Start Free Trial

asked on

SBS 2003 Cannot create or modify users

when we try to create a new user with the administrator account or change passwords in the server management gui we get an error that windows cannot compmlete the task because the system cannot find the file specified? Sometimes clicking on items in the users area I get a pop up aaying "unspecified error". When I manuall go to active directory users and computers I get an error "naming information cannot be located because: the specified domain either does not exist or could not be contacted". So active directory is corrupted?

More likely your DNS isn't configured correctly, can you make sure the server has only it's own IP address in the DNS section of the TCP/IP properties of the network card. There should be no other entries.

If you change this then restart the NETLOGON service.

Can you post the results of DCDIAG and NETDIAG

ASKER

Yes the server is 192.168.1.254 and that is the only dns entry. Getting results now.

ASKER

C:\Documents and Settings\Administrator.JVMLAW.000>netdiag

....................................

Computer Name: SERVER
DNS Host Name: server.jvmlaw.net
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 7, GenuineIntel
List of installed hotfixes :
KB921503
KB923561
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143
KB938127
KB938127-IE7
KB938464
KB939653
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338
KB944653
KB945553
KB946026
KB947864
KB948496
KB948590
KB948745
KB948881
KB949014
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953298
KB953838
KB953838-IE7
KB953839
KB954155
KB955069
KB956572
KB956802
KB956803
KB956844
KB958469
KB958644
KB958869
KB959426
KB960225
KB960803
KB960859
KB961063
KB961501
KB967715
KB967723
KB969059
KB969883
KB970238
KB970483
KB971032
KB971657
KB971961
KB973507
KB973540
KB973815
KB973825
KB973869
KB973917-v2
KB974112
KB974571
KB975025
KB977290
KB977816
KB978338
KB978601
KB978706
KB979309
KB980232
KB981793
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Server Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server
IP Address . . . . . . . . : 192.168.1.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Primary WINS Server. . . . : 192.168.1.254
Dns Servers. . . . . . . . : 192.168.1.254

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed

Global results:

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F092118F-F9C8-4532-A15E-424BA1D9824C}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.25
4' and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F092118F-F9C8-4532-A15E-424BA1D9824C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F092118F-F9C8-4532-A15E-424BA1D9824C}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'JVMLAW'. [ERROR_NO_SUCH_DOMAIN]

DC list test . . . . . . . . . . . : Failed
'JVMLAW': Cannot find DC to get DC list from [test skipped].

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Skipped
'JVMLAW': Cannot find DC to get DC list from [test skipped].

LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain 'JVMLAW'. [ERROR_NO_SUCH_DOMAIN]

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

ASKER

dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\SERVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SERVER\netlogon)
[SERVER] An net use or LsaPolicy operation failed with error 53, The ne
twork path was not found..
......................... SERVER failed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [SERVER]
......................... SERVER failed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER failed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
......................... SERVER passed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : jvmlaw
Starting test: CrossRefValidation
......................... jvmlaw passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... jvmlaw passed test CheckSDRefDom

Running enterprise tests on : jvmlaw.net
Starting test: Intersite
......................... jvmlaw.net passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... jvmlaw.net failed test FsmoCheck

ASKER

Do I need to run FSMO to seize roles?

ASKER

checking with operations master gui is states that server.jvmlaw.net has the RID, PDCa nd infrastructure roles

ASKER

active schema master and domain trusts says that the server has the roles.

if you run NETDOM QUERY FSMO does it say that your SBS server has all 5 roles?

ASKER

Yes

C:\Documents and Settings\Administrator.JVMLAW.000>netdom query fsmo
Schema owner server.jvmlaw.net

Domain role owner server.jvmlaw.net

PDC role server.jvmlaw.net

RID pool manager server.jvmlaw.net

Infrastructure owner server.jvmlaw.net

The command completed successfully.

OK, excellent.

What forward lookup zones do you have configured in DNS? There should be one for _msdcs.jvmlaw.net?

The DCDIAG says there are other DC's listed so in the DNS console under this zone what can you see?

ASKER

under jvmlaw.net I have the _msdcs folder
In that I have a DC, domains, gc and pdc folders. all entries in there for ldap, kerbos all say server.jvmlaw.net.

and there are no other entries here?
only server.jvmlaw.net?

ASKER

thats all I see

ASKER

is there a dns report I can spit here to show you all the dns entries?

using Active Directory Sites and Services can you expand Default-First-Site

How many servers do you see listed?

Can you expand server.jvmlaw.net and then right click on NTDS Settings, is there a check in the Global Catalog check box?

ASKER

yes only server.jvmlaw.net is listed and the box is checked for global catalog server.

Can you uncheck the box, then click apply, then check it again and click apply.

ASKER

done

OK, now try your user creation again.

ASKER

add user wizard could not create the user. Click ok to cancel

OK, can you from a command prompt run IPCONFIG /FLUSHDNS followed by IPCONFIG /REGISTERDNS

Also can you remove the WINS address from the properties of your network card, and disable the WINS service. Once that's done, if possible can you reboot the server

ASKER

those are done but I need a few minutes before I can reboot. should i wait the 15 minutes that states in 15 mins errors from register dns will be in event viewer?

don't worry too much about that, it's pretty instant in a single DC network :)

ASKER

rebooting now

ASKER

not fixed after reboot

:(

OK, next thing is to recreate the DNS zone, this is going to sound a bit drastic but it is safe.

In the DNS console I want you to delete your forward lookup zone for your internal domain.

Once that's done create a new empty one with the same name, don't make it Active Directory integrated at the moment.

Then run DCDIAG /FIX and restart the NETLOGON service the. Run IPCONFIG /FLUSHDNS

then try again

ASKER

dcdiag /fix still says fsmo and gc are broke. I changed time server to a nist time server in registry and still says it can't find time server.

Running enterprise tests on : jvmlaw.net
Starting test: Intersite
......................... jvmlaw.net passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... jvmlaw.net failed test FsmoCheck

C:\Program Files\Support Tools>

Didn't work

Is that after re-creating the zone?

ASKER

yes
there is no msdcs or other folders in the zone after recreating non active directory zone.

And you have restarted the NETLOGON Service?

Try IPCONFIG /REGISTERDNS

Also run NETDIAG /FIX

This is a bit odd.

The type of zone just dictates where the zone is stored it's not relevant to what it can support

ASKER

I lost remote desktop so waiting for my tech to get there and get that back up.

ASKER

the owner decided to reinstall windows server now.

WHAT?!?!? That's a bit extreme!

This can be fixed, is there no way of changing his mind?

ASKER

i'm trying to get remote access to try these things you said.

ASKER

active directory is telling me domain doesn't exist

ASKER

netdiag /fix results

KB974112
KB974571
KB975025
KB977290
KB977816
KB978338
KB978601
KB978706
KB979309
KB980232
KB981793
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Server Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server
IP Address . . . . . . . . : 192.168.1.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.254

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F092118F-F9C8-4532-A15E-424BA1D9824C}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry jvmlaw.net. re-registeration on DNS serv
er '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.jvmlaw.net. re-registeration
on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site._sites.jvm
law.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.jvmlaw.net. re-reg
isteration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.f71845bd-e77e-4ef5-a7b4-8ac1d
e2f873e.domains._msdcs.jvmlaw.net. re-registeration on DNS server '192.168.1.254
' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry a9f8be4c-dbf9-49f5-975e-9aa83d50137b._ms
dcs.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.jvmlaw.net. re-
registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site._sites
.dc._msdcs.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.jvmlaw.net. re-regi
steration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site._sites.dc.
_msdcs.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.jvmlaw.net. re-registerat
ion on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site._sites
.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.jvmlaw.net. re-registerat
ion on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.jvmlaw.net. re-registerati
on on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.jvmlaw.net. re-registerati
on on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry DomainDnsZones.jvmlaw.net. re-registerat
ion on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.jvmlaw.net. re
-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site._sites.Dom
ainDnsZones.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry ForestDnsZones.jvmlaw.net. re-registerat
ion on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.jvmlaw.net. re
-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site._sites.For
estDnsZones.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.jvmlaw.net. re-regi
steration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site._sites.gc.
_msdcs.jvmlaw.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry gc._msdcs.jvmlaw.net. re-registeration o
n DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _gc._tcp.jvmlaw.net. re-registeration on
DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site._sites.jvmla
w.net. re-registeration on DNS server '192.168.1.254' failed.
DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '192.168.1.254'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F092118F-F9C8-4532-A15E-424BA1D9824C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F092118F-F9C8-4532-A15E-424BA1D9824C}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'JVMLAW'. [ERROR_NO_SUCH_DOMAIN]

DC list test . . . . . . . . . . . : Failed
'JVMLAW': Cannot find DC to get DC list from [test skipped].

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Skipped
'JVMLAW': Cannot find DC to get DC list from [test skipped].

LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain 'JVMLAW'. [ERROR_NO_SUCH_DOMAIN]

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

C:\Documents and Settings\Administrator.JVMLAW.000>

what is DNS doing?
Has the zone been re-created?

ASKER

I'm afraid to reboot since the test failed saying it wasn't acting as a domain controller.

It's not acting as a domain controller because of the DNS, we need to resolve the DNS issue.

Has the zone been re-created? Did you restart the NETLOGON service?

ASKER

dns zone has not changed.

Can you check c:\Windows\system32\Config\netlogon.dns

What does this file have in it?

ASKER

jvmlaw.net. 600 IN A 192.168.1.254
_ldap._tcp.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.Default-First-Site._sites.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.pdc._msdcs.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.f71845bd-e77e-4ef5-a7b4-8ac1de2f873e.domains._msdcs.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
a9f8be4c-dbf9-49f5-975e-9aa83d50137b._msdcs.jvmlaw.net. 600 IN CNAME server.jvmlaw.net.
_kerberos._tcp.dc._msdcs.jvmlaw.net. 600 IN SRV 0 100 88 server.jvmlaw.net.
_kerberos._tcp.Default-First-Site._sites.dc._msdcs.jvmlaw.net. 600 IN SRV 0 100 88 server.jvmlaw.net.
_ldap._tcp.dc._msdcs.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.Default-First-Site._sites.dc._msdcs.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_kerberos._tcp.jvmlaw.net. 600 IN SRV 0 100 88 server.jvmlaw.net.
_kerberos._tcp.Default-First-Site._sites.jvmlaw.net. 600 IN SRV 0 100 88 server.jvmlaw.net.
_kerberos._udp.jvmlaw.net. 600 IN SRV 0 100 88 server.jvmlaw.net.
_kpasswd._tcp.jvmlaw.net. 600 IN SRV 0 100 464 server.jvmlaw.net.
_kpasswd._udp.jvmlaw.net. 600 IN SRV 0 100 464 server.jvmlaw.net.
DomainDnsZones.jvmlaw.net. 600 IN A 192.168.1.254
_ldap._tcp.DomainDnsZones.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.Default-First-Site._sites.DomainDnsZones.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
ForestDnsZones.jvmlaw.net. 600 IN A 192.168.1.254
_ldap._tcp.ForestDnsZones.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.Default-First-Site._sites.ForestDnsZones.jvmlaw.net. 600 IN SRV 0 100 389 server.jvmlaw.net.
_ldap._tcp.gc._msdcs.jvmlaw.net. 600 IN SRV 0 100 3268 server.jvmlaw.net.
_ldap._tcp.Default-First-Site._sites.gc._msdcs.jvmlaw.net. 600 IN SRV 0 100 3268 server.jvmlaw.net.
gc._msdcs.jvmlaw.net. 600 IN A 192.168.1.254
_gc._tcp.jvmlaw.net. 600 IN SRV 0 100 3268 server.jvmlaw.net.
_gc._tcp.Default-First-Site._sites.jvmlaw.net. 600 IN SRV 0 100 3268 server.jvmlaw.net.

So it's all there which means restarting the NETLOGON service should put it all back.

Have you restarted the NETLOGON service?

Are there any errors in the event logs?

ASKER

yep but i did it again and ran netdiag again and still same error. event viewer got a netlogon error about dynamic updates turned off so I turned it on and ran netdiag again and still errors about dns. app event log is full since it can't query group policy objects.

ASKER

nothing in dns log since this morning (early morning)

There is clearly something wring wit the DNS service. Let's remove it and re-install it.

Click Start € Control Panel > Add or Remove Programs.
Click Add/Remove Windows Components.
select the Networking Services then detaild.
Uncheck thr Domain Name System (DNS) check box, click OK, and then click Next.

Then do the reverse to re-install DNS

Once done, check for the jvmlaw.net forward lookup zone to make sure it's there, if it isn't recreate it. Then restart the NETLOGON service again.

Check also the DNS services are running in the services console.

ASKER

lets hope this doesn't prompt me for disk

ASKER

done and restarted netlogon. dns services running. don't have all the subfolders in dns gui

ASKER

still getting AD errors. Trying to create a user tells me the specified domain doesnt' exist or could not be contacted.

Very odd!!!

Any antivirus/firewall/security software? If so, can you remove it?

The server only has 1 NIC? And its definitely pointing to itself for DNS?

ASKER

symantec is on here and I can remove it. Yes only one NIC and dns entry is only the .254 address.

ASKER

symantec uninstall is locked up.

ASKER

i'm rebooting

ASKER

upon reboot exchange services won't start. in event log in dns there is an entry dns server enountered error 32 attempting to load zone jvmlaw.net from active directory. Event ID 4521

ASKER

rebooted after taking care of symantec and still exchange fails and can't do anything in user AD because it can't find the domain.

OK, how is the DNS zone looking after symantec has been removed?

Don't worry too much about Exchange once we get DNS working exchange will start working.

ASKER

dns looks the same

I am missing something here.

Can you post the results of IPCONFIG /ALL please

can you also from the server goto a command prompt and type:

telnet localhost 53

What happens? Does it connect and you get a flashing cursor or does it not connect?

ASKER

looks like it connects with flashing cursor. Man do you sleep like me ? :)

OK, so it's connecting.

What about the IPCONFIG /ALL?

I don't sleep ;)

ASKER

Windows IP Configuration

Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : jvmlaw.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jvmlaw.net

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-13-72-2A-C7-C6
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.254

C:\Program Files\Support Tools>

and that's it? Completely unmodified?

In the DNS console, right click the DNS server and select properties, under interfaces what do you have selected? And what is listed under IP addresses?

ASKER

192.168.1.254. Listen on All IP Addresses.

Can you specify "Only the following IP addresses" and check the box for your servers IP.

We need to look at the Application/System Event logs as well, there must be something in there that tells us what is going on.

Is the server being used at the moment?

ASKER

yeah server is being used. I'll try to download the log and attach here.

I am suprised the server is being used, without DNS is pretty non-functional.

I am wondering if it's possible there is another device on the network with the same IP address?

ASKER

here are logs as txt files.
APP.txt
sys.txt

ASKER

Change IP of server? I am doing this remotely today and my tech is off doing other work so I don't think I could do a shutdown and talk someone over the phone of what to test ping while server off.

How are you connected? Via RDP? If so there's no chance we can change the IP.

ASKER

using team viewer and have access to rdp. Users can't get into share drives this morning so I don't know what I need to do this morning.

that's because DNS isn't working, if you are using teamviewer then we should be able to change the IP.

In Server Manager run the Change Server IP Address wizard.

Just change the last digit on the IP and complete the wizard.

ASKER

sorry not share drives, they came up just slow. exchange is down. was on the phone with them and didn't get a good explanation

you going to try the IP address change I gave details of above?

ASKER

error occurred while changing ip address

oh? What was the error?

ASKER

here is the changeiplog.txt
3/3/2011 9:24 AM
Current User: administrator
Old IP Address: 192.168.1.254
Old 'intended' IP Address: 192.168.1.254
Old Subnet Mask: 255.255.255.0
New IP Address: 192.168.1.253
New Subnet Mask: 255.255.255.0
ModifyPrivateNicProperties returned OK
ConfigureDns returned OK
ConfigureDHCP returned OK
ConfigureIIS returned OK
*** ConfigureExchange returned ERROR 8007203a
"Generic Error"; hr is 0x8007203a.
Error message box (msg id 10): An error occurred while changing the IP address. Your server might be partially configured. We recommend that you run the Change IP Address Tool again and enter the original IP address of the server.

If this error message appears again, ensure that the local network adapter is enabled in Network Connections and that it is connected to a switch or hub that has power. Also, open Services, and ensure that any services having a startup type of Automatic are running.

If the error message still occurs, see the log file at C:\Program Files\Microsoft Windows Small Business Server\Support\Changeiplog.txt.

so what is the IP address now? Run IPCONFIG to see

Also check the services console, anything set to automatic that hasn't started?

Also, from a command prompt type:

netstat -an | findstr :53

and post the results please.

ASKER

C:\Program Files\Support Tools>ipconfig

Windows IP Configuration

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

C:\Program Files\Support Tools>netstat -an | findstr :53
TCP 0.0.0.0:53 0.0.0.0:0 LISTENING
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING
UDP 0.0.0.0:5316 *:*
UDP 0.0.0.0:5327 *:*
UDP 0.0.0.0:53007 *:*
UDP 0.0.0.0:53011 *:*
UDP 0.0.0.0:53033 *:*
UDP 0.0.0.0:53058 *:*
UDP 0.0.0.0:53064 *:*
UDP 0.0.0.0:53074 *:*
UDP 0.0.0.0:53083 *:*
UDP 0.0.0.0:53089 *:*
UDP 0.0.0.0:53141 *:*
UDP 0.0.0.0:53194 *:*
UDP 0.0.0.0:53209 *:*
UDP 0.0.0.0:53251 *:*
UDP 0.0.0.0:53271 *:*
UDP 0.0.0.0:53285 *:*
UDP 0.0.0.0:53297 *:*
UDP 0.0.0.0:53298 *:*
UDP 0.0.0.0:53312 *:*
UDP 0.0.0.0:53325 *:*
UDP 0.0.0.0:53418 *:*
UDP 0.0.0.0:53454 *:*
UDP 0.0.0.0:53474 *:*
UDP 0.0.0.0:53503 *:*
UDP 0.0.0.0:53528 *:*
UDP 0.0.0.0:53548 *:*
UDP 0.0.0.0:53557 *:*
UDP 0.0.0.0:53564 *:*
UDP 0.0.0.0:53580 *:*
UDP 0.0.0.0:53601 *:*
UDP 0.0.0.0:53602 *:*
UDP 0.0.0.0:53615 *:*
UDP 0.0.0.0:53637 *:*
UDP 0.0.0.0:53652 *:*
UDP 0.0.0.0:53663 *:*
UDP 0.0.0.0:53675 *:*
UDP 0.0.0.0:53699 *:*
UDP 0.0.0.0:53732 *:*
UDP 0.0.0.0:53763 *:*
UDP 0.0.0.0:53770 *:*
UDP 0.0.0.0:53784 *:*
UDP 0.0.0.0:53868 *:*
UDP 0.0.0.0:53869 *:*
UDP 0.0.0.0:53870 *:*
UDP 0.0.0.0:53874 *:*
UDP 0.0.0.0:53903 *:*
UDP 0.0.0.0:53905 *:*
UDP 0.0.0.0:53906 *:*
UDP 0.0.0.0:53959 *:*
UDP 127.0.0.1:53 *:*
UDP 192.168.1.253:53 *:*

C:\Program Files\Support Tools>

ASKER

a few exchange services are not started because it states dependency group failed to start

ASKER

ms exchange system attendant starts and stops error.

on the properties of the network card can you change the DNS address to 127.0.0.1 instead of the 192.168.1.253

Then restart the netlogon service and check the DNS zone again

ASKER

information store says it depends on this EXIFS? I dont' see that in the list of services.

don't worry about that at the moment, can you make the DNS change above

ASKER

changes dns and zone still the same and users don't have internet now. I'm guessing because of dhcp?

no, more than likely because the DHCP will be using the old DNS address, let's set the server back to the old IP.

This is proving pretty difficult to do now without actually seeing your server.

levae the DNS as 127.0.0.1

can you run:

nslookup -d2 -q=soa jvmlaw.net

and

nslookup -d2 -q=soa server.jvmlaw.net

and post the results please

ASKER

you want access?
I changed IP back to 254 and then went into NIC and changed dns back to 127.0.0.1

We are not allowed to offer remote access. Some of us have contact details in our profiles which you can access by clicking on our names in any of our posts.

Let's continue in this thread for now.

can you run the commands above please?

ASKER

first

C:\Program Files\Support Tools>nslookup -d2 -q=soa jvmlaw.net
------------
SendRequest(), len 40
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (63 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.0.0.127.in-addr.arpa
type = PTR, class = IN, dlen = 11
name = localhost
ttl = 3600 (1 hour)

------------
Server: localhost
Address: 127.0.0.1

------------
SendRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
jvmlaw.net.jvmlaw.net, type = SOA, class = IN

------------
------------
Got answer (119 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 1

QUESTIONS:
jvmlaw.net.jvmlaw.net, type = SOA, class = IN
AUTHORITY RECORDS:
-> jvmlaw.net
type = SOA, class = IN, dlen = 42
ttl = 3600 (1 hour)
primary name server = server.jvmlaw.net
responsible mail addr = hostmaster.jvmlaw.net
serial = 3
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ADDITIONAL RECORDS:
-> server.jvmlaw.net
type = A, class = IN, dlen = 4
internet address = 192.168.1.254
ttl = 3600 (1 hour)

------------
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
jvmlaw.net, type = SOA, class = IN

------------
------------
Got answer (98 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 1

QUESTIONS:
jvmlaw.net, type = SOA, class = IN
ANSWERS:
-> jvmlaw.net
type = SOA, class = IN, dlen = 42
ttl = 3600 (1 hour)
primary name server = server.jvmlaw.net
responsible mail addr = hostmaster.jvmlaw.net
serial = 3
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ADDITIONAL RECORDS:
-> server.jvmlaw.net
type = A, class = IN, dlen = 4
internet address = 192.168.1.254
ttl = 3600 (1 hour)

------------
jvmlaw.net
type = SOA, class = IN, dlen = 42
ttl = 3600 (1 hour)
primary name server = server.jvmlaw.net
responsible mail addr = hostmaster.jvmlaw.net
serial = 3
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
server.jvmlaw.net
type = A, class = IN, dlen = 4
internet address = 192.168.1.254
ttl = 3600 (1 hour)

C:\Program Files\Support Tools>

ASKER

second
C:\Program Files\Support Tools>nslookup -d2 -q=soa server.jvmlaw.net
------------
SendRequest(), len 40
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (63 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.0.0.127.in-addr.arpa
type = PTR, class = IN, dlen = 11
name = localhost
ttl = 3600 (1 hour)

------------
Server: localhost
Address: 127.0.0.1

------------
SendRequest(), len 46
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
server.jvmlaw.net.jvmlaw.net, type = SOA, class = IN

------------
------------
Got answer (126 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 1

QUESTIONS:
server.jvmlaw.net.jvmlaw.net, type = SOA, class = IN
AUTHORITY RECORDS:
-> jvmlaw.net
type = SOA, class = IN, dlen = 42
ttl = 3600 (1 hour)
primary name server = server.jvmlaw.net
responsible mail addr = hostmaster.jvmlaw.net
serial = 3
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ADDITIONAL RECORDS:
-> server.jvmlaw.net
type = A, class = IN, dlen = 4
internet address = 192.168.1.254
ttl = 3600 (1 hour)

------------
------------
SendRequest(), len 35
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
server.jvmlaw.net, type = SOA, class = IN

------------
------------
Got answer (98 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 1

QUESTIONS:
server.jvmlaw.net, type = SOA, class = IN
AUTHORITY RECORDS:
-> jvmlaw.net
type = SOA, class = IN, dlen = 35
ttl = 3600 (1 hour)
primary name server = server.jvmlaw.net
responsible mail addr = hostmaster.jvmlaw.net
serial = 3
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ADDITIONAL RECORDS:
-> server.jvmlaw.net
type = A, class = IN, dlen = 4
internet address = 192.168.1.254
ttl = 3600 (1 hour)

------------
jvmlaw.net
type = SOA, class = IN, dlen = 35
ttl = 3600 (1 hour)
primary name server = server.jvmlaw.net
responsible mail addr = hostmaster.jvmlaw.net
serial = 3
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
server.jvmlaw.net
type = A, class = IN, dlen = 4
internet address = 192.168.1.254
ttl = 3600 (1 hour)

C:\Program Files\Support Tools>

in the properties of the network card under TCP/IP click advanced, what is there in the DNS suffix box?

let's manually load DNS so that Exchane will start to function.

Can you goto c:\windows\system32\dns

Open the jvmlaw.net.dns file in notepad

then copy and past the content of c:\Windows\system32\Config\netlogon.dns in to the section after where it says zone record. (there should be one line with just a ; on it, paste it on the line under this. Then change the serial number number to whatever it is now +1

Once you've done that save the jvmlaw.net.dns and go in to the DNS console, right click the zone and select reload.

Do you now have the entries in the zone?

Any joy?

ASKER

dns suffix is checked to append primary dns suffix

And the dns file as above? Did you copy the contents? Did it update the zone?

ASKER

did the changes but reload is greyed out

You may need to wait for the console to finish, click off the zone and then try again

If that doesn't work restatement DNS services and then reload the console.

ASKER

I did all the cut and paste and all changes.Waited, reload finally appeared and dns looks the same.

Looks the same? As in the zones haven't been recreated????

ASKER

the same zone that we deleted and recreated is still there with no added entries after changing the dns file.

I'm trying to sort out EE aproved remote access.

ASKER

what is this service dependency on information store?
jvmservice.png

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

thanks never used or seen dnscmd before.

ASKER

Fantastic