Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

2008 R2 Domain/ DNS Issues

Posted on 2012-09-21
18
Medium Priority
?
1,792 Views
Last Modified: 2012-10-22
I have a 2K8R2 domain with two domain controllers.  This domain is trusted with a 2K3 domain with 3 domain controllers.  Each domain has a forward lookup for ther other.  For instance, Domain A has a forward lookup for Domain B, and Domain B has a forward lookup for Domain A.  

One of my 2K8 domain controllers' A record keeps getting dropped out of DNS.  The error I get is below:

Log Name:      System
Source:        NETLOGON
Date:          9/21/2012 12:54:25 PM
Event ID:      5774
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CCA-SCH-AD01
Description:
The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.CCA.local. 600 IN SRV 0 100 389 CCA-SCH-AD01.CCA.local.' failed on the following DNS server:  

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA
Error Value: DNS name does not exist.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5774</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-09-21T17:54:25.000000000Z" />
    <EventRecordID>5400</EventRecordID>
    <Channel>System</Channel>
    <Computer>CCA-SCH-AD01.CCA.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.CCA.local. 600 IN SRV 0 100 389 CCA-SCH-AD01.CCA.local.</Data>
    <Data>%%9003</Data>
    <Data>::</Data>
    <Data>0</Data>
    <Data>0</Data>
    <Binary>0000</Binary>
  </EventData>
</Event>


Also, when I run DCDiag I on the DC I get the following:


Doing initial required tests

   Testing server: Default-First-Site-Name\SCH-AD01
      Starting test: Connectivity
         The host 6661ce89-18d4-4f9e-bb95-b03a6cc3c91a._msdcs.CCA.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... SCH-AD01 failed test Connectivity



Any ideas how to fix this?
TIA
0
Comment
Question by:Earl28
  • 9
  • 5
  • 4
18 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 38423059
do you have an A record of the DNS server itself? it looks like it can't resolve your DNS by name.
0
 

Author Comment

by:Earl28
ID: 38423073
Thats the issue, I put the A record for the server in, and a few hours later it gets taken back out, and these errors show up.  Currently, there is no A record for the server because it was just taken out.  (Taken out by the system, not a person.)
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 38423135
do you have the correct ip/dns on the server itself, what if you do ipconfig /registerdns on the server, does it appear on the DNS with correct A record?

and if you nslookup the server name itself, does it return with correct value?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38423173
Seems DNS misconfig on culprit server
Make sure its pointing to self IP in Preferred DNS server list on NIC card
0
 

Author Comment

by:Earl28
ID: 38423177
No, i ran:  dcdiag /test:registerindns /dnsdomain:FQDN /v  
and got the following back:

C:\Users\itsdadmin>dcdiag /test:registerindns /dnsdomain:FQDN /v
   Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS
      records. This is because it cannot locate a DNS server authoritative for
      the zone FQDN. This is due to one of the following:

      1. One or more DNS servers involved in the name resolution of the FQDN
      name are not responding or contain incorrect delegation of the DNS zones;
      or

      2. The DNS server that this computer is configured with contains
      incorrect root hints.

      The list of such DNS servers might include the DNS servers with which
      this computer is configured for name resolution and the DNS servers
      responsible for the following zones: FQDN

      Verify the correctness of the specified domain name and contact your
      network/DNS administrator to fix the problem.

      You can also manually add the records specified in the
      %systemroot%\system32\config\netlogon.dns file.


      SCH-AD01 failed test RegisterInDNS
0
 

Author Comment

by:Earl28
ID: 38423180
Also, an NSLOOKUP from the server correctly resolves to itself.

The results were:
server: localhost
address: 127.0.0.1
0
 

Author Comment

by:Earl28
ID: 38423203
NIC is configured for itself first, then the secondary DNS server second.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 38423306
put in the ip address in dns under your network adapter on the server, instead of a loop back address 127.0.0.1
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38423320
Can you rename netlogon.dns and netlogon.dnb files from c:\windows\system32\config
and restart DNS and netlogon service the check running  netdiag /test:dns for any errors
0
 

Author Comment

by:Earl28
ID: 38423386
I changed the IP from loopback to actual.  Ran DCDiag and everything checked out... for about 3 minutes.  Still couldnt register with DNS.  Checked DCDiag again and it again had errors.

I rebooted and all is working now.  But I dont think thats going to hold.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 38423411
are you able to registerdns after reboot?
0
 

Author Comment

by:Earl28
ID: 38423451
yes, after reboot everything works as normal.  DCdiag is clean and it registers in DNS.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 38423466
issue resolved. =P
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38423470
Thats Great :-)
0
 

Author Comment

by:Earl28
ID: 38423543
Any idea why that would happen?  Im thinking it may happen again since I didnt reconfigure anything.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38423613
in my case it was due to curruption of netlogon.dns and netlogon.dnb files and in other case it was due to using 32 bit version of netdiag /dcdiag  to check on x64 system
0
 

Accepted Solution

by:
Earl28 earned 0 total points
ID: 38505605
Thanks for the info and help.

A reboot fixed it, the issue has not happened again.
0
 

Author Closing Comment

by:Earl28
ID: 38520424
Reboot fixed it.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question