Announcement

Collapse
No announcement yet.

AD & DNS problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD & DNS problems

    Hello All,

    I am having a few problems with my dc's.

    I have three dc's running windows 2000 advance server with Sp4 and all latest updates.

    The problem I have noticed is that only one server seems to be working as a GC. The server that is running ok crashed the other day and I noticed users couldn't logon etc while it was down. Its backup now and all is ok for users etc but I fear I have a massive DNS issue with my dc's.

    I have ran a few test's suggested on here and I would like some help with trying to work out where to start looking to resolve this.

    Here is my report from DCDIAG from one of the dc's that isn't working as a GC.

    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\ENDSCS1
    Starting test: Connectivity
    ......................... ENDSCS1 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\ENDSCS1
    Starting test: Replications
    ......................... ENDSCS1 passed test Replications
    Starting test: NCSecDesc
    ......................... ENDSCS1 passed test NCSecDesc
    Starting test: NetLogons
    ......................... ENDSCS1 passed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \\endscs2.endsnet.local,
    when we were trying to reach ENDSCS1.
    Server is not responding or is not considered suitable.
    ......................... ENDSCS1 failed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... ENDSCS1 passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... ENDSCS1 passed test RidManager
    Starting test: MachineAccount
    ......................... ENDSCS1 passed test MachineAccount
    Starting test: Services
    ......................... ENDSCS1 passed test Services
    Starting test: ObjectsReplicated
    ......................... ENDSCS1 passed test ObjectsReplicated
    Starting test: frssysvol
    Error: No record of File Replication System, SYSVOL started.
    The Active Directory may be prevented from starting.
    ......................... ENDSCS1 passed test frssysvol
    Starting test: kccevent
    ......................... ENDSCS1 passed test kccevent
    Starting test: systemlog
    ......................... ENDSCS1 passed test systemlog

    Running enterprise tests on : endsnet.local
    Starting test: Intersite
    ......................... endsnet.local passed test Intersite
    Starting test: FsmoCheck
    ......................... endsnet.local passed test FsmoCheck

    E:\Documents and Settings\localadmin>
    E:\Documents and Settings\localadmin>
    E:\Documents and Settings\localadmin>netdiag /test:dns

    ...........

    Computer Name: ENDSCS1
    DNS Host Name: endscs1.endsnet.local
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
    List of installed hotfixes :
    KB822343
    KB823182
    KB823559
    KB824105
    KB825119
    KB826232
    KB828035
    KB828749
    KB832353
    KB832359
    KB841356
    KB842773
    KB885836
    KB890046
    KB893756
    KB893803v2
    KB896358
    KB896422
    KB896423
    KB896424
    KB899587
    KB899589
    KB899591
    KB900725
    KB901017
    KB901214
    KB904706
    KB905414
    KB905749
    KB908519
    KB908523
    KB908531
    KB911280
    KB911564
    KB911567-OE55SP2-20060317.162653
    KB912919
    KB913580
    KB914389
    KB916281-IE501SP4-20060519.173353
    KB917344
    KB917736
    KB917953
    Q147222
    Q828026
    Update Rollup 1


    Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Broadcom NetXtreme Gigabit Ethernet' may not be work
    ing because it has not received any packets.



    Per interface results:

    Adapter : Local Area Connection 2

    Netcard queries test . . . : Passed

    Adapter : Local Area Connection

    Netcard queries test . . . : Passed


    Global results:


    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
    machine. This machine is not working properly as a DC.


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{188AF92B-C99D-4958-BC60-42F591019C96}
    NetBT_Tcpip_{ADE9BFF1-4119-4B04-9965-F23EC28A38A6}
    2 NetBt transports currently configured.


    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] Cannot find a primary authoritative DNS server for the name
    'endscs1.endsnet.local.'. [ERROR_TIMEOUT]
    The name 'endscs1.endsnet.local.' may not be registered in DNS.
    [FATAL]: The DNS registration for 'endscs1.endsnet.local' is incor
    rect on all DNS servers.
    [WARNING] The DNS entries for this DC cannot be verified right now on DNS
    server 1.0.0.0, ERROR_TIMEOUT.
    PASS - All the DNS entries for DC are registered on DNS server '198.168.6.4'
    and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '198.168.6.3'
    and other DCs also have some of the names registered.


    The command completed successfully

    All Help is very much appreciated.
    Kind Regards,
    Simon

  • #2
    Re: AD & DNS problems

    Is DNS Installed on all 3 DC's ??

    Is DNS updating fine on all 3 DC's ??

    Has this always been a problem or has it just started recently.

    If you browse to the two failing DC's are the SYSVOL and NETLOGON folders visible??

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: AD & DNS problems

      Originally posted by m80arm
      Is DNS Installed on all 3 DC's ??

      Is DNS updating fine on all 3 DC's ??

      Has this always been a problem or has it just started recently.

      If you browse to the two failing DC's are the SYSVOL and NETLOGON folders visible??

      Michael
      Hi,

      thanks for you reply!

      DNS is installed on two dc's. It appears to be updating ok and I can see both netlogon and Sysvol on all three dc's.

      The problem has just started to happen. I only noticed it when the users couldn't logon. First thing I ran was Dcdiag to see if all was ok and I am getting the advertising error so then I tested DNS using NETDIAG and it returned the above errors.

      Thanks for help
      Kind Regards,
      Simon

      Comment


      • #4
        Re: AD & DNS problems

        I also now have the following error in the eventlog

        DNS Server has updated its own host (A) records. In order to insure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

        If this DNS server does not have any DS-integrated peers, then this error
        should be ignored.

        If this DNS server's ActiveDirectory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

        To insure proper replication:
        1) Find this server's ActiveDirectory replication partners that run the DNS server.
        2) Open DnsManager and connect in turn to each of the replication partners.
        3) On each server, check the host (A record) registration for THIS server.
        4) Delete any A records that do NOT correspond to IP addresses of this server.
        5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the ActiveDirectory DNS server you are updating.)
        6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

        I am going to follow the steps and see what happens.
        Kind Regards,
        Simon

        Comment


        • #5
          Re: AD & DNS problems

          Originally posted by Si_Pe
          DNS is installed on two dc's
          Are you sure?

          DNS should be installed on all DC's as it is a requirement of Active Directory.

          Michael
          Michael Armstrong
          www.m80arm.co.uk
          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: AD & DNS problems

            Originally posted by m80arm
            Are you sure?

            DNS should be installed on all DC's as it is a requirement of Active Directory.

            Michael
            I will check again. If this is the case could this be the root of the problem?

            Thanks for your help!
            Kind Regards,
            Simon

            Comment


            • #7
              Re: AD & DNS problems

              DNs will need to be installed on each DC in your domain.

              I usually install DNS and setup each server to point to its OWN DNS server for reolution and a secondary for fail over purposes.

              Within DNS you can also setup forwarders that will allow your DNS server to send queries that it cannot resolve to external DNS servers.

              Comment


              • #8
                Re: AD & DNS problems

                Originally posted by wullieb1
                DNs will need to be installed on each DC in your domain.

                I usually install DNS and setup each server to point to its OWN DNS server for reolution and a secondary for fail over purposes.

                Within DNS you can also setup forwarders that will allow your DNS server to send queries that it cannot resolve to external DNS servers.
                Ah Ok, thanks!

                I did read somewhere that the server should point to another server and not itself for DnS.

                Thanks for advice!
                Kind Regards,
                Simon

                Comment


                • #9
                  Re: AD & DNS problems

                  Originally posted by Si_Pe
                  Ah Ok, thanks!

                  I did read somewhere that the server should point to another server and not itself for DnS.

                  Thanks for advice!
                  All the DC's i've setup have been set to point to its own DNS server for name resolution.

                  I'll try and dig out where i picked it up from.

                  Have a looky here
                  Last edited by wullieb1; 9th August 2006, 11:49.

                  Comment


                  • #10
                    Re: AD & DNS problems

                    Originally posted by Si_Pe
                    I will check again. If this is the case could this be the root of the problem?

                    Thanks for your help!
                    I dont think so because it's having problems replicating to two server not just one.

                    I am currently having a bit of a search but it's painfull as I am only using dial up

                    Michael
                    Michael Armstrong
                    www.m80arm.co.uk
                    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: AD & DNS problems

                      Originally posted by m80arm
                      I dont think so because it's having problems replicating to two server not just one.

                      I am currently having a bit of a search but it's painfull as I am only using dial up

                      Michael
                      Thanks so much!

                      Its looking more and more like dns as the GetName is coming back with the wrong server name as per my dcdiag results.

                      Thanks again!
                      Kind Regards,
                      Simon

                      Comment


                      • #12
                        Re: AD & DNS problems

                        Confused now!

                        Have tried pointing the server to their own dns and its still the same.

                        I really need to try and make one of the other DC's a working GC soon.

                        Has anyone else got any other suggestions?

                        Thanks very much!
                        Si
                        Kind Regards,
                        Simon

                        Comment

                        Working...
                        X