Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.
Server 2012 BPA errors - DNS - DHCP - NTP
I see 3 BPA errors in Server 2012. This is a small domain with only one server so it's a DC, DNS & DHCP. Are these errors fixable. Should I be concerned on a small domain like this?
Error 2 - Since it's a one server domain I didn't add a 2nd entry for DNS. One article I read advised against adding the loopback address 127.0.0.1 so this is considered unfixable, right? ON the other hand, this article supports using the loopback. Either way the BPA doesn't seem to be satisfied since the loopback was listed as 1st DNS prior to working on these BPA errors.
Error 3 - I added a user in the Administrator's group for DNS update but it didn't seem to make any difference. It already was using a user in the Administrator's group.
Error 1 - I setup NTP servers as per this video. The servers were set to reliable and show up in the query so not sure why that doesn't show on BPA. I also tried the old Microsoft Fix-it.
Error 2 - Since it's a one server domain I didn't add a 2nd entry for DNS. One article I read advised against adding the loopback address 127.0.0.1 so this is considered unfixable, right? ON the other hand, this article supports using the loopback. Either way the BPA doesn't seem to be satisfied since the loopback was listed as 1st DNS prior to working on these BPA errors.
Error 3 - I added a user in the Administrator's group for DNS update but it didn't seem to make any difference. It already was using a user in the Administrator's group.
Error 1 - I setup NTP servers as per this video. The servers were set to reliable and show up in the query so not sure why that doesn't show on BPA. I also tried the old Microsoft Fix-it.
Error 1 - The PDC emulator master Server-xxx.xxxx.local in this forest should be configured to correctly synchronize time from a valid time source
Error 2 - DNS: DNS servers on NIC1 should include the loopback address, but not as the first entry.
Error 3 - DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
The first error (error 2) if there is only 1 DC in this environment then all you need to do is point DNS to itself. You will also need to configure forwarders in the DNS console on this server. This is where you add public DNS IP's. Typically you would use your ISP Public DNS IP's.
Second error message can be ignored.
Third error message is stating that you need to configure your PDC holder (this DC) with an external time source. This should be done. Below is a link to configure this properly.
https://support.microsoft.com/en-us/kb/816042
Also another good read regarding External Time source
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
Will.
Second error message can be ignored.
Third error message is stating that you need to configure your PDC holder (this DC) with an external time source. This should be done. Below is a link to configure this properly.
https://support.microsoft.com/en-us/kb/816042
Also another good read regarding External Time source
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
Will.
Thomas, I already ran that procedure FOR ntp (Error 1) & the query works fine. Still hasn't satisfied BPA:
Error 2 is not resolved by adding loopback as secondary DNS.
error 3 Dynamic DNS is enabled in IPv4 DNS properties tab of DHCP
C:\Windows\system32>w32tm /config /reliable:yes
The command completed successfully.
C:\Windows\system32>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
C:\Windows\system32>w32tm /query /configuration
[Configuration]
...
Type: NTP (Local)
NtpServer: 0.north-america.pool.ntp.org,1.north -america.p ool.ntp.or g,2.north- ame
rica.pool.ntp.org,2.north-america.po ol.ntp.org (Local)
Error 2 is not resolved by adding loopback as secondary DNS.
error 3 Dynamic DNS is enabled in IPv4 DNS properties tab of DHCP
Will we are using 8.8.8.8 on the router so I guess that would be a decent DNS forwarder. Should it be added as a conditional forwarder & stored in AD?
I setup a time source as per the Experts video but it didn't seem to matter. They were set as reliable & I can query & see them as shown above.
I setup a time source as per the Experts video but it didn't seem to matter. They were set as reliable & I can query & see them as shown above.
Thanks Thomas. the Powershell BPA cmdlets didn't run for me and but refreshing a role in the GUI did resolve 2 of my issues. I was trying to refresh from the local server pane and evidently that didn't work even after issues were resolved.
The only issue I see now is #2 & my guess is that it doesn't go away for a single server domain.
The only issue I see now is #2 & my guess is that it doesn't go away for a single server domain.
Error 2 - DNS: DNS servers on NIC1 should include the loopback address, but not as the first entry.
Randy
found this for you on the Error 2
https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx
HTH
Tom
found this for you on the Error 2
https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx
HTH
Tom
I have ipV4 setup correctly. Is it advisable to use a static ip for ipV6 on such a small domain?
I added current ipV6 (it's DHCP), & ipV6 loopback for DNS but it still doesn't' satisfy BPA.
Should I just ignore the error?
I added current ipV6 (it's DHCP), & ipV6 loopback for DNS but it still doesn't' satisfy BPA.
Should I just ignore the error?
Randy
I just tested on my 2012 R2 DC server
BPA from powershell worked just fine
open powershell as administror on server
get-bpamodel
this will list all roles installed
Example
Id : Microsoft/windows/dhcpserv
Company: Microsoft Corporation
Name: Microsoft DHCP Server Configuration Analysis Model
Version : 1.0.0.0
LastScantime : Never
LastScanTimeUTcoffset :
SubModels :
Parameters :
Modeltype : singlemachine
supportedconfiguration :
Then run
invoke-bpamodel
at modelid:
enter microsoft/windows/dnsserve
results
modelid : microsoft/windows/dnsserve
submodelid :
success : true
scantime : 7/6/2014 4:58:00 PM
scantimeutcoffset : -4:00:00
Detail : (SERV011, SERV011)
then run
get-bparesult
long list
I just tested on my 2012 R2 DC server
BPA from powershell worked just fine
open powershell as administror on server
get-bpamodel
this will list all roles installed
Example
Id : Microsoft/windows/dhcpserv
Company: Microsoft Corporation
Name: Microsoft DHCP Server Configuration Analysis Model
Version : 1.0.0.0
LastScantime : Never
LastScanTimeUTcoffset :
SubModels :
Parameters :
Modeltype : singlemachine
supportedconfiguration :
Then run
invoke-bpamodel
at modelid:
enter microsoft/windows/dnsserve
results
modelid : microsoft/windows/dnsserve
submodelid :
success : true
scantime : 7/6/2014 4:58:00 PM
scantimeutcoffset : -4:00:00
Detail : (SERV011, SERV011)
then run
get-bparesult
long list
Randy
according to the article I found above
They said safe to ignore
But if your like me I like to resolve any error or warning condition.
according to the article I found above
They said safe to ignore
But if your like me I like to resolve any error or warning condition.
Randy
After running BPA on my Windows Server 2012 R2 DC I got the exact same error
I have two DC's both Windows 2012 R2 Standard DC's
Both point to each other for DNS as the second DNS server in the list
Each points to itself for DNS
I cleared it by selecting exclude from results in the Server manger panel
After running BPA on my Windows Server 2012 R2 DC I got the exact same error
I have two DC's both Windows 2012 R2 Standard DC's
Both point to each other for DNS as the second DNS server in the list
Each points to itself for DNS
I cleared it by selecting exclude from results in the Server manger panel
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
The cmdlet you suggested works fine. The one in the BPA article you suggested did not (i.e., I get lots of warnings).
Yes I would like to resolve the DNS error but I don't see a solution with a single server.
Get-BPAModel | Invoke-BPAModel
"WARNING: The EngineReport.xml & Result.xml files were not generated successfully..."
Yes I would like to resolve the DNS error but I don't see a solution with a single server.
OK that works for me. I excluded it from my results too. If you can't get it to clear with 2 DCs there's no chance I am clearing it with one. Perhaps it works if you have DNS servers that don't reside on DCs.
Thanks for all the help. It's too bad that one warning has to be hidden to make the BPA panel show as all green,
Randy
yes it is
did you have any warnings in the bparesults for DNS?
I found a couple in mine rooting thru them now.
yes it is
did you have any warnings in the bparesults for DNS?
I found a couple in mine rooting thru them now.
Randy
Glad to hear it is clear
glad to help too.
If you get a chance can you take a look at my issue
http://www.experts-exchange.com/questions/28694830/Windows-2012-ASP-NET-Event-Error-1334.html
You responded to it earlier today.
Thanks
Glad to hear it is clear
glad to help too.
If you get a chance can you take a look at my issue
http://www.experts-exchange.com/questions/28694830/Windows-2012-ASP-NET-Event-Error-1334.html
You responded to it earlier today.
Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012
From novice to tech pro — start learning today.
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 388 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 450 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
run this
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:”0.north-a
w32tm /config /reliable:yes
net start w32time
w32tm /query /configuration
Error 2
Add to your network adapter properties for TCP/IPv4 DNS Servers 127.0.0.1 make secondary address
Error 3 make sure dynamic DNS update is enabled