Re: DNS Access Denied
- From: "Helme" <Helme@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Dec 2005 10:25:37 -0800
Hi Herb, thanks for your input.
After read your explaination, now I got some idea what is going on with the
server/s
I ran the dcdiag /fix from ILSAS2. ( I can't install it at ILSAS1 - going
crazy ). I believed that the replications are not happening from this both
DC. For your information ILSAS1 is Master role. I've tried to transfer the
role to ILSAS2, but failed.
There are some errors and warnings
Testing server: Default-First-Site-Name\ILSAS2
Starting test: Replications
[Replications Check,ILSAS2] A recent replication attempt failed:
>From ILSAS1 to ILSAS2
Naming Context: N=Schema,CN=Configuration,DC=ilsas,DC=uniten,DC=edu,DC=my
The replication generated an error (1753):
There are no more endpoints available from the endpoint mapper.
The failure occurred at 2005-12-28 00:53.16.
The last success occurred at 2005-09-18 16:57.02.
2328 failures have occurred since the last success.
The directory on ILSAS1 is in the process.
of starting up or shutting down, and is not available.
Verify machine is not hung during boot.
[ILSAS1] DsBind() failed with error -2146893022,
The target principal name is incorrect..
The Warnings :
Warning: ILSAS1 is the Schema Owner, but is not responding to DS RPC Bind.
[ILSAS1] LDAP bind failed with error 31,
A device attached to the system is not functioning..
Warning: ILSAS1 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: ILSAS1 is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: ILSAS1 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: ILSAS1 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: ILSAS1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: ILSAS1 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: ILSAS1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: ILSAS1 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: ILSAS1 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
I tried to replicate from AD sites and services - access denied.
Really need help how to solve this problem.
"Herb Martin" wrote:
> "Helme" <Helme@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:1265A4C9-50F1-43CB-B51E-32EE512CF510@xxxxxxxxxxxxxxxx
> > Hi, I've posted similiar question under AD ( sorry for my ignorance )
>
> It's best to CROSS-post a single message then you only have
> to look one place for the answers, and anyone interested in
> following the discussion or helping you can read all of the
> responses on one place.
>
> No big deal, but try to do it that way next time: Cross post
> to a (reasonable) set of groups that are appropriately related
> to your question's topic.
>
> > I've two DC named ILSAS1 and ILSAS2. I found that ILSAS1 got problem when
> > user complaining that they take some time to login to domain named ILSAS.
>
> You're probably on the right track in looking to DNS for the
> source of the problems -- most AD replication and authentication
> problems have their origin in DNS issues.
>
> > I found that ILSAS2's DNS unable to connect to ILSAS1's DNS by using name,
>
> What precisely does the above mean? Names are NOT used
> to connect to THE DNS -- DNS clients use the DNS servers
> IP for that.
>
> > the error message is "Access was denied..Would you like to add anyway?".
>
> Oh, you mean the MMC cannot add the other DNS server.
>
> Use the IP address then. It will work if the server is
> reachable. And yes, this is another sign your have DNS
> problems.
>
> > If I put ip add it can, but i'm not sure whether it will solve the
> > problem.
>
> No, it won't 'solve' the problem but it will let you manage
> the server.
>
> > for ILSAS1 I've tried to install DNS fix application but the server failed
> > to respon. Also failed to start / stop DNS services ( no respond ). I'm
> > not
> > sure whether its server itself problem or DNS problem.
>
> Check my guide to DNS for AD (appended below) then we can
> work from there.
>
> DCDiag is your friend -- run it on EVERY DC and save the
> output (see below.)
>
> > Really appreciate any input / help from someone. Thank you in advance
>
>
> DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
> 4) If you have more than one Domain, every DNS server must
> be able to resolve ALL domains (either directly or indirectly)
>
> netdiag /fix
>
> ....or maybe:
>
> dcdiag /fix
>
> (Win2003 can do this from Support tools):
> nltest /dsregdns /server:DC-ServerNameGoesHere
> http://support.microsoft.com/kb/q260371/
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> Single Label domain zone names are a problem Google:
> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
>
.
- Follow-Ups:
- Re: DNS Access Denied
- From: Herb Martin
- Re: DNS Access Denied
- References:
- Re: DNS Access Denied
- From: Herb Martin
- Re: DNS Access Denied
- Prev by Date: Re: Error 6702
- Next by Date: Re: Forwarder
- Previous by thread: Re: DNS Access Denied
- Next by thread: Re: DNS Access Denied
- Index(es):
Relevant Pages
|
