Recreate DNS for Active Directory Domain

Can you run this
Dcdiag /test:dns /DnsRecordRegistration

and check or share the result. Also run from cmd

ipconfig /registerdns from dc again.

So you have one DC, is that DC running DNS?   If you restart the box or restart the netlogon service is should register its entries again.

What entries do you have for DNS IPs on that 2003 box?

Does this box have multiple NICs?

Thanks

Mike

The results of Dcdiag /test:dns /DnsRecordRegistration were

C:\Program Files\Support Tools>Dcdiag /test:dns /DnsRecordRegistration

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2003
      Starting test: Connectivity
            *** Warning: could not confirm the identity of this server in
               the directory versus the names returned by DNS servers.
               If there are problems accessing this directory server then
               you may need to check that this server is correctly registered
               with DNS
         ......................... SERVER2003 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2003

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : small

   Running enterprise tests on : small.business
      Starting test: DNS
         Test results for domain controllers:

            DC: server2003
            Domain: small.business


               TEST: Basic (Basc)
                  Error: The A record for this DC was not found

               TEST: Records registration (RReg)
                  Network Adapter [00000007] HP NC320i PCIe Gigabit Server Adapt
er:
                     Error: Missing A record at DNS server 10.0.0.109 :
                     server2003

                     Warning: Missing DC SRV record at DNS server 10.0.0.109 :
                     _ldap._tcp.dc._msdcs.small.business

                     Warning: Missing GC SRV record at DNS server 10.0.0.109 :
                     _ldap._tcp.gc._msdcs.small.business

                     Warning: Missing PDC SRV record at DNS server 10.0.0.109 :
                     _ldap._tcp.pdc._msdcs.small.business

               Error: Record registrations cannot be found for all the network a
dapters

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: small.business
                                            PASS FAIL n/a  n/a  n/a  FAIL n/a

         ......................... small.business failed test DNS

C:\Program Files\Support Tools>

Select allOpen in new window

ipconfig /registerdns didnt appear to do anything.

Can you confirm the Domain Controller has only it's own IP address under the TCP/IP settings.  There should be no other DNS servers (unless you have multiple internal Windows DNS Servers) especially not ISP DNS Servers.

Then check your Client, make sure it's only using your DC for DNS also.

If you could post the IPCONFIG /ALL from both the DC and a client this would be useful.

ipconfig /registerdns will not do anything on a DC (that is for clients to register)

Restart netlogon will attempt to register DNS records again (those SRV records)

First verify NIC settings are correct. I assume this server has only one NIC. Then try below steps:

First run ipconfig /flushdns
second ipconfig /registerdns
Resart the Netlogon service or reboot the server.

This is an SBS2003 server yes?
Do you have it setup with ISA or a single NIC configuration?

Can you post the results of NETDIAG as well please.

This worked for me last week.

http://support.microsoft.com/kb/310568

hi,

try with following command


netdiag /fix

Its a standard windows 2003 server, not SBS.

The netdiag output is this:-


C:\Program Files\Support Tools>netdiag

.....................................

    Computer Name: SERVER2003
    DNS Host Name: server2003
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 2, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB931836
        KB932168
        KB933360
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB937143
        KB938127
        KB938464
        KB939653
        KB941202
        KB941568
        KB941569
        KB941644
        KB941693
        KB942615
        KB942763
        KB942840
        KB943055
        KB943460
        KB943484
        KB943485
        KB944338
        KB944533
        KB944653
        KB945553
        KB946026
        KB947864
        KB948496
        KB948590
        KB948881
        KB949014
        KB950759
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953838
        KB953839
        KB954211
        KB954550-v5
        KB954600
        KB955069
        KB955839
        KB956390
        KB956391
        KB956572
        KB956802
        KB956803
        KB956841
        KB957095
        KB957097
        KB958215
        KB958469
        KB958644
        KB958687
        KB958690
        KB959426
        KB960225
        KB960714
        KB960715
        KB960803
        KB960859
        KB961063
        KB961118
        KB961371
        KB961371-v2
        KB961373
        KB961501
        KB963027
        KB967715
        KB968537
        KB969805
        KB969897
        KB969898
        KB970238
        KB971032
        KB971557
        KB971633
        KB971657
        KB972260
        KB973346
        KB973354
        KB973507
        KB973540
        KB973815
        KB973869
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server2003
        IP Address . . . . . . . . : 10.0.0.109
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . : 10.0.0.2
        Dns Servers. . . . . . . . : 10.0.0.109


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '10.0.0.109'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/SERVER2003' is missing on D
C 'server2003'.
    [FATAL] The default SPNs are not properly registered on any DCs.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Program Files\Support Tools>

Hi amitkulshrestha,

Tried your suggestions

First run ipconfig /flushdns
second ipconfig /registerdns
Resart the Netlogon service or reboot the server.

And got the following errors in the Event Logs

Event Type:	Warning
Event Source:	NETLOGON
Event Category:	None
Event ID:	5781
Date:		15/02/2012
Time:		16:44:01
User:		N/A
Computer:	SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers 
- Specified preferred and alternate DNS servers are not running 
- DNS server(s) primary for the records to be registered is not running 
- Preferred or alternate DNS servers are configured with wrong root hints 
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Select allOpen in new window

Event Type:	Warning
Event Source:	NETLOGON
Event Category:	None
Event ID:	5781
Date:		15/02/2012
Time:		16:44:01
User:		N/A
Computer:	SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.small.business.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers 
- Specified preferred and alternate DNS servers are not running 
- DNS server(s) primary for the records to be registered is not running 
- Preferred or alternate DNS servers are configured with wrong root hints 
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Select allOpen in new window

Event Type:	Warning
Event Source:	NETLOGON
Event Category:	None
Event ID:	5781
Date:		15/02/2012
Time:		16:44:01
User:		N/A
Computer:	SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.small.business.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers 
- Specified preferred and alternate DNS servers are not running 
- DNS server(s) primary for the records to be registered is not running 
- Preferred or alternate DNS servers are configured with wrong root hints 
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Select allOpen in new window

In the DNS Console, under Forward lookup zones do you have one listed for your internal domain name?

Right click on this and select properties.

Select allow secure and insecure updates.

Is it showing as Started? And Active Directiry integrated?

What Antivirus software do you have installed? Do you have the necessary excluded from the on-access scanner?  See here for the requirements: http://support.microsoft.com/kb/822158

Once done, reboot the server and check again.

I've changed the setting to allow secure and insecure updates and rebooted.

Still no luck. The event log entries are still appearing.

Did you follow the rest of my post?

Can you post a screenshot of your forward lookup zones? Expanded as much as possible.

Theres no antivirus installed on the server.

Please find the DNS screenshot attached.

Thanks
Dan

Hmmm... im sure i attached it.

Trying again....

Do you have any static entries in your DNS zones?

Have you changed the SERVERNAME recently?

Nothings changed as far as I'm aware.

I'm a little confused. If I query the DNS server and ask for 'server2003' is says:-

But as you can see from the picture, there seems to be a DNS entry for that 'server2003'.


To answer previous questions, the DNS server and DC are on the same machine.
The DHCP server is based on the ADSL router.

Thanks
Dan

I dont understand why, in the above screenshot, dcdiag reports 'Error: Missing A record at DNS server 10.0.0.109 :    server2003'

I can see the A record exists!

Indeed.

I'd suggest changing the zones to non-AD integrated.

Once you've done that restart the DNS server service.

Then, delete both entries under the DNS Forward Lookup zones (don't panic, the server will recreate them in a minute.)

Recreate the small.business forward lookup zone then run:

IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
DCDIAG /FIX
NETDIAG /FIX

And, just for balls and braces restart the netlogon service.

Please post the results of the above commands.

There are currently two zones.
- small.business
- _msdcs.small.business

Should I do the above procedure on both?

and when you say "Recreate the small.business forward lookup zone", should I also recreate the _msdcs.small.business zone?

I would uninstall DNS service and reinstall it.  at least then you know where you are starting from. Rebuilding the zones if fairly painless

I deleted the zones and ran those commands, but it didnt recreate the entries.

Here's the output from dcdiag /fix:-

C:\Program Files\Support Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2003
      Starting test: Connectivity
         The host 169973e6-7cfd-4837-a0c2-cd828cd5aab0._msdcs.small.business cou
ld not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (169973e6-7cfd-4837-a0c2-cd828cd5aab0._msdcs.small.business) couldn't
         be resolved, the server name (server2003) resolved to the IP address
         (10.0.0.109) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... SERVER2003 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2003
      Skipping all tests, because server SERVER2003 is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : small
      Starting test: CrossRefValidation
         ......................... small passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... small passed test CheckSDRefDom

   Running enterprise tests on : small.business
      Starting test: Intersite
         ......................... small.business passed test Intersite
      Starting test: FsmoCheck
         ......................... small.business passed test FsmoCheck

C:\Program Files\Support Tools>

Select allOpen in new window

and the output from netdiag /fix

        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB931836
        KB932168
        KB933360
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB937143
        KB938127
        KB938464
        KB939653
        KB941202
        KB941568
        KB941569
        KB941644
        KB941693
        KB942615
        KB942763
        KB942840
        KB943055
        KB943460
        KB943484
        KB943485
        KB944338
        KB944533
        KB944653
        KB945553
        KB946026
        KB947864
        KB948496
        KB948590
        KB948881
        KB949014
        KB950759
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953838
        KB953839
        KB954211
        KB954550-v5
        KB954600
        KB955069
        KB955839
        KB956390
        KB956391
        KB956572
        KB956802
        KB956803
        KB956841
        KB957095
        KB957097
        KB958215
        KB958469
        KB958644
        KB958687
        KB958690
        KB959426
        KB960225
        KB960714
        KB960715
        KB960803
        KB960859
        KB961063
        KB961118
        KB961371
        KB961371-v2
        KB961373
        KB961501
        KB963027
        KB967715
        KB968537
        KB969805
        KB969897
        KB969898
        KB970238
        KB971032
        KB971557
        KB971633
        KB971657
        KB972260
        KB973346
        KB973354
        KB973507
        KB973540
        KB973815
        KB973869
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server2003
        IP Address . . . . . . . . : 10.0.0.109
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . : 10.0.0.2
        Dns Servers. . . . . . . . : 10.0.0.109


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry gc._msdcs.small.business. re-registerati
on on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry ForestDnsZones.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry DomainDnsZones.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.small.business. re-registerat
ion on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.small.business. re
-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.small.business. re-
registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.small.business. re-registeration on DNS server '10.0.0.109' failed.

DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.b6897006-eb1b-4dbf-9a48-5d9e4
7b6200d.domains._msdcs.small.business. re-registeration on DNS server '10.0.0.10
9' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry 169973e6-7cfd-4837-a0c2-cd828cd5aab0._ms
dcs.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.small.business.
 re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.small.business. re-registeration on DNS server '10.0.0.109' fail
ed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.small.business. re-
registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.small.business. re-registeration on DNS server '10.0.0.109' failed.

DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.small.business. re-registeratio
n on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.small.business. re-registe
ration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.small.business. re-registe
ration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.small.business
. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.ForestDnsZones.small.business. re-registeration on DNS server '10.0.0.109' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.small.business
. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.DomainDnsZones.small.business. re-registeration on DNS server '10.0.0.109' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '10.0.0.109'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/SERVER2003' is missing on D
C 'server2003'.
    [FATAL] The default SPNs are not properly registered on any DCs.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Program Files\Support Tools>

Select allOpen in new window

Don't recreate the _mcdcs one at the moment but delete both.

I dont think there is a need to uninstall DNS at this stage.

Did you recreate the forward lookup zone as I said?

Yes, i recreated the 'small.business' one before running the commands you posted.

Is this your only server or do you have others?

This is the only server on the network. It hosts DNS, Active Directory, and files. No Exchange Server used.

When you recreated the zone did you create it as an Active Directory integrated zone?  If so, once again delete the zone.  And re-create it again this time creating it as a standard zone.

Ok, I tried a standard zone. But still get exactly the same results.

What do you see under: %systemroot%\System32\Dns

What's in the .dns file?

small.business.dns contains:-

;
;  Database file small.business.dns for small.business zone.
;      Zone version:  1
;

@                       IN  SOA server2003.  hostmaster. (
                        	1            ; serial number
                        	900          ; refresh
                        	600          ; retry
                        	86400        ; expire
                        	3600       ) ; default TTL

;
;  Zone NS records
;

@                       NS	server2003.

;
;  Zone records
;

Select allOpen in new window

There is also a file called _msdcs.small.business.dns

;
;  Database file _msdcs.small.business.dns for _msdcs.small.business zone.
;      Zone version:  14
;

@                       IN  SOA server2003.  hostmaster.small.business. (
                        	14           ; serial number
                        	900          ; refresh
                        	600          ; retry
                        	86400        ; expire
                        	3600       ) ; default TTL

;
;  Zone NS records
;

@                       NS	server2003.
server2003.             A	10.0.0.109

;
;  Zone records
;

169973e6-7cfd-4837-a0c2-cd828cd5aab0 600	CNAME	server2003.small.business.
_kerberos._tcp.Default-First-Site-Name._sites.dc 600	SRV	0 100 88	server2003.small.business.
_ldap._tcp.Default-First-Site-Name._sites.dc 600	SRV	0 100 389	server2003.small.business.
_kerberos._tcp.dc       600	SRV	0 100 88	server2003.small.business.
_ldap._tcp.dc           600	SRV	0 100 389	server2003.small.business.
_ldap._tcp.b6897006-eb1b-4dbf-9a48-5d9e47b6200d.domains 600	SRV	0 100 389	server2003.small.business.
gc                      600	A	10.0.0.109
_ldap._tcp.Default-First-Site-Name._sites.gc 600	SRV	0 100 3268	server2003.small.business.
_ldap._tcp.gc           600	SRV	0 100 3268	server2003.small.business.
_ldap._tcp.pdc          600	SRV	0 100 389	server2003.small.business.

Select allOpen in new window

Stop the DNS Server service.

Move these files somewhere else.

Start the DNS Server service again.

Go in to the DNS Console and check the forward lookup zones.

Done. After doing that, the console said that the zone file wasn't found, or invalid, so i deleted the entry and recreated it as a standard zone, and allowed updates. Ran the commands from above, but it didnt work. Exactly the same errors.

DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.109' failed.

Is there any way to get more detail than that?

So...restart the netlogon service.

Then go back in to the DNS console, does the forward lookup zone get populated?

No, its still empty and the event log is showing the following error:-

Event Type:      Warning
Event Source:      NETLOGON
Event Category:      None
Event ID:      5781
Date:            15/02/2012
Time:            19:09:50
User:            N/A
Computer:      SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers  ----I CHECKED THIS AND DNS IS POINTING TO THE SERVER IP
- Specified preferred and alternate DNS servers are not running ---- IT IS RUNNING
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints ---- NO IDEA
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  ----- NO IDEA

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..

Couple of things to check:

Interfaces = All IP Addresses
Root Hints Screenshot =
Editing the dns file works fine.

You are missing a couple of root hints, but I would be suprised if this was causing this problem.

But....as it's listed in the event log as one of the possible causes, let's rule it out.

Stop the DNS Server service.  Navigate to the DNS folder again.  Move CACHE.DNS out of that folder and replace it with the one I have attached.  Rename it from cache.txt to cache.dns

Then start the DNS Server service again, once that's running, restart the netlogon service again.

Then check for errors.
CACHE.txt

Sorry, it didnt work. Same event log error.

I really appreciate this. im really confused as to the cause.

You now have A to M root hints though yes?

Actually, no, there are still some missing.

OK.  In Active Directory Users and Computers goto View and select Advanced Options.

Navigate to System > MicrosoftDNS

What do you have listed?

Nothing. I deleted the entries while trying to resolve this.

i was following this guide:-
http://support.microsoft.com/kb/294328/en-us

Do you know what entries were there?

I think the time has come to uninstall DNS, reboot, then re-install it.

Im working on this remotely. Do it require the windows server cd to reinstall?

hmm, that I cannot remember, it's been a while since I've made many changes to a Windows 2003 server.

Ok, just copying the files onto the server. May take a while so i'll post back once ive done it all.
Might be a few hours.

OK, it's 20:17 in the evening here so I may not be around when you have finished but I will pick up if nobody else has in the morning.

How did you get on?

If you haven't rebooted after removing the DNS service then don't.

Just had a thought, AD will struggle to start without DNS.

Do you have some spare hardware we could install a clean version of Windiws server on? Even if it's only temporary? We could use a virtual machine even on a client?

Ive not done it yet. Dont have any spare hardware around that I could use.

What about a workstation that we could install a virtual machine on?

If we are going to get this sorted we need another machine to act as DNS for us.

The easiest way to do this is to create a virtual machine that we can use temporarily.

What else is this Domain Controller doing?


Can you download Virtual Box on to a client workstation.  (we a minimum of 512MB of RAM so something with 1GB or more will be sufficient for now).

Virtualbox download: https://www.virtualbox.org/wiki/Downloads

Download the x86 version of windows 2008 from (it's the smaller of the two downloads):
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8371

Create a new virtual machine using the downloaded ISO.

DON'T DO ANYTHING ELSE WITH IT.

If you have another server that we could "borrow" to add the DNS role to then that would negate the need to do this but if this is the only server we don't have a choice right now.

I reinstalled DNS using the following instructions:-
http://support.microsoft.com/kb/310568

Performed a reboot but the zones werent recreated.

are you able to perform the steps I outline in my previous post?

I will give it a go shortly.

Ok, ive downloaded the ISO. I assume you want me to install the OS onto the VM?

Ive installed Windows Server 2008 onto the VM running on a client PC. I eagely await your next instructions.

Many thanks
Dan

OK, add the DNS role to this server.  

Once added configure your small.business forward lookup zone.

Ok, thats been done.

OK, now check the contents of the new zone, hopefully it will be empty.

Have you give it a fixed IP address? If not can you?

Then from your failing 2003 server ping the IP address, make sure you can communicate with the new server.

Ok, i had to turn all the firewalls off on the VM, but its pinging now.

Fixed IP 10.0.0.107
Main 2003 server 10.0.0.0.109

Subnet is 255.0.0.0 for some reason. The last guy must have set it.

OK, great.

Now, on the 2003 server change the NIC properties for DNS.

Set the Prefered DNS to 10.0.0.107 and make sure the alternate DNS is empty.

Once you have done that restart the NETLOGON service on the 2003 server.

Check the zone on the 2008 server, has it been populated?

No. The zone is still empty. I've also ensured that insecure updates are allowed.

WHAT?!?!?
Are you sure?!

Refresh?

Im sure... at least I think im sure. Maybe I need to run a packet sniffer to see whats going on?

netdiag /fix on the 2003 server says:-

DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.small.business. re-registerat
ion on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.small.business. re-registeration on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.small.business. re-regist
eration on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.small.business. re-registeration on DNS server '10.0.0.107' failed.
etc etc etc etc

The event log on the 2003 server says:-

Event Type:      Warning
Event Source:      NETLOGON
Event Category:      None
Event ID:      5781
Date:            16/02/2012
Time:            16:14:23
User:            N/A
Computer:      SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..

Ive installed wireshark to see whats happening when i restart netlogon

2003 server queries 10.0.0.107 for the existence of the dns entries.
but thats all. i cant see any attempts to fix the dns entries.

do you have another NIC you can enable on the 2003 server?

No, there is only one card.

There is another listed call SonicWALL Virtual Adapter, but its disabled and not a real NIC card.

Do you have SonicWall VPN client listed under Add/Remove program's?
If so can you please uninstall and then reboot.

I've uninstalled it. But can't reboot for an hour as the server is in use till closing time.

OK, has the Sonicwall adapter gone?
What happens when you restart the netlogon service now?

netlogon restart did nothing.

rebooting the server now.

do you think im going to have to get the server reinstalled?

The reboot has not joy.

Can you list all program's from Add/Renove program's.

In device manager remove the NIC reboot and allow windows to re detect it.

Is there any way to remove the nic and redetect it while working remotely? The server is in london and i'm in manchester.

That will be a no.  Someone needs to be there to log it on.

Heres the add remove list.

errr.....domain rename tool?!?
Has this domain been renamed?!

No idea. Its been called small.business for at least 2 years.

It might have been changed before then, but I couldnt find any evidence. According to this page, when the tool is used, there should be some XML files in the Domain Rename Tool directory. There are no XML files, so I assume it hasnt been used.

http://cosonok.blogspot.com/2010/04/windows-server-2003-active-directory.html

I am at a loss as to what could be causing it to fail to register it's entries in DNS.

It doesn't really make any sense.

On the NIC can you see a 3rd Authentication tab? What settings appear here?

Can you also click on the TCP/IP Properties, post a screenshot of the first tab.

Click Advanced and post a screenshot of the IP Settings, DNS and WINS tabs

1) disable smart card authentication

2) put a check in the box to register this connection in DNS and enter small.business as your DNS Suffix

Then, restart NETLOGON again

No luck with that.

I just ran this: netdiag /v


And found this in the result:

DNS test . . . . . . . . . . . . . : Failed
      Interface {B56A620A-EE68-4EA3-999F-E4F618750BC3}
        DNS Domain: small.business
        DNS Servers: 10.0.0.109
        IP Address:         Expected registration with adapter's DNS Domain Name
:
          Hostname: server2003.small.business.
          Registration with adapter's DNS domain name is disabled.

In the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters what value do you have listed for DisableDynamicUpdate it should be 0

I cant see that key. Heres the screenshot.

Expand Interfaces and then there will be a GUID for each adapter.  Has it been specified on the specific adapter?

Not that I can see. This is the GUID for the adapter being used.

Is it listed under the other GUID's?

I checked. Its not listed in any of them.

Im trying to understand this conversation. Could it be of help?

http://www.winvistatips.com/now-netdiag-fix-did-not-work-t730916.html

OK, but you checked the box that says register this connection in DNS now on the properties of the NIC?

Restart the DNS Client Service and then try the NETDIAG /V again

That conversation is related to single label domain name, this does not effect you.

Yes, the box was checked. Restarted DNS Client service but netdiag /v still shows the warning about registration being disabled.

OK, we don't normally do this sort of thing and I have OK'd it with the site administrators but this is frustrating me a little now and I want to find out what's causing it.

Would you have any objections to providing me with remote access to take a look at your server?

We can then provide further details to assist the thread and any other experts that want to have a go at helping you.

If you wish to proceed, please email me at glen @ demazter. co.uk

DISCLAIMER:  Although the site Administrators have given me permission to make this suggestion, should you take me up on the offer they nor experts exchange hold any responsibility for anything that might come from the remote connection.

You can RDP into the server. Just setting up the client so you can RDP into it from the server.

My answer was the actual solution.