Broken DNS SBS Server 2011

I have a SBS 2011 server running.  The domain was fine until today.  Users started calling to say that they couldn't get to their shared (mapped) drives.  After some troubleshooting I discovered that the issue is related to DNS.  DNS resolves all outside addresses correctly but can not locate any records for items located in the domain.  
Example:
C:\Windows\system32>nslookup domain.local
Server:  UnKnown
Address:  172.xx.xx.0
*** UnKnown can't find yvhs.local: Non-existent domain

When I tried to open the DNS manager I receive the following error:
The server server-01 could not be contacted. The error was: Access was denied.  Would you like to add it anyways?

I then ran DCDiag /q

C:\Windows\system32>DCDiag /q
         The host ccde*********-*********-**********23._msdcs.domain.local
         not be resolved to an IP address. Check the DNS server, DHCP, s
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check
         firewall settings.

         ......................... server-01 failed test Connectivity
There is only one server in the domain and it holds all FSMO roles.  
I'm unable to get the DNS server to function because it seems to have lost trust with the AD.
Any help would be greatly appreciated.
wayne70Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobertSystem AdminCommented:
Start by checking the following:

1. dns service running
2. event log errors (usually you can get an idea of the issue and track it back to the cause)

Also has any changes been made recently?
for example IP address of the DNS server etc.
0
wayne70Author Commented:
Thanks for the reply.
1. Dns service running  ----> yes
2. Active Directory Domain Services was unable to establish a connection with the global catalog. Event 1126

    The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. Event 4000
 
The DNS server was unable to open zone XX.XX.172.in-addr.arpa in the Active Directory from the application directory partition DomainDnsZones.domain.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. Event 4007

No there were no changes just started after a weekend.
0
Cliff GaliherCommented:
C:\Windows\system32>nslookup domain.local
Server:  UnKnown
Address:  172.xx.xx.0
*** UnKnown can't find yvhs.local: Non-existent domain

That address is mildly concerning.  It may not be an issue, but especially in an SBS environment, anything ending in .0 is *very* rare (and is not a real address in any /24 scheme, which is ..again...99% of all SBS deployments.)

Can you post an ipconfig /all from the server and a client?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

wayne70Author Commented:
Sorry you are very right.  That is a typo.  Should be .10
0
wayne70Author Commented:
Ran the following  on the server     C:\>nltest/sc_query:domain.local

it returned:
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
0
Life1430Sr EngineerCommented:
Disable IPV6 and if that does not work then try resetting secure channel of DC with itself using ..theoretically it does not make sense but have worked for me couple of times in such scenario

netdom /resetpwd /server:DCNAME /userd:domainname\Administrator /passwordd:Password

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wayne70Author Commented:
I tried this is the result:

The machine account password for the local machine could not be reset.

Logon Failure: The target account name is incorrect.

The command failed to complete successfully.


C:\Windows\system32>
0
Life1430Sr EngineerCommented:
Did you run this command from your only domain controller?
0
wayne70Author Commented:
netdom /resetpwd /server:DCNAME /userd:domainname\Administrator /passwordd:Password
is fix.  The only catch is the domainname has to be replaced with the actual IP address of the DC because DNS is not functional
0
wayne70Author Commented:
netdom /resetpwd /server:DCNAME /userd:domainname\Administrator /passwordd:Password
is fix.  The only catch is the domainname has to be replaced with the actual IP address of the DC because DNS is not functional
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.