sree av
asked on
Netlogon Error 5774
We are frequently receiving Netlogon 5774 error on our windows 2012 r2. Due to this we are loosing Internet connectivity and also speed is drastically come down from 20mbps to 5mbps.
We donot have any AD server. Its a plain static IP server with leased line and configured via Juniper Firewall.
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ABCSERVER.COM.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
We donot have any AD server. Its a plain static IP server with leased line and configured via Juniper Firewall.
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ABCSERVER.COM.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
John
Is Server 2012 doing DHCP or is DHCP also running on the Juniper box. DHCP needs to be turned OFF on Juniper.
ASKER
thank you. am not sure can you guide me to verify on juniper and server also.
For server 2012, follow this guide for DHCP.
https://blogs.technet.microsoft.com/teamdhcp/2012/08/31/installing-and-configuring-dhcp-role-on-windows-server-2012/
For the Juniper box, log into in and DHCP will be in the LAN side settings.
https://blogs.technet.microsoft.com/teamdhcp/2012/08/31/installing-and-configuring-dhcp-role-on-windows-server-2012/
For the Juniper box, log into in and DHCP will be in the LAN side settings.
ASKER
Hello John
I just checked my Juniper Box under monitor services and when I click on DHCP its showing not configured. Hence I pressume its not DHCP Configured in Juniper Box.
I just checked my Juniper Box under monitor services and when I click on DHCP its showing not configured. Hence I pressume its not DHCP Configured in Juniper Box.
That would be true, so go through the Server guide above and make sure both DHCP and DNS are configured properly.
Maybe also clear the DNS resolution cache. Here is a guide for that.
https://www.itprotoday.com/windows-78/how-can-i-clear-contents-dns-resolution-cache-windows-2000-and-later
Maybe also clear the DNS resolution cache. Here is a guide for that.
https://www.itprotoday.com/windows-78/how-can-i-clear-contents-dns-resolution-cache-windows-2000-and-later
ASKER
thank you john. This is not new server this is running since 4 years. From Last one week we started receiving this problem after we change our ILL service provider. netlogon giving different issues as below
The dynamic registration of the DNS record 'DomainDnsZones.ABCSERVER.
DNS server IP address: 50.87.144.140
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: DNS bad key.
==================
The dynamic registration of the DNS record 'gc._msdcs.ABCSERVER.COM. 600 IN A 192.168.1.4' failed on the following DNS server:
DNS server IP address: 50.87.144.140
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: DNS bad key.
============
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ABCSERVER.COM.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
The dynamic registration of the DNS record 'DomainDnsZones.ABCSERVER.
DNS server IP address: 50.87.144.140
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: DNS bad key.
==================
The dynamic registration of the DNS record 'gc._msdcs.ABCSERVER.COM. 600 IN A 192.168.1.4' failed on the following DNS server:
DNS server IP address: 50.87.144.140
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: DNS bad key.
============
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ABCSERVER.COM.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
I am not sure.
Have you contacted netops@unifiedlayer.com ? They may have changed something.
Have you contacted netops@unifiedlayer.com ? They may have changed something.
open up dns
check that your domain AND the domain controller servers name i.e. server1 has an A and/or AAAA record
A record is ipv4
AAAA is ipv6
check that your domain AND the domain controller servers name i.e. server1 has an A and/or AAAA record
A record is ipv4
AAAA is ipv6
ASKER
Did you disable IPv6 on one or more machines?
which is your domain? vmc.vmcserver.com? vmc.com? vmcserver.com?
in the forward lookup zone do you have an A record with the servername and ip address? put that into the domain forward lookup zone.
in the forward lookup zone do you have an A record with the servername and ip address? put that into the domain forward lookup zone.
ASKER
Hello David Johnson
Thank you for your quick reply. We donot use any domain however server 2012 during installation it has been mentioned as vmcserver.com. For clarify am attaching a screenshot here. Am also attaching a A record n servername screenshot. Pl. suggest me.
domainname-ss.png
dns.png
Thank you for your quick reply. We donot use any domain however server 2012 during installation it has been mentioned as vmcserver.com. For clarify am attaching a screenshot here. Am also attaching a A record n servername screenshot. Pl. suggest me.
domainname-ss.png
dns.png
What keeps coming up in some of your posts is IPv6. Did you disable this on one or more machines?
ASKER
On server we have disabled. But not on Machines. As all the Machines are windows7. Will disable tomorrow in all and will update you.
Enable IPv6, do not Disable.
Disabling IPv6 can break networking. Enable it on all machines.
Disabling IPv6 can break networking. Enable it on all machines.
ASKER
we are using IPv4 not IPv6 in server as well as Machines with LAN Static IPs, Gateway (server IP) and DNS our Internet DNS configured.
I understand, but IPv6 MUST be enabled on any workstation Windows 7 and up and any server V2008 and above. IPv6 is integral to networking.
We use IPv4 in all small shops as well.
We use IPv4 in all small shops as well.
ASKER
now I enabled it on Server. We will check on all the workstations if any missing and update you.
Hello John, Can you pl. suggest is our forward zones and others in DNS etc are OK. I have enclosed in my trail postings above.
Hello John, Can you pl. suggest is our forward zones and others in DNS etc are OK. I have enclosed in my trail postings above.
I did look at your screen shots. See what happens after changes, keep us posted and we will go from there
ASKER
Hello John - We have done the changes suggested by you. However, there was no improvement. Still we are having netlogon errors.
At this point, you may need to do a Repair Install of Server 2012. You need the install DVD for this.
ASKER
its not possible for us as its live server... anhw... wl explore other exact trouble shooting options... can anybody pl. help me...
I do not know of any other way that repairing the OS to fix this.
why do you have so many forward lookup zones?
ASKER
Hello Johnson, Seems you are refering to other forward lookup zones. Our Lookup zones screenshot is below
fwd-zones.png
fwd-zones.png
Check this earlier discussion may help you: https://www.experts-exchange.com/questions/27783824/Netlogon-event-id-error-5774.html
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.