Server 2012 BPA errors - DNS - DHCP - NTP

Randy Downs
Randy Downs used Ask the Experts™
on
I see 3 BPA errors in Server 2012. This is a small domain with only one server so it's a DC, DNS & DHCP. Are these errors fixable. Should I be concerned on a small domain like this?

Error 2 - Since it's a one server domain I didn't add a 2nd entry for DNS. One article I read advised against adding the loopback address 127.0.0.1 so this is considered unfixable, right? ON the other hand, this article supports using the loopback. Either way the BPA doesn't seem to be satisfied since the loopback was listed as 1st DNS prior to working on these BPA errors.

Error 3 - I added a user in the Administrator's group for DNS update but it didn't seem to make any difference. It already was using a user in the Administrator's group.

Error 1 - I setup NTP servers as per this video. The servers were set to reliable and show up in the query so not sure why that doesn't show on BPA. I also tried the old Microsoft Fix-it.

Error 1 - The PDC emulator master Server-xxx.xxxx.local in this forest should be configured to correctly synchronize time from a valid time source      

Error 2 - DNS: DNS servers on NIC1 should include the loopback address, but not as the first entry.      


Error 3 - DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server.      
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Thomas GrassiSystems Administrator
Commented:
for Error1

run this

net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:”0.north-america.pool.ntp.org, 1.north-america.pool.ntp.org, 2.north-america.pool.ntp.org, 3.north-america.pool.ntp.org”

w32tm /config /reliable:yes


net start w32time

w32tm /query /configuration


Error 2

Add to your network adapter properties for TCP/IPv4 DNS Servers 127.0.0.1 make secondary address


Error 3 make sure dynamic DNS update is enabled
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
The first error (error 2) if there is only 1 DC in this environment then all you need to do is point DNS to itself. You will also need to configure forwarders in the DNS console on this server. This is where you add public DNS IP's. Typically you would use your ISP Public DNS IP's.

Second error message can be ignored.

Third error message is stating that you need to configure your PDC holder (this DC) with an external time source. This should be done. Below is a link to configure this properly.
https://support.microsoft.com/en-us/kb/816042

Also another good read regarding External Time source
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

Will.

Author

Commented:
Thomas, I already ran that procedure FOR ntp (Error 1) & the query works fine. Still hasn't satisfied BPA:
C:\Windows\system32>w32tm /config /reliable:yes
The command completed successfully.

C:\Windows\system32>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

C:\Windows\system32>w32tm /query /configuration
[Configuration]
...

Type: NTP (Local)
NtpServer: 0.north-america.pool.ntp.org,1.north-america.pool.ntp.org,2.north-ame
rica.pool.ntp.org,2.north-america.pool.ntp.org (Local)

Error 2 is not resolved by adding loopback as secondary DNS.
error 3 Dynamic DNS is enabled in IPv4 DNS properties tab of DHCP
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Author

Commented:
Will we are using 8.8.8.8 on the router so I guess that would be a decent DNS forwarder. Should it be added as a conditional forwarder & stored in AD?

I setup a time source as per the Experts video but it didn't seem to matter. They were set as reliable & I can query & see them as shown above.
Thomas GrassiSystems Administrator
Commented:

Author

Commented:
Thanks Thomas. the Powershell BPA cmdlets didn't run for me and but refreshing a role in the GUI did resolve 2 of my issues. I was trying to refresh from the local server pane and evidently that didn't work even after issues were resolved.

The only issue I see now is #2 & my guess is that it doesn't go away for a single server domain.

Error 2 - DNS: DNS servers on NIC1 should include the loopback address, but not as the first entry.      
Thomas GrassiSystems Administrator
Commented:
Randy

found this for you on the Error 2

https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx

HTH

Tom

Author

Commented:
I have ipV4 setup correctly. Is it advisable to use a static ip for ipV6 on such a small domain?

I added current ipV6 (it's DHCP), & ipV6 loopback for DNS but it still doesn't' satisfy BPA.

Should I just ignore the error?
Thomas GrassiSystems Administrator
Commented:
Randy

I just tested on my 2012 R2 DC server
BPA from powershell worked just fine

open powershell as administror on server

get-bpamodel
this will list all roles installed
Example

Id  : Microsoft/windows/dhcpserver
Company: Microsoft Corporation
Name: Microsoft DHCP Server Configuration  Analysis Model
Version : 1.0.0.0
LastScantime : Never
LastScanTimeUTcoffset :
SubModels :
Parameters :
Modeltype : singlemachine
supportedconfiguration :


Then run

invoke-bpamodel
at modelid:  
enter microsoft/windows/dnsserver

results

modelid :  microsoft/windows/dnsserver
submodelid :
success : true
scantime : 7/6/2014 4:58:00 PM
scantimeutcoffset : -4:00:00
Detail : (SERV011, SERV011)

then run

get-bparesult

long list
Thomas GrassiSystems Administrator
Commented:
Randy

according to the article I found above

They said safe to ignore

But if your like me I like to resolve any error or warning condition.
Systems Administrator
Commented:
Randy

After running BPA on my Windows Server 2012 R2 DC I got the exact same error

I have two DC's both Windows 2012 R2 Standard DC's
Both point to each other for DNS as the second DNS server in the list
Each points to itself for DNS

I cleared it by selecting exclude from results in the Server manger panel

Author

Commented:
The cmdlet you suggested works fine. The one in the BPA article you suggested did not (i.e., I get lots of warnings).

Get-BPAModel | Invoke-BPAModel
"WARNING: The EngineReport.xml & Result.xml files were not generated successfully..."

Yes I would like to resolve the DNS error but I don't see a solution with a single server.

Author

Commented:
OK that works for me. I excluded it from my results too. If you can't get it to clear with 2 DCs there's no chance I am clearing it with one. Perhaps it works if you have DNS servers that don't reside on DCs.

Author

Commented:
Thanks for all the help. It's too bad that one warning has to be hidden to make the BPA panel show as all green,
Thomas GrassiSystems Administrator

Commented:
Randy

yes it is

did you have any warnings in the bparesults for DNS?

I found a couple in mine rooting thru them now.

Author

Commented:
No mine just comes back with success: true
Thomas GrassiSystems Administrator

Commented:
Randy

Glad to hear it is clear

glad to help too.

If you get a chance can you take a look at my issue
http://www.experts-exchange.com/questions/28694830/Windows-2012-ASP-NET-Event-Error-1334.html

You responded to it earlier today.

Thanks

Author

Commented:
Will do Thomas

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial