Announcement

Collapse
No announcement yet.

DNS Name Registration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Name Registration

    Hello
    I am having DNS configuration trouble with a new install of W2K3. Here is the layout- 2 W2k3 servers each running Active Directory, each are DC's and each are supposed to replicated to each other. They are not.

    I run dcdiag and the error I receive is:

    "the guid name xxxxx-xxx-xxx_msdcs.domainname.local cannot be resolved to an IP address but the 'servername'.domainname.local is resolved to xxx.xxx.xxx. Please check that the servers are registered correctly with DNS.

    Also, I am getting a error in event manager stating that a packet received by this server was sent by this server. PLease check you DNS confiugation.

    I have look everything over and connot find the issue.

    Any ideas would be helpful.

  • #2
    Say that you have two DC's, DC1 and DC2. Make sure that they initially have the following configuration. In the TCP/IP properties, DNS:

    DC1: points to DC1
    DC2: points to DC1

    If this is not the current situation, change it, and restart the netlogon service on both DC's. This should repair DNS, and after a while replication should pick up.

    Post an ipconfig /all for both DC's, if you like.

    Comment


    • #3
      This is a long one as it has the outputs of DCdiag & netdiag as well as a DNS error message but it should shed some light on the issue.

      Thanks

      The layout is:
      DC1 points to ISP DNS servers using forwarders
      DC2 points to DC1 using forwarders


      Both dcdiag & netdiag were run on DC1, here is the error ouput from dcdiag:

      Microsoft Windows [Version 5.2.3790]
      (C) Copyright 1985-2003 Microsoft Corp.

      C:\Documents and Settings\Administrator>dcdiag /q
      The host 3379233b-135f-4126-9862-feb1a60a5568._msdcs.NSI.local could no
      t be resolved to an
      IP address. Check the DNS server, DHCP, server name, etc
      Although the Guid DNS name
      (3379233b-135f-4126-9862-feb1a60a5568._msdcs.NSI.local) couldn't be
      resolved, the server name (nsiserver.NSI.local) resolved to the IP
      address (10.0.0.5) and was pingable. Check that the IP address is
      registered correctly with the DNS server.
      ......................... NSISERVER failed test Connectivitity


      And the output from netdiag:

      Microsoft Windows [Version 5.2.3790]
      (C) Copyright 1985-2003 Microsoft Corp.

      C:\Documents and Settings\Administrator>netdiag /q
      ..........................................

      Computer Name: NSISERVER
      DNS Host Name: nsiserver.NSI.local
      System info : Windows 2000 Server (Build 3790)
      Processor : x86 Family 15 Model 3 Stepping 4, GenuineIntel
      List of installed hotfixes :
      KB819696
      KB823182
      KB823353
      KB823559
      KB824105
      KB824141
      KB824146
      KB824151
      KB825119
      KB828035
      KB828741
      KB830352
      KB833987
      KB834707
      KB835732
      KB837001
      KB837272
      KB839645
      KB840315
      KB840374
      KB840987
      KB841356
      KB841533
      KB867460
      KB870763
      KB871250
      KB873376
      KB885835
      KB885836
      KB887797
      KB890175
      KB891711
      Q147222
      Q828026



      Per interface results:

      Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard - Link A

      Host Name. . . . . . . . . : nsiserver
      IP Address . . . . . . . . : 10.0.0.5
      Subnet Mask. . . . . . . . : 255.255.255.0
      Default Gateway. . . . . . : 10.0.0.1
      Primary WINS Server. . . . : 10.0.0.5
      Secondary WINS Server. . . : 10.0.0.6
      Dns Servers. . . . . . . . : 10.0.0.6
      10.0.0.5

      Global results:
      [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
      ce', <03> 'Messenger Service', <20> 'WINS' names defined.


      DNS test . . . . . . . . . . . . . : Failed
      [WARNING] The DNS entries for this DC are not registered correctly on DNS se
      rver '10.0.0.6'. Please wait for 30 minutes for DNS server replication.
      [WARNING] The DNS entries for this DC are not registered correctly on DNS se
      rver '10.0.0.5'. Please wait for 30 minutes for DNS server replication.
      [FATAL] No DNS servers have the DNS records for this DC registered.

      IP Security test . . . . . . . . . : Skipped


      Here are the results from dcdiag & netdiag on DC2:

      DCDiag:

      Microsoft Windows [Version 5.2.3790]
      (C) Copyright 1985-2003 Microsoft Corp.

      C:\Documents and Settings\administrator.NSI>dcdiag /q
      The host b0dbf3da-609e-4e22-9cfe-d42d5a27d42c._msdcs.NSI.local could no
      t be resolved to an
      IP address. Check the DNS server, DHCP, server name, etc
      Although the Guid DNS name
      (b0dbf3da-609e-4e22-9cfe-d42d5a27d42c._msdcs.NSI.local) couldn't be
      resolved, the server name (ExchangeNSI.NSI.local) resolved to the IP
      address (10.0.0.6) and was pingable. Check that the IP address is
      registered correctly with the DNS server.
      ......................... EXCHANGENSI failed test Connectivity


      NetDiag:



      Computer Name: EXCHANGENSI
      DNS Host Name: ExchangeNSI.NSI.local
      System info : Windows 2000 Server (Build 3790)
      Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
      List of installed hotfixes :
      KB819696
      KB823182
      KB823353
      KB823559
      KB824105
      KB824141
      KB824151
      KB825119
      KB828035
      KB828741
      KB831464
      KB833987
      KB834707
      KB835732
      KB837001
      KB837272
      KB839643
      KB839645
      KB840315
      KB840374
      KB840987
      KB841356
      KB841533
      KB867460
      KB870763
      KB871250
      KB873376
      KB883935
      KB885835
      KB885836
      KB885881
      KB887797
      KB890175
      KB891711
      Q147222
      Q828026
      [WARNING] The net card 'Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)'
      may not be working.

      Per interface results:

      Adapter : Local Area Connection 2

      Netcard queries test . . . : Failed
      NetCard Status: DISCONNECTED
      Some tests will be skipped on this interface.

      Host Name. . . . . . . . . : ExchangeNSI
      IP Address . . . . . . . . : 10.0.0.121
      Subnet Mask. . . . . . . . : 255.255.255.0
      Default Gateway. . . . . . : 10.0.0.1
      Primary WINS Server. . . . : 10.0.0.5
      Secondary WINS Server. . . : 10.0.0.120
      Dns Servers. . . . . . . . : 10.0.0.5
      10.0.0.121

      Adapter : Local Area Connection

      Host Name. . . . . . . . . : ExchangeNSI
      IP Address . . . . . . . . : 10.0.0.6
      Subnet Mask. . . . . . . . : 255.255.255.0
      Default Gateway. . . . . . : 10.0.0.1
      Primary WINS Server. . . . : 10.0.0.5
      Secondary WINS Server. . . : 10.0.0.6
      Dns Servers. . . . . . . . : 10.0.0.5
      10.0.0.6

      Global results:
      [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
      ce', <03> 'Messenger Service', <20> 'WINS' names defined.


      DNS test . . . . . . . . . . . . . : Failed
      [WARNING] The DNS entries for this DC are not registered correctly on DNS se
      rver '10.0.0.5'. Please wait for 30 minutes for DNS server replication.
      [WARNING] The DNS entries for this DC are not registered correctly on DNS se
      rver '10.0.0.121'. Please wait for 30 minutes for DNS server replication.
      [WARNING] The DNS entries for this DC are not registered correctly on DNS se
      rver '10.0.0.6'. Please wait for 30 minutes for DNS server replication.
      [FATAL] No DNS servers have the DNS records for this DC registered.

      IP Security test . . . . . . . . . : Skipped


      And the DNS error message, shown on btoh DC's just switch the IP:

      Event Type: Warning
      Event Source: DNS
      Event Category: None
      Event ID: 7062
      Date: 2/11/2005
      Time: 3:37:07 PM
      User: N/A
      Computer: EXCHANGENSI
      Description:
      The DNS server encountered a packet addressed to itself on IP address 10.0.0.6. The packet is for the DNS name "_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.NSI.local.". The packet will be discarded. This condition usually indicates a configuration error.

      Check the following areas for possible self-send configuration errors:
      1) Forwarders list. (DNS servers should not forward to themselves).
      2) Master lists of secondary zones.
      3) Notify lists of primary zones.
      4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server.
      5) Root hints.

      Example of self-delegation:
      -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.
      -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com,
      (bar.example.microsoft.com NS dns1.example.microsoft.com)
      -> BUT the bar.example.microsoft.com zone is NOT on this server.

      Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record.

      You can use the DNS server debug logging facility to track down the cause of this problem.

      Comment


      • #4
        So DC1 is:

        Host Name. . . . . . . . . : nsiserver
        IP Address . . . . . . . . : 10.0.0.5
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.1
        Primary WINS Server. . . . : 10.0.0.5
        Secondary WINS Server. . . : 10.0.0.6
        Dns Servers. . . . . . . . : 10.0.0.6
        10.0.0.5

        and DC2 is:

        Host Name. . . . . . . . . : ExchangeNSI
        IP Address . . . . . . . . : 10.0.0.121
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.1
        Primary WINS Server. . . . : 10.0.0.5
        Secondary WINS Server. . . : 10.0.0.120
        Dns Servers. . . . . . . . : 10.0.0.5
        10.0.0.121

        I think your first server should have its dns servers listed as 1: itself (10.0.0.5) and second the other DC.

        Maybe that will help?
        Server 2000 MCP
        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Thanks, nice catch- I was concentrating on everything else and missed that one. But it didn't resovle the issue.

          It looks like I am missing a record in the _msdcs.nsi.local zone

          I don't know enough about MS DNS to fix this one, network guy

          Everything, including the name resolution seems to be pointing that way. Any ideas?

          Thanks

          Comment


          • #6
            are you running dns servers on both dc's? could you demote and then promote the second one? just some wild ideas but something for last ditch efforts!!
            Server 2000 MCP
            Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Both DC's are running DNS and AD. DC2 has Exchange installed

              I could demote, but what effect will that have? I don't know enough to understand the effects. I am running cert services & I know I will have to remove it and rebuild but what else would it affect? Would it be safe to demote?

              The only thing that is running is cert services & exchange but we are not live on exchange yet. Wanted to get this but fixed first.

              Thanks

              Comment


              • #8
                Let's not get carried away here, this is a simple DNS issue. If you followed Tony's advice the DNS should correct itself after one day, even if you did not restart NETLOGON.

                If you 'tuned' the DC's you also might run into trouble. The most common one is disabling the DHCP client service. It should always be running, since it is responsible for the actual DNS record registration.

                Comment


                • #9
                  Thanks, a little more info-

                  The DC's are not providing DHCP, a network router is. I checked the DHCP client service & it is running.

                  Also, because of the errors, replication cannot occur. The main DC server GUID addresses are not being recognized by DNS.

                  I believe that is the main issue but I can't figure out what/where the _msdcs.domainname zone is and from I what I can research this is where the ldap/kerbos is looking to resolve the names.

                  When I go under the zone name (nsi.local) the _msdcs folder is there & I can see the record entries listed as 'same as parent folder'. From there I look at the parent folder ( I am assuming that this would be the main zone folder, nsi.local) and everything seems to be ok. But at the same time I could be looking at something that is configured incorrectly.

                  Comment


                  • #10
                    OK, here is what I did- I had a test server to look at and noticed that the zone '_msdcs.domainname.local' was not listed on the DC. Within this zone on the test server were containers for PDC/GC/Domains/DC. I also found out that this is wher MS stores all of the major records & lookups for the DNS. It makes sense why I was getting all the errors, the DC didn't know where to go.

                    I re-added the zone, waited for a replication and then did a reload on the new zone. Oh happy day all of the containers showed up. Give MS some credit for stupid user mistakes!

                    I still cannot replicate to DC2. When I run netdiag /fix on DC2 I get an error stating that there is not a 'primary authoritative DNS server for the <servername>'

                    So I am down to 1 error and I am sure it is just a misplaced record or a option I need to verify. If you have any ideas please pass them along!!

                    Thanks

                    Comment

                    Working...
                    X