Re: W2000Server DNS config wrong, how to fix or replace?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Herb Martin (news_at_LearnQuick.com)
Date: 03/25/04 

Date: Wed, 24 Mar 2004 22:14:50 -0600

<dmorgan-with-suffixed-"1"-ATdslextreme.com> wrote in message
news:j5j4601sl9tfltb9423dmr4m2e2q15864h@4ax.com...
> DNS is wrong on a Win2000Server and I want to figure out how to make
> it right.
>
> It's Windows2000 Advanced Server in a small, non-critical test
> network. For experiment I configured DNS on it one day, using
> "windows.bogus" for a fictitious DNS domain name. A week later I
> dcpromo'd so the machine became a domain controller. The
> domain name is ACME. The server's IP is 192.168.3.3 and hostname is
> EMACH2.

This domain is unrelated to the windows.bogus Zone. You need a zone
corresponding to ACME -- and since single tag domain names are a
very bad idea and this is a test domain, I would suggest you first DCPromo,
destroy the domain, set the machine name to a full DNS name and the
re-perform the DCPromo to create a (new) domain.

> I became aware DNS is wrong when a Win2000Pro machine (192.168.3.11)
> couldn't join the domain. Here's that attempt, in a packet capture
> taken at the server while the 2000Pro tried to join:

You need a Dynamic DNS zone corresponding to the Windows Domain
name -- the domain really should be TWO or more tags, e.g., domain.com
or domain.bogus but not just "domainname".

All clients of the domain -- including DCs -- must configure ONLY the
internal DNS server (set) in their NIC\IP properties. 

-- 
Herb Martin
>
>
> Source                Destination           Protocol Info
>
> 192.168.3.11          192.168.3.3           DNS      Standard query
> SRV _ldap._tcp.dc._msdcs.ACME
>
> 192.168.3.3           192.168.3.11          DNS      Standard query
> response, No such name
>
> 00:90:27:9a:b5:b4     03:00:00:00:00:01     NETLOGON SAM LOGON request
> from client
>
> 00:90:27:9a:b5:b4     03:00:00:00:00:01     NETLOGON SAM LOGON request
> from client
>
> 00:90:27:9a:b5:b4     03:00:00:00:00:01     NETLOGON SAM LOGON request
> from client
>
>
> The netlogon appeals are unanswered by the server. I think becuase of
> the DNS inability in the 2nd packet to resolve the inquiry of the 1st.
> I know linux but am weak on windows, and uncertain what the inquiry is
> asking.
>
> I could happily blow away my DNS configuration to build a correct one
> from scratch but don't know how. Any tips appreciated.
>
> -------------------------------------------------------------
> Additional info - results of 2 diagnostics:
>
> dcdiag /test:connectivity /v   and
> netdiag /test:DNS /v /l
>
>
>
> 1) Result of dcdiag /test:connectivity /v:
>
> DC Diagnosis
>
> Performing initial setup:
>    * Verifing that the local machine emach2, is a DC.
>    * Connecting to directory service on server emach2.
>    * Collecting site info.
>    * Identifying all servers.
>    * Found 1 DC(s). Testing 1 of them.
>    Done gathering initial info.
>
> Doing initial non skippeable tests
>
>    Testing server: Default-First-Site-Name\EMACH2
>       Starting test: Connectivity
>          * Active Directory LDAP Services Check
>          EMACH2's server GUID DNS name could not be resolved to an
>          IP address.  Check the DNS server, DHCP, server name, etc
>          Although the Guid DNS name
> (a3e47f92-0f42-4ec2-80db-8e2041e71ac0._msdcs.windows.bogus) couldn't
> be
>
> resolved, the server name (emach2.windows.bogus) resolved to the IP
> address (192.168.3.3) and was pingable.  Check
>
> that the IP address is         registered correctly with the DNS
> server.
>          ......................... EMACH2 failed test Connectivity
>
>
>
>
>
> 2) Result of netdiag /test:DNS /v /l:
>
>
>     Gathering IPX configuration information.
>     Querying status of the Netcard drivers... Passed
>     Testing Domain membership... Passed
>     Gathering NetBT configuration information.
>     Testing DNS
>     [WARNING] The DNS entries for this DC are not registered correctly
> on DNS server '192.168.3.3'. Please wait for 30
>
> minutes for DNS server replication.
>         [FATAL] No DNS servers have the DNS records for this DC
> registered.
>
>     Tests complete.
>
>
>     Computer Name: EMACH2
>     DNS Host Name: emach2.windows.bogus
>     DNS Domain Name: windows.bogus
>     System info : Windows 2000 Server (Build 2195)
>     Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
>     Hotfixes :
>         Installed?      Name
>            Yes          Q147222
>
>
> Netcard queries test . . . . . . . : Passed
>
>     Information of Netcard drivers:
>
>
> --------------------------------------------------------------------------
-
>     Description: NETGEAR FA310TX Fast Ethernet Adapter (DC21x4)
>     Device: \DEVICE\{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
>
>     Media State:                     Connected
>
>     Device State:                    Connected
>     Connect Time:                    05:58:58
>     Media Speed:                     100 Mbps
>
>     Packets Sent:                    471092
>     Bytes Sent (Optional):           669237589
>
>     Packets Received:                475860
>     Directed Pkts Recd (Optional):   475408
>     Bytes Received (Optional):       60307308
>     Directed Bytes Recd (Optional):  60307308
>
>
> --------------------------------------------------------------------------
-
>     [PASS] - At least one netcard is in the 'Connected' state.
>
>
>
> Per interface results:
>
>     Adapter : Local Area Connection
>         Adapter ID . . . . . . . . :
> {6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
>
>         Netcard queries test . . . : Passed
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
>     Machine is a . . . . . . . . . : Primary Domain Controller
> Emulator
>     Netbios Domain name. . . . . . : ACME
>     Dns domain name. . . . . . . . : windows.bogus
>     Dns forest name. . . . . . . . : windows.bogus
>     Domain Guid. . . . . . . . . . :
> {79E56F16-347B-4C63-BADD-6545B51D70CB}
>     Domain Sid . . . . . . . . . . :
> S-1-5-21-1060284298-920026266-1202660629
>     Logon User . . . . . . . . . . : administrator
>     Logon Domain . . . . . . . . . : ACME
>
>
> NetBT transports test. . . . . . . : Passed
>     List of NetBt transports currently configured:
>         NetBT_Tcpip_{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
>     1 NetBt transport currently configured.
>
>
> DNS test . . . . . . . . . . . . . : Failed
>       Interface {6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
>         DNS Domain:
>         DNS Servers: 192.168.3.3
>         IP Address: 192.168.3.3
>         Expected registration with PDN (primary DNS domain name):
>           Hostname: emach2.windows.bogus.
>           [WARNING] Cannot find a primary authoritative DNS server for
> the name
>             'emach2.windows.bogus.'. [RCODE_SERVER_FAILURE]
>             The name 'emach2.windows.bogus.' may not be registered in
> DNS.
> Check the DNS registration for DCs entries on DNS server '192.168.3.3'
> The Record is correct on DNS server '192.168.3.3'.
>
> The Record is correct on DNS server '192.168.3.3'.
>
> The Record is correct on DNS server '192.168.3.3'.
>
> The Record is correct on DNS server '192.168.3.3'.
>
> Query for DC DNS entry windows.bogus. on DNS server 192.168.3.3
> failed.
> DNS Error code: 0x0000251D
> Query for DC DNS entry _ldap._tcp.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _ldap._tcp.pdc._msdcs.windows.bogus. on DNS
> server 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _ldap._tcp.gc._msdcs.windows.bogus. on DNS
> server 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry
>
_ldap._tcp.79e56f16-347b-4c63-badd-6545b51d70cb.domains._msdcs.windows.bogus
.
> on DNS server
>
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry gc._msdcs.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry
> a3e47f92-0f42-4ec2-80db-8e2041e71ac0._msdcs.windows.bogus. on DNS
> server 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _kerberos._tcp.dc._msdcs.windows.bogus. on DNS
> server 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _ldap._tcp.dc._msdcs.windows.bogus. on DNS
> server 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _kerberos._tcp.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _gc._tcp.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _kerberos._udp.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _kpasswd._tcp.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry _kpasswd._udp.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry
> _ldap._tcp.Default-First-Site-Name._sites.windows.bogus. on DNS server
> 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
> Query for DC DNS entry
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.windows.bogus. on
> DNS server 192.168.3.3 failed.
> DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
> server)
>     [WARNING] The DNS entries for this DC are not registered correctly
> on DNS server '192.168.3.3'. Please wait for 30
>
> minutes for DNS server replication.
>     [FATAL] No DNS servers have the DNS records for this DC
> registered.
>
>
> The command completed successfully

Relevant Pages

  • Issues migrating SBS 2003 domain to Server 2008 Standard
    ... We are stuck migrating our SBS 2003 domain to Server 2008. ... Fatal Error:DsGetDcName (SRV-EXCH) call failed, ... Verify your Domain Name Sysytem (DNS) is ... network connectivity to a domain controller. ...
    (microsoft.public.windows.server.sbs)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... The name.local entries are used by my apache server to implement ... change button, more button, the "Primary DNS suffix of this ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... button, more button, the "Primary DNS suffix of this computer", it should ... The Security System could not establish a secured connection with the server ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... DNS Host Name: tonyb-pc.imageproc.imageproc.com ... Testing IpConfig - pinging the DHCP Server... ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Issues migrating SBS 2003 domain to Server 2008 Standard
    ... Since you have migrated to standard server 2008 you would be better served posting in a Standard server NG. ... Event String: ... Verify your Domain Name Sysytem (DNS) is ... network connectivity to a domain controller. ...
    (microsoft.public.windows.server.sbs)