0x0000232B RCODE_NAME_ERROR

  • Thread starter Thread starter hannes
  • Start date Start date
H

hannes

hi ,

i am running 2 domaincontrollers in a single domain. the first dc is a
inplaceupgrade from nt 4.0. on this server the dns is currently running.
i´ve got a problem with my w2k dns. first there was a bind server when
active directory
was set up. later we toke the w2k dns. there are no clients in the domain.
when i want to join the domain i revice an error (0x0000232B
RCODE_NAME_ERROR).
I already checked KB 257623 but everything is ok.
when i use nslookup set q=A domainname i get domain not found.
It seems that the dns does not feel authoritative for the domain.

any hints for me ?

thx

nesai
 
Hello,

Thank you for posting.

I understand that you are unable to join clients to the domain due to the
DNS error.

One of the reasons for this is the missing SRV records in the DNS.

NOTE: If all of these conditions exist and you still do not see your SRV
records, stop and start the Netlogon service. This action forces the domain
controller to re-register the appropriate SRV records.

Using the netdiag /fix command on the domain controller will verify that
all SRV records that are in the Netlogon.dns file are registered on the
primary DNS server

Please find the related KB articles:

SRV Records Missing After Implementing Active Directory and Domain Name
System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;241505

DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation
http://support.microsoft.com/kb/265706/EN-US/

If the issue persists, please provide more details about the issue:

Please verify the TCP/IP settings on both the domain controller and the
server.
Send us any event information if any is registered in event viewer.

I hope the above information helps to resolve your issue. If there is
anything unclear, please feel free to let me know. Thank you and have a
nice day!

Rashmi

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Date: Wed, 13 Oct 2004 14:24:47 +0200
| Subject: 0x0000232B RCODE_NAME_ERROR
| Reply-To: (e-mail address removed)
| From: hannes <[email protected]>
| Content-Type: text/plain; format=flowed; delsp=yes; charset=utf-8
| MIME-Version: 1.0
| Content-Transfer-Encoding: 8bit
| Message-ID: <[email protected]>
| User-Agent: Opera M2/7.54 (Win32, build 3869)
| Newsgroups: microsoft.public.win2000.dns
| NNTP-Posting-Host: eth1-cnvbrlx03.cnv.at 212.51.224.129
| Lines: 1
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGXA01.phx.gbl!cpmsftngxa0
6.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.dns:45002
| X-Tomcat-NG: microsoft.public.win2000.dns
|
|
| hi ,
|
| i am running 2 domaincontrollers in a single domain. the first dc is a
| inplaceupgrade from nt 4.0. on this server the dns is currently running.
| i´ve got a problem with my w2k dns. first there was a bind server when
| active directory
| was set up. later we toke the w2k dns. there are no clients in the domain.
| when i want to join the domain i revice an error (0x0000232B
| RCODE_NAME_ERROR).
| I already checked KB 257623 but everything is ok.
| when i use nslookup set q=A domainname i get domain not found.
| It seems that the dns does not feel authoritative for the domain.
|
| any hints for me ?
|
| thx
|
| nesai
|
 
Hi,
my SRV Records are present. dcdiag and netdiag are reporting no errors.
using nslookup set q=A xxx i get the answer domain not found.
The domainname is the old NetBios domainname xxx and this is the name of
the dnszone. could this be the reason for my problem ?

thx hannes

Am Thu, 14 Oct 2004 03:21:54 GMT schrieb Rashmi.K.Y [MSFT]
 
Hi,

using dcdiag all tests passed (new tree, forest, register...), netdigag
/fix..
here some additional details. the first DC was createt with an
inplaceupdate from NT 4.0 to w2k server. dns server was a BIND. a second
DC was installed (no problems to join the domain, no problems to
promote).after having troubles with not present SRV Records an
replication,we changed to w2k DNS on the frist DC. The NetBios domainname
was xxx and this is the name of the w2k domain and the dns zone.there is a
forward to another DNS (Bind)an nameresolution works.
using nslookup for resoltion the domain xxx there is an error. using
xxx.xx i get an answer from the forwarder (BIND). there ise a zonefile on
the BIND for xxx and xxx.xx. the Bind is authoritative for both zones and
there is no delegation to the w2k DNS.

thx

hannes

Am Thu, 14 Oct 2004 03:21:54 GMT schrieb Rashmi.K.Y [MSFT]
 
In
hannes said:
Hi,

using dcdiag all tests passed (new tree, forest, register...),
netdigag /fix..
here some additional details. the first DC was createt with an
inplaceupdate from NT 4.0 to w2k server. dns server was a BIND. a
second DC was installed (no problems to join the domain, no problems
to promote).after having troubles with not present SRV Records an
replication,we changed to w2k DNS on the frist DC. The NetBios
domainname was xxx and this is the name of the w2k domain and the dns
zone.there is a forward to another DNS (Bind)an nameresolution works.
using nslookup for resoltion the domain xxx there is an error. using
xxx.xx i get an answer from the forwarder (BIND). there ise a
zonefile on the BIND for xxx and xxx.xx. the Bind is authoritative
for both zones and there is no delegation to the w2k DNS.

thx

hannes
Click to expand...

Hi Hannes,

It appears that your AD DNS domain name is a single label name. An example
of a single label name is:
"domain" rather than the required format of "domain.com", "domain.local",
"domain.hannes", etc. Here's an article showing how to circumvent the issue
of a single label name until you are able to repair it:

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684

826743 - Clients cannot dynamically register DNS records in a single-label
forward lookup zone:
http://support.microsoft.com/default.aspx?scid=kb;en-us;826743

If this is Windows 2000, the only real way to repair such an issue is to
rebuild it from scratch. Another way is to upgrade to Win2003, and use the
domain rename tool. But I am just going on an assumption about the name,
since you haven't posted your actual AD DNS domain name, rather you have
stipulated it as "XXX".

If you can verify my assumption, that would be helpful.

As for the nslookup returning with "domain not found", is just a message
stipulating you either do not have a reverse zone, or if you do have a
reverse zone, the PTR entry for the DNS server's IP address is missing. You
can fix that by creating a reverse zone and ensuring there's a PTR entry for
the DNS server's IP address. Otherwise, you can ignore this error, since
nslookup will still function for subsequent commands.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Hi,
my domain is a single label name.
Could it be a solution to return to the BIND DNS Server for the domain ?
Because adding a server to the domain worked when there was a BIND DNS.
problems occured as i configured a w2k DNS server.
thank you
hannes

Am Fri, 15 Oct 2004 00:29:07 -0400 schrieb Ace Fekay [MVP]
 
In
hannes said:
Hi,
my domain is a single label name.
Could it be a solution to return to the BIND DNS Server for the
domain ? Because adding a server to the domain worked when there was
a BIND DNS. problems occured as i configured a w2k DNS server.
thank you
hannes
Click to expand...


Follow that article I posted on how to force DNS to use a single label name.
Honestly, the best bet is to rebuild the domain or upgrade to Win2003 to
make use of the new domain rename tool. BIND or MS DNS makes no difference.
DNS is a hierarchal structure. Single label names have no hierarchy. Win2k
SP4 and newer were disabled to support single label names due to the
excessive traffic they intiate against the Root servers. BIND is no
different. To squelch this traffic, after ISC did a study and discovered DNS
servers querying for single label names were from DNS servers that admins
had inadvertenly configured their AD domains with single label names, were
causing all the traffic. Microsoft tried to stop it, because it's just way
too much traffic. You'll notice these sort of queries if you capture some of
the traffic from DNS (MS or BIND).

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Hi,
i followed the article and now i?m able to join the domain.

thank you for supporting me.

hannes

Am Mon, 18 Oct 2004 18:32:21 -0400 schrieb Ace Fekay [MVP]
 
Back
Top