Re: WINS and DNS issue
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 11:50:55 -0600
"Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1F2EA7FB-95D4-435E-B971-A86EE6282C26@xxxxxxxxxxxxxxxx
> Thanks Herb, my apologies if Im beginning to bore you now but there are
> few
> things I have to raise regarding your response.
No, you won't bore me probably as long as you are explicit
in stating problems. (I get frustrated with people who post
long 'explanations' using ambiguous language and unclear
problem statements.)
> When I said the that DNS server is configured to to replicate to all other
> DCs and to allow secure and unsecure updates this is what is selected in
> the
> properties for our forward lookup zone - We dont actually have another
> server
> configured to replicate to.
Then saying it is so configured is misleading. There is no
replication if you have only one DNS server.
> I have double checked and the old server doesn't
> have anything configured for DNS. Does this mean that its causing errors
> when trying to replicate?
If any DNS client (including itself or any other DC) is set to still
use it then it might be causing a problem.
Make sure you have EVERY Internal DNS client using strictly
the WORKING INTERNAL DNS server (set). Whatever that
set really is.
> Ive had a look at the options under replication,
> at the moment its set to Replicate to all domain controllers in the AD
> domain
> Domainname.
Then if you are fully replicated (DCDiag) then why not just
make a similar (AD Integrated Primary zone) on EVER such
DC.
They have the records anyway, why not let them service DNS.
> It says to set this if you want a 2000 server to load the zone.
> Im happy to "fire-up" the old server to be used as a backup system for DNS
> and WINS but dont know how and whether or not this option is viable. What
> do
> you think? CAn it be configured to accept logons also if the main DC goes
> down? So many questions I know...sorry to be a pain
Such "configuration" is unnecessary; if you make sure there there is
a DC with DNS working (and maybe WINS server) then that is just
the way such DCs "work".
Win2000+ DCs are multimastered -- all can log you own (true even
of NT BDCs) AND all can accept changes to the database (not true in NT.)
> You were right to suspect the old server of still running WINS, it is and
> it
> has about 10 records in the Active Registrations folder, all of which are
> valid for another 6 days.
This explain a "split NetBIOS" -- some machines registered and using
ONE WINS Server, others using another.
Make sure these replicate or turn off the unneeded and MAKE SURE t
that all NetBIOS clients (including DCs and even the WINS SERVERS
themselves) use STRICTLY the "approved and working" WINS Server(s).
> What would you do if you were in this
> scenario....delete the old server from the list or setup the replication
> properly (im presuming that it isnt setup correctly if its only holding 10
> records!)
I would prefer multiple WINS Servers that are fully replicated.
If I had two DCs then I would make both of them AD-DNS Integrated AND
WINS servers in most cases.
I would make sure they replicate AD, DNS, and WINS records.
> I have run dcdiag /fix and it has cleared up one problem but it had caused
> a
> failure in another, the DC now fails on: -
>
> An Warning Event occured. EventID: 0x80250829
> Time Generated: 12/14/2005 14:12:55
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x80250829
> Time Generated: 12/14/2005 14:12:55
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x80250829
> Time Generated: 12/14/2005 14:12:55
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x80250829
> Time Generated: 12/14/2005 14:12:55
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x80250829
> Time Generated: 12/14/2005 14:12:55
> (Event String could not be retrieved)
> ......................... PLATO failed test kccevent
If this is in the "Event Log" section then go CLEAR your event
logs (save current entries if you wish).
DCDiag will forever report a problem if certain errors are
present in the System, AD, etc. logs. Even if the underlying
problems have been (long since) repaired.
If he errors come back then the problem however has not been
fixed.
> and
>
> PLATO failed test systemlog
>
> So is the main issue here to do with the fact that my DC is trying to
> replicate and register itself with another server which it cant find?
This could easily be. ALL DCs must be registered in the common
DNS zone (database) and use strictly the DNS servers (on their client
NIC->IP settings) which can resolve ALL of these internal names in
that zone.
> I ran the nltest command on the DC and got this message back: -
>
> Flags: 0
> Connection Status = 0 0x0 NERR_Success
> The command completed successfully
>
> How can I check if issuing this command has made any difference?
NLTest is one of the most frustratingly complex command lines;
I generally recommend DCDiag for chechking DCs and NetDiag
for checking other machines.
> Im so grateful for your help and support, I promise I wont bug you again
> if
> you can just help me this one last time!!
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> Cheers
>
> Sam
>
> "Herb Martin" wrote:
>
>> "Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:4F324944-06B1-4542-93C9-0A83D51478B9@xxxxxxxxxxxxxxxx
>> > Thanks for your response yet again Herb.
>> >
>> > We do run a win2003 domain so I will google the domain rename, but do
>> > you
>> > have any first hand experience with tackling this? I've been told that
>> > its
>> > frought with danger, but maybe if I address a few issues with DNS and
>> > WINS
>> > our netwwork will at least function a little better which may not
>> > require
>> > anyting drastic like a domain rename.
>>
>> Follow the KB articles explicitly and you should be ok.
>>
>> BUT, I would also see about making sure my DNS was correct
>> to begin with -- even if that requires manual registration of the
>> DC (not ordinary computer) records.
>>
>> If you don't make everything able to find the DCs (and each other)
>> then you will just be complicating the existing problems.
>>
>> > Ideally we would like to have 2 DCS, 2 DNS and 2 WINS servers but our
>> > budget
>> > is very limited as to what we can afford. I will suggest this as the
>> > way
>> > forward though.
>>
>> The alternative is REALLY GOOD (e.g., daily) backups AND
>> UPS systems.
>>
>> > The output from the DC was from running dcdiag, i incorrectly typed
>> > netdiag.
>>
>> It did sort of look like that.
>>
>> > DNS is setup to be AD integrated, to replicate to all other DCs and to
>> > allow
>> > secure and unsecure updates. DNS isnt set up for zone transfers and
>> > "Use
>> > WINS forward lookup" is not selected. Does this sound about right?
>>
>> Well, if you have more than one DC then you already have a place
>> to put your 2 DNS/WINS servers.
>>
>> > Why is it that win2k clients seem to register with dns but XP clients
>> > dont?
>>
>> My guess would be that the XP still has something wrong on their
>> NIC (multiple irrelevant DNS servers) OR that one of the NICs
>> is unroutable from the XP side but is the one listed in DNS.
>>
>> > I will look at all your suggestions and attempt to address our
>> > problems.
>> > Is
>> > it completely safe to run dcdiag /fix?
>>
>> Yes. I always run it once, capture to file FIRST, so that I can compare
>> the
>> results after the fix (I like to know if anything was actually improved.)
>>
>> BUT notice it won't fix EVERYTHING, just some limited problems.
>>
>> > Our DNS eventvwr is full of errors about the DC not being able to
>> > register
>> > itself with DNS. Here are a few sample errors: -
>>
>> Yes. This is where I have been pointing you all along.
>>
>> > "The DNS server has encountered a critical error from the Active
>> > Directory.
>> > Check that the Active Directory is functioning properly. The extended
>> > error
>> > debug information (which may be empty) is "". The event data contains
>> > the
>> > error."
>> >
>> > ****************
>> >
>> > The DNS server was unable to complete directory service enumeration of
>> > zone
>> > rougemont. This DNS server is configured to use information obtained
>> > from
>> > Active Directory for this zone and is unable to load the zone without
>> > it.
>> > Check that the Active Directory is functioning properly and repeat
>> > enumeration of the zone. The extended error debug information (which
>> > may
>> > be
>> > empty) is "". The event data contains the error.
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>> >
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> >
>> > **********
>> >
>> > The zone 1.168.192.in-addr.arpa was previously loaded from the
>> > directory
>> > partition MicrosoftDNS but another copy of the zone has been found in
>> > directory partition ForestDnsZones.rougemont. The DNS Server will
>> > ignore
>> > this
>> > new copy of the zone. Please resolve this conflict as soon as possible.
>> >
>> > If an administrator has moved this zone from one directory partition to
>> > another this may be a harmless transient condition. In this case, no
>> > action
>> > is necessary. The deletion of the original copy of the zone should soon
>> > replicate to this server.
>> >
>> > If there are two copies of this zone in two different directory
>> > partitions
>> > but this is not a transient caused by a zone move operation then one of
>> > these
>> > copies should be deleted as soon as possible to resolve this conflict.
>> >
>> > To change the replication scope of an application directory partition
>> > containing DNS zones and for more details on storing DNS zones in the
>> > application directory partitions, please see Help and Support.
>> >
>> > ***************
>> >
>> > DNS server has updated its own host (A) records. In order to ensure
>> > that
>> > its DS-integrated peer DNS servers are able to replicate with this
>> > server,
>> > an
>> > attempt was made to update them with the new records through dynamic
>> > update.
>> > An error was encountered during this update, the record data is the
>> > error
>> > code.
>> >
>> > If this DNS server does not have any DS-integrated peers, then this
>> > error
>> > should be ignored.
>> >
>> > If this DNS server's Active Directory replication partners do not have
>> > the
>> > correct IP address(es) for this server, they will be unable to
>> > replicate
>> > with
>> > it.
>> >
>> > To ensure proper replication:
>> > 1) Find this server's Active Directory replication partners that run
>> > the
>> > DNS
>> > server.
>> > 2) Open DnsManager and connect in turn to each of the replication
>> > partners.
>> > 3) On each server, check the host (A record) registration for THIS
>> > server.
>> > 4) Delete any A records that do NOT correspond to IP addresses of this
>> > server.
>> > 5) If there are no A records for this server, add at least one A record
>> > corresponding to an address on this server, that the replication
>> > partner
>> > can
>> > contact. (In other words, if there multiple IP addresses for this DNS
>> > server, add at least one that is on the same network as the Active
>> > Directory
>> > DNS server you are updating.)
>> > 6) Note, that is not necessary to update EVERY replication partner. It
>> > is
>> > only necessary that the records are fixed up on enough replication
>> > partners
>> > so that every server that replicates with this server will receive
>> > (through
>> > replication) the new data.
>> >
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> >
>> > I think its fair to say that we have quite a few problems!!
>> >
>> > Thanks for your continued help Herb,
>> >
>> > Cheers
>> >
>> > Sam
>> >
>> > "Herb Martin" wrote:
>> >
>> >>
>> >>
>> >> --
>> >> Herb Martin, MCSE, MVP
>> >> Accelerated MCSE
>> >> http://www.LearnQuick.Com
>> >> [phone number on web site]
>> >>
>> >> "Sambo" <Sambo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:158143B9-9C6C-4EA8-91B3-D706567EF9E7@xxxxxxxxxxxxxxxx
>> >> > Herb,
>> >> >
>> >> > Thanks for the reply.
>> >> >
>> >> > A few things: -
>> >> >
>> >> > Do they have their DNS name configured in the SYSTEM CONTROL
>> >> >> panel? (Don't depend on trying to override this on the NIC, but
>> >> >> rather
>> >> >> set the System computer name properties.)
>> >> >>
>> >> >> Make sure they use ONLY the INTERNAL DNS (don't try to mix
>> >> >> the ISPs DNS server.)
>> >> >
>> >> > They do have their names configured int he system control panel, the
>> >> > settings on the NIC are untouched (as you say they are configured
>> >> > correctly
>> >> > for most instances by default). What I failed to mention earlier
>> >> > was
>> >> > that
>> >> > we also have a single label domain name which really confounds our
>> >> > miseries
>> >> > further!!
>> >>
>> >> Yes, and especially with DYNANIC registration.
>> >>
>> >> Single Label domain zone names are a problem, Google:
>> >> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>> >>
>> >> > I have thought about tackling this and have downloaded MS KBs on
>> >> > the subject of domain renaming but wouldnt fancy trying it without
>> >> > some
>> >> > consultation on the likelyhood of it screwing up our network
>> >> > completely.
>> >> > Have you got first hand experience of attempting this?
>> >>
>> >> You cannot rename a Win2000 domain (and can only rename a Win2003
>> >> under certain special cases.)
>> >>
>> >> >> Fine. Maybe not best use of your time. Is there just one WINS
>> >> >> Server? Usually the entries only get left (after cleanup) if you
>> >> >> have
>> >> >> more than one WINS server (or had one that disappeared.)
>> >> >
>> >> > There used to be a different WINS server on the network before a
>> >> > new
>> >> > DC
>> >> > was
>> >> > installed 2 years ago. The old DC was demoted and is now a member
>> >> > server.
>> >> > WINS is no longer configured on this server.
>> >>
>> >> A missing WINS server may "Own" some of the records which will
>> >> therefore never be scavenged (the owning server does that) so you
>> >> can continue to take ownership and delete the abandoned entries
>> >> manually.
>> >>
>> >> For newer entries the automatic expiration and scavenging of records
>> >> may
>> >> be adjusted but then should JUST WORK.
>> >>
>> >> > Replication of anything (can you
>> >> > replicate WINS like DNS?) does not take place on our network, are we
>> >> > being
>> >> > niave thinking that if DNS isnt functioning properly then we dont
>> >> > really
>> >> > need
>> >> > to have a back up system in place?
>> >>
>> >> "isn't functioning properly" you NEED a backup system in place.
>> >>
>> >> If you care about your network you will have at least 2 DCs, 2 DNS
>> >> servers, 2 WINS servers (they might all be on the same pair of
>> >> machines.)
>> >>
>> >> WINS servers can (and should) replicate but must be setup manually to
>> >> do
>> >> this
>> >> (by the admins).
>> >>
>> >> DNS must also (except for AD DNS) but the creation of the ZONES on
>> >> the DNS server pretty much forces you to do that (walks you through
>> >> the
>> >> process of having Secondaries pull from MASTER.)
>> >>
>> >> > I dont live in the US, im here in sunny Britain but I would like to
>> >> > take
>> >> > you
>> >> > up on your offer, your obviously very enthusiastic about your work
>> >> > so
>> >> > your
>> >> > knowledge will be invaluable to me. Many thanks for the offer
>> >> >
>> >> > Upon further investigation, it seems that only 2000 clients are
>> >> > registering
>> >> > in DNS, XP clients down seem to (see example below)
>> >> >
>> >> > Netdiag on the DC: -
>> >>
>> >> RUNNING DCDIAG on DCs is BETTER. Us NETDiag mainly for NON-DCs
>> >>
>> >> But you have at least one issue with DNS there:
>> >>
>> >> > DNS test . . . . . . . . . . . . . : Passed
>> >> > [WARNING] Cannot find a primary authoritative DNS server
>> >> > for
>> >> > the
>> >> > name
>> >> > 'BQR1.rougemont.'. [RCODE_SERVER_FAILURE]
>> >> > The name 'BQR1.rougemont.' may not be registered in DNS.
>> >>
>> >> Chances are you DCs are not all properly registered with DNS.
>> >>
>> >> Deal with the KB articles about single lable DNS.
>> >>
>> >> Make sure the DNS zone is DYNAMIC.
>> >>
>> >> Then run DCDiag /fix
>> >>
>> >> The following was in one or more of my earlier messages (along
>> >> with the info about single label DNS):
>> >>
>> >> --
>> >> DNS for AD
>> >> 1) Dynamic for the zone supporting AD
>> >> 2) All internal DNS clients NIC\IP properties must specify SOLELY
>> >> that internal, dynamic DNS server (set.)
>> >> 3) DCs and even DNS servers are DNS clients too -- see #2
>> >> 4) If you have more than one Domain, every DNS server must
>> >> be able to resolve ALL domains (either directly or
>> >> indirectly)
>> >>
>> >> netdiag /fix
.
- References:
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- From: Herb Martin
- Re: WINS and DNS issue
- From: Sambo
- Re: WINS and DNS issue
- Prev by Date: Re: DNS not working after AD install
- Next by Date: Re: DNS Setup
- Previous by thread: Re: WINS and DNS issue
- Next by thread: Re: WINS and DNS issue
- Index(es):
Relevant Pages
|
