Solved

Active Directory partition-DNS-RPC

Posted on 2013-06-02
15
474 Views
Last Modified: 2013-06-03
Gonna just post the short version of the nightmare.

I had the following configuration.

Server A
Running a Windows 2003 standard server with AD, DNS, File and print sharing on a box that at 8 years 27 days failed.  

Server B
Exchange 2003 on Windows 2003 standard on a seperate box.

Server C
Windows 2003 server with what looks like is just portion of AD on it.

When server A failed I logged into server C and seized the FMSO roles.
Domain Naming,
RID,
Infrastructure,
PDC
Schema

When I run dcdiag I get the following

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER-2K3
      Starting test: Connectivity
         The host 3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local)

          couldn't be resolved, the server name
         (server-2k3.domain.local) resolved to the IP address
         (192.168.32.37) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... SERVER-2K3 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER-2K3
      Skipping all tests, because server SERVER-2K3 is
      not responding to directory service requests

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : domain
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValid
ation
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom


   Running enterprise tests on : Osceolacancercenter.local
      Starting test: Intersite
         ......................... domain.local passed test Intersi
te
      Starting test: FsmoCheck
         ......................... domain.local passed test FsmoChe
ck
 



When I run dcdiag /fix I get similar results and a portion is posted below

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER-2K3
      Starting test: Connectivity
         The host 3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local)

          couldn't be resolved, the server name
         (server-2k3.domain.local) resolved to the IP address
         (192.168.32.37) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... SERVER-2K3 failed test Connectivity


When I went into DNS on Server C, I created the forward (ad intregrated) lookup zones. These zones however do not have the sub folders for an AD zone.

When I try to create a Default Application directory Partition I get a error message that one already exists.


Any Ideas?
0
Comment
Question by:Gatorbasher
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 39215268
If the Server C was a DC and part of same domain as A was, then your DNS should have zones in Server C

However in your case its not..but partition exist (correct me if am wrong)

Please create two forward lookup zone named as domain.local and _msdcs.domain.local
Restart netlogon and DNS services run ipconfig /flushdns & ipconfig /registerdns and try running dcdiag again
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39215533
SERVER-2K3 failed test Connectivity is an indication of DNS misconfiguration or incorrect DNS pointings on the server. I would suggest you to check the DNS configuration in DNS console and NIC properties using below link.

As you've seized roles, how many DCs are there in the domain now? is it 2 DCs or 3 DCs.

As you've seized the roles to Server C, did you made this server as authoritative Time Server for Domain. If not do this on priority.

Authoritative Time Server

DNS Best Practices
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39215826
I will agree with other ensure that correct dns setting is configured on  DC and ensure that old server metadata cleanup is also performed.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Medatacleanup
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Dont forget to configure authorative time server on the PDC role holder server .http://support.microsoft.com/kb/816042
0
 

Author Comment

by:Gatorbasher
ID: 39215960
sarang you are correct.

The directory partition is said to already exist but it is not available.

When I create the two forward zones, none of the sub folders for pdc, _msdcs, sites, _tcp, _udp, domaindnszones or forestdnszones are created.

No workstations are able to register in DNS.

When I preform dnsflush and registerdns on the exchange server I get the following in the event viewer.

Event Type:      Warning
Event Source:      DnsApi
Event Category:      None
Event ID:      11165
Date:            6/3/2013
Time:            7:15:06 AM
User:            N/A
Computer:      EXCHANGE
Description:
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {1266BC2C-9F75-4F88-9A79-C1ADFA5ABD63}
   Host Name : exchange
   Primary Domain Suffix : domain.local
   DNS server list :
           192.168.32.37
   Sent update to server : <?>
   IP Address(es) :
     192.168.32.36

 The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

 To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Zenvensky
Before I started to worry about the health of the server there was only Server A to serve the AD needs. I brought server C in as a backup to server A. Server B is just running Exchange and the Exchange services are unable to start and the following appears in the exchange servers event log.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2104
Date:            6/3/2013
Time:            7:50:26 AM
User:            N/A
Computer:      EXCHANGE
Description:
Process INETINFO.EXE (PID=1672). All the DS Servers in domain are not responding.

For more information, click http://www.microsoft.com/contentredirect.asp.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39216013
0
 

Author Comment

by:Gatorbasher
ID: 39216028
DNS servers in both the Exchange & server-2k3 both point to 192.168.32.37 which is the ip of server-2k3.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39216054
Have checked does the zone exist or there is duplicate zone once forward lookup zone is created just restart the nelogon and dns service  and run ipconfig /flushdns and ipconfig /registerdns the records should register.
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39216140
So can I assume Server A is removed from AD database, if yes then as mentioned before did you change Time Server settings on PDC emulator. Also as Sandesh mentioned, did you perform metadata cleanup.

Before you proceed any furhter to work on this issue, I would suggest you to cross check DNS settings and Time Server settings. If all the settings are in place then check KDC / Kerberose and Netlogon events in system logs on Exchange server.
0
 

Author Comment

by:Gatorbasher
ID: 39216203
Yes Zenvenky, Server A has been remove in the metadata and active directory sites and services.

I did not see any KDC / Kerberose or netlogon errors in the exchange event log.

I restarted the netlogon on the exchange server and checked the event log and opserved the following.

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            6/3/2013
Time:            9:53:42 AM
User:            N/A
Computer:      EXCHANGE
Description:
This computer was not able to set up a secure session with a domain controller in domain DOMAIN due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..
0
 

Author Comment

by:Gatorbasher
ID: 39216217
Sandeshdubey,

When I attempt to use ADSIEDIT and go under connection settings and connect to
DC=ForestDNSZones, DC=Domain, DC=Local I get, "A referal was returned from the server".

When I accept the Default connection and drill down under,
Domain [server-2k3.domain.local]
   CN=System
      CN=MicrosoftDNS
          DC=domain.local

I find a refenence to the failed DNS server called server.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39216273
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39216456
0
 

Author Comment

by:Gatorbasher
ID: 39216611
Looks like that may have resolved it Sandeshdubey. THANK YOU, THANK YOU, THANK YOU....
0
 

Author Closing Comment

by:Gatorbasher
ID: 39216615
It worked....
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39216662
Great...Nice to hear that issue is resolved.

Have a nice day ahead
0

Join & Write a Comment

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Resolve DNS query failed errors for Exchange
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now