Re: DNS-Netlogon error 5789 on one computer in the domain

Tech-Archive recommends: Speed Up your PC by fixing your registry

I did a search in Technet becuase our Win2000 server on a Win2003 server
network has a similar error. Our Veritas backup generated the following
error:

"(Server: "RSR-BKUP01") (Job: "Weekly Backup of RSR-PRINTSRV01") The job
completed successfully. However, the following conditions were encountered:

A snapshot operation required by this job was unsuccessful. Check the job
log and the Windows Event Viewer for additional information."

The only error in the event is:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5789
Date: 8/8/2005
Time: 8:35:21 AM
User: N/A
Computer: RSR-PRINTSRV01
Description:
Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'RSR-PRINTSRV01.rsrnts'. The following error
occurred:
Access is denied.
Data:
0000: 05 00 00 00 ....

Any advise?


"Ace Fekay [MVP]" wrote:

> In news:uDeTZUKmFHA.572@xxxxxxxxxxxxxxxxxxxx,
> Gerald Fay <gejfay@xxxxxxxxxxx> made this post, which I then commented about
> below:
> > Actually the system does not need the two DNS Servers in the Search
> > list.
> > They are there just in case the system is down, and using that
> > configuration an individual workstation can "connect" to the
> > Providence System and get internet access.
> >
> > The two addresses are also present on the Server in the forwarders
> > for DNS, and if on the network all machines will connect through AD.
> >
> > The question is can the DNS Suffix for those two addresses be added
> > to the DNS forwarders so that they do not need to be on the local
> > machines at all? If so where are they added?
> >
> > That way I could create a primary user, who connect just to the local
> > Domain and AD and DNS do all the work to connect.
> >
> > A second user (no Domain) has the 2 DNS IP addresses and the DNS
> > Suffix which allows the machine to connect directly to the internet.
> >
> > Is this possible and the best solution?
> >
> > Thanks
>
> Gerald,
>
> As one of those links mention, and I'll state, you cannot use any other DNS
> addresses in a client's IP properties that do not host the AD zone name.
> This is crucial for AD communication. If you are going by the notion that
> having multiple DNS addresses will rotate thru the list, that is incorrect.
> Each DNS in the list MUST host the AD zone name or have a reference to it
> one way or another. Having multiple DNS addresses in IP properties on a
> client is ONLY for fault tolerance. For instance, once the first one cannot
> respond (times out), it goes to the next one in the list, but it removes the
> first one out of the 'eligible resolvers list' and WON'T go back to it (it
> won't reset the list), unless the system is restarted, the DNS Client
> service is restarted, or you force a zero (0) TTL on the resolver cache in
> the registry on EACH and every client.
>
> The recommended proven way is to *ONLY* *ONLY* use the DNS servers that host
> the AD zone. In your configuration, apparently it looks like that DNS server
> will be 170.173.225.19. Provide a forwarder for efficient external
> resolution or just use the Root Hints.
>
> Windows 2003 forwarding alllows the use of conditional forwarding. If I want
> to forward any requests for swsa.providence.org, then I can setup a
> conditional forwarder for ONLY that namespace to 10.236.3.190 and
> 10.233.3.190. Then I can setup a forwarder for "All Other Domains" to an
> Internet ISP's DNS address. This allows complete control on who's resolving
> what. So the question you asked:
>
> > The question is can the DNS Suffix for those two addresses be added
> > to the DNS forwarders so that they do not need to be on the local
> > machines at all? If so where are they added?
>
> Yes, you can by using conditional forwarding. This article will show you how
> to setup a conditional forwarder (which I previously provided):
> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
> http://support.microsoft.com/d/id?=323380
>
> But you may want to add the additional suffixes if that is important to your
> infrastructure to resolve a single NetBIOS name in that alternate zone.
>
> As for the client search suffix, that is used for devolution when resolving
> a name. For instance, I will set two search suffixes on a machine in this
> order: "OIMA.local" and "swsa.providence.org". When I "ping machinename", it
> will first attempt to resolve machinename.oima.local. If there is no
> response, then it will attempt to ping machinename.swsa.providence.org. If
> no response, it will tell you so. That's what the search suffix is all
> about. Nothing else. It's just for resolving names by appending that suffix
> to the name, since DNS is hierarchal based. Hence a search suffix, that's
> it, just as the name implies.
>
> You can test the above and actually see the devolution at play by using
> nslookup 2d. You can also use NetDig found at www.mvpstools.org and is free
> for download written by William Stacey, MVP. Works nicely and easier to use
> than nslookup.
>
> You can opt to register into the additional suffixes, for whatever reason if
> that's required. But keep in mind if you are trying to register into
> swsa.providence.org, then that zone, whomever owns it or controls it, must
> ALLOW dynamic registration. Is that what you are looking for to do or just
> resolve names in that namespace? If just to resolve names in that namespace
> by using NetBIOS names as depicted above, then you can add the multiple
> search suffixes.
>
> Ace
>
>
>
>
>
>
>
>
.

Relevant Pages

  • Re: Cannot resolve download.microsoft.com
    ... can't resolve a few, but none come to mind at the moment. ... The two servers's DNS in their own TCP setup are themselves. ... If you configure a Forwarder on the two DNS servers, ...
    (microsoft.public.windows.server.dns)
  • Re: upgrade to win2000 adv server and DNS
    ... Causing all those DNS queries ... Actually it gets the name to register into from the Primary DNS Suffix. ... > resolve, only the first time. ...
    (microsoft.public.win2000.dns)
  • Re: DNS Disappears- Intermittently
    ... > not resolve some DNS names on the network. ... The default search suffix is the Primary DNS Suffix. ...
    (microsoft.public.windows.server.dns)
  • DNS Resolver Questions
    ... If my host is on a domain named mydomain.com my primary suffix will be ... Now when I try to resolve a host name my unqualified ... resolve it in dns. ...
    (microsoft.public.win2000.dns)
  • Re: Windows 2003 SP1 AD DC DNS fails to resolve multihomed A record using Forwarder
    ... Dean Wells [MVP / Directory Services] ... If a Forwarder is in the "All other DNS domains" it is limited by the ... Meaning it will start using Root Hints to resolve the name. ...
    (microsoft.public.windows.server.dns)