Announcement

Collapse
No announcement yet.

DNS issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS issue

    DNS test . . . . . . . . . . . . . : Failed
    [FIX] re-register DC DNS entry '01-02-03.domain.com.' on DNS server '100.100.100.1' succeed.
    [FIX] re-register DC DNS entry '01-02-03.domain.com.' on DNS server '100.100.100.1' succeed.
    [FIX] re-register DC DNS entry '01-02-03.domain.com.' on DNS server '100.100.100.1' succeed.
    FIX PASS - netdiag re-registered missing DNS entries for this DC successfull
    y on DNS server '100.100.100.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    This server used to replicate fine, now it has not for some time now. This is what I get when I run netdiag /fix.

    What can I try from here?

  • #2
    Re: DNS issue

    Run netdiag to see if the errors are still there.
    Post the netdiag back.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: DNS issue

      Yep, exact same thing as before.

      DNS test . . . . . . . . . . . . . : Failed
      [FIX] re-register DC DNS entry '01-02-03.domain.com.' on DNS server '100.100.100.1' succeed.
      [FIX] re-register DC DNS entry '01-02-03.domain.com.' on DNS server '100.100.100.1' succeed.
      [FIX] re-register DC DNS entry '01-02-03.domain.com.' on DNS server '100.100.100.1' succeed.
      FIX PASS - netdiag re-registered missing DNS entries for this DC successfull
      y on DNS server '100.100.100.1'.
      [FATAL] No DNS servers have the DNS records for this DC registered.


      Has this warning as well.

      LDAP test. . . . . . . . . . . . . : Passed
      [WARNING] Failed to query SPN registration on DC '1controller.01-02-03.domain.com'.
      [WARNING] Failed to query SPN registration on DC '2controller.01-02-03.domain.com'.

      Comment


      • #4
        Re: DNS issue

        100.1000.100.1 is a server on your LAN?
        Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

        Comment


        • #5
          Re: DNS issue

          No, that's the Public address.

          Comment


          • #6
            Re: DNS issue

            You have one or two things wrong with this setup then.

            All computers on the LAN should be pointing to one DNS server that sits locally and only serves the computers on your LAN. This DNS server should not be visable from the internet if its used for AD.

            You wouldn't normally have a server configured with a WAN IP unless it was doing routing for your domain.

            Can you tell me how many cards this server has installed? What is the IP range you use on the LAN?
            Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

            Comment


            • #7
              Re: DNS issue

              All computers on the LAN should be pointing to one DNS server that sits locally and only serves the computers on your LAN. This DNS server should not be visable from the internet if its used for AD.
              This is a DC and serves as a DNS server as well. It points to a DNS server that is offsite.

              You wouldn't normally have a server configured with a WAN IP unless it was doing routing for your domain.
              It does have a public IP address as well as a private address.

              Can you tell me how many cards this server has installed? What is the IP range you use on the LAN?
              It has two NIC cards. 172.31.7.80-254

              Comment


              • #8
                Re: DNS issue

                All local devices on the LAN are pointing to the servers LAN IP?

                The first post suggests to me that it's going off onto external DNS servers to attempt to register itself there.

                Can you make sure "Register this connection's addresses in DNS" is disabled on your WAN card?
                Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                Comment


                • #9
                  Re: DNS issue

                  run ipconfig /all on the DC's
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: DNS issue

                    DC1

                    Windows IP Configuration
                    Host Name . . . . . . . . . . . . : dc1
                    Primary Dns Suffix . . . . . . . : 01-02-03.domain.com
                    Node Type . . . . . . . . . . . . : Unknown
                    IP Routing Enabled. . . . . . . . : No
                    WINS Proxy Enabled. . . . . . . . : Yes
                    DNS Suffix Search List. . . . . . : 01-02-03.domain.com
                    Ethernet adapter INT:
                    Connection-specific DNS Suffix . :

                    Description . . . . . . .: Intel(R) PRO/1000 MT Network Connection #2
                    Physical Address. . . . . . . . . : 00-14-22-20-A2-2B
                    DHCP Enabled. . . . . . . . . . . : No
                    IP Address. . . . . . . . . . . . : 172.16.0.0
                    Subnet Mask . . . . . . . . . . . : 255.240.0.0
                    Default Gateway . . . . . . . . . :
                    Ethernet adapter EXT:
                    Connection-specific DNS Suffix . :

                    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                    Physical Address. . . . . . . . . : 00-14-22-20-A2-2A
                    DHCP Enabled. . . . . . . . . . . : No
                    IP Address. . . . . . . . . . . . : 1.1.1.10
                    Subnet Mask . . . . . . . . . . . : 255.255.255.0
                    Default Gateway . . . . . . . . . : 1.1.1.1
                    DNS Servers . . . . . . . . . . ....3.3.3.10 public
                    1.1.1.10 public
                    2.2.2.10 public

                    DC2

                    Windows IP Configuration
                    Host Name . . . . . . . . . . . . : dc2
                    Primary Dns Suffix . . . . . . . : 01-02-03.domain.com
                    Node Type . . . . . . . . . . . . : Unknown
                    IP Routing Enabled. . . . . . . . : Yes
                    WINS Proxy Enabled. . . . . . . . : Yes
                    DNS Suffix Search List. . . . . . : 01-02-03.domain.com
                    Ethernet adapter External:
                    Connection-specific DNS Suffix . :

                    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
                    Physical Address. . . . . . . . . : 00-11-43-EB-21-7A
                    DHCP Enabled. . . . . . . . . . . : No
                    IP Address. . . . . . . . . . . . : 2.2.2.10 public
                    Subnet Mask . . . . . . . . . . . : 255.255.255.224
                    Default Gateway . . . . . . . . . : 2.2.2.1 public
                    DNS Servers . . . . . . . . . . . : 1.1.1.10 public
                    2.2.2.10 public
                    3.3.3.10 public

                    Ethernet adapter Internal:
                    Connection-specific DNS Suffix . :
                    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                    Physical Address. . . . . . . . . : 00-11-43-EB-21-79
                    DHCP Enabled. . . . . . . . . . . : No
                    IP Address. . . . . . . . . . . . : 172.31.8.1
                    Subnet Mask . . . . . . . . . . . : 255.255.255.0
                    IP Address. . . . . . . . . . . . : 172.31.7.1
                    Subnet Mask . . . . . . . . . . . : 255.255.255.0
                    Default Gateway . . . . . . . . . : 172.31.7.254
                    DNS Servers . . . . . . . . . . . : 172.31.7.1
                    1.1.1.10 public
                    2.2.2.10 public

                    DC3

                    Windows IP Configuration
                    Host Name . . . . . . . . . . . . : dc3
                    Primary Dns Suffix . . . . . . . : 01-02-03.domain.com
                    Node Type . . . . . . . . . . . . : Hybrid
                    IP Routing Enabled. . . . . . . . : No
                    WINS Proxy Enabled. . . . . . . . : No
                    DNS Suffix Search List. . . . . . : 01-02-03.domain.com
                    Ethernet adapter INT ANA 1:
                    Connection-specific DNS Suffix . :
                    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
                    Physical Address. . . . . . . . . : 00-13-72-5C-6E-20
                    DHCP Enabled. . . . . . . . . . . : No
                    IP Address. . . . . . . . . . . . : 172.31.9.11
                    Subnet Mask . . . . . . . . . . . : 255.255.255.0
                    Default Gateway . . . . . . . . . : 172.31.9.1
                    DNS Servers . . . . . . . . . . . : 1.1.1.10 public
                    172.31.9.11
                    2.2.2.10 public
                    Ethernet adapter EXT ANA 1:
                    Connection-specific DNS Suffix . :

                    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                    Physical Address. . . . . . . . . : 00-13-72-5C-6E-1F
                    DHCP Enabled. . . . . . . . . . . : No
                    IP Address. . . . . . . . . . . . : 3.3.3.10 public
                    Subnet Mask . . . . . . . . . . . : 255.255.255.192
                    Default Gateway . . . . . . . . . : 3.3.3.11 public
                    DNS Servers . . . . . . . . . . . : 1.1.1.10 public
                    3.3.3.10 public

                    Comment


                    • #11
                      Re: DNS issue

                      Your first DC is using external DNS as is DNS server then.
                      They should be pointing to the server on your local network that runs the DNS Services. You should point ALL computers to your local DNS server. The DNS server itself should also be pointing to 127.0.0.1 to resolve DNS addresses. No servers should be looking at your ISP's DNS Servers. If you want to use your ISP's DNS servers then you can add them as forwarders on your local DNS. I would imagine you have quite a few issues with your current configuration.

                      Also you have two servers each doing routing and or they have their own internet connection each? DC2 also has two local IPs configured?
                      Last edited by ]SK[; 30th July 2008, 10:21.
                      Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                      Comment


                      • #12
                        Re: DNS issue

                        Your first DC is using external DNS as is DNS server then.
                        I have the servers pointing to each other, although they are at different sites. Your saying I should point them to themselves then?
                        They should be pointing to the server on your local network that runs the DNS Services. You should point ALL computers to your local DNS server.
                        I tried doing that, but since they do not replicate well, after awhile users cannot login or have trouble logging in, or changes don't seem to happen like password resets.
                        The DNS server itself should also be pointing to 127.0.0.1 to resolve DNS addresses.
                        Should I put 127.0.0.1 in DNS under TCP/IP properties or just point them to themselves?
                        No servers should be looking at your ISP's DNS Servers. If you want to use your ISP's DNS servers then you can add them as forwarders on your local DNS. I would imagine you have quite a few issues with your current configuration.
                        That is not the issue here, no ISP DNS servers are listed under DNS tab on any servers here.

                        Also you have two servers each doing routing and or they have their own internet connection each? DC2 also has two local IPs configured?
                        No servers are routing and should not have that enabled, should I disable that?

                        Does Dumber have anything to add to this?

                        Thanks for all your guy's help.

                        Comment


                        • #13
                          Re: DNS issue

                          After pointing the DNS servers to themselves, here is the output of 'netdiag /fix' on DC1.

                          Let me know if you want to look at any other DC's configs.

                          Microsoft Windows [Version 5.2.3790]
                          (C) Copyright 1985-2003 Microsoft Corp.
                          C:\Documents and Settings\netdiag /fix
                          ......................................
                          Computer Name: DC1
                          DNS Host Name: dc1.01-02-03.domain.com
                          System info : Windows 2000 Server (Build 3790)
                          Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
                          List of installed hotfixes :
                          KB909520
                          KB911564
                          KB921503
                          KB925398_WMP64
                          KB925902
                          KB926122
                          KB927891
                          KB929123
                          KB930178
                          KB931768
                          KB931784
                          KB931836
                          KB932168
                          KB933360
                          KB933566
                          KB933729
                          KB933854
                          KB935839
                          KB935840
                          KB935966
                          KB936021
                          KB936357
                          KB936782
                          KB937143
                          KB938127
                          KB938127-IE7
                          KB939653
                          KB941202
                          KB941568
                          KB941569
                          KB941644
                          KB941672
                          KB941693
                          KB942615
                          KB942615-IE7
                          KB942763
                          KB942840
                          KB943055
                          KB943460
                          KB943484
                          KB943485
                          KB944533-IE7
                          KB944653
                          KB945553
                          KB946026
                          KB947864-IE7
                          KB948496
                          KB948590
                          KB948745
                          KB948881
                          KB949014
                          KB950759-IE7
                          KB950760
                          KB950762
                          KB951698
                          KB951746
                          KB951748
                          Q147222

                          Netcard queries test . . . . . . . : Passed

                          Per interface results:
                          Adapter : EXT
                          Netcard queries test . . . : Passed
                          Host Name. . . . . . . . . : dc1
                          IP Address . . . . . . . . : 1.1.1.10
                          Subnet Mask. . . . . . . . : 255.255.255.0
                          Default Gateway. . . . . . : 1.1.1.1
                          Dns Servers. . . . . . . . : 1.1.1.10
                          3.3.3.10
                          2.2.2.10


                          AutoConfiguration results. . . . . . : Passed
                          Default gateway test . . . : Passed
                          NetBT name test. . . . . . : Passed
                          [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
                          r Service', <20> 'WINS' names is missing.
                          No remote names have been found.
                          WINS service test. . . . . : Skipped
                          There are no WINS servers configured for this interface.
                          Adapter : INT
                          Netcard queries test . . . : Passed
                          Host Name. . . . . . . . . : dc1
                          IP Address . . . . . . . . : 172.16.0.177
                          Subnet Mask. . . . . . . . : 255.240.0.0
                          Default Gateway. . . . . . :
                          Dns Servers. . . . . . . . :
                          AutoConfiguration results. . . . . . : Passed
                          Default gateway test . . . : Skipped
                          [WARNING] No gateways defined for this adapter.
                          NetBT name test. . . . . . : Passed
                          [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
                          r Service', <20> 'WINS' names is missing.
                          No remote names have been found.
                          WINS service test. . . . . : Skipped
                          There are no WINS servers configured for this interface.

                          Global results:

                          Domain membership test . . . . . . : Passed

                          NetBT transports test. . . . . . . : Passed
                          List of NetBt transports currently configured:
                          NetBT_Tcpip_{8A24F372-BCDB-4213-9B95-E635A0A0395B}
                          NetBT_Tcpip_{46884536-48C6-4367-A01B-6DBFDBAC4104}
                          2 NetBt transports currently configured.

                          Autonet address test . . . . . . . : Passed

                          IP loopback ping test. . . . . . . : Passed

                          Default gateway test . . . . . . . : Passed

                          NetBT name test. . . . . . . . . . : Passed
                          [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
                          ce', <03> 'Messenger Service', <20> 'WINS' names defined.

                          Winsock test . . . . . . . . . . . : Passed

                          DNS test . . . . . . . . . . . . . : Failed
                          [WARNING] Cannot find a primary authoritative DNS server for the name
                          'dc1.01-02-03.domain.com.'. [ERROR_TIMEOUT]
                          The name 'dc1.01-02-03.domain.com.' may not be registered
                          in DNS.
                          [FIX] re-register DC DNS entry 01-02-03.domain.com.' on DNS server 1.1.1.10 succeed.
                          FIX PASS - netdiag re-registered missing DNS entries for this DC successfull
                          y on DNS server 1.1.1.10.
                          [FATAL] No DNS servers have the DNS records for this DC registered.

                          Redir and Browser test . . . . . . : Passed
                          List of NetBt transports currently bound to the Redir
                          NetBT_Tcpip_{8A24F372-BCDB-4213-9B95-E635A0A0395B}
                          NetBT_Tcpip_{46884536-48C6-4367-A01B-6DBFDBAC4104}
                          The redir is bound to 2 NetBt transports.
                          List of NetBt transports currently bound to the browser
                          NetBT_Tcpip_{46884536-48C6-4367-A01B-6DBFDBAC4104}
                          NetBT_Tcpip_{8A24F372-BCDB-4213-9B95-E635A0A0395B}
                          The browser is bound to 2 NetBt transports.

                          DC discovery test. . . . . . . . . : Passed

                          DC list test . . . . . . . . . . . : Failed
                          Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
                          FOUND]

                          Trust relationship test. . . . . . : Skipped

                          Kerberos test. . . . . . . . . . . : Passed

                          LDAP test. . . . . . . . . . . . . : Passed


                          Bindings test. . . . . . . . . . . : Passed

                          WAN configuration test . . . . . . : Skipped
                          No active remote access connections.

                          Modem diagnostics test . . . . . . : Passed
                          IP Security test . . . . . . . . . : Skipped
                          Note: run "netsh ipsec dynamic show /?" for more detailed information

                          The command completed successfully

                          Comment


                          • #14
                            Re: DNS issue

                            DC1
                            DNS Servers . . . . . . . . . . ....3.3.3.10 public
                            1.1.1.10 public
                            2.2.2.10 public
                            DC2
                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
                            Physical Address. . . . . . . . . : 00-11-43-EB-21-7A
                            DHCP Enabled. . . . . . . . . . . : No
                            IP Address. . . . . . . . . . . . : 2.2.2.10 public
                            Subnet Mask . . . . . . . . . . . : 255.255.255.224
                            Default Gateway . . . . . . . . . : 2.2.2.1 public
                            DNS Servers . . . . . . . . . . . : 1.1.1.10 public
                            2.2.2.10 public
                            3.3.3.10 public

                            Ethernet adapter Internal:
                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                            Physical Address. . . . . . . . . : 00-11-43-EB-21-79
                            DHCP Enabled. . . . . . . . . . . : No
                            IP Address. . . . . . . . . . . . : 172.31.8.1
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            IP Address. . . . . . . . . . . . : 172.31.7.1
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            Default Gateway . . . . . . . . . : 172.31.7.254
                            DNS Servers . . . . . . . . . . . : 172.31.7.1
                            1.1.1.10 public
                            2.2.2.10 public
                            DC3
                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
                            Physical Address. . . . . . . . . : 00-13-72-5C-6E-20
                            DHCP Enabled. . . . . . . . . . . : No
                            IP Address. . . . . . . . . . . . : 172.31.9.11
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            Default Gateway . . . . . . . . . : 172.31.9.1
                            DNS Servers . . . . . . . . . . . : 1.1.1.10 public
                            172.31.9.11
                            2.2.2.10 public

                            Ethernet adapter EXT ANA 1:
                            Connection-specific DNS Suffix . :

                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                            Physical Address. . . . . . . . . : 00-13-72-5C-6E-1F
                            DHCP Enabled. . . . . . . . . . . : No
                            IP Address. . . . . . . . . . . . : 3.3.3.10 public
                            Subnet Mask . . . . . . . . . . . : 255.255.255.192
                            Default Gateway . . . . . . . . . : 3.3.3.11 public
                            DNS Servers . . . . . . . . . . . : 1.1.1.10 public
                            3.3.3.10 public
                            That is not the issue here, no ISP DNS servers are listed under DNS tab on any servers here.
                            This is the issue! All the above cards are using your ISP's DNS servers.

                            Do you have at least one Windows DNS on the network (from what I can work out this is 172.31.7.1 AKA DC2)? What is your Windows domain called (this ideally should not be your externally purchased domain name, however we can work around this.

                            I will start a new reply as this one is already full.
                            Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                            Comment


                            • #15
                              Re: DNS issue

                              Code:
                              DC1
                              IP Address. . . . . . . . . . . . : 172.16.0.0
                              Subnet Mask . . . . . . . . . . . : 255.240.0.0
                              
                              DC2
                              IP Address. . . . . . . . . . . . : 172.31.8.1
                              Subnet Mask . . . . . . . . . . . : 255.255.255.0
                              IP Address. . . . . . . . . . . . : 172.31.7.1
                              Subnet Mask . . . . . . . . . . . : 255.255.255.0
                              
                              DC3
                              IP Address. . . . . . . . . . . . : 172.31.9.11
                              Subnet Mask . . . . . . . . . . . : 255.255.255.0
                              OK, this is getting worse the more I read into this. DC1 from what I can tell can see DC2 and DC3. However I don't think Windows will even let you use a .0 as an IP address? So how this is working is beyond me.
                              DC2 will not be able to see DC2 or DC3.
                              DC3 will not be able to see DC1 or DC3.
                              All three servers are on a totally different subnet from each other!


                              Ideal basic IP config to get started would be...

                              Code:
                              DC1
                              IP: 192.168.0.1
                              Mask: 255.255.255.0
                              DNS: 192.168.0.2
                              Gateway: 192.168.0.254
                              
                              DC2
                              IP: 192.168.0.2
                              Mask: 255.255.255.0
                              DNS: 127.0.0.1
                              Gateway: 192.168.0.254
                              
                              DC3
                              IP: 192.168.0.3
                              Mask: 255.255.255.0
                              DNS: 192.168.0.2
                              Gateway: 192.168.0.254
                              
                              Workstations
                              IP: 192.168.0.50 - 192.168.0.150
                              DNS: 192.168.0.2
                              Gateway: 192.168.0.254
                              This will only work if a DNS Server services is working on DC2. How you got DC1 to work without DNS is pretty amazing since DCPROMO will stop midway when it cannot find a DNS server (hence your error at post 1). Any additional NIC's should be removed or at least disabled.
                              Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                              Comment

                              Working...
                              X