cybis1
asked on
SBS 2011 DNS Error
We are unable to access the Internet (although we could previously) on a SBS 2011 Server.
We are getting this error in our DNS log. And advice most welcome.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 14/10/2011
Time: 15:12:33
User: N/A
Computer: SERVER.xxxxxx.local Description:
The DNS server was unable to complete directory service enumeration of zone 16.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00
.
We are getting this error in our DNS log. And advice most welcome.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 14/10/2011
Time: 15:12:33
User: N/A
Computer: SERVER.xxxxxx.local Description:
The DNS server was unable to complete directory service enumeration of zone 16.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00
.
As per Microsoft: "The DNS Server service uses Active Directory to store DNS data, and it encountered a Lightweight Directory Access Protocol (LDAP) error while querying the directory. This error could be caused by either a time-out or a temporary interruption of service".
If the 4004 and 4015 events only appear at start up, you get these events because your zones are stored in AD and it seems you only have one Domain Controller. AD cannot start with DNS, and when DNS starts, because AD has not started, DNS cannot load the zones in AD. The error goes away if you have two or more DCs with DNS installed, or if you use standard primary zones.
If the 4004 and 4015 events only appear at start up, you get these events because your zones are stored in AD and it seems you only have one Domain Controller. AD cannot start with DNS, and when DNS starts, because AD has not started, DNS cannot load the zones in AD. The error goes away if you have two or more DCs with DNS installed, or if you use standard primary zones.
You said you can't access the internet. Could you be more specific? Can you ping your gateway router? Can you ping anything outside your network by IP?, By name? Run ipconifg, is your gateway device set correctly?
Just trying to get more clear about whether or not this is DNS related.
Just trying to get more clear about whether or not this is DNS related.
ASKER
sorry - didn't explain this very wel.. We can't acess the internet with iIE v8 or 9, nor firefox. Iif we ping a DNS name in a command box, we get a reply. So the DNS is resolving the name within a command box. It may be the DNS errors listed above aren't related to the problem.
IIE8 was working fine before we did a whole load of windows updates on the server. After the updates we can't use a browser. So the we tried upgrading IE to version 9 and tring firefos - but both with no sucess.
DNS is definatly set to the IP address of the SBS 2011 server (itself) and not using 127.0.0.1. We have tried this with DNS forwarders and without.
IIE8 was working fine before we did a whole load of windows updates on the server. After the updates we can't use a browser. So the we tried upgrading IE to version 9 and tring firefos - but both with no sucess.
DNS is definatly set to the IP address of the SBS 2011 server (itself) and not using 127.0.0.1. We have tried this with DNS forwarders and without.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. This didn't solveit, but made me think about the firewall setup - which did turn out to be the problem. It was setup for it's future site, and the IP address is was trying to get out on, wasn't valid for our in house connection.
So thanks for making me think laterally.
So thanks for making me think laterally.
To fix the error, just create the 16.168.192.in-addr.arpa zone in your DNS and let it populate things on it's own.
For more reverse DNS info check out http://en.wikipedia.org/wiki/Reverse_DNS_lookup