Solved

Domain Controller failing dcdiag dns test

Posted on 2010-09-01
29
5,007 Views
Last Modified: 2012-05-10
I have two domain controllers which have been fine up until last week when I started to get 1030 and 1058 errors in my logs every 5 minutes on my server called appserv1.

I have slowly been working through KB's and links on EE and have found that I have a DNS issue.

I ran a dcdiag /test:netlogons and everything came back ok. But when I run a DCdiag /test:DNS I get a stack of errors with my DNS.

Testing server: Reigate\APPSERV1

DNS Tests are running and not hung. Please wait a few minutes...
 
   Running partition tests on : DomainDnsZones
 
   Running partition tests on : ForestDnsZones
 
   Running partition tests on : Schema
 
   Running partition tests on : Configuration
 
   Running partition tests on : letterpart
 
   Running enterprise tests on : letterpart.local
     Starting test: DNS
        Test results for domain controllers:
           
           DC: APPSERV1.letterpart.local
           Domain: letterpart.local

                 
              TEST: Basic (Basc)
                 Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)
                 Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                 Error: all DNS servers are invalid
             
            TEST: Records registration (RReg)
              Error: Record registrations cannot be found for all the network adapters
       
         Summary of test results for DNS servers used by the above domain controllers:

           DNS server: 192.168.1.100 (<name unavailable>)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
             
            DNS server: 192.168.1.210 (<name unavailable>)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
             
         Summary of DNS test results:
       
                                            Auth Basc Forw Del  Dyn  RReg Ext  
              ________________________________________________________________
           Domain: letterpart.local
              APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
       
         ......................... letterpart.local failed test DNS


I can't see anything wrong with my DNS and would appreciate some help and advice here please.

thanks
0
Comment
Question by:Letterpart
  • 11
  • 7
  • 6
  • +2
29 Comments
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
Disable one of the network cards and run it again, dual nic DC's have these issues.
0
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
Sorry that was abit rushed, disable one of the nwtrok cards and make sure the dns confuration on the remaining NIC points to the DC for dns, then run "ipconfig/flushdns" and then "net stop netlogon && net start netlogon"
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
Additionally check on DNS server NICs binding (on which IP DNS server is listening)
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
Did you make any environment IP changes?
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
Thanks for your replies.

My server only has 1 LAN NIC installed, the other two NICs are on the SAN network.


It is only listening on 192.168.1.100
0
 
LVL 24

Accepted Solution

by:
MojoTech earned 100 total points
Comment Utility
Are the SAN Nics 192.168.1.100 & 192.168.1.210? if so sort the bindings as iSiek suggested so they are not being used for anything other then the SAN traffick.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 100 total points
Comment Utility
Check in forward lookup zone if you have defined SOA and NS records for your DNS server(s). Additionally please try to restart netlogon service to re-register it into DNS zone

Type in command-line

net stop netlogon
net start netlogon
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
My SAN NICS are 192.168.252.x and 192.168.253.x

I have run "ipconfig/flushdns" and then "net stop netlogon && net start netlogon" and still getting the same result from dcdiag /test:dns

I have a SOA record for appserv1 and NS records for Appserv1 and dc1 in the FLZ
0
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
So what are the IP's 192.168.1.100 & 192.168.1.210 ?
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
192.168.1.100 is the IP of Appserv1 which is a DC
192.168.1.210 is the IP of DC1 which is also a DC
0
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
And these dc's are both configured to look at themsleves and themsleves only for DNS? when was the second DC added?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
it looks like there is no DNS configured :/
0
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
it's looking that way, is DNS (the service) actually been installed? does dcdiag run ok on the other DC?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
run in command-line

nslookup

set domain=<your_fqdn>

<your_fqdn>

and check what IP addresses of DNSes were displayed
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 1

Author Comment

by:Letterpart
Comment Utility
The second DC (DC1) was added about 4 months ago and replaced appserv2 as we are migrating to VM's and I needed to separate some server functions.

dcdiag runs fine on DC1 and gave me:

letterpart.local passed test DNS

the nslookup run on appserv1 gave me:

name: letterpart.local
Addresses: 192.168.1.210, 192.168.1.163, 192.168.1.167, 192.168.1.168, 192.168.1.100, 192.168.253.102, 192.168.252.102

0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
And DNS has been installed on Appserv1. This server has been our Domain controller for over 5 years now.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 200 total points
Comment Utility
Check whether the 192.168.1.0 reverse zone has the names associated with the IPs.
nslookup 192.168.1.100 and nslookup 192.168.1.210 returns no name.
This is likely an issue with dns record scavanging that deleted the two records.
192.168.1.100 IN PTR appserv1.letterpart.local.
192.168.1.210 IN PTR dc1.letterpart.local.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
OK, so check in reverse lookup zone if you have define entries for your DNS servers (100 and 210)
0
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
Arnold makes a good point about scavaging, check the settings an ensure it is set to something over 24 hours.(default is 7 days)
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
The RLZ has NS and PTR records for both 100 and 210 with the correct names associated.

Running an nslookup on 192.168.1.100 and 210 gives me the correct FQDN's for those IP's

Automatic Scavenging is set to off (which it says is the default (Windows Server 2003 R2))
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Reigate\APPSERV1
versus letterpart\appserver1?

did you change/alter the data you posted?
0
 
LVL 7

Assisted Solution

by:ms-pro
ms-pro earned 100 total points
Comment Utility
Change the DNS Server on  those serves 192.168.1.100 and 192.168.1.210.
Change it from 127.0.0.1 to the real ip-add. fx 192.168.1.210 and on the 192.168.1.210
to 192.168.1.210
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
Sorry for the delay in replying, my wife was ill yesterday so had to take the day off to look after 3 demanding children and spent it in front of the washing machine and sink. Thankfully I am back at work now.

@Arnold: The server is called APPSERV1 not appserver1 but I am confused as to why it is showing as Reigate\ as the server is in the Domain Controllers OU and not under Reigate.

@ms-pro: The DNS server details are already as follows:


Appserv1
Ethernet adapter Local Area Connection:
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
Physical Address. . . . . . . . . : 00-0E-0C-B5-2F-1C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.100 & 192.168.1.210

DC1
Ethernet adapter Local Area Connection:
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-08-78-DF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.210
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.210 & 192.168.1.100
0
 
LVL 7

Expert Comment

by:ms-pro
Comment Utility
1.Check the A  record for 192.168.1.210  and 192.168.1.100
2.Check the PTR record for 192.168.1.210  and 192.168.1.100
3.Check The event log!!
 
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
I have attached the A and PTR records for both appserv1 (.100) and DC1 (.210)

There is nothing in the event logs regarding DNS.


A-Record.jpg
PTR-records.jpg
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
DCDiag verbose output:

         Test results for domain controllers:
           
            DC: APPSERV1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000007] Intel(R) PRO/1000 MT Server Adapter:
                     MAC address is 00:0E:0C:B5:2F:1C
                     IP address is static
                     IP address: 192.168.1.100
                     DNS servers:
                        Warning: 192.168.1.100 (<name unavailable>) [Invalid]
                        Warning: 192.168.1.210 (<name unavailable>) [Invalid]
                  Error: all DNS servers are invalid
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.1.210 (<name unavailable>) [Invalid]
                     194.72.6.57 (<name unavailable>) [Valid]
                     194.73.82.242 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone letterpart.local.
                  Test record _dcdiag_test_record added successfully in zone letterpart.local.
                  Test record _dcdiag_test_record deleted successfully in zone letterpart.local.
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.210 (<name unavailable>)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 192.168.1.100 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 194.72.6.57 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
            DNS server: 194.73.82.242 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: letterpart.local
               APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... letterpart.local failed test DNS
0
 
LVL 1

Author Comment

by:Letterpart
Comment Utility
And the results from dcdiag /test:dns /e


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Reigate\APPSERV1
      Starting test: Connectivity
         ......................... APPSERV1 passed test Connectivity
   
   Testing server: Nutfield\APPSERV3
      Starting test: Connectivity
         ......................... APPSERV3 passed test Connectivity
   
   Testing server: Reigate\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests
   
   Testing server: Reigate\APPSERV1
   
   Testing server: Nutfield\APPSERV3
   
   Testing server: Reigate\DC1

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : letterpart
   
   Running enterprise tests on : letterpart.local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: appserv3.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.1.100 (<name unavailable>)
                  Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.11.102 (<name unavailable>)
                  Error: all DNS servers are invalid
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
           
            DC: APPSERV1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)
                  Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                  Error: all DNS servers are invalid
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 192.168.1.210 (<name unavailable>)
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
           
            DC: DC1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000001] VMware Accelerated AMD PCNet Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                  Warning: adapter [00000001] VMware Accelerated AMD PCNet Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)
                  Error: all DNS servers are invalid
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 192.168.1.100 (<name unavailable>)
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.100 (<name unavailable>)
               4 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
               
            DNS server: 192.168.1.210 (<name unavailable>)
               3 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               
            DNS server: 192.168.11.102 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.11.102
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: letterpart.local
               appserv3                     PASS FAIL FAIL PASS PASS FAIL n/a  
               APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
               DC1                          PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... letterpart.local failed test DNS
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 200 total points
Comment Utility
You have NS record references to appserv2 and appserv3.

Check the zone records for your AD domain.
You should have a 127.0.0 zone defined locally so that the requests are not forwarded out.

You have a mix of reigate or nutfield references and those seem to refer to the site where they are.
AD sites and services.

Add a local 127.0.0 and add 1 PTR to localhost. letterpart.local and that should eliminate the 127.0.0.1 reverse name lookup.

You have also configured seemingly static IPs for the DC1 and appserv1 to delete when deemed as stale.
0
 
LVL 1

Author Closing Comment

by:Letterpart
Comment Utility
Sorry, just noticed this outstanding question.

Not sure what the state of play is with the DC's. Everything appears to be working so will close the question down and award points.

Thanks for everyones help and advice.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now