Solved

Server failed DCDIAG DNS tests

Posted on 2013-05-14
43
5,228 Views
Last Modified: 2013-05-24
I'm installing a new server that is supposed to take over the functionality of one of my DCs (AD, dhcp, & dns) and ran the DCDIAG dns test on both of them. I got different results surprisingly and wanted to know if anyone had some insight on this. Sorry for the long paste , but I think only the bottom couple lines of each test are relevant, yes? I ran the same test on both of my DCs (server1 and server2).

Test on Server1:
************************************************
C:\Users\admin>dcdiag /test:dns /s:172.20.3.4

Directory Server Diagnosis

Performing initial setup:
   [172.20.3.4] Directory Binding Error 87:
   The parameter is incorrect.
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MyNetwork\server1
      Starting test: Connectivity
         ......................... server1 passed test Connectivity

Doing primary tests

   Testing server: MyNetwork\server1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... server1 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyNetwork

   Running enterprise tests on : MyNetwork.net
      Starting test: DNS
         Test results for domain controllers:

            DC: server1.MyNetwork.net
            Domain: MyNetwork.net


               TEST: Basic (Basc)
                  Warning: adapter
                  [00000006] Broadcom NetXtreme Gigabit Ethernet has invalid
                  DNS server: 64.71.0.34 (<name unavailable>)
                  Warning: adapter
                  [00000006] Broadcom NetXtreme Gigabit Ethernet has invalid
                  DNS server: 64.71.0.60 (<name unavailable>)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 64.71.0.34 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 64.71.0.60 (<name unavailable>)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom NetXtreme Gigabit Ethernet:
                     Warning:
                     Missing AAAA record at DNS server 172.20.3.4:
                     server1.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 172.20.3.4:
                     gc._msdcs.MyNetwork.net

                     Warning:
                     Missing CNAME record at DNS server 64.71.0.34:
                     615eb59f-0e0b-426c-9f40-e066fe430e7a._msdcs.MyNetwork.net

                     Warning:
                     Missing A record at DNS server 64.71.0.34:
                     server1.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 64.71.0.34:
                     server1.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.ff6b2609-1763-47ba-bf84-8275ac5b2f22.domains._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _kerberos._tcp.dc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.dc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _kerberos._tcp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _kerberos._udp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _kpasswd._tcp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.MyNetwork._sites.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _kerberos._tcp.MyNetwork._sites.dc._msdcs.JumpAssociates.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.MyNetwork._sites.dc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _kerberos._tcp.MyNetwork._sites.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.gc._msdcs.MyNetwork.net

                     Warning:
                     Missing A record at DNS server 64.71.0.34:
                     gc._msdcs.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 64.71.0.34:
                     gc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _gc._tcp.MyNetwork._sites.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.MyNetwork._sites.gc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.34:
                     _ldap._tcp.pdc._msdcs.MyNetwork.net

                     Warning:
                     Missing CNAME record at DNS server 64.71.0.60:
                     615eb59f-0e0b-426c-9f40-e066fe430e7a._msdcs.MyNetwork.net

                     Warning:
                     Missing A record at DNS server 64.71.0.60:
                     server1.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 64.71.0.60:
                     server1.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.ff6b2609-1763-47ba-bf84-8275ac5b2f22.domains._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _kerberos._tcp.dc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.dc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _kerberos._tcp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _kerberos._udp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _kpasswd._tcp.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.MyNetwork._sites.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _kerberos._tcp.MyNetwork._sites.dc._msdcs.JumpAssociates.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.MyNetwork._sites.dc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _kerberos._tcp.MyNetwork._sites.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.gc._msdcs.MyNetwork.net

                     Warning:
                     Missing A record at DNS server 64.71.0.60:
                     gc._msdcs.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 64.71.0.60:
                     gc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _gc._tcp.MyNetwork._sites.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.MyNetwork._sites.gc._msdcs.MyNetwork.net

                     Error:
                     Missing SRV record at DNS server 64.71.0.60:
                     _ldap._tcp.pdc._msdcs.MyNetwork.net

               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 64.71.0.34 (<name unavailable>)
               2 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.MyNetwork.net. failed on the DNS server 64.71.0.34

            DNS server: 64.71.0.60 (<name unavailable>)
               2 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.MyNetwork.net. failed on the DNS server 64.71.0.60

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyNetwork.net
               server1                       PASS WARN FAIL PASS PASS FAIL n/a

         ......................... MyNetwork.net failed test DNS

************************************

And test on Server 2:
************************************
C:\Users\admin>dcdiag /test:dns /s:172.20.3.5

Directory Server Diagnosis

Performing initial setup:
   [172.20.3.5] Directory Binding Error 87:
   The parameter is incorrect.
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MyNetwork\server2
      Starting test: Connectivity
         ......................... server2 passed test Connectivity

Doing primary tests

   Testing server: MyNetwork\server2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... server2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyNetwork

   Running enterprise tests on : MyNetwork.net
      Starting test: DNS
         Test results for domain controllers:

            DC: server2.MyNetwork.net
            Domain: MyNetwork.net


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom NetXtreme Gigabit Ethernet:
                     Warning:
                     Missing AAAA record at DNS server 172.20.3.5:
                     server2.MyNetwork.net

               Warning: Record Registrations not found in some network adapters

               server2                       PASS WARN PASS PASS PASS WARN n/a
         ......................... MyNetwork.net passed test DNS

***************************************

Any thoughts on why these two results are different?

Thanks so much!
0
Comment
Question by:jumpassociates
  • 25
  • 18
43 Comments
 
LVL 8

Accepted Solution

by:
TMekeel earned 500 total points
ID: 39166784
Is the intention to have these servers hosting public DNS like that?  Would you not rather have 53 forwarded to the internal LAN address?

It looks like you have a forwarder setup to the public IPs, and one of the servers has that public IP configured on one of its NICs?

The errors are basically telling you where you are failing the tests:
1.  [00000006] Broadcom NetXtreme Gigabit Ethernet has invalid
                  DNS server: 64.71.0.34 (<name unavailable>)
--This matches that there are no A records for that server in your local site, mynetwork.net
There should be a static A record for server1.mynetwork.net there, although really there shouldnt be pointing to 64.x.x.x as it's a public address.

The rest of the errors follow in a similar fashion.


Try setting the IP of the server to 172.20.3.4, and also the DNS on the NIC to that same address (it points to itself, essentially.)  Then setup DNS forwarding to the 64.71.0.34 address, assuming that is a live DNS server.  I usually try for 8.8.8.8 or 208.67.222.222 (google or openDNS, respectively.)

Basically, in a nutshell, the local DNS queries for your zone mynetwork.net should be resolved for your internal network by the server.  If the name isnt in DNS for that zone, the server uses the forwarder to find the dns entries out of that zone.  

I'm sorry to be so brief but I hope I read the errors correctly for you, I have to run for now!
0
 

Author Comment

by:jumpassociates
ID: 39166802
Thanks for the quick response! Let me try to clear things up...

"Basically, in a nutshell, the local DNS queries for your zone mynetwork.net should be resolved for your internal network by the server.  If the name isnt in DNS for that zone, the server uses the forwarder to find the dns entries out of that zone.  "  <<--this is exactly what my intention is!

I have no need/intention of hosting public DNS. I guess this is set wrong.

In response to your suggestions, I'm a bit confused. Server1 (which is the first set of test results in my OP) is already set to 172.20.3.4. I went into my DNS  settings and it is fwding to itself first, and then the 64.71.0.34 address (Please see embedded picture). Is that what I mean?

I'm guessing you are suggesting to do something else with my A records, is that right?

thanks again for the input! Please reply only when you have the time! thanks!

dns screenshot
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39166811
No, that is not what should be there.
You dont want it to the loopback, you want it to be 172.20.3.4 (or whatever IP the server is locally.)

No need to be in advanced settings for this.  Remove those three and start at the regular old TCP/IP properties window, where you set the static IP on the NIC.
Setup your static address, mask, gateway, and select use the following dns servers.  Then put in the local adress 172.20.3.4, and for the secondary use the local address of server2.

Then, go into Start>Administrative tools>DNS.  Right click the domain in the tree, and go to Properties.  Select the forwarders tab, and enter in your public domain IPs that you'd like;  I would start with Google and openDNS as mentioned earlier for testing, and even permanently really...they filter, and are fast, and rarely down for that matter.
0
 

Author Comment

by:jumpassociates
ID: 39166988
ok! thanks for the clear instructions! I'll remove those entries in the screenshot and then follow your directions when I get a chance tomorrow and let you know what happens...

One quick question..
Should I do anything in the A records like you mentioned in the first response? Or just leave it alone, once I follow what you wrote in the 2nd response.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39167637
Leave the records for now and just reconfigure the NICs.
0
 

Author Comment

by:jumpassociates
ID: 39168805
NICs reconfigured! Removed those three entries and then added the 2 DNS server addresses in the Forwarders tab in DNS Mgmt. Here are the latest results...some improvements, but there are still some stuff I was wondering about..

***************
C:\Users\admin>dcdiag /test:dns /s:172.20.3.4

Directory Server Diagnosis

Performing initial setup:
   [172.20.3.4] Directory Binding Error 87:
   The parameter is incorrect.
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MyNetwork\Server1
      Starting test: Connectivity
         ......................... Server1 passed test Connectivity

Doing primary tests

   Testing server: MyNetwork\Server1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... Server1 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyNetwork

   Running enterprise tests on : MyNetwork.net
      Starting test: DNS
         Test results for domain controllers:

            DC: Server1.MyNetwork.net
            Domain: MyNetwork.net


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom NetXtreme Gigabit Ethernet:
                     Warning:
                     Missing AAAA record at DNS server 172.20.3.4:
                     Server1.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 172.20.3.4:
                     gc._msdcs.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 172.20.3.3:
                     Server1.MyNetwork.net

                     Warning:
                     Missing AAAA record at DNS server 172.20.3.3:
                     gc._msdcs.MyNetwork.net

               Warning: Record Registrations not found in some network adapters

               Server1                       PASS WARN PASS PASS PASS WARN n/a
         ......................... MyNetwork.net passed test DNS




Do you know if we have to mess with the records now? Also, just to dbl check, after I removed the 3 entries in Advanced and entered my two servers in DNS Mgmt, those address automatically populated in Advanced. Does that seem right? Screenshot below..

dns screenshot 2
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39169961
Yes that is accurate.  Now try doing the same thing on the other server.  You should not have to mess with DNS A records (or AAAA for IPv6), so long as the check box is selected (which it is) that reads "Register this connection's addresses in DNS".

Now, in Administrative Tools > DNS on that server setup your forwarders to the internet, setup scavenging if you wish, and you should be ok on that server.  Do the same for the other server as well.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39169970
Im sorry I missed the test results...bah!
You are good.  The only thing I would do if you're not using IPv6 is stop listening for DNS on IPv6.

You can do that by going to Administrative Tools > DNS, right-click the server, and select Properties > Interfaces Tab. Where it says Listen On:  uncheck the IPv6 address checkbox and click  Apply, then OK to close the box.
0
 

Author Comment

by:jumpassociates
ID: 39170014
Hey TMekeel,

Thanks for helping me on that first server. I'm glad to know everything is ok.

So I went to the second server and tried to replicate the settings and ran the same DNS test and got these results. It doesn't look good:

C:\Users\admin>dcdiag /test:dns /s:172.20.3.3

Directory Server Diagnosis

Performing initial setup:
   [172.20.3.3] Directory Binding Error 87:
   The parameter is incorrect.
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MyNetwork\Server2
      Starting test: Connectivity
         ......................... Server2 passed test Connectivity

Doing primary tests

   Testing server: MyNetwork\Server2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... Server2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyNetwork

   Running enterprise tests on : MyNetwork.net
      Starting test: DNS
         Test results for domain controllers:

            DC: Server2.MyNetwork.net
            Domain: MyNetwork.net


               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
            DNS server: 199.7.91.13 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
            DNS server: 64.71.0.34 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 64.71.0.34
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyNetwork.net
               Server2                    PASS PASS FAIL PASS PASS PASS n/a

         ......................... MyNetwork.net failed test DNS


Sorry for the problem (again) but thanks for the help!
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170089
Does the localhost PTR record exist in your DNS Reverse Lookup?

reverse lookup loopback
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170096
Something else is incorrect also, could you please attach a screenshot of your Forwarders tab from Administrative Tools > DNS > Server > Right-Click and Select Properties.
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39170102
Here is an example of what a simple config would be (and all that is necessary there:

forwarders tab
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170104
And the interfaces (the NIC on this server is configured statically to 10.0.10.12):
interfaces
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39170112
For the Forward Lookup Zone in Administrative Tools > DNS, under the server there should be mynetwork.net.  Expand that, and look in DomainDnsZones.  The only two servers that should be there are your 172.20.1.3 and 172.20.1.4 servers A records.
Same for the ForestDnsZones.  I assume these are your only two explicit DNS servers.

If you resolve the reverse lookup A record that should probably fix the above failures, but the other posts I showed are for reference.  You should have something similar on both servers, if they are drastically different, make them look as above, the only difference being you'd have a 172.x.x.x address where I have a 10.0.10.x address.
0
 

Author Comment

by:jumpassociates
ID: 39170245
hmm, I already tried to have all the DNS Servers look the same (the whole reason why I'm doing this is because I'm setting up a new one, and getting rid of an older one) and took some screenshots for you. These 3 shots are all on server2. What do you think?
dns shots
Also, I checked the ForestDNS and DomainDNS and the only addresses I see there currently are all the address of my internal DNS servers.

"If you resolve the reverse lookup A record that should probably fix the above failures" --Could you elaborate on this? Or is this what we are simply trying to do..
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39170271
Those look ok to me, with the only questions I have being the reverse lookup zones for 192.168,1 and 172.30.  
Your networks don't seem to match up, but that's another matter, and possibly irrelevant.

There are no public DNS servers configured on the NICs, correct?

Run a cmd prompt, clear the caches:  dnscmd /clearcache and then ipconfig /flushdns

The only other thing I can think of, at the moment, without seeing what is in DNS, is to disable your firewalls on the server and trying the dcdiag /test:dns again (after clearing your cache.)

I'm going to try and reproduce the loopback lookup in the meantime and see if I can come up with a better answer.
0
 

Author Comment

by:jumpassociates
ID: 39170282
Thanks for continuing to help me on this. I definitely owe you a beer or 6!

the 192 and 172.30 networks do exist for our office. 172.30 network is a different branch office and the 192 is a completely separate network. I dunno if that helps, but that is what they are there for.

I confirmed there are no public dns records on the NIC, just the 2 internal DNS servers right now.

I disabled the firewall and ran those two commands as suggested and reran the dcdiag test. Unfortunately, I get the same results as posted above.

Would anymore screenshots help? I'd be happy to provide anything else as long as you're happy to help!
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170284
In your Administrative Tools > DNS, under cached lookups > .(root) is there an A record for 127.0.0.1 for localhost?
0
 

Author Comment

by:jumpassociates
ID: 39170286
yes..

Localhost    Host (A)    127.0.0.1   static
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170291
Ok, since we have an existing domain infrastructure....
Can you give an ipconfig /all for the servers with DNS role configured?

Let's get a better picture of all the DNS server's configs.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170295
One other thing, on my lab I have recursion on.

Does your Advanced tab look like this?

advanced tab dns
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:jumpassociates
ID: 39170298
ok, I took a couple of them.

Here is server2 (the new, but failing one) Oh, I also removed the junk from other disconnected NICs

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Server2
   Primary Dns Suffix  . . . . . . . : MyNetwork.net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MyNetwork.net
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) I350 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-26-2D-0C-7D-8F
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.20.3.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 172.20.1.1
   DNS Servers . . . . . . . . . . . : 172.20.3.4
                                       172.20.3.3
   NetBIOS over Tcpip. . . . . . . . : Enabled


And here is the same ipconfig from Server1:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : Server1
   Primary Dns Suffix  . . . . . . . : MyNetwork.net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MyNetwork.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-1A-64-20-5C-8F
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.20.3.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 172.20.1.1
   DNS Servers . . . . . . . . . . . : 172.20.3.4
                                       172.20.3.3
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 

Author Comment

by:jumpassociates
ID: 39170304
sadly, I have the same thing you have...

advanced tab
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39170306
Set server2 to use itself first, then server1, this is for posterity, not functionality.

server2's IP 172.20.1.3, it should list itself first then server1.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170310
Honestly, the error you see should not affect anything other then sending out internal loopback information to the internet.  It's not a deal breaker by any means.

I'm just unsure of why at the moment, it is not using the records in internal DNS for the loopback and instead sending them out to the root hints.
0
 

Author Comment

by:jumpassociates
ID: 39170316
wow..well, as long as its not hurting anything, I guess we can live with it for now.

If you wanna dig into this more, I can send you screenshots of my DNS tables, if that helps.

Let me know, as I know I have already taken up much of your time!
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170325
No worries.  I'm very curious as usually that error is due to not having the A record and reverse PTR records associated, which you do have.

Try restarting the servers and see if the issue is resolved.

Failing that, a screenshot of the DNS tree would be helpful, something like the image below.
Feel free to blur your domain names, but not the extensions please (like .local)

dns trees
0
 

Author Comment

by:jumpassociates
ID: 39170330
dns tree
Heres a shot of my tree. Let me know if you need anything deeper or anything in the right side panel.

Thanks again!
0
 
LVL 8

Assisted Solution

by:TMekeel
TMekeel earned 500 total points
ID: 39170331
I have done some digging, and per this post http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/68a2283e-f9e8-429c-984a-f2110673e629/

see if there are any bad entries in the _msdcs folder under your mynetwork.net domain's _msdcs folder.  Right-click that folder, go to properties > name servers tab, and make sure that only 172.20.1.3 and 172.20.1.4 are listed.

See the screenshot below.

_msdcs folder
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39170333
I have a feeling that since you are using .net rather than an internal suffix, that is the main reason you are getting the errors.  Just need to find out where, so that we can point them to your internal servers in order to avoid the external lookup.
0
 

Author Comment

by:jumpassociates
ID: 39170335
I checked the name servers, and there are 4 servers listed. But that sounds right. I have 2 in my head office, and another one in my 172.30 network (branch office). The 4th server listed is my new server (which is labeled as Server2), which I am assigning DC roles (with DHCP and DNS) to.

When this new server is done, the plan is to repurpose one of my other 2 servers in my head office to something else.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39171034
Can you check the other DNS servers and verify there are either no forwarders or valid forwarders set on them?
0
 

Author Comment

by:jumpassociates
ID: 39172089
Here are the results from the dcdiag test on server 3 (in my 172.30 network)

C:\Users\admin>dcdiag /test:dns /s:172.30.1.2

Directory Server Diagnosis

Performing initial setup:
   [172.30.1.2] Directory Binding Error 87:
   The parameter is incorrect.
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MyNetwork\server3
      Starting test: Connectivity
         ......................... server3 passed test Connectivity

Doing primary tests

   Testing server: MyNetwork\server3

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... server3 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyNetwork

   Running enterprise tests on : MyNetwork.net
      Starting test: DNS
         ......................... MyNetwork.net passed test DNS
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39173099
Can you remove the 67.x forwarder from the server2 and make it the same as server1?

Then test again.  Thanks.

Also, what does (from a cmd prompt on server2) nslookup localhost return?
0
 

Author Comment

by:jumpassociates
ID: 39173137
Sorry, where did you see the 67.x forwarder? I can't seem to find anything like that..

Heres my nslookup results:
C:\Users\admin>nslookup localhost
Server:  server2.mynetwork.net
Address:  172.20.3.3

Name:    localhost.mynetwork.net
Address:  127.0.0.1

Thanks again!
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39173228
Your screenshot of ID: 39170245 above shows it as one of the forwarders.  I missed it too, but it's there above google.
I think it's server2, 172.20.3.3...It's the grouped screenshot with the listener tab, dns tree and the forwarders tab.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39173234
My fault, it's 64.x.x.x

Man, I need glasses or a better memory.  I can probably only fix one of those problems...
0
 

Author Comment

by:jumpassociates
ID: 39173268
oh i see that now. Thanks for pointing that out...

That 64.71.0.34 is actually the dns server from our ISP, but I removed it anyways and did a retest. Here are my results:

C:\Users\admin>dcdiag /test:dns /s:172.20.3.3

Directory Server Diagnosis

Performing initial setup:
   [172.20.3.3] Directory Binding Error 87:
   The parameter is incorrect.
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: MyNetwork\server2
      Starting test: Connectivity
         ......................... server2 passed test Connectivity

Doing primary tests

   Testing server: MyNetwork\server2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... server2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : MyNetwork

   Running enterprise tests on : MyNetwork.net
      Starting test: DNS
         Test results for domain controllers:

            DC: server2.MyNetwork.net
            Domain: MyNetwork.net


               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
            DNS server: 199.7.91.13 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyNetwork.net
               server2                    PASS PASS FAIL PASS PASS PASS n/a

         ......................... MyNetwork.net failed test DNS




Does that change anything?
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39173294
Can you run dnscmd /enumzones from a cmd prompt on server2 please?
0
 

Author Comment

by:jumpassociates
ID: 39173356
Here you go!

Enumerated zone list:
        Zone count = 7

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 1.168.192.in-addr.arpa         Primary    AD-Legacy       Secure Rev Aging
 172.in-addr.arpa               Primary    AD-Domain       Secure Rev
 20.172.in-addr.arpa            Primary    AD-Legacy       Secure Rev Aging
 30.172.in-addr.arpa            Primary    AD-Domain       Secure Rev
 MyNetwork.net             Primary    AD-Legacy       Secure Aging
 TrustAnchors                   Primary    AD-Forest


Command completed successfully.



What does this command tell you anyways?
0
 

Author Comment

by:jumpassociates
ID: 39173359
Here are slightly different results from Server1:

Enumerated zone list:
        Zone count = 6

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 1.168.192.in-addr.arpa         Primary    AD-Legacy       Secure Rev Aging
 172.in-addr.arpa               Primary    AD-Domain       Secure Rev
 20.172.in-addr.arpa            Primary    AD-Legacy       Secure Rev Aging
 30.172.in-addr.arpa            Primary    AD-Domain       Secure Rev
 MyNetwork.net             Primary    AD-Legacy       Secure Aging


Command completed successfully.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39173446
It shows your zones, basically and how the records are set.
No trustanchors on the server1?

Hmmm.

Ok, are you seeing any errors in the event logs related to DNS on either server?
I never asked, but I assume nslookups for internal servers like so:

nslookup server1

work correctly, as well as nslookup for external sites like amazon.com work too?

I still feel as though this issue is safe to ignore, but I want to be sure.

Can you also check for duplicate zones per this article?

Thanks.
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
0
 

Author Comment

by:jumpassociates
ID: 39175469
Server1 is running Windows server 2008, where Server2 is running 2008 R2. Does that make a difference?

In 2008 non-R2, there is no Trust Anchor tab in the server properties under DNS Mgmt. But there is a Trust Anchor tab in the R2 version.

I don't know if any of that matters, but I thought I should point that out to you..

Anyways, here are my nslookup results:


H:\>nslookup Server1
Server:  Server3.MyNetwork.net
Address:  172.20.3.5

Name:    Server1.MyNetwork.net
Address:  172.20.3.4


H:\>nslookup www.amazon.com
Server:  Server3.MyNetwork.net
Address:  172.20.3.5

Non-authoritative answer:
Name:    www.amazon.com
Address:  72.21.194.212

Also, during this project, I'm starting to get errors from some of my Windows users trying to access network drives. It seems that Windows is trying to reauthenticate the user, or it says there is any unexpected error when trying to access the share. Does that help?

Thanks so much again for working with me on this....
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now