Re: WINS and DNS issue
- From: "Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 06:42:02 -0800
Thanks Herb, my apologies if Im beginning to bore you now but there are few
things I have to raise regarding your response.
When I said the that DNS server is configured to to replicate to all other
DCs and to allow secure and unsecure updates this is what is selected in the
properties for our forward lookup zone - We dont actually have another server
configured to replicate to. I have double checked and the old server doesn't
have anything configured for DNS. Does this mean that its causing errors
when trying to replicate? Ive had a look at the options under replication,
at the moment its set to Replicate to all domain controllers in the AD domain
Domainname. It says to set this if you want a 2000 server to load the zone.
Im happy to "fire-up" the old server to be used as a backup system for DNS
and WINS but dont know how and whether or not this option is viable. What do
you think? CAn it be configured to accept logons also if the main DC goes
down? So many questions I know...sorry to be a pain
You were right to suspect the old server of still running WINS, it is and it
has about 10 records in the Active Registrations folder, all of which are
valid for another 6 days. What would you do if you were in this
scenario....delete the old server from the list or setup the replication
properly (im presuming that it isnt setup correctly if its only holding 10
records!)
I have run dcdiag /fix and it has cleared up one problem but it had caused a
failure in another, the DC now fails on: -
An Warning Event occured. EventID: 0x80250829
Time Generated: 12/14/2005 14:12:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80250829
Time Generated: 12/14/2005 14:12:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80250829
Time Generated: 12/14/2005 14:12:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80250829
Time Generated: 12/14/2005 14:12:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x80250829
Time Generated: 12/14/2005 14:12:55
(Event String could not be retrieved)
......................... PLATO failed test kccevent
and
PLATO failed test systemlog
So is the main issue here to do with the fact that my DC is trying to
replicate and register itself with another server which it cant find?
I ran the nltest command on the DC and got this message back: -
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
How can I check if issuing this command has made any difference?
Im so grateful for your help and support, I promise I wont bug you again if
you can just help me this one last time!!
Cheers
Sam
"Herb Martin" wrote:
> "Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:4F324944-06B1-4542-93C9-0A83D51478B9@xxxxxxxxxxxxxxxx
> > Thanks for your response yet again Herb.
> >
> > We do run a win2003 domain so I will google the domain rename, but do you
> > have any first hand experience with tackling this? I've been told that
> > its
> > frought with danger, but maybe if I address a few issues with DNS and WINS
> > our netwwork will at least function a little better which may not require
> > anyting drastic like a domain rename.
>
> Follow the KB articles explicitly and you should be ok.
>
> BUT, I would also see about making sure my DNS was correct
> to begin with -- even if that requires manual registration of the
> DC (not ordinary computer) records.
>
> If you don't make everything able to find the DCs (and each other)
> then you will just be complicating the existing problems.
>
> > Ideally we would like to have 2 DCS, 2 DNS and 2 WINS servers but our
> > budget
> > is very limited as to what we can afford. I will suggest this as the way
> > forward though.
>
> The alternative is REALLY GOOD (e.g., daily) backups AND
> UPS systems.
>
> > The output from the DC was from running dcdiag, i incorrectly typed
> > netdiag.
>
> It did sort of look like that.
>
> > DNS is setup to be AD integrated, to replicate to all other DCs and to
> > allow
> > secure and unsecure updates. DNS isnt set up for zone transfers and "Use
> > WINS forward lookup" is not selected. Does this sound about right?
>
> Well, if you have more than one DC then you already have a place
> to put your 2 DNS/WINS servers.
>
> > Why is it that win2k clients seem to register with dns but XP clients
> > dont?
>
> My guess would be that the XP still has something wrong on their
> NIC (multiple irrelevant DNS servers) OR that one of the NICs
> is unroutable from the XP side but is the one listed in DNS.
>
> > I will look at all your suggestions and attempt to address our problems.
> > Is
> > it completely safe to run dcdiag /fix?
>
> Yes. I always run it once, capture to file FIRST, so that I can compare the
> results after the fix (I like to know if anything was actually improved.)
>
> BUT notice it won't fix EVERYTHING, just some limited problems.
>
> > Our DNS eventvwr is full of errors about the DC not being able to register
> > itself with DNS. Here are a few sample errors: -
>
> Yes. This is where I have been pointing you all along.
>
> > "The DNS server has encountered a critical error from the Active
> > Directory.
> > Check that the Active Directory is functioning properly. The extended
> > error
> > debug information (which may be empty) is "". The event data contains the
> > error."
> >
> > ****************
> >
> > The DNS server was unable to complete directory service enumeration of
> > zone
> > rougemont. This DNS server is configured to use information obtained from
> > Active Directory for this zone and is unable to load the zone without it.
> > Check that the Active Directory is functioning properly and repeat
> > enumeration of the zone. The extended error debug information (which may
> > be
> > empty) is "". The event data contains the error.
>
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > **********
> >
> > The zone 1.168.192.in-addr.arpa was previously loaded from the directory
> > partition MicrosoftDNS but another copy of the zone has been found in
> > directory partition ForestDnsZones.rougemont. The DNS Server will ignore
> > this
> > new copy of the zone. Please resolve this conflict as soon as possible.
> >
> > If an administrator has moved this zone from one directory partition to
> > another this may be a harmless transient condition. In this case, no
> > action
> > is necessary. The deletion of the original copy of the zone should soon
> > replicate to this server.
> >
> > If there are two copies of this zone in two different directory partitions
> > but this is not a transient caused by a zone move operation then one of
> > these
> > copies should be deleted as soon as possible to resolve this conflict.
> >
> > To change the replication scope of an application directory partition
> > containing DNS zones and for more details on storing DNS zones in the
> > application directory partitions, please see Help and Support.
> >
> > ***************
> >
> > DNS server has updated its own host (A) records. In order to ensure that
> > its DS-integrated peer DNS servers are able to replicate with this server,
> > an
> > attempt was made to update them with the new records through dynamic
> > update.
> > An error was encountered during this update, the record data is the error
> > code.
> >
> > If this DNS server does not have any DS-integrated peers, then this error
> > should be ignored.
> >
> > If this DNS server's Active Directory replication partners do not have the
> > correct IP address(es) for this server, they will be unable to replicate
> > with
> > it.
> >
> > To ensure proper replication:
> > 1) Find this server's Active Directory replication partners that run the
> > DNS
> > server.
> > 2) Open DnsManager and connect in turn to each of the replication
> > partners.
> > 3) On each server, check the host (A record) registration for THIS server.
> > 4) Delete any A records that do NOT correspond to IP addresses of this
> > server.
> > 5) If there are no A records for this server, add at least one A record
> > corresponding to an address on this server, that the replication partner
> > can
> > contact. (In other words, if there multiple IP addresses for this DNS
> > server, add at least one that is on the same network as the Active
> > Directory
> > DNS server you are updating.)
> > 6) Note, that is not necessary to update EVERY replication partner. It is
> > only necessary that the records are fixed up on enough replication
> > partners
> > so that every server that replicates with this server will receive
> > (through
> > replication) the new data.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > I think its fair to say that we have quite a few problems!!
> >
> > Thanks for your continued help Herb,
> >
> > Cheers
> >
> > Sam
> >
> > "Herb Martin" wrote:
> >
> >>
> >>
> >> --
> >> Herb Martin, MCSE, MVP
> >> Accelerated MCSE
> >> http://www.LearnQuick.Com
> >> [phone number on web site]
> >>
> >> "Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:158143B9-9C6C-4EA8-91B3-D706567EF9E7@xxxxxxxxxxxxxxxx
> >> > Herb,
> >> >
> >> > Thanks for the reply.
> >> >
> >> > A few things: -
> >> >
> >> > Do they have their DNS name configured in the SYSTEM CONTROL
> >> >> panel? (Don't depend on trying to override this on the NIC, but
> >> >> rather
> >> >> set the System computer name properties.)
> >> >>
> >> >> Make sure they use ONLY the INTERNAL DNS (don't try to mix
> >> >> the ISPs DNS server.)
> >> >
> >> > They do have their names configured int he system control panel, the
> >> > settings on the NIC are untouched (as you say they are configured
> >> > correctly
> >> > for most instances by default). What I failed to mention earlier was
> >> > that
> >> > we also have a single label domain name which really confounds our
> >> > miseries
> >> > further!!
> >>
> >> Yes, and especially with DYNANIC registration.
> >>
> >> Single Label domain zone names are a problem, Google:
> >> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
> >>
> >> > I have thought about tackling this and have downloaded MS KBs on
> >> > the subject of domain renaming but wouldnt fancy trying it without some
> >> > consultation on the likelyhood of it screwing up our network
> >> > completely.
> >> > Have you got first hand experience of attempting this?
> >>
> >> You cannot rename a Win2000 domain (and can only rename a Win2003
> >> under certain special cases.)
> >>
> >> >> Fine. Maybe not best use of your time. Is there just one WINS
> >> >> Server? Usually the entries only get left (after cleanup) if you have
> >> >> more than one WINS server (or had one that disappeared.)
> >> >
> >> > There used to be a different WINS server on the network before a new
> >> > DC
> >> > was
> >> > installed 2 years ago. The old DC was demoted and is now a member
> >> > server.
> >> > WINS is no longer configured on this server.
> >>
> >> A missing WINS server may "Own" some of the records which will
> >> therefore never be scavenged (the owning server does that) so you
> >> can continue to take ownership and delete the abandoned entries manually.
> >>
> >> For newer entries the automatic expiration and scavenging of records may
> >> be adjusted but then should JUST WORK.
> >>
> >> > Replication of anything (can you
> >> > replicate WINS like DNS?) does not take place on our network, are we
> >> > being
> >> > niave thinking that if DNS isnt functioning properly then we dont
> >> > really
> >> > need
> >> > to have a back up system in place?
> >>
> >> "isn't functioning properly" you NEED a backup system in place.
> >>
> >> If you care about your network you will have at least 2 DCs, 2 DNS
> >> servers, 2 WINS servers (they might all be on the same pair of machines.)
> >>
> >> WINS servers can (and should) replicate but must be setup manually to do
> >> this
> >> (by the admins).
> >>
> >> DNS must also (except for AD DNS) but the creation of the ZONES on
> >> the DNS server pretty much forces you to do that (walks you through the
> >> process of having Secondaries pull from MASTER.)
> >>
> >> > I dont live in the US, im here in sunny Britain but I would like to
> >> > take
> >> > you
> >> > up on your offer, your obviously very enthusiastic about your work so
> >> > your
> >> > knowledge will be invaluable to me. Many thanks for the offer
> >> >
> >> > Upon further investigation, it seems that only 2000 clients are
> >> > registering
> >> > in DNS, XP clients down seem to (see example below)
> >> >
> >> > Netdiag on the DC: -
> >>
> >> RUNNING DCDIAG on DCs is BETTER. Us NETDiag mainly for NON-DCs
> >>
> >> But you have at least one issue with DNS there:
> >>
> >> > DNS test . . . . . . . . . . . . . : Passed
> >> > [WARNING] Cannot find a primary authoritative DNS server for
> >> > the
> >> > name
> >> > 'BQR1.rougemont.'. [RCODE_SERVER_FAILURE]
> >> > The name 'BQR1.rougemont.' may not be registered in DNS.
> >>
> >> Chances are you DCs are not all properly registered with DNS.
> >>
> >> Deal with the KB articles about single lable DNS.
> >>
> >> Make sure the DNS zone is DYNAMIC.
> >>
> >> Then run DCDiag /fix
> >>
> >> The following was in one or more of my earlier messages (along
> >> with the info about single label DNS):
> >>
> >> --
> >> DNS for AD
> >> 1) Dynamic for the zone supporting AD
> >> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> >> that internal, dynamic DNS server (set.)
> >> 3) DCs and even DNS servers are DNS clients too -- see #2
> >> 4) If you have more than one Domain, every DNS server must
> >> be able to resolve ALL domains (either directly or
> >> indirectly)
> >>
> >> netdiag /fix
.
- Follow-Ups:
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- References:
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- Prev by Date: Re: WINS and DNS issue
- Next by Date: Client DNS issue?
- Previous by thread: Re: WINS and DNS issue
- Next by thread: Re: WINS and DNS issue
- Index(es):
Relevant Pages
|
