Re: DNS signature failed to verify error
- From: Don <Don@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Mar 2007 18:50:17 -0700
Hey Kevin,
Thanks for your input on this issue.
Both DNS servers have the zone named _msdcs.domain.local with Dynamic
updates and secure only. Also AD Integrated on both servers.
On both servers DNS, in the domain.local zone there is a delegation named
_msdcs with one NS record which refers to srv1.domain.local (SBS). You
indicate that there should be an NS record for both DNS servers on both DNS
servers if I understand you correctly.
I also took note since having to reboot srv2 after a failure by the Symantec
Corp Ed product to open, that there were several DNS errors logged during the
reboot, Event 4015 logged one time followed by serveral Event 4004. Research
indicates an LDAP issue but I'm unable to see any issues here. This may be
related to my original post or completely unrelated or it could be a timing
issue.
Any other thoughts would be appreciated.
Thanks in advance,
Don
"Kevin D. Goodknecht Sr. [MVP]" wrote:
Read inline please..
In news:4C12EDA0-953B-435C-8898-945C1E53F970@xxxxxxxxxxxxx,
Don <Don@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have two servers, one w/Win Srv SBS Prem Ed 2K3 (Srv 1) and the
other Win Srv Std Ed 2K3 (Srv 2). All updates have been applied. Srv
1 was up and in production for several months before Srv 2 came
on-line.
The error is Netlogon
Event ID: 5774
The dynamic registration of the DNS record
'97adc2e7-9a51-4006-a405-061daec8f2fd._msdcs.domain.local. 600 IN
CNAME srv1.domain.local.' failed on the following DNS server:
DNS server IP address: 192.168.2.132
Returned Response Code (RCODE): 5
Returned Status Code: 9016
The above IP address is the IP address of Srv 2. Likewise there is a
similar error on Srv 2 when it tries to update Srv 1. Obviously the
appropriate info is changed in the error msg.
Win2k3 did things slightly different from Win2k, on Win2k the _msdcs is a
subdomain and all Netlogon records are located in this sub domain. Win2k3
split the _msdcs off into its own forward lookup zone, _msdcs.domain.local,
where all Domain controllers in the AD Forest register forest level Netlogon
records.
Do both DNS servers have a zone named _msdcs.domain.local, with dynamic
updates allowed?
In the domain.local zone, there should be a delegation named _msdcs, with NS
records for all DNS servers in the forest running on DCs. All DCs in the
Forest should have this _msdcs.domain.local forward lookup zone
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
- Follow-Ups:
- Re: DNS signature failed to verify error
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: DNS signature failed to verify error
- References:
- Re: DNS signature failed to verify error
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: DNS signature failed to verify error
- Prev by Date: Re: How to disable registering secondary interfce in 2003 DNS
- Next by Date: Re: DHCP not updating DNS
- Previous by thread: Re: DNS signature failed to verify error
- Next by thread: Re: DNS signature failed to verify error
- Index(es):
Relevant Pages
|
