Windows guests not auto registering in DNS

I have a new ESXI 4.1.0 348481 farm with 4 ESXI hosts. I am using a distributed virtual switch. I have two subnets configured (172.24.7.0/24 & 10.25.2.0/24). When I build a Windows 2008 R2 Server it will not auto register in the Domains DNS. If I move this Server to another subnet on a different Domain the Server will also not register in DNS. I receive this error on the 2008 R2 guest:

Warning DNS Client Events Event ID 1014  Name resolution for the name domain.com timed out after none of the configured DNS servers responded.

Windows XP SP3 will also not auto register in DNS except there is no error logged in XP. Also, whether 2008 R2 or XP no errors are logged on the DNS Server's event log. Also, other subnets on different ESX hosts(Not using the distibuted virtual switch) have no problem when the Windows guest wants to auto register in DNS.

Why don't these guests auto register in DNS?
LVL 6
mattconroyAsked:
Who is Participating?
 
mattconroyConnect With a Mentor Author Commented:
Issue Resolved:

DNS ALG (Application Layer Gateway) had to be disabled on the Juniper FireWall. One of our Network guys figured this out. Apparently DNS ALG closes the UDP 53 connection (used for DNS auto registration) before the default time of 2 minutes.
0
 
Darius GhassemCommented:
Well seems like the systems can't contact the domain or DNS servers
0
 
mattconroyAuthor Commented:
I can successfully add to the domain in both AD's. I can successfully do nslookups in both AD Domains's from the problem guest (Not at the same time of course). The reason that I have tried it in two separate Domains is to rule out DNS on the Domain, which I have done.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Darius GhassemCommented:
Run dcdiag post results
0
 
mattconroyAuthor Commented:
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = XXXXXX-DOM50VW

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\XXXXXX-DOM50VW

      Starting test: Connectivity

         ......................... XXXXXX-DOM50VW passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\XXXXXX-DOM50VW

      Starting test: Advertising

         ......................... XXXXXX-DOM50VW passed test Advertising

      Starting test: FrsEvent

         ......................... XXXXXX-DOM50VW passed test FrsEvent

      Starting test: DFSREvent

         ......................... XXXXXX-DOM50VW passed test DFSREvent

      Starting test: SysVolCheck

         ......................... XXXXXX-DOM50VW passed test SysVolCheck

      Starting test: KccEvent

         ......................... XXXXXX-DOM50VW passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... XXXXXX-DOM50VW passed test

         KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... XXXXXX-DOM50VW passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=Domain,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=Domain,DC=local
         ......................... XXXXXX-DOM50VW failed test NCSecDesc

      Starting test: NetLogons

         ......................... XXXXXX-DOM50VW passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... XXXXXX-DOM50VW passed test ObjectsReplicated

      Starting test: Replications

         ......................... XXXXXX-DOM50VW passed test Replications

      Starting test: RidManager

         ......................... XXXXXX-DOM50VW passed test RidManager

      Starting test: Services

         ......................... XXXXXX-DOM50VW passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x00000457

            Time Generated: 03/14/2011   14:01:25

            Event String:

            Driver Dell Open Print Driver (PS) required for printer Dell 810par is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 03/14/2011   14:01:33

            Event String:

            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

         A warning event occurred.  EventID: 0x000016AF

            Time Generated: 03/14/2011   14:04:32

            Event String:

            During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

         ......................... XXXXXX-DOM50VW failed test SystemLog

      Starting test: VerifyReferences

         ......................... XXXXXX-DOM50VW passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : Domain

      Starting test: CheckSDRefDom

         ......................... Domain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Domain passed test CrossRefValidation

   
   Running enterprise tests on : Domain.local

      Starting test: LocatorCheck

         ......................... Domain.local passed test LocatorCheck

      Starting test: Intersite

         ......................... Domain.local passed test Intersite

0
 
mattconroyAuthor Commented:
Keep in mind that the 2008 R2 guest vm has the same registration problem on an entirely different AD Forest with its' own separate DNS.
0
 
Darius GhassemCommented:
During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

Post this whole Event logs
0
 
mattconroyAuthor Commented:
How can it be related the a DC or DNS if I have the same problem on a completel different Active Directory Forest?
0
 
krzywisCommented:
Can you run "ipconfig /registerdns" on the client that's failing to register in DNS (it requires elevation of rights) and check for any events in even viewer?
Can you also post output of "ipconfig /all" from your domain controllers. Also let us know what version of Windows are your DCs running.

Kris
0
 
mattconroyAuthor Commented:
ipconfig /registerdns doesn't generate any errors in the event logs and does not register my computer in DNS. I am running Windows 2008 R2. I have also tested with Windows XP SP3 and have the same issue.
0
 
mattconroyAuthor Commented:
As i appreciate the help I received, the solution was to disable DNS ALG on the Juniper FireWall (SRX).
0
 
krzywisCommented:
I am glad you've nailed it down!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.