Win Server 2003 DNS Issues
Cant resolve a DNS issue I am having with my Server. Single server 2003 Ent, active directory, server handles DNS and DCHP. No DNS problems noted until I tried to attach some Windows 7 clients to the domain. 15 clients on the network, mostly XP and 2k have
had no domain troubles. Help please! The IPCONFIG log and netdiag DNS tests are below.
C:\Documents and Settings\Administrator.COMPSERVER2006>netdiag /test:dns
.........
Computer Name: COMPSERVER2006
DNS Host Name: compserver2006.compdomain.2006
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Microsoft Tun Miniport Adapter' may not be working.
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Adapter : IPX Internal Interface
Netcard queries test . . . : Passed
Adapter : IpxLoopbackAdapter
Netcard queries test . . . : Passed
Adapter : NDISWANIPX
Netcard queries test . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3EF46E90-5F9A-43E8-B65D-8B2EF77F33D4}
1 NetBt transport currently configured.
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'compserver2006.compdomain.2006.'. [WSAEADDRNOTAVAIL
]
The name 'compserver2006.compdomain.2006.' may not be registered in DN
S.
[WARNING] Cannot find a primary authoritative DNS server for the name
'compserver2006.compdomain.2006.'. [ERROR_TIMEOUT]
The name 'compserver2006.compdomain.2006.' may not be registered in DN
S.
[WARNING] Cannot find a primary authoritative DNS server for the name
'compserver2006.compdomain.2006.'. [WSAEADDRNOTAVAIL
]
The name 'compserver2006.compdomain.2006.' may not be registered in DN
S.
[WARNING] Cannot find a primary authoritative DNS server for the name
'compserver2006.compdomain.2006.'. [ERROR_TIMEOUT]
The name 'compserver2006.compdomain.2006.' may not be registered in DN
S.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '0.0.0.0'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
C:\Documents and Settings\Administrator.COMPSERVER2006>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : compserver2006
Primary Dns Suffix . . . . . . . : compdomain.2006
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : compdomain.2006
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-78-9E-33
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.2
Primary WINS Server . . . . . . . : 192.168.10.2
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-0A-02
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.10.2%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
June 17th, 2010 7:04pm
Hello,
is it correct that you use IPv6 on the Windows server 2003 DC?
Do you have the A and the Nameserver record registered in the forward/reverse lookup zone for the DC in the DNS server?
Which kind of zone do youse , AD integrated with secure only or nosecure and secure updates?
Is the DHCP client service started on the DC, needed for DNS registration? If you run ipconfig /registerdns no error should be shown and listed in the event viewer.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2010 7:34pm
Hello,
is it correct that you use IPv6 on the Windows server 2003 DC?
Do you have the A and the Nameserver record registered in the forward/reverse lookup zone for the DC in the DNS server?
Which kind of zone do youse , AD integrated with secure only or nosecure and secure updates?
Is the DHCP client service started on the DC, needed for DNS registration? If you run ipconfig /registerdns no error should be shown and listed in the event viewer.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Hi and thanks for the response. Re your queries
IPv6 is not enabled on the server. It was briefly as I turned things on and off to try to get the Win7 clients to connect.
The DNS records are there and seem correct. The zone is AD integrated with secure only updates.
The DHCP client service is started and I flsuhed and registered the dns, and stopped and started both DNS and NSLOOKUP without any DNS errors or improvement.
In looking at it further, the DNS is not registering properly with the DC. 127.0.0.1 which shows up as the DNS server (as per the hostfile definition) is pingable, returning as the FQDN of the server. NS lookup cant identify the domain at 192.168.10.2
In looking through the event logs, the only towo items of note which may or may not be relevant are:
App Error – Source USERENV 1058
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mycomdomain,DC=2006. The file must be present at
the location <\\mycomdomain.2006\sysvol\mycomdomain.2006\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.
System Error LSASRV 40960
The Security System detected an authentication error for the server DNS/mycomserver2006.mycomdomain.2006.
The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)".
I ran DCDiag /fix and the results are as follows
C:\Documents and Settings\Administrator.MYCOMSERVER2006>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MYCOMSERVER2006
Starting test: Connectivity
The host 3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006 cou
ld not be resolved to an
IP address.
Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006) couldn't
be resolved, the server name (mycomserver2006.mycomdomain.2006) resolved
to the IP address (192.168.10.2) and was pingable.
Check that the IP
address is registered correctly with the DNS server.
......................... MYCOMSERVER2006 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MYCOMSERVER2006
Skipping all tests, because server MYCOMSERVER2006 is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mycomdomain
Starting test: CrossRefValidation
......................... mycomdomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mycomdomain passed test CheckSDRefDom
Running enterprise tests on : mycomdomain.2006
Starting test: Intersite
......................... mycomdomain.2006 passed test Intersite
Starting test: FsmoCheck
......................... mycomdomain.2006 passed test FsmoCheck
C:\Documents and Settings\Administrator.MYCOMSERVER2006>
I would note that the host file which cant be resolved does seem to be set correctly in DNS.
Any advice much appreciated. This is starting to drive me a bit nuts!
June 18th, 2010 2:30am
Hi Richard RK ,
Thanks for posting here.
From your log files, we can find the following errors.
[WARNING] Cannot find a primary authoritative DNS server for the name'compserver2006.compdomain.2006.'. [WSAEADDRNOTAVAIL]
The name 'compserver2006.compdomain.2006.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name'compserver2006.compdomain.2006.'. [ERROR_TIMEOUT]
The name 'compserver2006.compdomain.2006.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '0.0.0.0'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
I suggest we try the following 3 suggestions to troubleshoot this issue.(please check if it worked after using each method)
1.
uninstall IPv6 from the NIC
To uninstall use the following command
netsh interface ipv6 uninstall
We need reboot after this.
2.
Re-register DNS record
Stop the DNS service.
Open ” %systemroot%\System32\Config “ folder, delete
Netlogon.dns file.
Restart the DNS service.
run "net stop netlogon" and "net start netlogon" for register again. If necessary, please restart the server.
3.
modify register
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
Name: UpdateTopLevelDomainZones
Data Type: REG_DWORD
Value: 0x1
IMPORTANT- If the DNSClient key does not exist you must create it using the following method.
1)
Right click on "Windows NT" and select "New Key"
1)
Name the new Key "DNSClient".
Once done proceed to add the "UpdateTopLevelDomainZones" reg entry with the correlating value of "1"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1
After that, please try to run
netdiag and check if the errors continue.
Thanks
Tiger Li
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2010 11:51am
Hi Tiger Li,
Many thanks for your suggestions.
1. I ran the command to uninstall IPv6 and rebooted and netdiag ran with no errors.
2. I followed step 2 anyway!
3. I also looked at the reg and inserted the AllowSingleLabelDnsDomain which was not present.
As I said, netdiag is showing no errors but when I run DCdiag I still get the following error
C:\Documents and Settings\Administrator.MYCOMSERVER2006.000>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MYCOMSERVER2006
Starting test: Connectivity
The host 3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006 cou
ld not be resolved to an
IP address.
Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006) couldn't
be resolved, the server name (mycomserver2006.mycomdomain.2006) resolved
to the IP address (192.168.10.2) and was pingable.
Check that the IP
address is registered correctly with the DNS server.
......................... MYCOMSERVER2006 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MYCOMSERVER2006
Skipping all tests, because server MYCOMSERVER2006 is
not responding to directory service requests
The GUID points correctly in DNS to the server name so I cant understand why this is the case.
Again, many thanks for the advice.
June 18th, 2010 2:48pm
Hello,
please post he domain name shown in DNS zones and AD UC and the NetBios name, sometimes you use
mycomdomain.2006 then mycomdomain or mycomdomain.200.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2010 5:35pm
Hi,
I went through the DNS entries carefully and could not see any errors. On the server, when I pinged the GUID it resolved and then DCdiag ran ok but after flushing and reregistering the same problem occurred.
As I said at the start the problem was joining Win 7 clients to the domain and in searching further I found the following thread which fixed my problem in doing so without having to properly fix the DNS ;)
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/dfd79bc1-cf36-42b7-9911-346912f4def6
As I plan to upgrade to a new server later this year with W 2008, I can live with where I am now :)
Many thanks for the advice.
June 20th, 2010 2:59am
Hi,
I went through the DNS entries carefully and could not see any errors. On the server, when I pinged the GUID it resolved and then DCdiag ran ok but after flushing and reregistering the same problem occurred.
As I said at the start the problem was joining Win 7 clients to the domain and in searching further I found the following thread which fixed my problem in doing so without having to properly fix the DNS ;)
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/dfd79bc1-cf36-42b7-9911-346912f4def6
As I plan to upgrade to a new server later this year with W 2008, I can live with where I am now :)
Many thanks for the advice.
Hello,
as you are still having errors listed, they have to be solved BEFORE upgrading to a new OS version of the domain. The domain must be healthy before going on, otherwise you run into trouble. So i suggest to use the support tools and fix all listed errorw:
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and higher]
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then one DC exists)
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2010 3:46pm
Hello,
please post he domain name shown in DNS zones and AD UC and the NetBios name, sometimes you use
mycomdomain.2006 then mycomdomain or mycomdomain.200.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Hi Richard
It is not clearly to identify your DC or domain name from result.
Please post what Weber mentioned .
Thanks.
Tiger Li
June 21st, 2010 9:10am