DC and holding all fismo roles.

Both the simple query and the recursive query passed the test.

0
abt-itCommented:
Have a look if the servername exists in forward and reverse Zones only once. Perhabs you should activate the cleanup routines of the server.

You can also try the command ipconfig /registerdns on the server.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

pjwallisAuthor Commented:
What are the cleanup routines of the server?

I tried ipconfig /registerdns which failed see event below.

i tried 'nltest.exe /dsregdns'  and it completed successfully.

Event Type:      Warning
Event Source:      NETLOGON
Event Category:      None
Event ID:      5781
Date:            24/04/2010
Time:            4:24:19 PM
User:            N/A
Computer:      SERVERN
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.cleavers.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
0
abt-itCommented:
What are the cleanup routines of the server?

-> Right Click on the Forward Lookup Zone and choose properties, there is a button und the select box for dynamic updates, in german it's "Alterung", there you can define a cleanup of old DNS Entries.

Check the following things:
- NIC(s) of the Server have to use the IP Adress of the DNS Server
- Any wrong delegation inside the properties of the DNS Server

Also check the _msdcs Zone, perhabs this helps:

http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
0
pjwallisAuthor Commented:
Thanks for the cleanup routines. I have done all twice.
Below is the output of dcdiag /fix followed by the output of netdiag /fix



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SERVERN
      Starting test: Connectivity
         The host b085cdef-44c3-4dc3-82e1-eb7185eb1b55._msdcs.cleavers.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (b085cdef-44c3-4dc3-82e1-eb7185eb1b55._msdcs.cleavers.local) couldn't

         be resolved, the server name (servern.cleavers.local) resolved to the

         IP address (192.168.0.87) and was pingable.  Check that the IP address

         is registered correctly with the DNS server.
         ......................... SERVERN failed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SERVERN
      Skipping all tests, because server SERVERN is
      not responding to directory service requests
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : cleavers
      Starting test: CrossRefValidation
         ......................... cleavers passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... cleavers passed test CheckSDRefDom
   
   Running enterprise tests on : cleavers.local
      Starting test: Intersite
         ......................... cleavers.local passed test Intersite
      Starting test: FsmoCheck
         ......................... cleavers.local passed test FsmoCheck

***************************************************************
Netdiag /fix follows I removed the list of hotfixes to save space.

***************************************************************

.......................................

    Computer Name: SERVERN
    DNS Host Name: servern.cleavers.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 67 Stepping 3, AuthenticAMD
    List of installed hotfixes :

****** removed to save space ******************

Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : servern
        IP Address . . . . . . . . : 192.168.0.87
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.100
        Primary WINS Server. . . . : 192.168.0.87
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{AFA1D373-8E10-472A-B055-2532CB839CE8}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'servern.cleavers.local.'. [RCODE_SERVER_FAILURE]
            The name 'servern.cleavers.local.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.2c779535-24d0-4128-aa1f-f11aa9bcf1ee.domains._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry gc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry b085cdef-44c3-4dc3-82e1-eb7185eb1b55._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry ForestDnsZones.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry DomainDnsZones.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.cleavers.local. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '127.0.0.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{AFA1D373-8E10-472A-B055-2532CB839CE8}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{AFA1D373-8E10-472A-B055-2532CB839CE8}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

0
abt-itCommented:
Looks like the DC is not correctly registered in the DNS Zone. Check the entries of _msdcs and check security Settings of the zone.
Do you use and administrative account running dcdiag and netdiag?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pjwallisAuthor Commented:
where do I find the _msdsc entries. ?

What do I look for with the DC being registered in the DNS zone?

The permissions appear to be okay allowing the domain administrator full access.

I'm logged on as the Domain Administrator.
0
pjwallisAuthor Commented:
I found it - the forward lookup zone wasn't created with the exact name of the active directory.  

Deleted it and recreated the forward lookup zone and followed the directions of the following site.

http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/

as suggested by abt-it.  Thanks heaps - it's all working.
0
pjwallisAuthor Commented:
My lack of understand made this hard to follow. As I learned what was happening it all suddenly fell into place. It's now easy to delete the forward lookup zone and recreate it, after some great help.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.