Solved

Windows guests not auto registering in DNS

Posted on 2011-03-14
12
2,678 Views
Last Modified: 2012-05-11
I have a new ESXI 4.1.0 348481 farm with 4 ESXI hosts. I am using a distributed virtual switch. I have two subnets configured (172.24.7.0/24 & 10.25.2.0/24). When I build a Windows 2008 R2 Server it will not auto register in the Domains DNS. If I move this Server to another subnet on a different Domain the Server will also not register in DNS. I receive this error on the 2008 R2 guest:

Warning DNS Client Events Event ID 1014  Name resolution for the name domain.com timed out after none of the configured DNS servers responded.

Windows XP SP3 will also not auto register in DNS except there is no error logged in XP. Also, whether 2008 R2 or XP no errors are logged on the DNS Server's event log. Also, other subnets on different ESX hosts(Not using the distibuted virtual switch) have no problem when the Windows guest wants to auto register in DNS.

Why don't these guests auto register in DNS?
0
Comment
Question by:mattconroy
  • 7
  • 3
  • 2
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Well seems like the systems can't contact the domain or DNS servers
0
 
LVL 6

Author Comment

by:mattconroy
Comment Utility
I can successfully add to the domain in both AD's. I can successfully do nslookups in both AD Domains's from the problem guest (Not at the same time of course). The reason that I have tried it in two separate Domains is to rule out DNS on the Domain, which I have done.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Run dcdiag post results
0
 
LVL 6

Author Comment

by:mattconroy
Comment Utility
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = XXXXXX-DOM50VW

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\XXXXXX-DOM50VW

      Starting test: Connectivity

         ......................... XXXXXX-DOM50VW passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\XXXXXX-DOM50VW

      Starting test: Advertising

         ......................... XXXXXX-DOM50VW passed test Advertising

      Starting test: FrsEvent

         ......................... XXXXXX-DOM50VW passed test FrsEvent

      Starting test: DFSREvent

         ......................... XXXXXX-DOM50VW passed test DFSREvent

      Starting test: SysVolCheck

         ......................... XXXXXX-DOM50VW passed test SysVolCheck

      Starting test: KccEvent

         ......................... XXXXXX-DOM50VW passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... XXXXXX-DOM50VW passed test

         KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... XXXXXX-DOM50VW passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=Domain,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=Domain,DC=local
         ......................... XXXXXX-DOM50VW failed test NCSecDesc

      Starting test: NetLogons

         ......................... XXXXXX-DOM50VW passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... XXXXXX-DOM50VW passed test ObjectsReplicated

      Starting test: Replications

         ......................... XXXXXX-DOM50VW passed test Replications

      Starting test: RidManager

         ......................... XXXXXX-DOM50VW passed test RidManager

      Starting test: Services

         ......................... XXXXXX-DOM50VW passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x00000457

            Time Generated: 03/14/2011   14:01:25

            Event String:

            Driver Dell Open Print Driver (PS) required for printer Dell 810par is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 03/14/2011   14:01:33

            Event String:

            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

         A warning event occurred.  EventID: 0x000016AF

            Time Generated: 03/14/2011   14:04:32

            Event String:

            During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

         ......................... XXXXXX-DOM50VW failed test SystemLog

      Starting test: VerifyReferences

         ......................... XXXXXX-DOM50VW passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : Domain

      Starting test: CheckSDRefDom

         ......................... Domain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Domain passed test CrossRefValidation

   
   Running enterprise tests on : Domain.local

      Starting test: LocatorCheck

         ......................... Domain.local passed test LocatorCheck

      Starting test: Intersite

         ......................... Domain.local passed test Intersite

0
 
LVL 6

Author Comment

by:mattconroy
Comment Utility
Keep in mind that the 2008 R2 guest vm has the same registration problem on an entirely different AD Forest with its' own separate DNS.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

Post this whole Event logs
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Author Comment

by:mattconroy
Comment Utility
How can it be related the a DC or DNS if I have the same problem on a completel different Active Directory Forest?
0
 
LVL 4

Expert Comment

by:krzywis
Comment Utility
Can you run "ipconfig /registerdns" on the client that's failing to register in DNS (it requires elevation of rights) and check for any events in even viewer?
Can you also post output of "ipconfig /all" from your domain controllers. Also let us know what version of Windows are your DCs running.

Kris
0
 
LVL 6

Author Comment

by:mattconroy
Comment Utility
ipconfig /registerdns doesn't generate any errors in the event logs and does not register my computer in DNS. I am running Windows 2008 R2. I have also tested with Windows XP SP3 and have the same issue.
0
 
LVL 6

Accepted Solution

by:
mattconroy earned 0 total points
Comment Utility
Issue Resolved:

DNS ALG (Application Layer Gateway) had to be disabled on the Juniper FireWall. One of our Network guys figured this out. Apparently DNS ALG closes the UDP 53 connection (used for DNS auto registration) before the default time of 2 minutes.
0
 
LVL 6

Author Closing Comment

by:mattconroy
Comment Utility
As i appreciate the help I received, the solution was to disable DNS ALG on the Juniper FireWall (SRX).
0
 
LVL 4

Expert Comment

by:krzywis
Comment Utility
I am glad you've nailed it down!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now