Solved

Domain Controller failing DCDIAG windows XP users unable to connect to RPC server or see domain controller

Posted on 2014-04-06
2
1,117 Views
Last Modified: 2014-04-06
Hey all,

I'm having an issue with an AD integrated DNS on a server 2008r2

The domain controller is sitting on an esxi host and only has one nic assigned to it.

Windows XP users are unable to connect to the domain controller, at logon the following system error is thrown.


'
No Domain Controller is available for domain CONTESO due to the following:
The RPC server is unavailable. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

'

Windows 7 users are able to authenticate to the domain controller.

dcdiag is as follows

11:51 AM 4/6/2014
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine conteso-server, is a Directory Server.
   Home Server = conteso-server

   * Connecting to directory service on server conteso-server.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=conteso,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conteso,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=conteso,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=conteso-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conteso,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\conteso-server

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host 4c03c9ed-21a3-4cc4-abe2-37afc63de544._msdcs.conteso.com

         could not be resolved to an IP address. Check the DNS server, DHCP,

         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... conteso-server failed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\conteso-server

      Skipping all tests, because server conteso-server is not responding to

      directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... conteso-server passed test DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=conteso,DC=com) we

            encountered the following error retrieving the cross-ref's

            (CN=e8552ba0-a94f-4059-98b7-340235c0087a,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=conteso,DC=com) we

            encountered the following error retrieving the cross-ref's

            (CN=e8552ba0-a94f-4059-98b7-340235c0087a,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=conteso,DC=com) we

            encountered the following error retrieving the cross-ref's

            (CN=22696659-187c-4b6e-a6d9-1ac533b612cc,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=conteso,DC=com) we

            encountered the following error retrieving the cross-ref's

            (CN=22696659-187c-4b6e-a6d9-1ac533b612cc,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition

            (CN=Schema,CN=Configuration,DC=conteso,DC=com) we encountered

            the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... Schema failed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=conteso,DC=com) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... Configuration failed test CrossRefValidation

   
   Running partition tests on : conteso

      Starting test: CheckSDRefDom

         ......................... conteso passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=conteso,DC=com) we encountered the

            following error retrieving the cross-ref's

            (CN=conteso,CN=Partitions,CN=Configuration,DC=conteso,DC=com)

             information:
               LDAP Error 0x3a (58).
         ......................... conteso failed test CrossRefValidation

   
   Running enterprise tests on : conteso.com

      Starting test: DNS

         Test results for domain controllers:

           
            DC: conteso-server.conteso.com

            Domain: conteso.com

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  The OS

                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 1.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000007] vmxnet3 Ethernet Adapter:

                     MAC address is 00:0C:29:BD:9C:B9
                     IP Address is static
                     IP address: 192.168.155.118
                     DNS servers:

                        127.0.0.1 (conteso-server.conteso.com.) [Valid]
                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.155.1 (<name unavailable>) [Invalid (unreachable)]
                     Error: All forwarders in the forwarder list are invalid.

                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: c.root-servers.net. IP: 2001:500:2::c [Invalid (unreachable)]
                     Name: d.root-servers.net. IP: 199.7.91.13 [Valid]
                     Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: conteso.com.
                     Delegated domain name: _msdcs.conteso.com.
                        DNS server: conteso-server.conteso.com. IP:192.168.155.118 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone conteso.com
                  Test record dcdiag-test-record deleted successfully in zone conteso.com
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000007] vmxnet3 Ethernet Adapter:

                     Matching CNAME record found at DNS server 192.168.155.118:
                     4c03c9ed-21a3-4cc4-abe2-37afc63de544._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.de86c3f3-8dca-4c8a-9884-c14d292fd7b2.domains._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _kerberos._tcp.dc._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.dc._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _kerberos._tcp.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _kerberos._udp.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _kpasswd._tcp.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.Default-First-Site-Name._sites.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _kerberos._tcp.Default-First-Site-Name._sites.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.gc._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _gc._tcp.Default-First-Site-Name._sites.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.conteso.com

                     Matching  SRV record found at DNS server 192.168.155.118:
                     _ldap._tcp.pdc._msdcs.conteso.com

               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 192.168.155.1 (<name unavailable>)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.155.1               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2::c (c.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2d::d (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2f::f (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:3::42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fd::1 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fe::53 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:dc3::35 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.168.155.118 (conteso-server.conteso.com.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.conteso.com. is operational on IP 192.168.155.118

               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.58.128.30 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 199.7.83.42 (l.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 199.7.91.13 (d.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: conteso.com

               conteso-server                   PASS FAIL FAIL PASS PASS FAIL n/a  
         
         ......................... conteso.com failed test DNS

      Starting test: LocatorCheck

         GC Name: \\conteso-server.conteso.com

         Locator Flags: 0xe00033fd
         PDC Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         Time Server Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         KDC Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         ......................... conteso.com passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\conteso-server.conteso.com

         Locator Flags: 0xe00033fd
         PDC Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         Time Server Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         KDC Name: \\conteso-server.conteso.com
         Locator Flags: 0xe00033fd
         ......................... conteso.com passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... conteso.com passed test Intersite
0
Comment
Question by:dmlm3944
2 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39981525
Your CNAME record for DC in _msdcs.domain.com is failing to resolve to your domain controller IP address

I think you have only one DC here

Try below
1st check if Host(A) record for DC is intact in DNS
Also check NS record is resolving to correct IP address
Go to AD sites and services\site\servers\your server name\ntds settings properties, on general tab copy DNS CNAME and try to ping it and check if it resolves to correct IP
Now under _msdcs.domain.com zone delete existing CNAME record and create new CNAME record from above copied CNMAE record and check if you are able to ping it.

Now rename %systemroot%\system32\netlogon.dns to netlogon.dnsold and restart netlogon service and dns service on DC

On affected XP computers please open Advanced Tcp/IP settings and check DNS Tab.
In DNS tab, check below settings.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution issues and logon issues

Also check if proper DNS entries are entered on windows XP machines

Mahesh.
0
 

Author Comment

by:dmlm3944
ID: 39981809
Excellent Mahesh,

Thank you very much for your help, I had done all of your steps before except for renaming the netlogon.dns file. As soon as I did that, rebooted the service and then restarted the clients they were able to authenticate successfully to the domain controller.

I don't think I would have needed to restart the client computers though simply have logged on and off after doing a flush of DNS through administrative command prompt.
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now