wayne70
asked on
Broken DNS SBS Server 2011
I have a SBS 2011 server running. The domain was fine until today. Users started calling to say that they couldn't get to their shared (mapped) drives. After some troubleshooting I discovered that the issue is related to DNS. DNS resolves all outside addresses correctly but can not locate any records for items located in the domain.
Example:
C:\Windows\system32>nslook up domain.local
Server: UnKnown
Address: 172.xx.xx.0
*** UnKnown can't find yvhs.local: Non-existent domain
When I tried to open the DNS manager I receive the following error:
The server server-01 could not be contacted. The error was: Access was denied. Would you like to add it anyways?
I then ran DCDiag /q
C:\Windows\system32>DCDiag /q
The host ccde*********-*********-** ********23 ._msdcs.do main.local
not be resolved to an IP address. Check the DNS server, DHCP, s
name, etc.
Got error while checking LDAP and RPC connectivity. Please check
firewall settings.
......................... server-01 failed test Connectivity
There is only one server in the domain and it holds all FSMO roles.
I'm unable to get the DNS server to function because it seems to have lost trust with the AD.
Any help would be greatly appreciated.
Example:
C:\Windows\system32>nslook
Server: UnKnown
Address: 172.xx.xx.0
*** UnKnown can't find yvhs.local: Non-existent domain
When I tried to open the DNS manager I receive the following error:
The server server-01 could not be contacted. The error was: Access was denied. Would you like to add it anyways?
I then ran DCDiag /q
C:\Windows\system32>DCDiag
The host ccde*********-*********-**
not be resolved to an IP address. Check the DNS server, DHCP, s
name, etc.
Got error while checking LDAP and RPC connectivity. Please check
firewall settings.
......................... server-01 failed test Connectivity
There is only one server in the domain and it holds all FSMO roles.
I'm unable to get the DNS server to function because it seems to have lost trust with the AD.
Any help would be greatly appreciated.
ASKER
Thanks for the reply.
1. Dns service running ----> yes
2. Active Directory Domain Services was unable to establish a connection with the global catalog. Event 1126
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. Event 4000
The DNS server was unable to open zone XX.XX.172.in-addr.arpa in the Active Directory from the application directory partition DomainDnsZones.domain.loca l. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. Event 4007
No there were no changes just started after a weekend.
1. Dns service running ----> yes
2. Active Directory Domain Services was unable to establish a connection with the global catalog. Event 1126
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. Event 4000
The DNS server was unable to open zone XX.XX.172.in-addr.arpa in the Active Directory from the application directory partition DomainDnsZones.domain.loca
No there were no changes just started after a weekend.
C:\Windows\system32>nslook up domain.local
Server: UnKnown
Address: 172.xx.xx.0
*** UnKnown can't find yvhs.local: Non-existent domain
That address is mildly concerning. It may not be an issue, but especially in an SBS environment, anything ending in .0 is *very* rare (and is not a real address in any /24 scheme, which is ..again...99% of all SBS deployments.)
Can you post an ipconfig /all from the server and a client?
Server: UnKnown
Address: 172.xx.xx.0
*** UnKnown can't find yvhs.local: Non-existent domain
That address is mildly concerning. It may not be an issue, but especially in an SBS environment, anything ending in .0 is *very* rare (and is not a real address in any /24 scheme, which is ..again...99% of all SBS deployments.)
Can you post an ipconfig /all from the server and a client?
ASKER
Sorry you are very right. That is a typo. Should be .10
ASKER
Ran the following on the server C:\>nltest/sc_query:domain .local
it returned:
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
it returned:
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tried this is the result:
The machine account password for the local machine could not be reset.
Logon Failure: The target account name is incorrect.
The command failed to complete successfully.
C:\Windows\system32>
The machine account password for the local machine could not be reset.
Logon Failure: The target account name is incorrect.
The command failed to complete successfully.
C:\Windows\system32>
Did you run this command from your only domain controller?
ASKER
netdom /resetpwd /server:DCNAME /userd:domainname\Administ rator /passwordd:Password
is fix. The only catch is the domainname has to be replaced with the actual IP address of the DC because DNS is not functional
is fix. The only catch is the domainname has to be replaced with the actual IP address of the DC because DNS is not functional
ASKER
netdom /resetpwd /server:DCNAME /userd:domainname\Administ rator /passwordd:Password
is fix. The only catch is the domainname has to be replaced with the actual IP address of the DC because DNS is not functional
is fix. The only catch is the domainname has to be replaced with the actual IP address of the DC because DNS is not functional
1. dns service running
2. event log errors (usually you can get an idea of the issue and track it back to the cause)
Also has any changes been made recently?
for example IP address of the DNS server etc.