AD & DNS problems

This topic contains 11 replies, has 3 voices, and was last updated by Avatar Si_Pe 13 years, 3 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • Avatar
    Si_Pe
    Member
    #114559

    Hello All,

    I am having a few problems with my dc’s.

    I have three dc’s running windows 2000 advance server with Sp4 and all latest updates.

    The problem I have noticed is that only one server seems to be working as a GC. The server that is running ok crashed the other day and I noticed users couldn’t logon etc while it was down. Its backup now and all is ok for users etc but I fear I have a massive DNS issue with my dc’s.

    I have ran a few test’s suggested on here and I would like some help with trying to work out where to start looking to resolve this.

    Here is my report from DCDIAG from one of the dc’s that isn’t working as a GC.

    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-NameENDSCS1
    Starting test: Connectivity
    ……………………. ENDSCS1 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-NameENDSCS1
    Starting test: Replications
    ……………………. ENDSCS1 passed test Replications
    Starting test: NCSecDesc
    ……………………. ENDSCS1 passed test NCSecDesc
    Starting test: NetLogons
    ……………………. ENDSCS1 passed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \endscs2.endsnet.local,
    when we were trying to reach ENDSCS1.
    Server is not responding or is not considered suitable.
    ……………………. ENDSCS1 failed test Advertising
    Starting test: KnowsOfRoleHolders
    ……………………. ENDSCS1 passed test KnowsOfRoleHolders
    Starting test: RidManager
    ……………………. ENDSCS1 passed test RidManager
    Starting test: MachineAccount
    ……………………. ENDSCS1 passed test MachineAccount
    Starting test: Services
    ……………………. ENDSCS1 passed test Services
    Starting test: ObjectsReplicated
    ……………………. ENDSCS1 passed test ObjectsReplicated
    Starting test: frssysvol
    Error: No record of File Replication System, SYSVOL started.
    The Active Directory may be prevented from starting.
    ……………………. ENDSCS1 passed test frssysvol
    Starting test: kccevent
    ……………………. ENDSCS1 passed test kccevent
    Starting test: systemlog
    ……………………. ENDSCS1 passed test systemlog

    Running enterprise tests on : endsnet.local
    Starting test: Intersite
    ……………………. endsnet.local passed test Intersite
    Starting test: FsmoCheck
    ……………………. endsnet.local passed test FsmoCheck

    E:Documents and Settingslocaladmin>
    E:Documents and Settingslocaladmin>
    E:Documents and Settingslocaladmin>netdiag /test:dns

    ………..

    Computer Name: ENDSCS1
    DNS Host Name: endscs1.endsnet.local
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
    List of installed hotfixes :
    KB822343
    KB823182
    KB823559
    KB824105
    KB825119
    KB826232
    KB828035
    KB828749
    KB832353
    KB832359
    KB841356
    KB842773
    KB885836
    KB890046
    KB893756
    KB893803v2
    KB896358
    KB896422
    KB896423
    KB896424
    KB899587
    KB899589
    KB899591
    KB900725
    KB901017
    KB901214
    KB904706
    KB905414
    KB905749
    KB908519
    KB908523
    KB908531
    KB911280
    KB911564
    KB911567-OE55SP2-20060317.162653
    KB912919
    KB913580
    KB914389
    KB916281-IE501SP4-20060519.173353
    KB917344
    KB917736
    KB917953
    Q147222
    Q828026
    Update Rollup 1

    Netcard queries test . . . . . . . : Passed
    [WARNING] The net card ‘Broadcom NetXtreme Gigabit Ethernet’ may not be work
    ing because it has not received any packets.

    Per interface results:

    Adapter : Local Area Connection 2

    Netcard queries test . . . : Passed

    Adapter : Local Area Connection

    Netcard queries test . . . : Passed

    Global results:

    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
    machine. This machine is not working properly as a DC.

    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{188AF92B-C99D-4958-BC60-42F591019C96}
    NetBT_Tcpip_{ADE9BFF1-4119-4B04-9965-F23EC28A38A6}
    2 NetBt transports currently configured.

    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] Cannot find a primary authoritative DNS server for the name
    ‘endscs1.endsnet.local.’. [ERROR_TIMEOUT]
    The name ‘endscs1.endsnet.local.’ may not be registered in DNS.
    [FATAL]: The DNS registration for ‘endscs1.endsnet.local’ is incor
    rect on all DNS servers.
    [WARNING] The DNS entries for this DC cannot be verified right now on DNS
    server 1.0.0.0, ERROR_TIMEOUT.
    PASS – All the DNS entries for DC are registered on DNS server ‘198.168.6.4’
    and other DCs also have some of the names registered.
    PASS – All the DNS entries for DC are registered on DNS server ‘198.168.6.3’
    and other DCs also have some of the names registered.

    The command completed successfully

    All Help is very much appreciated.

    Avatar
    m80arm
    Member
    #232119

    Re: AD & DNS problems

    Is DNS Installed on all 3 DC’s ??

    Is DNS updating fine on all 3 DC’s ??

    Has this always been a problem or has it just started recently.

    If you browse to the two failing DC’s are the SYSVOL and NETLOGON folders visible??

    Michael

    Avatar
    Si_Pe
    Member
    #278081

    Re: AD & DNS problems

    m80arm wrote:
    Is DNS Installed on all 3 DC’s ??

    Is DNS updating fine on all 3 DC’s ??

    Has this always been a problem or has it just started recently.

    If you browse to the two failing DC’s are the SYSVOL and NETLOGON folders visible??

    Michael

    Hi,

    thanks for you reply!

    DNS is installed on two dc’s. It appears to be updating ok and I can see both netlogon and Sysvol on all three dc’s.

    The problem has just started to happen. I only noticed it when the users couldn’t logon. First thing I ran was Dcdiag to see if all was ok and I am getting the advertising error so then I tested DNS using NETDIAG and it returned the above errors.

    Thanks for help

    Avatar
    Si_Pe
    Member
    #278082

    Re: AD & DNS problems

    I also now have the following error in the eventlog

    DNS Server has updated its own host (A) records. In order to insure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

    If this DNS server does not have any DS-integrated peers, then this error
    should be ignored.

    If this DNS server’s ActiveDirectory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

    To insure proper replication:
    1) Find this server’s ActiveDirectory replication partners that run the DNS server.
    2) Open DnsManager and connect in turn to each of the replication partners.
    3) On each server, check the host (A record) registration for THIS server.
    4) Delete any A records that do NOT correspond to IP addresses of this server.
    5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the ActiveDirectory DNS server you are updating.)
    6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

    I am going to follow the steps and see what happens.

    Avatar
    m80arm
    Member
    #232120

    Re: AD & DNS problems

    Si_Pe wrote:
    DNS is installed on two dc’s

    Are you sure?

    DNS should be installed on all DC’s as it is a requirement of Active Directory.

    Michael

    Avatar
    Si_Pe
    Member
    #278083

    Re: AD & DNS problems

    m80arm wrote:
    Are you sure?

    DNS should be installed on all DC’s as it is a requirement of Active Directory.

    Michael

    I will check again. If this is the case could this be the root of the problem?

    Thanks for your help!

    Avatar
    wullieb1
    Moderator
    #239442

    Re: AD & DNS problems

    DNs will need to be installed on each DC in your domain.

    I usually install DNS and setup each server to point to its OWN DNS server for reolution and a secondary for fail over purposes.

    Within DNS you can also setup forwarders that will allow your DNS server to send queries that it cannot resolve to external DNS servers.

    Avatar
    Si_Pe
    Member
    #278084

    Re: AD & DNS problems

    wullieb1 wrote:
    DNs will need to be installed on each DC in your domain.

    I usually install DNS and setup each server to point to its OWN DNS server for reolution and a secondary for fail over purposes.

    Within DNS you can also setup forwarders that will allow your DNS server to send queries that it cannot resolve to external DNS servers.

    Ah Ok, thanks!

    I did read somewhere that the server should point to another server and not itself for DnS.

    Thanks for advice!

    Avatar
    wullieb1
    Moderator
    #239443

    Re: AD & DNS problems

    Si_Pe wrote:
    Ah Ok, thanks!

    I did read somewhere that the server should point to another server and not itself for DnS.

    Thanks for advice!

    All the DC’s i’ve setup have been set to point to its own DNS server for name resolution.

    I’ll try and dig out where i picked it up from.

    Have a looky here

    Avatar
    m80arm
    Member
    #232121

    Re: AD & DNS problems

    Si_Pe wrote:
    I will check again. If this is the case could this be the root of the problem?

    Thanks for your help!

    I dont think so because it’s having problems replicating to two server not just one.

    I am currently having a bit of a search but it’s painfull as I am only using dial up :)

    Michael

    Avatar
    Si_Pe
    Member
    #278085

    Re: AD & DNS problems

    m80arm wrote:
    I dont think so because it’s having problems replicating to two server not just one.

    I am currently having a bit of a search but it’s painfull as I am only using dial up :)

    Michael

    Thanks so much!

    Its looking more and more like dns as the GetName is coming back with the wrong server name as per my dcdiag results.

    Thanks again!

    Avatar
    Si_Pe
    Member
    #278086

    Re: AD & DNS problems

    Confused now!

    Have tried pointing the server to their own dns and its still the same.

    I really need to try and make one of the other DC’s a working GC soon.

    Has anyone else got any other suggestions?

    Thanks very much!
    Si

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.