Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SBS 2003 - DNS Problems - Non-existent domain - Missing Zones

Posted on 2011-10-10
18
Medium Priority
?
1,473 Views
Last Modified: 2012-06-08
SBS 2003, Standard Install 2 NIC Setup, about 10 XP Clients, all cards have static IP’s.

SBS has been running fine for over 1 year.  A few days ago I attempted to configure a FreeNAS server on the network.  While configuring Active Directory in FreeNAS it somehow wrecked havoc on my network including bringing down exchange server.  I have since removed FreeNAS from the network.

I am getting multiple errors which appear to be related to DNS and/or AD.  The main problems include: the GUID DNS name couldn't be resolved and when examining the DNS setting the forward and reverse lookup zones are missing, numerous other errors which appear in the event logs which follow.

My system state backup is about 1 year old (I know this is stupid) so I’m hoping that I can solve my network problem without having to restore.

The nature of the error is described as follows:

ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : (my domain)
Primary Dns Suffix  . . . . . . . : (my domain).local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : (my domain).local
Ethernet adapter External WAN:
Physical Address. . . . . . . . . : 00-0F-EA-38-B4-5A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Internal LAN:
Physical Address. . . . . . . . . : 00-40-F4-EB-C5-40
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :(This is blank)
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

****************
I ran dcdiag.exe I get the following message:

The host 7f3fc674-9fb0-4cf7-af8c-fcf8d496a6ce._msdcs.( My Domain).local could not be resolved to an IP address.  Check the DNS server, DHCP, server name, etc

Although the Guid DNS name (7f3fc674-9fb0-4cf7-af8c-fcf8d496a6ce._msdcs. (My Domain).local) couldn't be resolved, the server name (My Server.MyDomain.local) resolved to the IP address (192.168.16.2) and was pingable.  Check that the IP address is registered correctly with the DNS server.
All other test passed.
***************

When I open DNS MGMT under server name  the folder labeled "Forward Lookup Zones" no information is listed only option is to "add a new zone" same result for folder "Reverse Lookup Zones".  The folders are there but they are empty.

When I try to add a new zone I get the error message:  "The zone  cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application directory partition does not exist.  Only ...
***********************
I ran SBS Best Practices Analyzer Tool and it did not report any problems.

When starting the Nslookup.exe utility I get the following error:
*** Can’t find server name for address 192.168.16.2:  Non-existent domain
Default Server:  Unknown
Address:  192.168.16.2

When running CEICW it fails when setting the Network Configuration “an error occurred while configuring a component”.  In the CEICW log all returns OK until the following error occurs:

Error 0x80072581 returned from call to Deleting the DNS record for the external NIC().
Error 0x80072581 returned from call to CNetCommit::DoRouter().
Error 0x80072581 returned from call to Configuring for router connection().
Error 0x80072581 returned from call to CNetCommit::Common().
Error 0x80072581 returned from call to CNetCommit::Commit().

FROM THE EVENT LOG:


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4000
Date:            10/5/2011
Time:            5:00:47 PM
User:            N/A
Computer:      (MY SERVER)
Description:The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Event Type:      Error
Event Source:      NTDS General
Event Category:      Global Catalog
Event ID:      1126
Date:            10/5/2011
Time:            4:21:09 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      (MY SERVER)
Description:
Active Directory was unable to establish a connection with the global catalog.
 
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200c89
 
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller.  You may use the nltest utility to diagnose this problem.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2114
Date:            10/5/2011
Time:            5:09:41 PM
User:            N/A
Computer:      (MY SERVER)
Description:
Process INETINFO.EXE (PID=1536). Topology Discovery failed, error 0x80040931.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            10/5/2011
Time:            5:10:29 PM
User:            NT AUTHORITY\SYSTEM
Computer:      (MY SERVER)
Description:
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            10/10/2011
Time:            12:45:00 PM
User:            N/A
Computer:      (My SERVER)
Description:
The Security System detected an authentication error for the server .  The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
 (0xc000006d)".

Event Type:      Error
Event Source:      SBCore
Event Category:      None
Event ID:      1011
Date:            10/9/2011
Time:            7:02:16 PM
User:            N/A
Computer:      SERVERCP
Description:
Multiple domain controllers running Windows Server 2003 for Small Business Server have been detected in your domain. To prevent this computer from shutting down in the future, you must remove all but one of these from the domain.


PLEASE HELP I HAVE SPENT DAYS TRYING TO SOLVE AND CAN’T DO IT.

THANKS!!!
0
Comment
Question by:laserphaser
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36946289
First ting t do is to just try restarting the netlogon service.  You may have to re-create teh msdcs foder then restart netlogon.  it should repopulate form there.  if not  Try ipconfig /flushdns ipconfig/register DNS
0
 
LVL 13

Expert Comment

by:lauchangkwang
ID: 36946349
>> When starting the Nslookup.exe utility I get the following error:
*** Can’t find server name for address 192.168.16.2:  Non-existent domain
Default Server:  Unknown
Address:  192.168.16.2

Should be Forward Lookup not setting up causing of this, if i am not wrong, you may not able to access by typing \\servername is it ?? But only able to access by \\192.168.16.2 ......
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36946354
mcdcs is in teh forward lookup zones
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:laserphaser
ID: 36946501

I believe you are correct regarding the forward lookup zones.

When I open DNS MGMT under server name  the folder labeled "Forward Lookup Zones" no information is listed only option is to "add a new zone" same result for folder "Reverse Lookup Zones".  The folders are there but they are empty.

When I try to add a new zone I get the error message:  "The zone  cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application directory partition does not exist.  

As I don't have a current backup of system state how should I proceed to recreate my DNS zones keeping in mind that this is SBS 2003 and not straight Server.  I am pretty clueless regarding DNS and AD issues so I'm not sure how to proceed.  

0
 
LVL 13

Expert Comment

by:lauchangkwang
ID: 36946516
Try this :

http://www.ibm.com/developerworks/websphere/techjournal/0707_rogers/0707_rogers.html

starting from "6.Configure forward and reverse lookup zones", just stop until 12.(No need to create the Text File for now), then we see whether it is successfull.(Host File is a need to link between the domain with IP)
0
 

Author Comment

by:laserphaser
ID: 36946694
Error:  the zone cannot be created.  The data is invalid.



0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36946855
From the log it is clear that FreeNAS server was SBS.You can only have one SBS in an Active Directory.You cannot have 2 SBS Domain controllers in the same domain.But you can have additional domain controllers in an SBS Domain.All non-SBS flavours of Windows 2003/2008 are supported.

Two SBS in the same network has created the mess.As you have mentioned that FreeNAS server is removed,check that the other server has all FSMO role.You need to seize the FSMO role if the role was present on FreeNAS Server.Ran metadata cleanup to remove the instances of FreeNAS from AD databse and DNS.Once done reboot the server and check if DNS is loaded correctly or not.

Reference link:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://www.petri.co.il/seizing_fsmo_roles.htm

0
 

Author Comment

by:laserphaser
ID: 36947145
I followed the Petri article on the Ntdsutil metadata cleanup command.

Everything went smooth but in the end only 1 server was found which was the correct one so there was nothing to delete.

Everything appears to indicate that my only server has the FSMO role.  I can't find any references to the previous FreeNAS server.

Every test I run is giving me DNS related errors.

I believe the main problem is that my forward lookup folder is empty and/or the Guid DNS name (._msdcs.mydomain.local) can't be resolved.

In SBS 2003 how should I go about restoring my DNS forward lookup zones?



0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36947209
Check the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address.

Check NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.Restart the Server and check.

If the above does not work remove the dns role and install it again.
0
 

Author Comment

by:laserphaser
ID: 36947296
I booted my old sbs 2003 server and checked to see how DNS was set up.  I then compared it to my current set up.  In my current DNS setup almost all of the folders and configuration information is missing.  There are basically a couple of empty folders under DNS tree.

I'm not sure how I should go about "removing the DNSrole and installing again".  Please advise as I am clueless.

Most importantly with the way all of the modules of SBS are interconnected am I going to be able to reinstall DNS without everything being completely screwed up?

0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 36947498
0
 

Author Comment

by:laserphaser
ID: 36947564
Your help is very much appreciated.   It's off to bed for me but I will try your suggestions in the AM.  I will let you know how it goes.
0
 
LVL 13

Expert Comment

by:lauchangkwang
ID: 36948457
>> The data is invalid.

are you keying your own domain during the setup / configuration ?? If yes, it seems like your DNS got issue, you might have problem to join the PC to domain in the future. Just a test, you try to create a new user account under AD, then try to login using the normal workstation and see whether you able to login. (for the first event Log :The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.)
0
 
LVL 16

Expert Comment

by:Madan Sharma
ID: 36950700
Hi,
its a bit complicated but you can try this :-
first of all take your current system state backup on an alternative location/drive
then remove DNS service from your DC and do a reboot
after reboot install DNS service again then try to create DNS Zones (also create SRv records for AD to work properly)
hope you will be able to create zone now
also create reverse lookup zone to avoid the error Non-existent domain

note if you stills the error of Non-existent domain then run ipconfig/flushdns once it will clear the error.
0
 

Author Comment

by:laserphaser
ID: 37009952
I gave up and reinstalled SBS 2003.  This time I installed VMware ESXi 4.1 first and installed SBS 2003 as a virtual machine.  Although I lost a weekend the install went pretty smooth and I convinced that creating a VM of the server is the way to go.  I have multiple VM backups that will allow me to recover from a failed server in a couple minutes instead of spending the weekend pulling my hair out.

After comparing the default DNS configuration on the fresh install to my previous installation it is obvious that my DNS zone files were gone.  It's a nice feeling to see a clear event log after having one blown up full of errors.

Everyone's help was much appreciated.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 37009973
I would recommend to add one more DC as ADC in the network for redandnacy.As you have seen that with one DC in the network it took long time to restore the same.

It is always good to have atlease two DC in the network.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question