Re: One server can't read GPO/bind to domain

How would I recreate _msdcs ? If I delete it will it be rebuilt? Thanks.

Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the delegation in domain.com.
DCs should reregister their records when bounced.

Regards,

Austin

"Jim" <nospam@xxxxxxxx> wrote in message news:%23GoabMkIIHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

Thanks. If I deleted the domain.com zone altogether then recreated it would that damage AD? I guess I would flush DNS on the DCs then registerdns again.

Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication or DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS Server. They are mutually exclusive settings. One or the other. So delete the root hints. And the root zone.

Also, the "Broken delegated domain error occurs when you have a zone for domain.com.domain.com (???) and _msdcs.domain.com.domain.com and the _msdcs delegation in domain.com.domain.com does not have name server records (NS) for all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed to different DNS servers and these servers not knowing about each other.

As the whole picture of what your environment is not provided here, one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry out the cleanup suggested above, restart your DCs and do a DCdiag to confirm things are ok. if something else shows up, lets know.

Regards,

Austin
"Jim" <nospam@xxxxxxxx> wrote in message news:%23snZJ6hIIHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
Thanks, I tried this but no change. From the event log it appears that at (irregular) intervals the Exchange AD service is able to see all three DCs, but then errors again. This server does not have Internet access either as Windowsupdate agent fails, although IP lookups work as mentioned earlier. Several other Windows 2003 servers and the DCs have no errors or login delay.


Running dcdiag /test:dns on the dc produces the log below - "[Broken delegated domain domain.com.domain.com.]". The domain is listed as domain.com.domain.com. Any idea how I can fix this?

TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 208.67.220.220 (
<name unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.222.222 (
<name unavailable>)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

TEST: Delegations (Del)
Error: DNS server: dc2.domain.com. IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com. IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2 [Broken
delegated domain domain.com.domain.com.]

Summary of test results for DNS servers used by the above domain contro
llers:

DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222

DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain domain.com.domain.com. on t
he DNS server 192.168.34.2

DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain domain.com.domain.com. on t
he DNS server 192.168.33.17

DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain domain.com.domain.com. on t
he DNS server 192.168.33.15

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext

________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS PASS n/a

......................... domain.com failed test DNS

Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2

You should to point your DCs in the same site to the same preferred DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like the DNS server you are pointed to knows nothing of the DCs in that Domain.

If DC2 has DNS running on it, which it should since DC1 points to it, have its preferred DNS point to itself and point DC3 to it as well.


Restart the net logon service on all DCs and retry your login.

Regards,

Austin

"Jim" <nospam@xxxxxxxx> wrote in message news:O5nSypYIIHA.5980@xxxxxxxxxxxxxxxxxxxxxxx
IPCONFIG /ALL for three DCs and the server below. Thanks

DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3 at remote site.

Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group Policy processing aborted."

"Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this."

Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider could not find an available domain controller in domain domain.com. This event may be caused by network connectivity issues or configured incorrectly DNS server. This event may also occur if you have not configured correctly your multiple Active Directory sites."

DC1 IPCONFIG:
Windows IP Configuration

Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15

DC2 IPCONFIG:
Windows IP Configuration

Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17

DC3 IPCONFIG:
Windows IP Configuration

Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2

SERVER IPCONFIG:
Windows IP Configuration

Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15


Meinolf Weber wrote:
Hello Jim,

Please post the complete error messages and also an ipconfig /all from the DC/DNS servers and the Exchange server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

Hi,

I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.

When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.

NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.

DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.

Anyone suggest what might be going on???

TIA




.

Relevant Pages