Re: Event ID 5774 / DNS Registrations fail and AD does not replicate
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 17:15:48 -0000
i forgot to post this
http://eventid.net/display.asp?eventid=5774&eventno=353&source=NETLOGON&phase=1
--
*************************************************
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA + Exchange + MSCE
*************************************************
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:evNTAAZDHHA.4060@xxxxxxxxxxxxxxxxxxxxxxx
Hi
what do you mean that the server is authoritative for both domains? Each Dc can only have 1 domain, however 1 domain can have multiple DCs, which is different.
Did you create delegation for child domain?
Is the DC in the child domain (assuming that is a DNS server) hosing the child domain zone? (also make sure that at the child domain you can resolve the parent domain).
Make sure that each DC (assuming that is a DNS) point only to itself under Preferred DNS server.
Have a look at these articles to configure your servers correctly in multidomain environment, also run dcdiag and netdiag and make sure that everything is ok
http://support.microsoft.com/kb/255248/en-us
http://support.microsoft.com/kb/323380/en-us
--
*************************************************
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA + Exchange + MSCE
*************************************************
"HarryH" <HarryH@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:663E5D7F-3C43-425C-8C65-F40725E32B98@xxxxxxxxxxxxxxxxHello,
I habe run into the following real puzzling issue:
We have a 2000 native mode forest root domain and a 2000 mixed mode child
domain. The main DNS server is running 2003 SP1 and has it's object in the
forest root domain. It is authoritative for both domains and has "only secure
updates" turned on. The PDC emulator of the child domain is also running 2003
SP1 but has lately experienced issues. I regularly see multiple error
messages in the system log telling me, that some AD related DNS registrations
failed. Unfortunately they're in German, but this is the translated summary:
Event-ID 5774, The dynamic update of .... failed
RCODE 5, Statuscode 9016
Additional Info: The DNS signature could not be verified
These are the SRV-Records that could not be registered:
_ldap._tcp.dc._msdcs.<CHILDDOM>.<ROOTDOM>.de.
_kerberos._tcp.<CHILDDOM>.<ROOTDOM>.de. 600 IN SRV 0 100 88
<SERVER>.<CHILDDOM>.<ROOTDOM>.de
_kerberos._udp.<CHILDDOM>.<ROOTDOM>.de. 600 IN SRV 0 100 88
<SERVER>.<CHILDDOM>.<ROOTDOM>.de.
_kpasswd._tcp.<CHILDDOM>.<ROOTDOM>.de. 600 IN SRV 0 100 464
<SERVER>.<CHILDDOM>.<ROOTDOM>.de
_kpasswd._udp.<CHILDDOM>.<ROOTDOM>.de. 600 IN SRV 0 100 464
<SERVER>.<CHILDDOM>.<ROOTDOM>.de.
If I look into the Directory Service log I get warnings about this server
not being able to replicate with other servers in the forest root domain:
Event-ID 1925
Additional Info: 8453 Replication access denied
I would assume that this is occuring because of the missing DNS records
making this a result of the previous errors?
I have spent lots of time searching for hints. I suspected the DCs password
to be bad so I used netdom to reset it following KB325850. No change.
I also thought it could be a permissions issue, so I gave <SERVER>$ full
control to the zones. Still no luck.
Interesting enough, DCdiag's RegisterInDns test passes. So do the other
tests, except for the log-related ones.
NLTEST tells me that there was a failure in the last update for one of the
DC-specific DNS records.
It does not seem to be a trust issue, since other DCs in the child domain
can replicate with DCs in the forest root just fine.
Does anybody have an idea? Any help would be greatly appreciated!
Thanks
HarryH
.
- References:
- Prev by Date: Re: Event ID 5774 / DNS Registrations fail and AD does not replicate
- Next by Date: Re: Unable to add users to local groups on member workstations
- Previous by thread: Re: Event ID 5774 / DNS Registrations fail and AD does not replicate
- Next by thread: Re: Event ID 5774 / DNS Registrations fail and AD does not replica
- Index(es):
Relevant Pages
|
