Solved

Netlogon event 5781 - SBS 2008 _msdcs zone

Posted on 2011-03-12
11
1,822 Views
Last Modified: 2012-05-11
I'm currently troubleshooting a SBS 2008 box we have recently been asked to take a look at - there are a host of issues, and I'm tackling them one by one.

I can see that there are periodic NETLOGON event 5781 which state that dynamic registration or deletion of DNS records fail associated with DNS domain 'myserver.local'

Running dcdiag to look at this, the first error is;

Doing initial required tests

   
   Testing server: Default-First-Site-Name\SERVER01

      Starting test: Connectivity

         The host

         0149ac32-4364-4527-8af0-0f7b9560d82a._msdcs.mydomain.local could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         ......................... SERVER01 failed test Connectivity

In my DNS manager I have the following forward lookup zones;

mydomain.local
mail.mydomain.co.uk
remote.mydomain.co.uk

Underneath the first lookup zone, is the following;

mydomain.local
_msdcs
_sites
_tcp
_udp
DomainDnsZones
ForestDnsZones

However, comparing this with another sbs 2008 box, I can see that the forward lookup zones are as follows;

_msdcs.mydomain.local
mydomain.local
remote.mydomain.com

So I'm thinking I need to delete the delegated _msdcs entry and create a new zone labelled _msdcs.mydomain.local.

I'm seeking guidance, that this is the correct approach to take, and preferably some further advice as how to go about doing this.
0
Comment
Question by:foxpc123
  • 6
  • 5
11 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35117318
First thing to do is run te Fix My Network wizard, see here for how: http://blogs.technet.com/b/sbs/archive/2008/11/26/introduction-to-the-fix-my-network-wizard-fncw.aspx

F that all looks OK, then check the TCP/IP properties of the server and make sure it has 127.0.0.1 under DNS and no other entries.

Then, in the DNS Console, right click on the forward lookup zone for the internal domain and select properties.  On the first screen make sure it says status is started and that secure and insecure updates are allowed.

Then restart the NETLOGON service and run DCDIAG /FIX

Please post the output.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 35117921
I've ran the Fix My Network Wizard and corrected a couple of issues there - I have four issues left;

Primary gateway is not configured correctly
Network router was not found
DNS is using a DNS forwarder

Addressing each issue in turn;

I have only one NIC and the default gateway is addressed to the router - I've checked this and checked again and cannot see anything wrong here.

IPConfig all is as follows;

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER01
   Primary Dns Suffix  . . . . . . . : mydomain.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mydomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-19-99-41-5F-94
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6dba:a8be:5213:35b5%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.2
   Primary WINS Server . . . . . . . : 192.168.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{2E08175D-DF7F-4BFB-8FE7-A81DE0701
988}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Network router was not found - strange one this as all is pointing at the router - it's possible that this had been changed in the past perhaps

DNS is using a forwarder by design - so can choose to ignore this.

Looking at the TCp/IP properties for the network connection this is set to the server IP address 192.168.1.2 in both the DNS address and also under the DNS tab itself specifically.

Are you saying that this shouldbe changed to 127.0.0.1 in both placves, have always set this to be the IP address of the SBS box itself before.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 35118078
Have changed DNS entries to be 127.0.0.1 and restarted NETLOGON and ran dcdiag /fix here are the results;

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = SERVER01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SERVER01

      Starting test: Connectivity

         The host

         0149ac32-4364-4527-8af0-0f7b9560d82a._msdcs.mydomain.local could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         ......................... SERVER01 failed test Connectivity

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35120142
Did you check the DNS update settings on the properties of the server?
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35120172
I would then delete the zones (forward lookup and _msdcs) and recreate the forward lookup zone.  Making sure it's an AD integrated zone and then go back and confirm the updates setting is secure and non secure, restart NETLOGON again and run DCDIAG /FIX what do you get back?

Also checkout this previous question: http://www.experts-exchange.com/Networking/Protocols/DNS/Q_24349599.html
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 3

Author Comment

by:foxpc123
ID: 35121998
Did these steps and also reloaded the zone which populated it o.k. I'm assuming I'll need to recreate CNAME records for companyweb, connect, Sahepoint etc. -

The dcdiag tests now passes connectivity (so _msdcs is now set-up correctly), however, I now have some other errors as well;


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = SERVER01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SERVER01

      Starting test: Connectivity

         ......................... SERVER01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\SERVER01

      Starting test: Advertising

         ......................... SERVER01 passed test Advertising

      Starting test: FrsEvent

         ......................... SERVER01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... SERVER01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... SERVER01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... SERVER01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SERVER01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SERVER01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... SERVER01 passed test NCSecDesc

      Starting test: NetLogons

         [SERVER01] User credentials does not have permission to perform this

         operation.

         The account used for this test must have network logon privileges

         for this machine's domain.

         ......................... SERVER01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SERVER01 passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,SERVER01] DsReplicaGetInfo(PENDING_OPS, NULL)

         failed, error 0x2105 "Win32 Error 8453"

         ......................... SERVER01 failed test Replications
0
 
LVL 3

Author Comment

by:foxpc123
ID: 35122207
Please disregard above - needed to run the dcdiag as an elevated cmd promt
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35122217
Excellent, so now is all working?

Running the Fix My Network wizard should replace the CNAME records.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 35122310
This now looks all o.k dcdiag /fix now passes all checks thanks for your help

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35122324
Excellent! Glad I could help!
0
 
LVL 3

Author Comment

by:foxpc123
ID: 35122395
Yes it did, thanks very much for your help - all CNAME records populated o.k. - thanks very much for your help.

I ahve another issue with a domain name error which I'll raise separately - thanks a lot once agian.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now