Windows guests not auto registering in DNS
I have a new ESXI 4.1.0 348481 farm with 4 ESXI hosts. I am using a distributed virtual switch. I have two subnets configured (172.24.7.0/24 & 10.25.2.0/24). When I build a Windows 2008 R2 Server it will not auto register in the Domains DNS. If I move this Server to another subnet on a different Domain the Server will also not register in DNS. I receive this error on the 2008 R2 guest:
Warning DNS Client Events Event ID 1014 Name resolution for the name domain.com timed out after none of the configured DNS servers responded.
Windows XP SP3 will also not auto register in DNS except there is no error logged in XP. Also, whether 2008 R2 or XP no errors are logged on the DNS Server's event log. Also, other subnets on different ESX hosts(Not using the distibuted virtual switch) have no problem when the Windows guest wants to auto register in DNS.
Why don't these guests auto register in DNS?
Warning DNS Client Events Event ID 1014 Name resolution for the name domain.com timed out after none of the configured DNS servers responded.
Windows XP SP3 will also not auto register in DNS except there is no error logged in XP. Also, whether 2008 R2 or XP no errors are logged on the DNS Server's event log. Also, other subnets on different ESX hosts(Not using the distibuted virtual switch) have no problem when the Windows guest wants to auto register in DNS.
Why don't these guests auto register in DNS?
Darius Ghassem
Well seems like the systems can't contact the domain or DNS servers
ASKER
I can successfully add to the domain in both AD's. I can successfully do nslookups in both AD Domains's from the problem guest (Not at the same time of course). The reason that I have tried it in two separate Domains is to rule out DNS on the Domain, which I have done.
Run dcdiag post results
ASKER
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = XXXXXX-DOM50VW
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\XX
Starting test: Connectivity
......................... XXXXXX-DOM50VW passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\XX
Starting test: Advertising
......................... XXXXXX-DOM50VW passed test Advertising
Starting test: FrsEvent
......................... XXXXXX-DOM50VW passed test FrsEvent
Starting test: DFSREvent
......................... XXXXXX-DOM50VW passed test DFSREvent
Starting test: SysVolCheck
......................... XXXXXX-DOM50VW passed test SysVolCheck
Starting test: KccEvent
......................... XXXXXX-DOM50VW passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... XXXXXX-DOM50VW passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... XXXXXX-DOM50VW passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Domai
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Domai
......................... XXXXXX-DOM50VW failed test NCSecDesc
Starting test: NetLogons
......................... XXXXXX-DOM50VW passed test NetLogons
Starting test: ObjectsReplicated
......................... XXXXXX-DOM50VW passed test ObjectsReplicated
Starting test: Replications
......................... XXXXXX-DOM50VW passed test Replications
Starting test: RidManager
......................... XXXXXX-DOM50VW passed test RidManager
Starting test: Services
......................... XXXXXX-DOM50VW passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 03/14/2011 14:01:25
Event String:
Driver Dell Open Print Driver (PS) required for printer Dell 810par is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/14/2011 14:01:33
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
A warning event occurred. EventID: 0x000016AF
Time Generated: 03/14/2011 14:04:32
Event String:
During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlog
......................... XXXXXX-DOM50VW failed test SystemLog
Starting test: VerifyReferences
......................... XXXXXX-DOM50VW passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Domain
Starting test: CheckSDRefDom
......................... Domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Domain passed test CrossRefValidation
Running enterprise tests on : Domain.local
Starting test: LocatorCheck
......................... Domain.local passed test LocatorCheck
Starting test: Intersite
......................... Domain.local passed test Intersite
Performing initial setup:
Trying to find home server...
Home Server = XXXXXX-DOM50VW
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\XX
Starting test: Connectivity
......................... XXXXXX-DOM50VW passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\XX
Starting test: Advertising
......................... XXXXXX-DOM50VW passed test Advertising
Starting test: FrsEvent
......................... XXXXXX-DOM50VW passed test FrsEvent
Starting test: DFSREvent
......................... XXXXXX-DOM50VW passed test DFSREvent
Starting test: SysVolCheck
......................... XXXXXX-DOM50VW passed test SysVolCheck
Starting test: KccEvent
......................... XXXXXX-DOM50VW passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... XXXXXX-DOM50VW passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... XXXXXX-DOM50VW passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Domai
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Domai
......................... XXXXXX-DOM50VW failed test NCSecDesc
Starting test: NetLogons
......................... XXXXXX-DOM50VW passed test NetLogons
Starting test: ObjectsReplicated
......................... XXXXXX-DOM50VW passed test ObjectsReplicated
Starting test: Replications
......................... XXXXXX-DOM50VW passed test Replications
Starting test: RidManager
......................... XXXXXX-DOM50VW passed test RidManager
Starting test: Services
......................... XXXXXX-DOM50VW passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000457
Time Generated: 03/14/2011 14:01:25
Event String:
Driver Dell Open Print Driver (PS) required for printer Dell 810par is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/14/2011 14:01:33
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
A warning event occurred. EventID: 0x000016AF
Time Generated: 03/14/2011 14:04:32
Event String:
During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlog
......................... XXXXXX-DOM50VW failed test SystemLog
Starting test: VerifyReferences
......................... XXXXXX-DOM50VW passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Domain
Starting test: CheckSDRefDom
......................... Domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Domain passed test CrossRefValidation
Running enterprise tests on : Domain.local
Starting test: LocatorCheck
......................... Domain.local passed test LocatorCheck
Starting test: Intersite
......................... Domain.local passed test Intersite
ASKER
Keep in mind that the 2008 R2 guest vm has the same registration problem on an entirely different AD Forest with its' own separate DNS.
During the past 4.06 hours there have been 69 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlog
Post this whole Event logs
Post this whole Event logs
ASKER
How can it be related the a DC or DNS if I have the same problem on a completel different Active Directory Forest?
Can you run "ipconfig /registerdns" on the client that's failing to register in DNS (it requires elevation of rights) and check for any events in even viewer?
Can you also post output of "ipconfig /all" from your domain controllers. Also let us know what version of Windows are your DCs running.
Kris
Can you also post output of "ipconfig /all" from your domain controllers. Also let us know what version of Windows are your DCs running.
Kris
ASKER
ipconfig /registerdns doesn't generate any errors in the event logs and does not register my computer in DNS. I am running Windows 2008 R2. I have also tested with Windows XP SP3 and have the same issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As i appreciate the help I received, the solution was to disable DNS ALG on the Juniper FireWall (SRX).
I am glad you've nailed it down!