Re: WINS and DNS issue
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 05:45:06 -0600
"Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4F324944-06B1-4542-93C9-0A83D51478B9@xxxxxxxxxxxxxxxx
> Thanks for your response yet again Herb.
>
> We do run a win2003 domain so I will google the domain rename, but do you
> have any first hand experience with tackling this? I've been told that
> its
> frought with danger, but maybe if I address a few issues with DNS and WINS
> our netwwork will at least function a little better which may not require
> anyting drastic like a domain rename.
Follow the KB articles explicitly and you should be ok.
BUT, I would also see about making sure my DNS was correct
to begin with -- even if that requires manual registration of the
DC (not ordinary computer) records.
If you don't make everything able to find the DCs (and each other)
then you will just be complicating the existing problems.
> Ideally we would like to have 2 DCS, 2 DNS and 2 WINS servers but our
> budget
> is very limited as to what we can afford. I will suggest this as the way
> forward though.
The alternative is REALLY GOOD (e.g., daily) backups AND
UPS systems.
> The output from the DC was from running dcdiag, i incorrectly typed
> netdiag.
It did sort of look like that.
> DNS is setup to be AD integrated, to replicate to all other DCs and to
> allow
> secure and unsecure updates. DNS isnt set up for zone transfers and "Use
> WINS forward lookup" is not selected. Does this sound about right?
Well, if you have more than one DC then you already have a place
to put your 2 DNS/WINS servers.
> Why is it that win2k clients seem to register with dns but XP clients
> dont?
My guess would be that the XP still has something wrong on their
NIC (multiple irrelevant DNS servers) OR that one of the NICs
is unroutable from the XP side but is the one listed in DNS.
> I will look at all your suggestions and attempt to address our problems.
> Is
> it completely safe to run dcdiag /fix?
Yes. I always run it once, capture to file FIRST, so that I can compare the
results after the fix (I like to know if anything was actually improved.)
BUT notice it won't fix EVERYTHING, just some limited problems.
> Our DNS eventvwr is full of errors about the DC not being able to register
> itself with DNS. Here are a few sample errors: -
Yes. This is where I have been pointing you all along.
> "The DNS server has encountered a critical error from the Active
> Directory.
> Check that the Active Directory is functioning properly. The extended
> error
> debug information (which may be empty) is "". The event data contains the
> error."
>
> ****************
>
> The DNS server was unable to complete directory service enumeration of
> zone
> rougemont. This DNS server is configured to use information obtained from
> Active Directory for this zone and is unable to load the zone without it.
> Check that the Active Directory is functioning properly and repeat
> enumeration of the zone. The extended error debug information (which may
> be
> empty) is "". The event data contains the error.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> **********
>
> The zone 1.168.192.in-addr.arpa was previously loaded from the directory
> partition MicrosoftDNS but another copy of the zone has been found in
> directory partition ForestDnsZones.rougemont. The DNS Server will ignore
> this
> new copy of the zone. Please resolve this conflict as soon as possible.
>
> If an administrator has moved this zone from one directory partition to
> another this may be a harmless transient condition. In this case, no
> action
> is necessary. The deletion of the original copy of the zone should soon
> replicate to this server.
>
> If there are two copies of this zone in two different directory partitions
> but this is not a transient caused by a zone move operation then one of
> these
> copies should be deleted as soon as possible to resolve this conflict.
>
> To change the replication scope of an application directory partition
> containing DNS zones and for more details on storing DNS zones in the
> application directory partitions, please see Help and Support.
>
> ***************
>
> DNS server has updated its own host (A) records. In order to ensure that
> its DS-integrated peer DNS servers are able to replicate with this server,
> an
> attempt was made to update them with the new records through dynamic
> update.
> An error was encountered during this update, the record data is the error
> code.
>
> If this DNS server does not have any DS-integrated peers, then this error
> should be ignored.
>
> If this DNS server's Active Directory replication partners do not have the
> correct IP address(es) for this server, they will be unable to replicate
> with
> it.
>
> To ensure proper replication:
> 1) Find this server's Active Directory replication partners that run the
> DNS
> server.
> 2) Open DnsManager and connect in turn to each of the replication
> partners.
> 3) On each server, check the host (A record) registration for THIS server.
> 4) Delete any A records that do NOT correspond to IP addresses of this
> server.
> 5) If there are no A records for this server, add at least one A record
> corresponding to an address on this server, that the replication partner
> can
> contact. (In other words, if there multiple IP addresses for this DNS
> server, add at least one that is on the same network as the Active
> Directory
> DNS server you are updating.)
> 6) Note, that is not necessary to update EVERY replication partner. It is
> only necessary that the records are fixed up on enough replication
> partners
> so that every server that replicates with this server will receive
> (through
> replication) the new data.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> I think its fair to say that we have quite a few problems!!
>
> Thanks for your continued help Herb,
>
> Cheers
>
> Sam
>
> "Herb Martin" wrote:
>
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>> "Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:158143B9-9C6C-4EA8-91B3-D706567EF9E7@xxxxxxxxxxxxxxxx
>> > Herb,
>> >
>> > Thanks for the reply.
>> >
>> > A few things: -
>> >
>> > Do they have their DNS name configured in the SYSTEM CONTROL
>> >> panel? (Don't depend on trying to override this on the NIC, but
>> >> rather
>> >> set the System computer name properties.)
>> >>
>> >> Make sure they use ONLY the INTERNAL DNS (don't try to mix
>> >> the ISPs DNS server.)
>> >
>> > They do have their names configured int he system control panel, the
>> > settings on the NIC are untouched (as you say they are configured
>> > correctly
>> > for most instances by default). What I failed to mention earlier was
>> > that
>> > we also have a single label domain name which really confounds our
>> > miseries
>> > further!!
>>
>> Yes, and especially with DYNANIC registration.
>>
>> Single Label domain zone names are a problem, Google:
>> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>>
>> > I have thought about tackling this and have downloaded MS KBs on
>> > the subject of domain renaming but wouldnt fancy trying it without some
>> > consultation on the likelyhood of it screwing up our network
>> > completely.
>> > Have you got first hand experience of attempting this?
>>
>> You cannot rename a Win2000 domain (and can only rename a Win2003
>> under certain special cases.)
>>
>> >> Fine. Maybe not best use of your time. Is there just one WINS
>> >> Server? Usually the entries only get left (after cleanup) if you have
>> >> more than one WINS server (or had one that disappeared.)
>> >
>> > There used to be a different WINS server on the network before a new
>> > DC
>> > was
>> > installed 2 years ago. The old DC was demoted and is now a member
>> > server.
>> > WINS is no longer configured on this server.
>>
>> A missing WINS server may "Own" some of the records which will
>> therefore never be scavenged (the owning server does that) so you
>> can continue to take ownership and delete the abandoned entries manually.
>>
>> For newer entries the automatic expiration and scavenging of records may
>> be adjusted but then should JUST WORK.
>>
>> > Replication of anything (can you
>> > replicate WINS like DNS?) does not take place on our network, are we
>> > being
>> > niave thinking that if DNS isnt functioning properly then we dont
>> > really
>> > need
>> > to have a back up system in place?
>>
>> "isn't functioning properly" you NEED a backup system in place.
>>
>> If you care about your network you will have at least 2 DCs, 2 DNS
>> servers, 2 WINS servers (they might all be on the same pair of machines.)
>>
>> WINS servers can (and should) replicate but must be setup manually to do
>> this
>> (by the admins).
>>
>> DNS must also (except for AD DNS) but the creation of the ZONES on
>> the DNS server pretty much forces you to do that (walks you through the
>> process of having Secondaries pull from MASTER.)
>>
>> > I dont live in the US, im here in sunny Britain but I would like to
>> > take
>> > you
>> > up on your offer, your obviously very enthusiastic about your work so
>> > your
>> > knowledge will be invaluable to me. Many thanks for the offer
>> >
>> > Upon further investigation, it seems that only 2000 clients are
>> > registering
>> > in DNS, XP clients down seem to (see example below)
>> >
>> > Netdiag on the DC: -
>>
>> RUNNING DCDIAG on DCs is BETTER. Us NETDiag mainly for NON-DCs
>>
>> But you have at least one issue with DNS there:
>>
>> > DNS test . . . . . . . . . . . . . : Passed
>> > [WARNING] Cannot find a primary authoritative DNS server for
>> > the
>> > name
>> > 'BQR1.rougemont.'. [RCODE_SERVER_FAILURE]
>> > The name 'BQR1.rougemont.' may not be registered in DNS.
>>
>> Chances are you DCs are not all properly registered with DNS.
>>
>> Deal with the KB articles about single lable DNS.
>>
>> Make sure the DNS zone is DYNAMIC.
>>
>> Then run DCDiag /fix
>>
>> The following was in one or more of my earlier messages (along
>> with the info about single label DNS):
>>
>> --
>> DNS for AD
>> 1) Dynamic for the zone supporting AD
>> 2) All internal DNS clients NIC\IP properties must specify SOLELY
>> that internal, dynamic DNS server (set.)
>> 3) DCs and even DNS servers are DNS clients too -- see #2
>> 4) If you have more than one Domain, every DNS server must
>> be able to resolve ALL domains (either directly or
>> indirectly)
>>
>> netdiag /fix
>>
>> ....or maybe:
>>
>> dcdiag /fix
>>
>> (Win2003 can do this from Support tools):
>> nltest /dsregdns /server:DC-ServerNameGoesHere
>> http://support.microsoft.com/kb/q260371/
>>
>> Ensure that DNS zones/domains are fully replicated to all DNS
>> servers for that (internal) zone/domain.
>>
>> Also useful may be running DCDiag on each DC, sending the
>> output to a text file, and searching for FAIL, ERROR, WARN.
>>
>>
>>
.
- Follow-Ups:
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- References:
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- Prev by Date: Re: WINS and DNS issue
- Next by Date: Re: WINS and DNS issue
- Previous by thread: Re: WINS and DNS issue
- Next by thread: Re: WINS and DNS issue
- Index(es):
Relevant Pages
|
Loading
