Solved

Domain Controller failing dcdiag dns test

Posted on 2010-09-01
29
5,131 Views
Last Modified: 2012-05-10
I have two domain controllers which have been fine up until last week when I started to get 1030 and 1058 errors in my logs every 5 minutes on my server called appserv1.

I have slowly been working through KB's and links on EE and have found that I have a DNS issue.

I ran a dcdiag /test:netlogons and everything came back ok. But when I run a DCdiag /test:DNS I get a stack of errors with my DNS.

Testing server: Reigate\APPSERV1

DNS Tests are running and not hung. Please wait a few minutes...
 
   Running partition tests on : DomainDnsZones
 
   Running partition tests on : ForestDnsZones
 
   Running partition tests on : Schema
 
   Running partition tests on : Configuration
 
   Running partition tests on : letterpart
 
   Running enterprise tests on : letterpart.local
     Starting test: DNS
        Test results for domain controllers:
           
           DC: APPSERV1.letterpart.local
           Domain: letterpart.local

                 
              TEST: Basic (Basc)
                 Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)
                 Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                 Error: all DNS servers are invalid
             
            TEST: Records registration (RReg)
              Error: Record registrations cannot be found for all the network adapters
       
         Summary of test results for DNS servers used by the above domain controllers:

           DNS server: 192.168.1.100 (<name unavailable>)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
             
            DNS server: 192.168.1.210 (<name unavailable>)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
             
         Summary of DNS test results:
       
                                            Auth Basc Forw Del  Dyn  RReg Ext  
              ________________________________________________________________
           Domain: letterpart.local
              APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
       
         ......................... letterpart.local failed test DNS


I can't see anything wrong with my DNS and would appreciate some help and advice here please.

thanks
0
Comment
Question by:Letterpart
  • 11
  • 7
  • 6
  • +2
29 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33575727
Disable one of the network cards and run it again, dual nic DC's have these issues.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33575752
Sorry that was abit rushed, disable one of the nwtrok cards and make sure the dns confuration on the remaining NIC points to the DC for dns, then run "ipconfig/flushdns" and then "net stop netlogon && net start netlogon"
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33575756
Additionally check on DNS server NICs binding (on which IP DNS server is listening)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33575763
Did you make any environment IP changes?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33575772
Thanks for your replies.

My server only has 1 LAN NIC installed, the other two NICs are on the SAN network.


It is only listening on 192.168.1.100
0
 
LVL 24

Accepted Solution

by:
Mike Thomas earned 100 total points
ID: 33575781
Are the SAN Nics 192.168.1.100 & 192.168.1.210? if so sort the bindings as iSiek suggested so they are not being used for anything other then the SAN traffick.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 100 total points
ID: 33575810
Check in forward lookup zone if you have defined SOA and NS records for your DNS server(s). Additionally please try to restart netlogon service to re-register it into DNS zone

Type in command-line

net stop netlogon
net start netlogon
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33575830
My SAN NICS are 192.168.252.x and 192.168.253.x

I have run "ipconfig/flushdns" and then "net stop netlogon && net start netlogon" and still getting the same result from dcdiag /test:dns

I have a SOA record for appserv1 and NS records for Appserv1 and dc1 in the FLZ
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33575836
So what are the IP's 192.168.1.100 & 192.168.1.210 ?
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33575856
192.168.1.100 is the IP of Appserv1 which is a DC
192.168.1.210 is the IP of DC1 which is also a DC
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33575888
And these dc's are both configured to look at themsleves and themsleves only for DNS? when was the second DC added?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33575893
it looks like there is no DNS configured :/
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33575904
it's looking that way, is DNS (the service) actually been installed? does dcdiag run ok on the other DC?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33575910
run in command-line

nslookup

set domain=<your_fqdn>

<your_fqdn>

and check what IP addresses of DNSes were displayed
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33575966
The second DC (DC1) was added about 4 months ago and replaced appserv2 as we are migrating to VM's and I needed to separate some server functions.

dcdiag runs fine on DC1 and gave me:

letterpart.local passed test DNS

the nslookup run on appserv1 gave me:

name: letterpart.local
Addresses: 192.168.1.210, 192.168.1.163, 192.168.1.167, 192.168.1.168, 192.168.1.100, 192.168.253.102, 192.168.252.102

0
 
LVL 1

Author Comment

by:Letterpart
ID: 33575970
And DNS has been installed on Appserv1. This server has been our Domain controller for over 5 years now.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 200 total points
ID: 33576057
Check whether the 192.168.1.0 reverse zone has the names associated with the IPs.
nslookup 192.168.1.100 and nslookup 192.168.1.210 returns no name.
This is likely an issue with dns record scavanging that deleted the two records.
192.168.1.100 IN PTR appserv1.letterpart.local.
192.168.1.210 IN PTR dc1.letterpart.local.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33576060
OK, so check in reverse lookup zone if you have define entries for your DNS servers (100 and 210)
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33576070
Arnold makes a good point about scavaging, check the settings an ensure it is set to something over 24 hours.(default is 7 days)
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33576230
The RLZ has NS and PTR records for both 100 and 210 with the correct names associated.

Running an nslookup on 192.168.1.100 and 210 gives me the correct FQDN's for those IP's

Automatic Scavenging is set to off (which it says is the default (Windows Server 2003 R2))
0
 
LVL 77

Expert Comment

by:arnold
ID: 33578973
Reigate\APPSERV1
versus letterpart\appserver1?

did you change/alter the data you posted?
0
 
LVL 7

Assisted Solution

by:ms-pro
ms-pro earned 100 total points
ID: 33582858
Change the DNS Server on  those serves 192.168.1.100 and 192.168.1.210.
Change it from 127.0.0.1 to the real ip-add. fx 192.168.1.210 and on the 192.168.1.210
to 192.168.1.210
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33594941
Sorry for the delay in replying, my wife was ill yesterday so had to take the day off to look after 3 demanding children and spent it in front of the washing machine and sink. Thankfully I am back at work now.

@Arnold: The server is called APPSERV1 not appserver1 but I am confused as to why it is showing as Reigate\ as the server is in the Domain Controllers OU and not under Reigate.

@ms-pro: The DNS server details are already as follows:


Appserv1
Ethernet adapter Local Area Connection:
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
Physical Address. . . . . . . . . : 00-0E-0C-B5-2F-1C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.100 & 192.168.1.210

DC1
Ethernet adapter Local Area Connection:
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-08-78-DF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.210
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.210 & 192.168.1.100
0
 
LVL 7

Expert Comment

by:ms-pro
ID: 33601629
1.Check the A  record for 192.168.1.210  and 192.168.1.100
2.Check the PTR record for 192.168.1.210  and 192.168.1.100
3.Check The event log!!
 
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33635027
I have attached the A and PTR records for both appserv1 (.100) and DC1 (.210)

There is nothing in the event logs regarding DNS.


A-Record.jpg
PTR-records.jpg
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33637867
DCDiag verbose output:

         Test results for domain controllers:
           
            DC: APPSERV1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000007] Intel(R) PRO/1000 MT Server Adapter:
                     MAC address is 00:0E:0C:B5:2F:1C
                     IP address is static
                     IP address: 192.168.1.100
                     DNS servers:
                        Warning: 192.168.1.100 (<name unavailable>) [Invalid]
                        Warning: 192.168.1.210 (<name unavailable>) [Invalid]
                  Error: all DNS servers are invalid
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.1.210 (<name unavailable>) [Invalid]
                     194.72.6.57 (<name unavailable>) [Valid]
                     194.73.82.242 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone letterpart.local.
                  Test record _dcdiag_test_record added successfully in zone letterpart.local.
                  Test record _dcdiag_test_record deleted successfully in zone letterpart.local.
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.210 (<name unavailable>)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 192.168.1.100 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 194.72.6.57 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
            DNS server: 194.73.82.242 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: letterpart.local
               APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... letterpart.local failed test DNS
0
 
LVL 1

Author Comment

by:Letterpart
ID: 33638151
And the results from dcdiag /test:dns /e


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Reigate\APPSERV1
      Starting test: Connectivity
         ......................... APPSERV1 passed test Connectivity
   
   Testing server: Nutfield\APPSERV3
      Starting test: Connectivity
         ......................... APPSERV3 passed test Connectivity
   
   Testing server: Reigate\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests
   
   Testing server: Reigate\APPSERV1
   
   Testing server: Nutfield\APPSERV3
   
   Testing server: Reigate\DC1

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : letterpart
   
   Running enterprise tests on : letterpart.local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: appserv3.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.1.100 (<name unavailable>)
                  Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.11.102 (<name unavailable>)
                  Error: all DNS servers are invalid
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
           
            DC: APPSERV1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)
                  Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                  Error: all DNS servers are invalid
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 192.168.1.210 (<name unavailable>)
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
           
            DC: DC1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000001] VMware Accelerated AMD PCNet Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                  Warning: adapter [00000001] VMware Accelerated AMD PCNet Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)
                  Error: all DNS servers are invalid
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 192.168.1.100 (<name unavailable>)
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.100 (<name unavailable>)
               4 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
               
            DNS server: 192.168.1.210 (<name unavailable>)
               3 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               
            DNS server: 192.168.11.102 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.11.102
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: letterpart.local
               appserv3                     PASS FAIL FAIL PASS PASS FAIL n/a  
               APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
               DC1                          PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... letterpart.local failed test DNS
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 200 total points
ID: 33642644
You have NS record references to appserv2 and appserv3.

Check the zone records for your AD domain.
You should have a 127.0.0 zone defined locally so that the requests are not forwarded out.

You have a mix of reigate or nutfield references and those seem to refer to the site where they are.
AD sites and services.

Add a local 127.0.0 and add 1 PTR to localhost. letterpart.local and that should eliminate the 127.0.0.1 reverse name lookup.

You have also configured seemingly static IPs for the DC1 and appserv1 to delete when deemed as stale.
0
 
LVL 1

Author Closing Comment

by:Letterpart
ID: 34524261
Sorry, just noticed this outstanding question.

Not sure what the state of play is with the DC's. Everything appears to be working so will close the question down and award points.

Thanks for everyones help and advice.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question