DanJourno
asked on
Recreate DNS for Active Directory Domain
Hi,
I have just taken over a network of 20 XP/Windows7 computers and a Windows Server 2003.
Ive just tried adding a new computer to the domain and got an error that the DNS couldnt locate the server.
I ran dcdiag /test:dns and got the following output.
Is there a way to recreate the DNS entries correctly?
If I have to recreate the entries manually, where can I find a list?
Thanks
Dan
I have just taken over a network of 20 XP/Windows7 computers and a Windows Server 2003.
Ive just tried adding a new computer to the domain and got an error that the DNS couldnt locate the server.
I ran dcdiag /test:dns and got the following output.
C:\Program Files\Support Tools>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2003
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
......................... SERVER2003 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2003
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : small
Running enterprise tests on : small.business
Starting test: DNS
Test results for domain controllers:
DC: server2003
Domain: small.business
TEST: Basic (Basc)
Error: The A record for this DC was not found
TEST: Records registration (RReg)
Network Adapter [00000007] HP NC320i PCIe Gigabit Server Adapt
er:
Error: Missing A record at DNS server 10.0.0.109 :
server2003
Warning: Missing DC SRV record at DNS server 10.0.0.109 :
_ldap._tcp.dc._msdcs.small.business
Warning: Missing GC SRV record at DNS server 10.0.0.109 :
_ldap._tcp.gc._msdcs.small.business
Warning: Missing PDC SRV record at DNS server 10.0.0.109 :
_ldap._tcp.pdc._msdcs.small.business
Error: Record registrations cannot be found for all the network a
dapters
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: small.business
PASS FAIL PASS PASS PASS FAIL n/a
......................... small.business failed test DNS
Is there a way to recreate the DNS entries correctly?
If I have to recreate the entries manually, where can I find a list?
Thanks
Dan
So you have one DC, is that DC running DNS? If you restart the box or restart the netlogon service is should register its entries again.
What entries do you have for DNS IPs on that 2003 box?
Does this box have multiple NICs?
Thanks
Mike
What entries do you have for DNS IPs on that 2003 box?
Does this box have multiple NICs?
Thanks
Mike
ASKER
The results of Dcdiag /test:dns /DnsRecordRegistration were
C:\Program Files\Support Tools>Dcdiag /test:dns /DnsRecordRegistration
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2003
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
......................... SERVER2003 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2003
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : small
Running enterprise tests on : small.business
Starting test: DNS
Test results for domain controllers:
DC: server2003
Domain: small.business
TEST: Basic (Basc)
Error: The A record for this DC was not found
TEST: Records registration (RReg)
Network Adapter [00000007] HP NC320i PCIe Gigabit Server Adapt
er:
Error: Missing A record at DNS server 10.0.0.109 :
server2003
Warning: Missing DC SRV record at DNS server 10.0.0.109 :
_ldap._tcp.dc._msdcs.small.business
Warning: Missing GC SRV record at DNS server 10.0.0.109 :
_ldap._tcp.gc._msdcs.small.business
Warning: Missing PDC SRV record at DNS server 10.0.0.109 :
_ldap._tcp.pdc._msdcs.small.business
Error: Record registrations cannot be found for all the network a
dapters
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: small.business
PASS FAIL n/a n/a n/a FAIL n/a
......................... small.business failed test DNS
C:\Program Files\Support Tools>
ASKER
ipconfig /registerdns didnt appear to do anything.
Can you confirm the Domain Controller has only it's own IP address under the TCP/IP settings. There should be no other DNS servers (unless you have multiple internal Windows DNS Servers) especially not ISP DNS Servers.
Then check your Client, make sure it's only using your DC for DNS also.
If you could post the IPCONFIG /ALL from both the DC and a client this would be useful.
Then check your Client, make sure it's only using your DC for DNS also.
If you could post the IPCONFIG /ALL from both the DC and a client this would be useful.
ipconfig /registerdns will not do anything on a DC (that is for clients to register)
Restart netlogon will attempt to register DNS records again (those SRV records)
Restart netlogon will attempt to register DNS records again (those SRV records)
First verify NIC settings are correct. I assume this server has only one NIC. Then try below steps:
First run ipconfig /flushdns
second ipconfig /registerdns
Resart the Netlogon service or reboot the server.
First run ipconfig /flushdns
second ipconfig /registerdns
Resart the Netlogon service or reboot the server.
This is an SBS2003 server yes?
Do you have it setup with ISA or a single NIC configuration?
Can you post the results of NETDIAG as well please.
Do you have it setup with ISA or a single NIC configuration?
Can you post the results of NETDIAG as well please.
hi,
try with following command
netdiag /fix
try with following command
netdiag /fix
ASKER
Its a standard windows 2003 server, not SBS.
The netdiag output is this:-
C:\Program Files\Support Tools>netdiag
.......................... .......... .
Computer Name: SERVER2003
DNS Host Name: server2003
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 2, GenuineIntel
List of installed hotfixes :
KB921503
KB923561
KB924667-v2
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB931836
KB932168
KB933360
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB937143
KB938127
KB938464
KB939653
KB941202
KB941568
KB941569
KB941644
KB941693
KB942615
KB942763
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338
KB944533
KB944653
KB945553
KB946026
KB947864
KB948496
KB948590
KB948881
KB949014
KB950759
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953838
KB953839
KB954211
KB954550-v5
KB954600
KB955069
KB955839
KB956390
KB956391
KB956572
KB956802
KB956803
KB956841
KB957095
KB957097
KB958215
KB958469
KB958644
KB958687
KB958690
KB959426
KB960225
KB960714
KB960715
KB960803
KB960859
KB961063
KB961118
KB961371
KB961371-v2
KB961373
KB961501
KB963027
KB967715
KB968537
KB969805
KB969897
KB969898
KB970238
KB971032
KB971557
KB971633
KB971657
KB972260
KB973346
KB973354
KB973507
KB973540
KB973815
KB973869
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server2003
IP Address . . . . . . . . : 10.0.0.109
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.109
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B56A620A-EE68 -4EA3-999F -E4F618750 BC3}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '10.0.0.109'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B56A620A-EE68 -4EA3-999F -E4F618750 BC3}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B56A620A-EE68 -4EA3-999F -E4F618750 BC3}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/SERVER2003' is missing on D
C 'server2003'.
[FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Program Files\Support Tools>
The netdiag output is this:-
C:\Program Files\Support Tools>netdiag
..........................
Computer Name: SERVER2003
DNS Host Name: server2003
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 2, GenuineIntel
List of installed hotfixes :
KB921503
KB923561
KB924667-v2
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB931836
KB932168
KB933360
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB937143
KB938127
KB938464
KB939653
KB941202
KB941568
KB941569
KB941644
KB941693
KB942615
KB942763
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338
KB944533
KB944653
KB945553
KB946026
KB947864
KB948496
KB948590
KB948881
KB949014
KB950759
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953838
KB953839
KB954211
KB954550-v5
KB954600
KB955069
KB955839
KB956390
KB956391
KB956572
KB956802
KB956803
KB956841
KB957095
KB957097
KB958215
KB958469
KB958644
KB958687
KB958690
KB959426
KB960225
KB960714
KB960715
KB960803
KB960859
KB961063
KB961118
KB961371
KB961371-v2
KB961373
KB961501
KB963027
KB967715
KB968537
KB969805
KB969897
KB969898
KB970238
KB971032
KB971557
KB971633
KB971657
KB972260
KB973346
KB973354
KB973507
KB973540
KB973815
KB973869
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server2003
IP Address . . . . . . . . : 10.0.0.109
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.109
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B56A620A-EE68
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '10.0.0.109'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B56A620A-EE68
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B56A620A-EE68
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/SERVER2003' is missing on D
C 'server2003'.
[FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Program Files\Support Tools>
ASKER
Hi amitkulshrestha,
Tried your suggestions
And got the following errors in the Event Logs
Tried your suggestions
First run ipconfig /flushdns
second ipconfig /registerdns
Resart the Netlogon service or reboot the server.
And got the following errors in the Event Logs
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 15/02/2012
Time: 16:44:01
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 15/02/2012
Time: 16:44:01
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 15/02/2012
Time: 16:44:01
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
In the DNS Console, under Forward lookup zones do you have one listed for your internal domain name?
Right click on this and select properties.
Select allow secure and insecure updates.
Is it showing as Started? And Active Directiry integrated?
What Antivirus software do you have installed? Do you have the necessary excluded from the on-access scanner? See here for the requirements: http://support.microsoft.com/kb/822158
Once done, reboot the server and check again.
Right click on this and select properties.
Select allow secure and insecure updates.
Is it showing as Started? And Active Directiry integrated?
What Antivirus software do you have installed? Do you have the necessary excluded from the on-access scanner? See here for the requirements: http://support.microsoft.com/kb/822158
Once done, reboot the server and check again.
ASKER
I've changed the setting to allow secure and insecure updates and rebooted.
Still no luck. The event log entries are still appearing.
Still no luck. The event log entries are still appearing.
Did you follow the rest of my post?
Can you post a screenshot of your forward lookup zones? Expanded as much as possible.
Can you post a screenshot of your forward lookup zones? Expanded as much as possible.
ASKER
Theres no antivirus installed on the server.
Please find the DNS screenshot attached.
Thanks
Dan
Please find the DNS screenshot attached.
Thanks
Dan
Do you have any static entries in your DNS zones?
Have you changed the SERVERNAME recently?
Have you changed the SERVERNAME recently?
ASKER
Nothings changed as far as I'm aware.
I'm a little confused. If I query the DNS server and ask for 'server2003' is says:-
But as you can see from the picture, there seems to be a DNS entry for that 'server2003'.
To answer previous questions, the DNS server and DC are on the same machine.
The DHCP server is based on the ADSL router.
Thanks
Dan
I'm a little confused. If I query the DNS server and ask for 'server2003' is says:-
But as you can see from the picture, there seems to be a DNS entry for that 'server2003'.
To answer previous questions, the DNS server and DC are on the same machine.
The DHCP server is based on the ADSL router.
Thanks
Dan
ASKER
I dont understand why, in the above screenshot, dcdiag reports 'Error: Missing A record at DNS server 10.0.0.109 : server2003'
I can see the A record exists!
I can see the A record exists!
Indeed.
I'd suggest changing the zones to non-AD integrated.
Once you've done that restart the DNS server service.
Then, delete both entries under the DNS Forward Lookup zones (don't panic, the server will recreate them in a minute.)
Recreate the small.business forward lookup zone then run:
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
DCDIAG /FIX
NETDIAG /FIX
And, just for balls and braces restart the netlogon service.
Please post the results of the above commands.
I'd suggest changing the zones to non-AD integrated.
Once you've done that restart the DNS server service.
Then, delete both entries under the DNS Forward Lookup zones (don't panic, the server will recreate them in a minute.)
Recreate the small.business forward lookup zone then run:
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
DCDIAG /FIX
NETDIAG /FIX
And, just for balls and braces restart the netlogon service.
Please post the results of the above commands.
ASKER
There are currently two zones.
- small.business
- _msdcs.small.business
Should I do the above procedure on both?
- small.business
- _msdcs.small.business
Should I do the above procedure on both?
ASKER
and when you say "Recreate the small.business forward lookup zone", should I also recreate the _msdcs.small.business zone?
I would uninstall DNS service and reinstall it. at least then you know where you are starting from. Rebuilding the zones if fairly painless
ASKER
I deleted the zones and ran those commands, but it didnt recreate the entries.
Here's the output from dcdiag /fix:-
and the output from netdiag /fix
Here's the output from dcdiag /fix:-
C:\Program Files\Support Tools>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2003
Starting test: Connectivity
The host 169973e6-7cfd-4837-a0c2-cd828cd5aab0._msdcs.small.business cou
ld not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(169973e6-7cfd-4837-a0c2-cd828cd5aab0._msdcs.small.business) couldn't
be resolved, the server name (server2003) resolved to the IP address
(10.0.0.109) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... SERVER2003 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2003
Skipping all tests, because server SERVER2003 is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : small
Starting test: CrossRefValidation
......................... small passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... small passed test CheckSDRefDom
Running enterprise tests on : small.business
Starting test: Intersite
......................... small.business passed test Intersite
Starting test: FsmoCheck
......................... small.business passed test FsmoCheck
C:\Program Files\Support Tools>
and the output from netdiag /fix
KB926122
KB927891
KB929123
KB930178
KB931784
KB931836
KB932168
KB933360
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB937143
KB938127
KB938464
KB939653
KB941202
KB941568
KB941569
KB941644
KB941693
KB942615
KB942763
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338
KB944533
KB944653
KB945553
KB946026
KB947864
KB948496
KB948590
KB948881
KB949014
KB950759
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953838
KB953839
KB954211
KB954550-v5
KB954600
KB955069
KB955839
KB956390
KB956391
KB956572
KB956802
KB956803
KB956841
KB957095
KB957097
KB958215
KB958469
KB958644
KB958687
KB958690
KB959426
KB960225
KB960714
KB960715
KB960803
KB960859
KB961063
KB961118
KB961371
KB961371-v2
KB961373
KB961501
KB963027
KB967715
KB968537
KB969805
KB969897
KB969898
KB970238
KB971032
KB971557
KB971633
KB971657
KB972260
KB973346
KB973354
KB973507
KB973540
KB973815
KB973869
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : server2003
IP Address . . . . . . . . : 10.0.0.109
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.109
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.small.business. re-registerati
on on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry ForestDnsZones.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry DomainDnsZones.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.small.business. re-registerat
ion on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.small.business. re
-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.small.business. re-
registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.b6897006-eb1b-4dbf-9a48-5d9e4
7b6200d.domains._msdcs.small.business. re-registeration on DNS server '10.0.0.10
9' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry 169973e6-7cfd-4837-a0c2-cd828cd5aab0._ms
dcs.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.small.business.
re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.small.business. re-registeration on DNS server '10.0.0.109' fail
ed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.small.business. re-
registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.small.business. re-registeratio
n on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
small.business. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.small.business. re-regist
eration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.small.business. re-registe
ration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.small.business. re-registe
ration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.small.business
. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.ForestDnsZones.small.business. re-registeration on DNS server '10.0.0.109' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.small.business
. re-registeration on DNS server '10.0.0.109' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.DomainDnsZones.small.business. re-registeration on DNS server '10.0.0.109' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '10.0.0.109'.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B56A620A-EE68-4EA3-999F-E4F618750BC3}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/SERVER2003' is missing on D
C 'server2003'.
[FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Program Files\Support Tools>
Don't recreate the _mcdcs one at the moment but delete both.
I dont think there is a need to uninstall DNS at this stage.
I dont think there is a need to uninstall DNS at this stage.
Did you recreate the forward lookup zone as I said?
ASKER
Yes, i recreated the 'small.business' one before running the commands you posted.
Is this your only server or do you have others?
ASKER
This is the only server on the network. It hosts DNS, Active Directory, and files. No Exchange Server used.
When you recreated the zone did you create it as an Active Directory integrated zone? If so, once again delete the zone. And re-create it again this time creating it as a standard zone.
ASKER
Ok, I tried a standard zone. But still get exactly the same results.
What do you see under: %systemroot%\System32\Dns
What's in the .dns file?
What's in the .dns file?
ASKER
small.business.dns contains:-
There is also a file called _msdcs.small.business.dns
;
; Database file small.business.dns for small.business zone.
; Zone version: 1
;
@ IN SOA server2003. hostmaster. (
1 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL
;
; Zone NS records
;
@ NS server2003.
;
; Zone records
;
There is also a file called _msdcs.small.business.dns
;
; Database file _msdcs.small.business.dns for _msdcs.small.business zone.
; Zone version: 14
;
@ IN SOA server2003. hostmaster.small.business. (
14 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL
;
; Zone NS records
;
@ NS server2003.
server2003. A 10.0.0.109
;
; Zone records
;
169973e6-7cfd-4837-a0c2-cd828cd5aab0 600 CNAME server2003.small.business.
_kerberos._tcp.Default-First-Site-Name._sites.dc 600 SRV 0 100 88 server2003.small.business.
_ldap._tcp.Default-First-Site-Name._sites.dc 600 SRV 0 100 389 server2003.small.business.
_kerberos._tcp.dc 600 SRV 0 100 88 server2003.small.business.
_ldap._tcp.dc 600 SRV 0 100 389 server2003.small.business.
_ldap._tcp.b6897006-eb1b-4dbf-9a48-5d9e47b6200d.domains 600 SRV 0 100 389 server2003.small.business.
gc 600 A 10.0.0.109
_ldap._tcp.Default-First-Site-Name._sites.gc 600 SRV 0 100 3268 server2003.small.business.
_ldap._tcp.gc 600 SRV 0 100 3268 server2003.small.business.
_ldap._tcp.pdc 600 SRV 0 100 389 server2003.small.business.
Stop the DNS Server service.
Move these files somewhere else.
Start the DNS Server service again.
Go in to the DNS Console and check the forward lookup zones.
Move these files somewhere else.
Start the DNS Server service again.
Go in to the DNS Console and check the forward lookup zones.
ASKER
Done. After doing that, the console said that the zone file wasn't found, or invalid, so i deleted the entry and recreated it as a standard zone, and allowed updates. Ran the commands from above, but it didnt work. Exactly the same errors.
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.109' failed.
Is there any way to get more detail than that?
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.109' failed.
Is there any way to get more detail than that?
So...restart the netlogon service.
Then go back in to the DNS console, does the forward lookup zone get populated?
Then go back in to the DNS console, does the forward lookup zone get populated?
ASKER
No, its still empty and the event log is showing the following error:-
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 15/02/2012
Time: 19:09:50
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers ----I CHECKED THIS AND DNS IS POINTING TO THE SERVER IP
- Specified preferred and alternate DNS servers are not running ---- IT IS RUNNING
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints ---- NO IDEA
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration ----- NO IDEA
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 15/02/2012
Time: 19:09:50
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers ----I CHECKED THIS AND DNS IS POINTING TO THE SERVER IP
- Specified preferred and alternate DNS servers are not running ---- IT IS RUNNING
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints ---- NO IDEA
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration ----- NO IDEA
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Couple of things to check:
Right click the servername in the DNS console and select properties, what interfaces do you have listed?
Under root hints can you post a screenshot of what you see?
Navigate to the DNS file, open it in notepad and just add a ; to the begining of one of the lines, then save it. Will it allow you to do this?
You are missing a couple of root hints, but I would be suprised if this was causing this problem.
But....as it's listed in the event log as one of the possible causes, let's rule it out.
Stop the DNS Server service. Navigate to the DNS folder again. Move CACHE.DNS out of that folder and replace it with the one I have attached. Rename it from cache.txt to cache.dns
Then start the DNS Server service again, once that's running, restart the netlogon service again.
Then check for errors.
CACHE.txt
But....as it's listed in the event log as one of the possible causes, let's rule it out.
Stop the DNS Server service. Navigate to the DNS folder again. Move CACHE.DNS out of that folder and replace it with the one I have attached. Rename it from cache.txt to cache.dns
Then start the DNS Server service again, once that's running, restart the netlogon service again.
Then check for errors.
CACHE.txt
ASKER
Sorry, it didnt work. Same event log error.
I really appreciate this. im really confused as to the cause.
I really appreciate this. im really confused as to the cause.
You now have A to M root hints though yes?
ASKER
Actually, no, there are still some missing.
OK. In Active Directory Users and Computers goto View and select Advanced Options.
Navigate to System > MicrosoftDNS
What do you have listed?
Navigate to System > MicrosoftDNS
What do you have listed?
ASKER
Nothing. I deleted the entries while trying to resolve this.
i was following this guide:-
http://support.microsoft.com/kb/294328/en-us
i was following this guide:-
http://support.microsoft.com/kb/294328/en-us
Do you know what entries were there?
I think the time has come to uninstall DNS, reboot, then re-install it.
I think the time has come to uninstall DNS, reboot, then re-install it.
ASKER
Im working on this remotely. Do it require the windows server cd to reinstall?
hmm, that I cannot remember, it's been a while since I've made many changes to a Windows 2003 server.
ASKER
Ok, just copying the files onto the server. May take a while so i'll post back once ive done it all.
Might be a few hours.
Might be a few hours.
OK, it's 20:17 in the evening here so I may not be around when you have finished but I will pick up if nobody else has in the morning.
How did you get on?
If you haven't rebooted after removing the DNS service then don't.
Just had a thought, AD will struggle to start without DNS.
Do you have some spare hardware we could install a clean version of Windiws server on? Even if it's only temporary? We could use a virtual machine even on a client?
If you haven't rebooted after removing the DNS service then don't.
Just had a thought, AD will struggle to start without DNS.
Do you have some spare hardware we could install a clean version of Windiws server on? Even if it's only temporary? We could use a virtual machine even on a client?
ASKER
Ive not done it yet. Dont have any spare hardware around that I could use.
What about a workstation that we could install a virtual machine on?
If we are going to get this sorted we need another machine to act as DNS for us.
The easiest way to do this is to create a virtual machine that we can use temporarily.
What else is this Domain Controller doing?
Can you download Virtual Box on to a client workstation. (we a minimum of 512MB of RAM so something with 1GB or more will be sufficient for now).
Virtualbox download: https://www.virtualbox.org/wiki/Downloads
Download the x86 version of windows 2008 from (it's the smaller of the two downloads):
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8371
Create a new virtual machine using the downloaded ISO.
DON'T DO ANYTHING ELSE WITH IT.
If you have another server that we could "borrow" to add the DNS role to then that would negate the need to do this but if this is the only server we don't have a choice right now.
The easiest way to do this is to create a virtual machine that we can use temporarily.
What else is this Domain Controller doing?
Can you download Virtual Box on to a client workstation. (we a minimum of 512MB of RAM so something with 1GB or more will be sufficient for now).
Virtualbox download: https://www.virtualbox.org/wiki/Downloads
Download the x86 version of windows 2008 from (it's the smaller of the two downloads):
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8371
Create a new virtual machine using the downloaded ISO.
DON'T DO ANYTHING ELSE WITH IT.
If you have another server that we could "borrow" to add the DNS role to then that would negate the need to do this but if this is the only server we don't have a choice right now.
ASKER
I reinstalled DNS using the following instructions:-
http://support.microsoft.com/kb/310568
Performed a reboot but the zones werent recreated.
http://support.microsoft.com/kb/310568
Performed a reboot but the zones werent recreated.
are you able to perform the steps I outline in my previous post?
ASKER
I will give it a go shortly.
ASKER
Ok, ive downloaded the ISO. I assume you want me to install the OS onto the VM?
ASKER
Ive installed Windows Server 2008 onto the VM running on a client PC. I eagely await your next instructions.
Many thanks
Dan
Many thanks
Dan
OK, add the DNS role to this server.
Once added configure your small.business forward lookup zone.
Once added configure your small.business forward lookup zone.
ASKER
Ok, thats been done.
OK, now check the contents of the new zone, hopefully it will be empty.
Have you give it a fixed IP address? If not can you?
Then from your failing 2003 server ping the IP address, make sure you can communicate with the new server.
Have you give it a fixed IP address? If not can you?
Then from your failing 2003 server ping the IP address, make sure you can communicate with the new server.
ASKER
Ok, i had to turn all the firewalls off on the VM, but its pinging now.
Fixed IP 10.0.0.107
Main 2003 server 10.0.0.0.109
Subnet is 255.0.0.0 for some reason. The last guy must have set it.
Fixed IP 10.0.0.107
Main 2003 server 10.0.0.0.109
Subnet is 255.0.0.0 for some reason. The last guy must have set it.
OK, great.
Now, on the 2003 server change the NIC properties for DNS.
Set the Prefered DNS to 10.0.0.107 and make sure the alternate DNS is empty.
Once you have done that restart the NETLOGON service on the 2003 server.
Check the zone on the 2008 server, has it been populated?
Now, on the 2003 server change the NIC properties for DNS.
Set the Prefered DNS to 10.0.0.107 and make sure the alternate DNS is empty.
Once you have done that restart the NETLOGON service on the 2003 server.
Check the zone on the 2008 server, has it been populated?
ASKER
No. The zone is still empty. I've also ensured that insecure updates are allowed.
WHAT?!?!?
Are you sure?!
Refresh?
Are you sure?!
Refresh?
ASKER
Im sure... at least I think im sure. Maybe I need to run a packet sniffer to see whats going on?
netdiag /fix on the 2003 server says:-
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.small.business. re-registerat
ion on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ site
s.small.business. re-registeration on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.small.busin ess. re-regist
eration on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir st-Site-Na me._
sites.small.business. re-registeration on DNS server '10.0.0.107' failed.
etc etc etc etc
netdiag /fix on the 2003 server says:-
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry small.business. re-registeration on DNS
server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.small.business.
ion on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
s.small.business. re-registeration on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.small.busin
eration on DNS server '10.0.0.107' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir
sites.small.business. re-registeration on DNS server '10.0.0.107' failed.
etc etc etc etc
ASKER
The event log on the 2003 server says:-
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 16/02/2012
Time: 16:14:23
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 16/02/2012
Time: 16:14:23
User: N/A
Computer: SERVER2003
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'small.business.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
ASKER
Ive installed wireshark to see whats happening when i restart netlogon
2003 server queries 10.0.0.107 for the existence of the dns entries.
but thats all. i cant see any attempts to fix the dns entries.
2003 server queries 10.0.0.107 for the existence of the dns entries.
but thats all. i cant see any attempts to fix the dns entries.
do you have another NIC you can enable on the 2003 server?
ASKER
No, there is only one card.
There is another listed call SonicWALL Virtual Adapter, but its disabled and not a real NIC card.
There is another listed call SonicWALL Virtual Adapter, but its disabled and not a real NIC card.
Do you have SonicWall VPN client listed under Add/Remove program's?
If so can you please uninstall and then reboot.
If so can you please uninstall and then reboot.
ASKER
I've uninstalled it. But can't reboot for an hour as the server is in use till closing time.
OK, has the Sonicwall adapter gone?
What happens when you restart the netlogon service now?
What happens when you restart the netlogon service now?
ASKER
netlogon restart did nothing.
rebooting the server now.
do you think im going to have to get the server reinstalled?
rebooting the server now.
do you think im going to have to get the server reinstalled?
ASKER
The reboot has not joy.
Can you list all program's from Add/Renove program's.
In device manager remove the NIC reboot and allow windows to re detect it.
In device manager remove the NIC reboot and allow windows to re detect it.
ASKER
Is there any way to remove the nic and redetect it while working remotely? The server is in london and i'm in manchester.
That will be a no. Someone needs to be there to log it on.
errr.....domain rename tool?!?
Has this domain been renamed?!
Has this domain been renamed?!
ASKER
No idea. Its been called small.business for at least 2 years.
It might have been changed before then, but I couldnt find any evidence. According to this page, when the tool is used, there should be some XML files in the Domain Rename Tool directory. There are no XML files, so I assume it hasnt been used.
http://cosonok.blogspot.com/2010/04/windows-server-2003-active-directory.html
It might have been changed before then, but I couldnt find any evidence. According to this page, when the tool is used, there should be some XML files in the Domain Rename Tool directory. There are no XML files, so I assume it hasnt been used.
http://cosonok.blogspot.com/2010/04/windows-server-2003-active-directory.html
I am at a loss as to what could be causing it to fail to register it's entries in DNS.
It doesn't really make any sense.
On the NIC can you see a 3rd Authentication tab? What settings appear here?
Can you also click on the TCP/IP Properties, post a screenshot of the first tab.
Click Advanced and post a screenshot of the IP Settings, DNS and WINS tabs
It doesn't really make any sense.
On the NIC can you see a 3rd Authentication tab? What settings appear here?
Can you also click on the TCP/IP Properties, post a screenshot of the first tab.
Click Advanced and post a screenshot of the IP Settings, DNS and WINS tabs
1) disable smart card authentication
2) put a check in the box to register this connection in DNS and enter small.business as your DNS Suffix
Then, restart NETLOGON again
2) put a check in the box to register this connection in DNS and enter small.business as your DNS Suffix
Then, restart NETLOGON again
ASKER
No luck with that.
I just ran this: netdiag /v
And found this in the result:
DNS test . . . . . . . . . . . . . : Failed
Interface {B56A620A-EE68-4EA3-999F-E 4F618750BC 3}
DNS Domain: small.business
DNS Servers: 10.0.0.109
IP Address: Expected registration with adapter's DNS Domain Name
:
Hostname: server2003.small.business.
Registration with adapter's DNS domain name is disabled.
I just ran this: netdiag /v
And found this in the result:
DNS test . . . . . . . . . . . . . : Failed
Interface {B56A620A-EE68-4EA3-999F-E
DNS Domain: small.business
DNS Servers: 10.0.0.109
IP Address: Expected registration with adapter's DNS Domain Name
:
Hostname: server2003.small.business.
Registration with adapter's DNS domain name is disabled.
In the registry under HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Tcp ip\Paramet ers what value do you have listed for DisableDynamicUpdate it should be 0
Expand Interfaces and then there will be a GUID for each adapter. Has it been specified on the specific adapter?
Is it listed under the other GUID's?
ASKER
I checked. Its not listed in any of them.
ASKER
Im trying to understand this conversation. Could it be of help?
http://www.winvistatips.com/now-netdiag-fix-did-not-work-t730916.html
http://www.winvistatips.com/now-netdiag-fix-did-not-work-t730916.html
OK, but you checked the box that says register this connection in DNS now on the properties of the NIC?
Restart the DNS Client Service and then try the NETDIAG /V again
Restart the DNS Client Service and then try the NETDIAG /V again
That conversation is related to single label domain name, this does not effect you.
ASKER
Yes, the box was checked. Restarted DNS Client service but netdiag /v still shows the warning about registration being disabled.
OK, we don't normally do this sort of thing and I have OK'd it with the site administrators but this is frustrating me a little now and I want to find out what's causing it.
Would you have any objections to providing me with remote access to take a look at your server?
We can then provide further details to assist the thread and any other experts that want to have a go at helping you.
If you wish to proceed, please email me at glen @ demazter. co.uk
DISCLAIMER: Although the site Administrators have given me permission to make this suggestion, should you take me up on the offer they nor experts exchange hold any responsibility for anything that might come from the remote connection.
Would you have any objections to providing me with remote access to take a look at your server?
We can then provide further details to assist the thread and any other experts that want to have a go at helping you.
If you wish to proceed, please email me at glen @ demazter. co.uk
DISCLAIMER: Although the site Administrators have given me permission to make this suggestion, should you take me up on the offer they nor experts exchange hold any responsibility for anything that might come from the remote connection.
ASKER
You can RDP into the server. Just setting up the client so you can RDP into it from the server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My answer was the actual solution.
Dcdiag /test:dns /DnsRecordRegistration
and check or share the result. Also run from cmd
ipconfig /registerdns from dc again.