Cant resolve a DNS issue I am having with my Server. Single server 2003 Ent, active directory, server handles DNS and DCHP. No DNS problems noted until I tried to attach some Windows 7 clients to the domain. 15 clients on the network, mostly XP and 2k have had no domain troubles. Help please! The IPCONFIG log and netdiag DNS tests are below. C:\Documents and Settings\Administrator.COMPSERVER2006>netdiag /test:dns ......... Computer Name: COMPSERVER2006 DNS Host Name: compserver2006.compdomain.2006 System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : Netcard queries test . . . . . . . : Passed [WARNING] The net card 'Microsoft Tun Miniport Adapter' may not be working. Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Adapter : IPX Internal Interface Netcard queries test . . . : Passed Adapter : IpxLoopbackAdapter Netcard queries test . . . : Passed Adapter : NDISWANIPX Netcard queries test . . . : Passed Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{3EF46E90-5F9A-43E8-B65D-8B2EF77F33D4} 1 NetBt transport currently configured. DNS test . . . . . . . . . . . . . : Failed [WARNING] Cannot find a primary authoritative DNS server for the name 'compserver2006.compdomain.2006.'. [WSAEADDRNOTAVAIL ] The name 'compserver2006.compdomain.2006.' may not be registered in DN S. [WARNING] Cannot find a primary authoritative DNS server for the name 'compserver2006.compdomain.2006.'. [ERROR_TIMEOUT] The name 'compserver2006.compdomain.2006.' may not be registered in DN S. [WARNING] Cannot find a primary authoritative DNS server for the name 'compserver2006.compdomain.2006.'. [WSAEADDRNOTAVAIL ] The name 'compserver2006.compdomain.2006.' may not be registered in DN S. [WARNING] Cannot find a primary authoritative DNS server for the name 'compserver2006.compdomain.2006.'. [ERROR_TIMEOUT] The name 'compserver2006.compdomain.2006.' may not be registered in DN S. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '0.0.0.0'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. C:\Documents and Settings\Administrator.COMPSERVER2006>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : compserver2006 Primary Dns Suffix . . . . . . . : compdomain.2006 Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : compdomain.2006 Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-14-22-78-9E-33 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DNS Servers . . . . . . . . . . . : 192.168.10.2 Primary WINS Server . . . . . . . : 192.168.10.2 Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : C0-A8-0A-02 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:192.168.10.2%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Disabled

Hello, is it correct that you use IPv6 on the Windows server 2003 DC? Do you have the A and the Nameserver record registered in the forward/reverse lookup zone for the DC in the DNS server? Which kind of zone do youse , AD integrated with secure only or nosecure and secure updates? Is the DHCP client service started on the DC, needed for DNS registration? If you run ipconfig /registerdns no error should be shown and listed in the event viewer.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hello, is it correct that you use IPv6 on the Windows server 2003 DC? Do you have the A and the Nameserver record registered in the forward/reverse lookup zone for the DC in the DNS server? Which kind of zone do youse , AD integrated with secure only or nosecure and secure updates? Is the DHCP client service started on the DC, needed for DNS registration? If you run ipconfig /registerdns no error should be shown and listed in the event viewer. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Hi and thanks for the response. Re your queries IPv6 is not enabled on the server. It was briefly as I turned things on and off to try to get the Win7 clients to connect. The DNS records are there and seem correct. The zone is AD integrated with secure only updates. The DHCP client service is started and I flsuhed and registered the dns, and stopped and started both DNS and NSLOOKUP without any DNS errors or improvement. In looking at it further, the DNS is not registering properly with the DC. 127.0.0.1 which shows up as the DNS server (as per the hostfile definition) is pingable, returning as the FQDN of the server. NS lookup cant identify the domain at 192.168.10.2 In looking through the event logs, the only towo items of note which may or may not be relevant are: App Error – Source USERENV 1058 Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mycomdomain,DC=2006. The file must be present at the location <\\mycomdomain.2006\sysvol\mycomdomain.2006\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted. System Error LSASRV 40960 The Security System detected an authentication error for the server DNS/mycomserver2006.mycomdomain.2006. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". I ran DCDiag /fix and the results are as follows C:\Documents and Settings\Administrator.MYCOMSERVER2006>dcdiag /fix Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\MYCOMSERVER2006 Starting test: Connectivity The host 3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006 cou ld not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006) couldn't be resolved, the server name (mycomserver2006.mycomdomain.2006) resolved to the IP address (192.168.10.2) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... MYCOMSERVER2006 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\MYCOMSERVER2006 Skipping all tests, because server MYCOMSERVER2006 is not responding to directory service requests Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mycomdomain Starting test: CrossRefValidation ......................... mycomdomain passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mycomdomain passed test CheckSDRefDom Running enterprise tests on : mycomdomain.2006 Starting test: Intersite ......................... mycomdomain.2006 passed test Intersite Starting test: FsmoCheck ......................... mycomdomain.2006 passed test FsmoCheck C:\Documents and Settings\Administrator.MYCOMSERVER2006> I would note that the host file which cant be resolved does seem to be set correctly in DNS. Any advice much appreciated. This is starting to drive me a bit nuts!

Hi Richard RK , Thanks for posting here. From your log files, we can find the following errors. [WARNING] Cannot find a primary authoritative DNS server for the name'compserver2006.compdomain.2006.'. [WSAEADDRNOTAVAIL] The name 'compserver2006.compdomain.2006.' may not be registered in DNS. [WARNING] Cannot find a primary authoritative DNS server for the name'compserver2006.compdomain.2006.'. [ERROR_TIMEOUT] The name 'compserver2006.compdomain.2006.' may not be registered in DNS. [WARNING] The DNS entries for this DC are not registered correctly on DNS server '0.0.0.0'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. I suggest we try the following 3 suggestions to troubleshoot this issue.(please check if it worked after using each method) 1. uninstall IPv6 from the NIC To uninstall use the following command netsh interface ipv6 uninstall We need reboot after this. 2. Re-register DNS record Stop the DNS service. Open ” %systemroot%\System32\Config “ folder, delete Netlogon.dns file. Restart the DNS service. run "net stop netlogon" and "net start netlogon" for register again. If necessary, please restart the server. 3. modify register HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient Name: UpdateTopLevelDomainZones Data Type: REG_DWORD Value: 0x1 IMPORTANT- If the DNSClient key does not exist you must create it using the following method. 1) Right click on "Windows NT" and select "New Key" 1) Name the new Key "DNSClient". Once done proceed to add the "UpdateTopLevelDomainZones" reg entry with the correlating value of "1" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters Name: AllowSingleLabelDnsDomain Data Type: REG_DWORD Value: 0x1 After that, please try to run netdiag and check if the errors continue. Thanks Tiger Li

Hi Tiger Li, Many thanks for your suggestions. 1. I ran the command to uninstall IPv6 and rebooted and netdiag ran with no errors. 2. I followed step 2 anyway! 3. I also looked at the reg and inserted the AllowSingleLabelDnsDomain which was not present. As I said, netdiag is showing no errors but when I run DCdiag I still get the following error C:\Documents and Settings\Administrator.MYCOMSERVER2006.000>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\MYCOMSERVER2006 Starting test: Connectivity The host 3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006 cou ld not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (3817b27b-5161-4e8d-8761-4a6e186991df._msdcs.mycomdomain.2006) couldn't be resolved, the server name (mycomserver2006.mycomdomain.2006) resolved to the IP address (192.168.10.2) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... MYCOMSERVER2006 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\MYCOMSERVER2006 Skipping all tests, because server MYCOMSERVER2006 is not responding to directory service requests The GUID points correctly in DNS to the server name so I cant understand why this is the case. Again, many thanks for the advice.

Hello, please post he domain name shown in DNS zones and AD UC and the NetBios name, sometimes you use mycomdomain.2006 then mycomdomain or mycomdomain.200.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, I went through the DNS entries carefully and could not see any errors. On the server, when I pinged the GUID it resolved and then DCdiag ran ok but after flushing and reregistering the same problem occurred. As I said at the start the problem was joining Win 7 clients to the domain and in searching further I found the following thread which fixed my problem in doing so without having to properly fix the DNS ;) http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/dfd79bc1-cf36-42b7-9911-346912f4def6 As I plan to upgrade to a new server later this year with W 2008, I can live with where I am now :) Many thanks for the advice.

Hi, I went through the DNS entries carefully and could not see any errors. On the server, when I pinged the GUID it resolved and then DCdiag ran ok but after flushing and reregistering the same problem occurred. As I said at the start the problem was joining Win 7 clients to the domain and in searching further I found the following thread which fixed my problem in doing so without having to properly fix the DNS ;) http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/dfd79bc1-cf36-42b7-9911-346912f4def6 As I plan to upgrade to a new server later this year with W 2008, I can live with where I am now :) Many thanks for the advice. Hello, as you are still having errors listed, they have to be solved BEFORE upgrading to a new OS version of the domain. The domain must be healthy before going on, otherwise you run into trouble. So i suggest to use the support tools and fix all listed errorw: dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and higher] repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then one DC exists) dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hello, please post he domain name shown in DNS zones and AD UC and the NetBios name, sometimes you use mycomdomain.2006 then mycomdomain or mycomdomain.200. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Hi Richard It is not clearly to identify your DC or domain name from result. Please post what Weber mentioned . Thanks. Tiger Li