Active Directory and DNS errors

[Guest]

Renaming the netlogon.old with restarting netlogon service, dcdiag /fix,
netdiag /fix did not work for me.

The following are errors found on the 2 DC, SERVER1 and SERVER2, in my
domain, ACME (there is only 2 DC in the domain)


_____________
SERVER 1


•Netdiag error:
DNS test . . . . . . . . : Failed
[FATAL]: The DNS registration for 'SERVER1.ACME' is incorrect on all DNS
servers.


•Dcdiag error:
Starting test: kccevent
An Warning Event occurred: EventID: 0x800004F1
Time generated: 03/07/2006
(Event String could not be retreived)
An Warning Event occurred: EventID: 0x800004F1
Time generated: 03/07/2006
(Event String could not be retreived)
An Warning Event occurred: EventID: 0x800004F1
Time generated: 03/07/2006
(Event String could not be retreived)
.. . . . . . . . . . . . . . . SERVER1 failed test kccevent


•Event viewer DIRECTORY SERVICE:
Source: NTDS KCC
Event Id: 1265
Description: The attempt to establish a replication link with parameters

Partition: CN=Schema,CN=Configuration,DC=domain
Source DSA DN: CN=NTDS
Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ACME
Source DSA Address: f32e9ce4-ed30-4664-8567-adfd0a11e03a._msdcs.ACME
Inter-site Transport (if any):

failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
Data:
0000: 4c 21 00 00 L!..


______________



______________
SERVER 2


•Netdiag error:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERVER2.ACME.'. [RCODE_SERVER_FAILURE]
The name 'SERVER2.ACME.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS
server 'SERVER1.ACME.'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


•Dcdiag error:
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2
Starting test: Connectivity
f32e9ce4-ed30-4664-8567-adfd0a11e03a._msdcs.ACME's server GUID DNS name
could not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc. Although the Guid DNS name
(f32e9ce4-ed30-4664-8567-adfd0a11e03a._msdcs.ACME) couldn't be resolved, the
server name (SERVER2.ACME) resolved to the IP address(192.168.1.222) and was
pingable. Check that the IP address is registered correctly with the DNS
server.
......................... SERVER2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2
Skipping all tests, because server SERVER2 is not responding to directory
service requests


•Event viewer FILE REPLICATION SERVICE:
Event Source: NtFrs
Event ID: 13562
Description:
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller cgcbkp.cgc1 for FRS
replica set configuration information.
The nTDSConnection object cn=e8cf985b-92e2-4cd4-9c9d-f90d44db597c,cn=ntds
settings,cn=SERVER2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ACME
is conflicting with cn=SERVER1,cn=ntds
settings,cn=SERVER2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ACME.
Using cn=e8cf985b-92e2-4cd4-9c9d-f90d44db597c,cn=ntds
settings,cn=SERVER2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ACME


•Event viewer SYSTEM:
Event Source: NETLOGON
Event ID: 5781
Description:
Dynamic registration or deregistration of one or more DNS records failed
because no DNS servers are available.
Data:
0000: 2a 23 00 00 *#..

____________________

I tried different "medecine" but none worked. I suspect a missing entry(ies)
in the DNS. All products are 2000 and Microsoft. DNS is Active directory
integrated.

Any idea is welcome, i'm getting desperated..
Thank you

 

[Guest]

I forgot,

Symptoms: AD not replicated on DNS not working well on SERVER2
Cause by: I had to format a DC because of a hardware problem, did some
METADATA cleaning and here I am

 

[Ace Fekay [MVP]]

In

I forgot,

Symptoms: AD not replicated on DNS not working well on SERVER2
Cause by: I had to format a DC because of a hardware problem, did some
METADATA cleaning and here I am

As part of your metadata cleanup procs, did you also seize the FSMO roles to
another DC that was on the removed DC?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Assimilation Imminent. Resistance is Futile
Infinite Diversities in Infinite Combinations

"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy.

 

[Jorge de Almeida Pinto [MVP]]

I'm guessing you experience those problems because you have a SINGLE LABEL
DNS NAME.
That requires additional configuration.
see:
MS-KBQ300684_Information about configuring Windows for domains with
single-label DNS names

DNS names for domain should preferrably have at least 2 levels like
domain.com or domain.local

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------

Renaming the netlogon.old with restarting netlogon service, dcdiag /fix,
netdiag /fix did not work for me.

The following are errors found on the 2 DC, SERVER1 and SERVER2, in my
domain, ACME (there is only 2 DC in the domain)


_____________
SERVER 1


.Netdiag error:
DNS test . . . . . . . . : Failed
[FATAL]: The DNS registration for 'SERVER1.ACME' is incorrect on all DNS
servers.


.Dcdiag error:
Starting test: kccevent
An Warning Event occurred: EventID: 0x800004F1
Time generated: 03/07/2006
(Event String could not be retreived)
An Warning Event occurred: EventID: 0x800004F1
Time generated: 03/07/2006
(Event String could not be retreived)
An Warning Event occurred: EventID: 0x800004F1
Time generated: 03/07/2006
(Event String could not be retreived)
. . . . . . . . . . . . . . . SERVER1 failed test kccevent


.Event viewer DIRECTORY SERVICE:
Source: NTDS KCC
Event Id: 1265
Description: The attempt to establish a replication link with parameters

Partition: CN=Schema,CN=Configuration,DC=domain
Source DSA DN: CN=NTDS
Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ACME
Source DSA Address: f32e9ce4-ed30-4664-8567-adfd0a11e03a._msdcs.ACME
Inter-site Transport (if any):

failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
Data:
0000: 4c 21 00 00 L!..


______________



______________
SERVER 2


.Netdiag error:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERVER2.ACME.'. [RCODE_SERVER_FAILURE]
The name 'SERVER2.ACME.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS
server 'SERVER1.ACME.'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


.Dcdiag error:
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2
Starting test: Connectivity
f32e9ce4-ed30-4664-8567-adfd0a11e03a._msdcs.ACME's server GUID DNS name
could not be resolved to an IP address. Check the DNS server, DHCP,
server
name, etc. Although the Guid DNS name
(f32e9ce4-ed30-4664-8567-adfd0a11e03a._msdcs.ACME) couldn't be resolved,
the
server name (SERVER2.ACME) resolved to the IP address(192.168.1.222) and
was
pingable. Check that the IP address is registered correctly with the DNS
server.
........................ SERVER2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2
Skipping all tests, because server SERVER2 is not responding to directory
service requests


.Event viewer FILE REPLICATION SERVICE:
Event Source: NtFrs
Event ID: 13562
Description:
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller cgcbkp.cgc1 for
FRS
replica set configuration information.
The nTDSConnection object cn=e8cf985b-92e2-4cd4-9c9d-f90d44db597c,cn=ntds
settings,cn=SERVER2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ACME
is conflicting with cn=SERVER1,cn=ntds
settings,cn=SERVER2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ACME.
Using cn=e8cf985b-92e2-4cd4-9c9d-f90d44db597c,cn=ntds
settings,cn=SERVER2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=ACME


.Event viewer SYSTEM:
Event Source: NETLOGON
Event ID: 5781
Description:
Dynamic registration or deregistration of one or more DNS records failed
because no DNS servers are available.
Data:
0000: 2a 23 00 00 *#..

____________________

I tried different "medecine" but none worked. I suspect a missing
entry(ies)
in the DNS. All products are 2000 and Microsoft. DNS is Active directory
integrated.

Any idea is welcome, i'm getting desperated..
Thank you

 

[Ace Fekay [MVP]]

In Jorge de Almeida Pinto [MVP]

I'm guessing you experience those problems because you have a SINGLE
LABEL DNS NAME.

Good eye. Missed that one!

Ace

 

[Guest]

As part of your metadata cleanup procs, did you also seize the FSMO roles to
another DC that was on the removed DC?

Yes all the roles has been seized.
Thank you.

 

[Ace Fekay [MVP]]

In

Yes all the roles has been seized.
Thank you.

Apparently the single label name AD DNS domain name is the issue, as Jorge
pointed out.

Honestly a fresh install is the best remedy for such a scenario. To apply
the reg change (that Jorge provided the link for) would 'force' it to work,
but it still is not a hierarchal name that DNS requires (meaning a name such
as acme.com has a hierarchy, the first level (or top level domain name) =
'com', and the second level = 'acme'. The way it is now, such as "ACME", has
no hierarchy. This causes numerous problems with AD because of DNS lookups
and registration.

Registration is affected because DNS will cause excessive traffic querying
the Root servers to find "ACME" because it thinks it's a bonifide TLD (such
as a 'com' or 'net', etc) on the internet prior to looking at it's own
database. It's default behavior of DNS to do that (Microsoft DNS or any DNS
server). That was why Microsoft disabled DNS registration with Win2000 SP4
and newer when a single label DNS domain name exists as a zone.

Also, XP just doesn't support single label domain name lookups. You would
need to apply that reg to every machine in the domain to force it, but XP
still has issues with it.


Ace

 

[Guest]

I'm guessing you experience those problems because you have a SINGLE LABEL
DNS NAME.
That requires additional configuration.
see:
MS-KBQ300684_Information about configuring Windows for domains with
single-label DNS names

DNS names for domain should preferrably have at least 2 levels like
domain.com or domain.local

I found something interesting in KB-Q300684 about some functionality change
from windows 200 SP4. Here is why it is concerning me:

I Had 3 DNS server. One crashed: hardware failure(win 2000 SP3) . 2
remaining (win 2000 SP4 & win Server 2003 SP1).
I will try a couple of thing and will give you feed back.
Thak you M. Jorge de Almeida Pinto and M. Ace Fekay

 

[Guest]

I'm guessing you experience those problems because you have a SINGLE LABEL
DNS NAME.

Yes you are right. A single label domain name.

 

[Ace Fekay [MVP]]

In

Yes you are right. A single label domain name.

That is a difficult issue to overcome. Would you have the ability to
re-install a fresh domain and migrate from the old into the new?

Ace

 

[Guest]

Thank you M. Fekay.
You are right; it is a complicated issue. I'm planning on to reinstall my
domain right now and maybe get rid of the single label domain name.
Thanks to everyone!

 

[Ace Fekay [MVP]]

In

Thank you M. Fekay.
You are right; it is a complicated issue. I'm planning on to
reinstall my domain right now and maybe get rid of the single label
domain name.
Thanks to everyone!

Good luck in your efforts, Ben. If you have any other questions to help you
out in this, please post back, we'll be glad to help.

Ace