Announcement

Collapse
No announcement yet.

DNS can't contact AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS can't contact AD

    I'm getting these in the event logs. The zone is showing in DNS. I try to reload and it says that it can't contact the AD service. Nslookup will not resolve any addresses against the DNS server. I've tried Dcdiag and Netdiag with no luck.

    DNS - Event ID 4000

    The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.



  • #2
    Re: DNS can't contact AD

    Have you ran DCDIAG and NETDIAG???

    Comment


    • #3
      Re: DNS can't contact AD

      Have you tried reviewing the zone, to see if it has content ?
      Have you tried renewing the zone, to see if the same error occurs again ?

      Did this error occur during a reboot process perhaps ?
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: DNS can't contact AD

        Is your security log filling up by any chance?
        Do you also get event ID 4013?

        http://support.microsoft.com/kb/316685
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: DNS can't contact AD

          Originally posted by wullieb1 View Post
          Have you ran DCDIAG and NETDIAG???
          I've tried Dcdiag and Netdiag with no luck.

          Comment


          • #6
            Re: DNS can't contact AD

            Originally posted by L4ndy View Post
            Is your security log filling up by any chance?
            Do you also get event ID 4013?

            http://support.microsoft.com/kb/316685
            I saw this article and have since emptied it just to make sure that wasn't it, but it didn't have an effect on the problem.

            Comment


            • #7
              Re: DNS can't contact AD

              Originally posted by tehcamel View Post
              Have you tried reviewing the zone, to see if it has content ?
              Have you tried renewing the zone, to see if the same error occurs again ?

              Did this error occur during a reboot process perhaps ?
              If i try to reload the zone, I get "the AD service can not be contacted". The zone does have content. This started after installing a group of windows updates. I removed all the updates and ran them, again, and this is where I'm at now.

              Comment


              • #8
                Re: DNS can't contact AD

                Is the DNS AD integrated? Have you got more than 1 DNS server? Have you considered reinstaling DNS on the problem machine? It depends on your DNS setup though.

                Comment


                • #9
                  Re: DNS can't contact AD

                  Originally posted by frist44 View Post
                  I've tried Dcdiag and Netdiag with no luck.
                  What was the outcome of the tests???

                  Can you post the results for us.

                  Comment


                  • #10
                    Re: DNS can't contact AD

                    Originally posted by frist44 View Post
                    I removed all the updates and ran them, again, and this is where I'm at now.
                    How about testing before you re-apply the updates?

                    Along with the information asked for by wullieb1 can you explain a bit more about your setup? How many DCs? Is it just one or many?
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: DNS can't contact AD

                      Originally posted by Virtual View Post
                      Is the DNS AD integrated? Have you got more than 1 DNS server? Have you considered reinstaling DNS on the problem machine? It depends on your DNS setup though.
                      The zone is AD integrated. I tried reinstalling DNS. Nothing changes.

                      Comment


                      • #12
                        Re: DNS can't contact AD

                        Originally posted by wullieb1 View Post
                        What was the outcome of the tests???

                        Can you post the results for us.
                        The machine is AD, DNS. It's pretty much a one man show.


                        Domain Controller Diagnosis
                        Performing initial setup:
                        Done gathering initial info.
                        Doing initial required tests

                        Testing server: Default-First-Site-Name\SERVER
                        Starting test: Connectivity
                        The host 43150e76-35a1-4011-9bda-13cebb1316e0._msdcs.adjres.local could not be resolved to an
                        IP address. Check the DNS server, DHCP, server name, etc
                        Although the Guid DNS name
                        (43150e76-35a1-4011-9bda-13cebb1316e0._msdcs.adjres.local) couldn't be
                        resolved, the server name (server.adjres.local) resolved to the IP
                        address (192.168.16.2) and was pingable. Check that the IP address is
                        registered correctly with the DNS server.
                        ......................... SERVER failed test Connectivity
                        Doing primary tests

                        Testing server: Default-First-Site-Name\SERVER
                        Skipping all tests, because server SERVER is
                        not responding to directory service requests

                        Running partition tests on : ForestDnsZones
                        Starting test: CrossRefValidation
                        ......................... ForestDnsZones passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                        ......................... ForestDnsZones passed test CheckSDRefDom

                        Running partition tests on : DomainDnsZones
                        Starting test: CrossRefValidation
                        ......................... DomainDnsZones passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                        ......................... DomainDnsZones passed test CheckSDRefDom

                        Running partition tests on : Schema
                        Starting test: CrossRefValidation
                        ......................... Schema passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                        ......................... Schema passed test CheckSDRefDom

                        Running partition tests on : Configuration
                        Starting test: CrossRefValidation
                        ......................... Configuration passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                        ......................... Configuration passed test CheckSDRefDom

                        Running partition tests on : adjres
                        Starting test: CrossRefValidation
                        ......................... adjres passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                        ......................... adjres passed test CheckSDRefDom

                        Running enterprise tests on : adjres.local
                        Starting test: Intersite
                        ......................... adjres.local passed test Intersite
                        Starting test: FsmoCheck
                        ......................... adjres.local passed test FsmoCheck



                        ........................................
                        Computer Name: SERVER
                        DNS Host Name: server.adjres.local
                        System info : Microsoft Windows Server 2003 (Build 3790)
                        Processor : x86 Family 6 Model 15 Stepping 2, GenuineIntel
                        List of installed hotfixes :
                        KB924667-v2
                        KB925398_WMP64
                        KB925876
                        KB925902
                        KB927891
                        KB929123
                        KB930178
                        KB931784
                        KB932168
                        KB933729
                        KB933854
                        KB935839
                        KB935840
                        KB936021
                        KB936357
                        KB936594
                        KB936782
                        KB938127-IE7
                        KB938464
                        KB938759-v4
                        KB941202
                        KB941568
                        KB941569
                        KB941644
                        KB941672
                        KB941693
                        KB942763
                        KB942830
                        KB942831
                        KB943055
                        KB943460
                        KB943484
                        KB943485
                        KB943729
                        KB944533-IE7
                        KB944653
                        KB945553
                        KB946026
                        KB947864-IE7
                        KB948496
                        KB948590
                        KB948745
                        KB948881
                        KB949014
                        KB950759-IE7
                        KB950760
                        KB950762
                        KB950974
                        KB951066
                        KB951072-v2
                        KB951698
                        KB951746
                        KB951748
                        KB952069
                        KB952954
                        KB953838-IE7
                        KB953839
                        KB954211
                        KB954550-v5
                        KB954600
                        KB955069
                        KB955839
                        KB956263
                        KB956390-IE7
                        KB956391
                        KB956802
                        KB956803
                        KB956841
                        KB957095
                        KB957097
                        KB958215-IE7
                        KB958644
                        KB958687
                        KB958690
                        KB960225
                        KB960714-IE7
                        KB960715
                        KB961063
                        KB961064
                        KB961118
                        KB961260-IE7
                        KB967715
                        Q147222

                        Netcard queries test . . . . . . . : Passed
                        [WARNING] The net card 'HP NC320i PCIe Gigabit Server Adapter' may not be working because it has not received any packets.

                        Per interface results:
                        Adapter : Server Local Area Connection
                        Netcard queries test . . . : Passed
                        Host Name. . . . . . . . . : server
                        IP Address . . . . . . . . : 192.168.16.2
                        Subnet Mask. . . . . . . . : 255.255.255.0
                        Default Gateway. . . . . . :
                        Primary WINS Server. . . . : 192.168.16.2
                        Dns Servers. . . . . . . . : 192.168.16.2

                        AutoConfiguration results. . . . . . : Passed
                        Default gateway test . . . : Skipped
                        [WARNING] No gateways defined for this adapter.
                        NetBT name test. . . . . . : Passed
                        No remote names have been found.
                        WINS service test. . . . . : Failed
                        The test failed. We were unable to query the WINS servers.
                        Adapter : Network Connection
                        Netcard queries test . . . : Passed
                        Host Name. . . . . . . . . : server
                        IP Address . . . . . . . . : [public IP]
                        Subnet Mask. . . . . . . . : 255.255.255.248
                        Default Gateway. . . . . . : [public gateway]
                        Primary WINS Server. . . . : 192.168.16.2
                        NetBIOS over Tcpip . . . . : Disabled
                        Dns Servers. . . . . . . . : 4.2.2.2 <---I changed this just so it would resolve a webpage

                        AutoConfiguration results. . . . . . : Passed
                        Default gateway test . . . : Passed
                        NetBT name test. . . . . . : Skipped
                        NetBT is disabled on this interface. [Test skipped]
                        WINS service test. . . . . : Skipped
                        NetBT is disable on this interface. [Test skipped].

                        Global results:

                        Domain membership test . . . . . . : Passed

                        NetBT transports test. . . . . . . : Passed
                        List of NetBt transports currently configured:
                        NetBT_Tcpip_{40CBF2BE-C62B-4DE4-9007-5A367EA4AFC5}
                        1 NetBt transport currently configured.

                        Autonet address test . . . . . . . : Passed

                        IP loopback ping test. . . . . . . : Passed

                        Default gateway test . . . . . . . : Passed

                        NetBT name test. . . . . . . . . . : Passed

                        Winsock test . . . . . . . . . . . : Passed

                        DNS test . . . . . . . . . . . . . : Failed
                        [WARNING] Cannot find a primary authoritative DNS server for the name
                        'server.adjres.local.'. [ERROR_TIMEOUT]
                        The name 'server.adjres.local.' may not be registered in DNS.
                        [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.16.2, ERROR_TIMEOUT.
                        [WARNING] The DNS entries for this DC are not registered correctly on DNS server '4.2.2.2'. Please wait for 30 minutes for DNS server replication.
                        [FATAL] No DNS servers have the DNS records for this DC registered.

                        Redir and Browser test . . . . . . : Passed
                        List of NetBt transports currently bound to the Redir
                        NetBT_Tcpip_{40CBF2BE-C62B-4DE4-9007-5A367EA4AFC5}
                        The redir is bound to 1 NetBt transport.
                        List of NetBt transports currently bound to the browser
                        NetBT_Tcpip_{40CBF2BE-C62B-4DE4-9007-5A367EA4AFC5}
                        The browser is bound to 1 NetBt transport.

                        DC discovery test. . . . . . . . . : Passed

                        DC list test . . . . . . . . . . . : Passed

                        Trust relationship test. . . . . . : Skipped

                        Kerberos test. . . . . . . . . . . : Passed

                        LDAP test. . . . . . . . . . . . . : Passed

                        Bindings test. . . . . . . . . . . : Passed

                        WAN configuration test . . . . . . : Skipped
                        No active remote access connections.

                        Modem diagnostics test . . . . . . : Passed
                        IP Security test . . . . . . . . . : Skipped
                        Note: run "netsh ipsec dynamic show /?" for more detailed information

                        The command completed successfully

                        Comment


                        • #13
                          Re: DNS can't contact AD

                          IP Address . . . . . . . . : [public IP]
                          Subnet Mask. . . . . . . . : 255.255.255.248
                          Default Gateway. . . . . . : [public gateway]
                          Primary WINS Server. . . . : 192.168.16.2
                          NetBIOS over Tcpip . . . . : Disabled
                          Dns Servers. . . . . . . . : 4.2.2.2 <---I changed this just so it would resolve a webpage


                          You DC needs to only point to itself for DNS, you can setup forwarders for internet resolution later.
                          Your IP address should also be a private one not public (I assume 192.168.16.2 here).

                          Change your server back to the original IP and DNS settings and then restart it. Once it is back up and has sat for 5 mins then restart the netlogon service as well.

                          Check DNS then.
                          cheers
                          Andy

                          Please read this before you post:


                          Quis custodiet ipsos custodes?

                          Comment


                          • #14
                            Re: DNS can't contact AD

                            Originally posted by AndyJG247 View Post
                            IP Address . . . . . . . . : [public IP]
                            Subnet Mask. . . . . . . . : 255.255.255.248
                            Default Gateway. . . . . . : [public gateway]
                            Primary WINS Server. . . . : 192.168.16.2
                            NetBIOS over Tcpip . . . . : Disabled
                            Dns Servers. . . . . . . . : 4.2.2.2 <---I changed this just so it would resolve a webpage


                            You DC needs to only point to itself for DNS, you can setup forwarders for internet resolution later.
                            Your IP address should also be a private one not public (I assume 192.168.16.2 here).

                            Change your server back to the original IP and DNS settings and then restart it. Once it is back up and has sat for 5 mins then restart the netlogon service as well.

                            Check DNS then.
                            Hi Andy,

                            This machine acts as a router too with two NICs, so one serves as the public interface. It's SBS 2003. This setup was working fine for two years or so before this started. I understand what you're thinking. But I change the DNS address to a public DNS server I knew was available because the internal address will not resolve any pages, so I can't get to the internet without typing IP addresses.

                            Comment


                            • #15
                              Re: DNS can't contact AD

                              Originally posted by frist44 View Post
                              The machine is AD, DNS. It's pretty much a one man show.
                              It certainly looks that way. And that's where your problems start, especially the fact that the machine is multihomed. I would imagine it acts as RRAS as well.
                              It's not recommended to use a multihomed machine as a DC as it'll create loads of problems and so if you use it as a DNS server without restricting DNS support just to one IP address: http://technet.microsoft.com/en-us/l.../cc772564.aspx

                              I would recommend reviewing your server roles.
                              Caesar's cipher - 3

                              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                              SFX JNRS FC U6 MNGR

                              Comment

                              Working...
                              X