foxpc123
asked on
Netlogon event 5781 - SBS 2008 _msdcs zone
I'm currently troubleshooting a SBS 2008 box we have recently been asked to take a look at - there are a host of issues, and I'm tackling them one by one.
I can see that there are periodic NETLOGON event 5781 which state that dynamic registration or deletion of DNS records fail associated with DNS domain 'myserver.local'
Running dcdiag to look at this, the first error is;
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
The host
0149ac32-4364-4527-8af0-0f
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVER01 failed test Connectivity
In my DNS manager I have the following forward lookup zones;
mydomain.local
mail.mydomain.co.uk
remote.mydomain.co.uk
Underneath the first lookup zone, is the following;
mydomain.local
_msdcs
_sites
_tcp
_udp
DomainDnsZones
ForestDnsZones
However, comparing this with another sbs 2008 box, I can see that the forward lookup zones are as follows;
_msdcs.mydomain.local
mydomain.local
remote.mydomain.com
So I'm thinking I need to delete the delegated _msdcs entry and create a new zone labelled _msdcs.mydomain.local.
I'm seeking guidance, that this is the correct approach to take, and preferably some further advice as how to go about doing this.
I can see that there are periodic NETLOGON event 5781 which state that dynamic registration or deletion of DNS records fail associated with DNS domain 'myserver.local'
Running dcdiag to look at this, the first error is;
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
The host
0149ac32-4364-4527-8af0-0f
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVER01 failed test Connectivity
In my DNS manager I have the following forward lookup zones;
mydomain.local
mail.mydomain.co.uk
remote.mydomain.co.uk
Underneath the first lookup zone, is the following;
mydomain.local
_msdcs
_sites
_tcp
_udp
DomainDnsZones
ForestDnsZones
However, comparing this with another sbs 2008 box, I can see that the forward lookup zones are as follows;
_msdcs.mydomain.local
mydomain.local
remote.mydomain.com
So I'm thinking I need to delete the delegated _msdcs entry and create a new zone labelled _msdcs.mydomain.local.
I'm seeking guidance, that this is the correct approach to take, and preferably some further advice as how to go about doing this.
ASKER
I've ran the Fix My Network Wizard and corrected a couple of issues there - I have four issues left;
Primary gateway is not configured correctly
Network router was not found
DNS is using a DNS forwarder
Addressing each issue in turn;
I have only one NIC and the default gateway is addressed to the router - I've checked this and checked again and cannot see anything wrong here.
IPConfig all is as follows;
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER01
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-19-99-41-5F-94
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6dba:a8be:5213:35b5%
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
Primary WINS Server . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2E08175D-DF7F-4BFB
988}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Network router was not found - strange one this as all is pointing at the router - it's possible that this had been changed in the past perhaps
DNS is using a forwarder by design - so can choose to ignore this.
Looking at the TCp/IP properties for the network connection this is set to the server IP address 192.168.1.2 in both the DNS address and also under the DNS tab itself specifically.
Are you saying that this shouldbe changed to 127.0.0.1 in both placves, have always set this to be the IP address of the SBS box itself before.
Primary gateway is not configured correctly
Network router was not found
DNS is using a DNS forwarder
Addressing each issue in turn;
I have only one NIC and the default gateway is addressed to the router - I've checked this and checked again and cannot see anything wrong here.
IPConfig all is as follows;
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER01
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-19-99-41-5F-94
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6dba:a8be:5213:35b5%
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
Primary WINS Server . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2E08175D-DF7F-4BFB
988}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Network router was not found - strange one this as all is pointing at the router - it's possible that this had been changed in the past perhaps
DNS is using a forwarder by design - so can choose to ignore this.
Looking at the TCp/IP properties for the network connection this is set to the server IP address 192.168.1.2 in both the DNS address and also under the DNS tab itself specifically.
Are you saying that this shouldbe changed to 127.0.0.1 in both placves, have always set this to be the IP address of the SBS box itself before.
ASKER
Have changed DNS entries to be 127.0.0.1 and restarted NETLOGON and ran dcdiag /fix here are the results;
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
The host
0149ac32-4364-4527-8af0-0f
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVER01 failed test Connectivity
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
The host
0149ac32-4364-4527-8af0-0f
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVER01 failed test Connectivity
Did you check the DNS update settings on the properties of the server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Did these steps and also reloaded the zone which populated it o.k. I'm assuming I'll need to recreate CNAME records for companyweb, connect, Sahepoint etc. -
The dcdiag tests now passes connectivity (so _msdcs is now set-up correctly), however, I now have some other errors as well;
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER01 passed test Advertising
Starting test: FrsEvent
......................... SERVER01 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER01 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER01 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER01 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER01 passed test NCSecDesc
Starting test: NetLogons
[SERVER01] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SERVER01 failed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER01 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SERVER01] DsReplicaGetInfo(PENDING_O
failed, error 0x2105 "Win32 Error 8453"
......................... SERVER01 failed test Replications
The dcdiag tests now passes connectivity (so _msdcs is now set-up correctly), however, I now have some other errors as well;
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER01 passed test Advertising
Starting test: FrsEvent
......................... SERVER01 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER01 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER01 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER01 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER01 passed test NCSecDesc
Starting test: NetLogons
[SERVER01] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SERVER01 failed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER01 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SERVER01] DsReplicaGetInfo(PENDING_O
failed, error 0x2105 "Win32 Error 8453"
......................... SERVER01 failed test Replications
ASKER
Please disregard above - needed to run the dcdiag as an elevated cmd promt
Excellent, so now is all working?
Running the Fix My Network wizard should replace the CNAME records.
Running the Fix My Network wizard should replace the CNAME records.
ASKER
This now looks all o.k dcdiag /fix now passes all checks thanks for your help
Excellent! Glad I could help!
ASKER
Yes it did, thanks very much for your help - all CNAME records populated o.k. - thanks very much for your help.
I ahve another issue with a domain name error which I'll raise separately - thanks a lot once agian.
I ahve another issue with a domain name error which I'll raise separately - thanks a lot once agian.
F that all looks OK, then check the TCP/IP properties of the server and make sure it has 127.0.0.1 under DNS and no other entries.
Then, in the DNS Console, right click on the forward lookup zone for the internal domain and select properties. On the first screen make sure it says status is started and that secure and insecure updates are allowed.
Then restart the NETLOGON service and run DCDIAG /FIX
Please post the output.