Link to home
Create AccountLog in
Avatar of jaglin84
jaglin84

asked on

dcdiag failed connectivity on windows server 2008 *Help*

Hi all,

I have been having this really annoying problem for so long and i am almost out of ideas:

I have a windows 7 PC that can't seem to join the domain simply because it can't resolve the DC's FQDN.

So i ran dcdiag on my Windows 2008 R2 DC  and this is what i get

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = rivendell
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RIVENDELL
      Starting test: Connectivity
         The host 8f02e144-6b36-4e60-b4f4-36b6fb307125._msdcs.contoso.com.au
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... RIVENDELL failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RIVENDELL
      Skipping all tests, because server RIVENDELL is not responding to
      directory service requests.

This is the output of my ipconfig /all:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : rivendell
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : B8-AC-6F-8C-45-72
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::405a:7c98:553d:bec1%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 246983791
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-09-2B-B1-B8-AC-6F-8C-45-72
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Typical DNS request go through fine, but whenever AD requests go through, it seems to resolve to nothing.

Attached is also the output of my dcdiag /test:dns

I know somehow this is related to a dns issue, but try as i may, i can't seem to isolate whats wrong with.

Really hope someone can help.

Avatar of jaglin84
jaglin84

ASKER

Attached is the additional dns test i ran.


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = rivendell
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RIVENDELL
      Starting test: Connectivity
         The host 8f02e144-6b36-4e60-b4f4-36b6fb307125._msdcs.contoso.com.au
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... RIVENDELL failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RIVENDELL

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... RIVENDELL passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : contoso

   Running enterprise tests on : contoso.com.au
      Starting test: DNS
         Test results for domain controllers:

            DC: rivendell
            Domain: contoso.com.au


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter
                  [00000007] Broadcom NetXtreme Gigabit Ethernet has invalid
                  DNS server: 192.168.1.1 (rivendell.contoso.com.au.)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC

               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in z
one contoso.com.au

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 192.168.1.1 (rivendell.contoso.com.au.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.contoso.com.au. fa
iled on the DNS server 192.168.1.1

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: contoso.com.au
               rivendell                    PASS FAIL PASS PASS WARN FAIL n/a

         ......................... contoso.com.au failed test DNS

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of ahdfx
ahdfx
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hi,

Yes the domain was renamed once before and yes contoso.com.au would be defined as my local domain.
And yes when i do go into my dns, my local domain is listed. I am just at a lost on what could be wrong.
When i look into dns logging, i do not see and errors or alerts.

As for the appropriate domain and kerberos entries, where do i verify them?

Thanks
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi all,

I have since fix the connectivity issue by manually adding a CNAME for my DC. I find it strange why i have to do that to fix it. But it seems that was not the end of my problems. I ran the dcdiag /test:dns to verify my changes (attached below). Seems that the more work still needs to be done on the DNS.
Now i am just clueless on where i should move on from here.

Thanks!
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = rivendell
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RIVENDELL
      Starting test: Connectivity
         ......................... RIVENDELL passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RIVENDELL

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... RIVENDELL passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : contoso

   Running enterprise tests on : contoso.com.au
      Starting test: DNS
         Test results for domain controllers:

            DC: rivendell
            Domain: contoso.com.au


               TEST: Basic (Basc)
                  Warning: adapter
                  [00000007] Broadcom NetXtreme Gigabit Ethernet has invalid
                  DNS server: 192.168.1.1 (rivendell.contoso.com.au.)
                  Error: all DNS servers are invalid
                  Warning: The A record for this DC was not found
                  No host records (A or AAAA) were found for this DC

               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in z
one contoso.com.au

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 192.168.1.1 (rivendell.contoso.com.au.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.contoso.com.au. fa
iled on the DNS server 192.168.1.1

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: contoso.com.au
               rivendell                    PASS FAIL PASS PASS WARN FAIL n/a

         ......................... contoso.com.au failed test DNS

Open in new window

SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi,

I only have one NIC, and nope, don't have any loopback address set on my adapter, currently out of the office, will try another round of that dcdiag /fix ipconfig / flushdnns  & ipconfig /registerdns tomorrow.
Heres hoping i can finally  fix this

thanks!
Hi all,

Although i have since resolved the connectivity test issue on my dc, however when i ran a
dcdiag /test:dns, i got the following output:

I think i am really getting close to fixing this here. Here is also an output from ipconfig /all:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : rivendell
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : B8-AC-6F-8C-45-72
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::405a:7c98:553d:bec1%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 246983791
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-09-2B-B1-B8-AC-6F-8C-45-72

   DNS Servers . . . . . . . . . . . : 0.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{751F404E-4991-4206-AFE8-ACD58ABF52B0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = rivendell

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\RIVENDELL

      Starting test: Connectivity

         ......................... RIVENDELL passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\RIVENDELL

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... RIVENDELL passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : mydomain

   
   Running enterprise tests on : mydomain.com.sg

      Starting test: DNS

         Test results for domain controllers:

            
            DC: rivendell

            Domain: mydomain.com.sg

            

                  
               TEST: Basic (Basc)
                  Warning: adapter

                  [00000007] Broadcom NetXtreme Gigabit Ethernet has invalid

                  DNS server: 192.168.1.1 (rivendell.mydomain.com.sg.)

                  Error: all DNS servers are invalid

                  Warning: The A record for this DC was not found
                  No host records (A or AAAA) were found for this DC

                  
               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone mydomain.com.sg
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 192.168.1.1 (rivendell.mydomain.com.sg.)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.mydomain.com.sg. failed on the DNS server 192.168.1.1
               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: mydomain.com.sg

               rivendell                    PASS FAIL PASS PASS WARN FAIL n/a  
         
         ......................... mydomain.com.sg failed test DNS

Open in new window

SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Whay are the two dcdiag /test:DNS have different Domain names listed?
contoso.com.au
mydomain.com.sg


Is that the same server?
Was the server renamed or the Domain?

on the DNS server under you local domain do you see
_msdcs
_sites
_tcp
_upd
DomainDNSZones
ForestDNSZones
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi,

Sorry, i had uploaded the wrong dcdiag /test:dns, shall upload it again below:

@Awinish, i had set the DNS server on tcp /ip settings  to 192.168.1.1 (the DC's ip address), but still have the same issue.

@ahdfx, all i see under my DNS Server local domain is _msdcs, i do not see the following:

_sites
_tcp
_upd
DomainDNSZones
ForestDNSZones

Is there some way i can reinstall my dns without affecting the AD?

Sorry, i am not too familiar with Window Servers
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = rivendell

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\RIVENDELL

      Starting test: Connectivity

         ......................... RIVENDELL passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\RIVENDELL

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... RIVENDELL passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : contoso

   
   Running enterprise tests on : contoso.com.au

      Starting test: DNS

         Test results for domain controllers:

            
            DC: rivendell

            Domain: contoso.com.au

            

                  
               TEST: Basic (Basc)
                  Warning: adapter

                  [00000007] Broadcom NetXtreme Gigabit Ethernet has invalid

                  DNS server: 192.168.1.1 (rivendell.contoso.com.au.)

                  Error: all DNS servers are invalid

                  Warning: The A record for this DC was not found
                  No host records (A or AAAA) were found for this DC

                  
               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone contoso.com.au
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 192.168.1.1 (rivendell.contoso.com.au.)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.contoso.com.au. failed on the DNS server 192.168.1.1
               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: contoso.com.au

               rivendell                    PASS FAIL PASS PASS WARN FAIL n/a  
         
         ......................... contoso.com.au failed test DNS

Open in new window

@Awinish

Hi,

I just made the changes requested on tcp/ip it is as attached.
I just noticed that my dns suffix is blank, is that supposed to be even right?
Windows IP Configuration

   Host Name . . . . . . . . . . . . : rivendell
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : B8-AC-6F-8C-45-72
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
@Awinish,

Yes, to the best of my knowledge, i did. I might need to reinstall the DNS at the rate things are going.
Would reinstalling DNS affect the AD or the domain currently running?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi Awinish,

Thanks so much for the help so far, i have done all of above, (even to the point of reinstalling DNS) as suggest by the microsoft folks, but still i have the exact same problem.

Somehow the records for
_sites
_tcp
_upd
DomainDNSZones
ForestDNSZones

are all completely missing, and i don't think there is any way for me to generate them manually.

I figure if i can get these records back into the DNS entries, my issue will be resolved.

Thanks
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi,

Thanks for the reply, how does one manually create a
_msdcs container as well as the default-first-site-name?
Currently my domain.local only consists of the SOA and Name Server record.
Attached is screen grab of my dns console. I think i have a long way to go User generated image
Hi Awinish,

Sorry, my last post was done before i saw your most recent 2 comments. Unfortunately i have tried the method you suggested before (The Microsoft folks have suggested i do the same thing). Currently i am at the point where i have already and very unfortunately have reinstalled DNS. But still the output i see is as above.

I am tearing my hairs out for this issue, and it just seems i have to recreate them manually especially since the commands don't seem to generate the DNS zones i need automatically (even with a restart)

netdiag /fix won't work on my server as its a Windows 2K8 which really bums me out. I am just really puzzled why won't the dns entries regenerate automatically especially since i have reintstalled the DNS service as advised by Microsoft.

This is essentially the steps i followed :
http://support.microsoft.com/kb/294328

Thank you both for the help so far.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi,

I have tried that a few times already, it just won't regenerate them:
_msdcs
_sites
_tcp
_upd
DomainDNSZones
ForestDNSZones
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi all,

just an update, i am still hoping the Microsoft folks can find a solution for me. but even they seem unsure of whats going on.

I have since tried to manually redo the entries myself (very painful process) there was some slight improvement (I don't get as many errors on dcdiag /test:dns i previously ran)

I just don't understand how come the active directory is not dynamically updating the DNS records. Even more so why it would just suddenly happen.

I will try restoring DNS backups and see how it goes. Has anyone tried manually updated the records before?

Thanks so far for the help you guys have provided, really appreciate it.
Hi ahdfx,

I have tried manually adding that, but i still see the same errors (i might have done it wrong)
but i can seem to figure how i can add the following dns zone entries in:
_gc._tcp.contoso.com.au 600 in SRV 0 100 3268

In windows 2008, these are the some screenshots on what i achieve so far:
Thanks to you i managed to reconstruct part of the DNS entries (I still don't think its complete though)

Miraculously, i was able to recreate _msdcs again (previously it was missing)
A quick question though, what should i be seeing within the _msdcs container?
does it contain any entries?

Basically what i did to recreate these entries was to refer to the netlogon.dns and manually recreate them one by one.

Is that the right way to go about doing it? Am i missing anything else when i do that?
DNSMMC.JPG
Hi all,

I got wonderful news,  i finally solved it.
When i look at my servers dns suffix, it was blank.
So what i did was to add my domain name into the dns suffix, reinstalled the DNS service
and viola, things started to come back to life.

I am not sure why this issue only happens now as i had it running fine for the last 2 months without any issues.

I am still left with some minor issues with the DNS, but at least i am making some progress.
I am close this question now thanks so much for the help.

I would had give 5000 points if there were such an option :P
I had the same issue after adding a suffix to a single label domain. And as jaglin84 said, I had to add the suffix to the domain controller (only dc on network in my case).
Thanks! Thanks! THANKS!