Solved

DNS Error LDAP?

Posted on 2014-11-24
16
243 Views
Last Modified: 2014-11-24
Hi
I am getting this error in my best practive anazlyzer. I was checking here since i was having a sysvol replication issue. What record is this looking for dns? My 2 DCs each have their local ip in the forward zones?

Issue:
The "LdapIpAddress" DNS (A/AAAA) resource records that advertise this domain controller as an available LDAP server in the domain and point to its IPv4 or IPv6 addresses are not registered. All writeable domain controllers in the domain (but not read-only domain controllers (RODCs)) must register these records.
0
Comment
Question by:valmatic
  • 7
  • 7
  • 2
16 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40462156
This initially appears to be an Active Directory issue.  I would run the following command:

with an account that has Admin privileges = dcdiag /test:DNS /e /v > dcdiag.txt

and attach the output so it can be looked over.

Dan
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40462192
Check that replication is functioning. Run the following commands from the command prompt > repadmin /syncall /AdeP and also > repadmin /showreps

Check to see can you access the sysvol share from each domain controller and vice a versa.

Regards,

JBond2010
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462205
Mostly i am seeing it is missing my AAAA records but i dont use IP V6. Ill have it posted in a few.
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462218
My sys vol share is not replicating to my second DC. I usually edit Group policy on my main server and it is not replicating over is the reason i started looking around.  

I got nothing from that command about repadmin...
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40462229
You did not get any errors from repadmin? The command is - repadmin /AdeP

Please be aware the AP in /AdeP are capitals.


Regards,

JBond2010
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462263
No errors at all with that command
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40462267
There should be a file called dcdiag.txt in the location that you ran the command prompt from.

If you just opened a command prompt and ran the command, the text file is probably in your user directory.
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462280
Dan i ran your command and the only errors on all 9 pages were the server not listed it V6 AAAA record, other than that it came out clean. Im not sure what this ldapipaddress setting is supposed to be the best practice thing is complaining about?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40462293
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462300
it is talking about ldap in the error but is it simply stating it is mad i disabled ip v6 on my nic and once i turn it on and that record hits dns it will be happy?
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40462305
You should not disable IPv6 on domain controllers.  It is not recommended by Microsoft.  IPv6 should be enabled and for all options configured as automatic.

Dan
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40462312
Reference links:

Links:
 1. https://social.technet.microsoft.com/Forums/windowsserver/en-US/18001bd9-e79f-4f80-973c-3ef0f0b3d2ff/disabling-ipv6-on-2008r2-domain-controllers-best-practice?forum=winservergen
 2. http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx
 3. http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11270-DNS-Best-Practices-for-Domain-Controllers.html

 I would go thru the article in link 3.

 My suggestion is to adjust the bindings on the NICs.

1. Go to:  Control Panel > All Control Panel Items > Network and Sharing Center
2. Click "Change adapter settings"
3. hit the "ALT" key once, the file menu will appear
4. click "Advanced" then select "Advanced Settings"
5. On the tab "Adapters and Bindings > Connections area :: make sure you NIC(s) are in the order in which you want them used... Make sure the object "[Remote Access Connections]" is on the bottom.
6. In the Bindings for "YourNicName" section, make sure TCP/IPv4 is above v6
7. On the tab "Provider Order" > Network Providers area :: make sure "Microsoft Windows Network" is first.

Click thru all OKs.  Then give it a test.

Your IPv6 configuration should be:
1. in the properties of IPv6
2. General Tab : all options on Obtain ... automatically.
3. all advanced options should be left default.

After this, I would run the following commands:

1. ipconfig /flushdns
2. ipconfig /registerdns
3. dcdiag again.

Dan
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462323
is this ok to do during the day since i am not messing with my ip v4 address?
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40462333
This can be done without disrupting operations.
0
 
LVL 7

Author Comment

by:valmatic
ID: 40462438
i added ip v6 back in but the analyzer is still not happy.
Is this supposed to be in DNS somewhere i do not see it?
LdapIpAddress ??
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40463883
The "LdapIpAddress" item is described in my post from yesterday at 16:38.  Please read thru the article from Microsoft as it describes what you need to do to address the issue,

Dan
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Permissions 4 35
inplace upgrade from Windows 2003 R2 to 2012 8 48
Windows 10 and WSUS 3.2 5 41
mdt 8443 sysprep and capture windows 10 1607 issue 6 35
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now