Solved

Active Directory problem

Posted on 2010-09-23
16
360 Views
Last Modified: 2012-05-10
Windows server 2003 Active Directory

i am receiving the following error when i run DCDIAG
Doing initial required tests

   Testing server: Default-First-Site\DC01
      Starting test: Connectivity
         The host 8954080e-eded-4b76-8ad1-d233fa6c3185._msdcs.xxxxxxxxx.local cou
ld not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8954080e-eded-4b76-8ad1-d233fa6c3185._msdcs.vinduvin.local) couldn't
         be resolved, the server name (dc01.vinduvin.local) resolved to the IP
         address (10.10.11.21) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... DC01 failed test Connectivity

Open in new window

0
Comment
Question by:johnkesoglou
  • 8
  • 7
16 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33747976
What troubleshooting have you done already?
0
 

Author Comment

by:johnkesoglou
ID: 33748036
i pinged my dns server  - - no problem

it recognizes its own UNC path  \\dc01 and i am able to browse other servers (and vice versa)

i attempt to replicate the controllers against each other and get this error --see below
dc01.bmp
0
 
LVL 7

Expert Comment

by:namol
ID: 33748096
Is anything getting logged into the EventViewer under system/application/dns etc?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:johnkesoglou
ID: 33748165
attached are two Warnings and 1 error

thanks :)
Event Type:	Warning
Event Source:	MSDTC
Event Category:	SVC
Event ID:	53258
Date:		9/23/2010
Time:		11:19:48 AM
User:		N/A
Computer:	DC01
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1



Event Type:	Warning
Event Source:	NETLOGON
Event Category:	None
Event ID:	5781
Date:		9/23/2010
Time:		12:35:20 PM
User:		N/A
Computer:	DC01
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'vinduvin.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers 
- Specified preferred and alternate DNS servers are not running 
- DNS server(s) primary for the records to be registered is not running 
- Preferred or alternate DNS servers are configured with wrong root hints 
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

Event Type:	Error
Event Source:	DNS
Event Category:	None
Event ID:	6702
Date:		9/23/2010
Time:		11:20:00 AM
User:		N/A
Computer:	DC01
Description:
DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code. 
 
If this DNS server does not have any DS-integrated peers, then this error 
should be ignored. 
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it. 
 
To ensure proper replication: 
1) Find this server's Active Directory replication partners that run the DNS server. 
2) Open DnsManager and connect in turn to each of the replication partners. 
3) On each server, check the host (A record) registration for THIS server. 
4) Delete any A records that do NOT correspond to IP addresses of this server. 
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.) 
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..

Open in new window

0
 
LVL 7

Expert Comment

by:namol
ID: 33748222
Make sure that the dns of this server is at least pointing to the other DC
Try flushing the dns -> ipconfig /flushdns
Then register the dns -> ipconfig /registrerdns
Then dcdiag /fix
see what it says,
net stop netlogon
net start netlogon
dcdiag /fix
0
 

Author Comment

by:johnkesoglou
ID: 33748271
i ran everything and DCdiag still reports an error

see below


again.....thanks!
C:\Program Files\Support Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\DC01
      Starting test: Connectivity
         The host 8954080e-eded-4b76-8ad1-d233fa6c3185._msdcs.vinduvin.local cou
ld not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8954080e-eded-4b76-8ad1-d233fa6c3185._msdcs.vinduvin.local) couldn't
         be resolved, the server name (dc01.vinduvin.local) resolved to the IP
         address (10.10.11.21) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... DC01 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\DC01
      Skipping all tests, because server DC01 is
      not responding to directory service requests

   Running partition tests on : TAPI3Directory
      Starting test: CrossRefValidation
         ......................... TAPI3Directory passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... TAPI3Directory passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : vinduvin
      Starting test: CrossRefValidation
         ......................... vinduvin passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... vinduvin passed test CheckSDRefDom

   Running enterprise tests on : vinduvin.local
      Starting test: Intersite
         ......................... vinduvin.local passed test Intersite
      Starting test: FsmoCheck
         ......................... vinduvin.local passed test FsmoCheck

C:\Program Files\Support Tools>

Open in new window

0
 
LVL 7

Expert Comment

by:namol
ID: 33748393
Did you just recently promote this server to a DC? If so, this will Microsoft fix should fix the MSDTC error in the eventviewer. http://support.microsoft.com/kb/923977 
0
 

Author Comment

by:johnkesoglou
ID: 33748436
this is the first DC in the group.  no promotion was done, this is why i am racking my head

0
 

Author Comment

by:johnkesoglou
ID: 33748600
i followed the kb article and still the same error

0
 
LVL 7

Expert Comment

by:namol
ID: 33748611
It's pointing at itself etc? What does IPconfig /all say?
0
 

Author Comment

by:johnkesoglou
ID: 33748740
should i have 127.0.0.1 in place?  right now i have the secondary DNS as its primary.  
Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc01
   Primary Dns Suffix  . . . . . . . : vinduvin.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : vinduvin.local
                                       dc01.vinduvin.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : dc01.vinduvin.local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-FA-FE-5D
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.11.21
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.11.1
   DNS Servers . . . . . . . . . . . : 10.10.11.22
                                       68.4.16.30
                                       68.8.16.30
                                       

C:\Documents and Settings\Administrator>

Open in new window

0
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 33749141
Try setting the primary dns server to 10.10.11.21, secondary as 10.10.11.22.
0
 

Author Comment

by:johnkesoglou
ID: 33749171
ok that gave us something back

see below
C:\Documents and Settings\Administrator>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\DC01
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC01 passed test NetLogons
      Starting test: Advertising
         ......................... DC01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC01 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC01 failed test frsevent
      Starting test: kccevent
         ......................... DC01 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:24
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:26
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:27
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:28
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:28
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:29
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 09/23/2010   13:50:29
            (Event String could not be retrieved)
         ......................... DC01 failed test systemlog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences

   Running partition tests on : TAPI3Directory
      Starting test: CrossRefValidation
         ......................... TAPI3Directory passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... TAPI3Directory passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : vinduvin
      Starting test: CrossRefValidation
         ......................... vinduvin passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... vinduvin passed test CheckSDRefDom

   Running enterprise tests on : vinduvin.local
      Starting test: Intersite
         ......................... vinduvin.local passed test Intersite
      Starting test: FsmoCheck
         ......................... vinduvin.local passed test FsmoCheck

C:\Documents and Settings\Administrator>

Open in new window

0
 
LVL 7

Expert Comment

by:namol
ID: 33749215
What does the event viewer log say now? The test of the system log is telling you to look at the event viewer.
0
 
LVL 7

Expert Comment

by:namol
ID: 33749329
Also, you might want to export the system log and then clear it and perform a restart. The system log check of dcdiag just checks to see if there were any recent errors logged and they're showing a time of 1:50pm PST when they were logged, so we might have already resolved those issues by changing the dns to point to itself first.
0
 

Author Comment

by:johnkesoglou
ID: 33749375
they replicate now!  friggin awsome!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question