Active Directory DNS errors

  • Thread starter Thread starter andy
  • Start date Start date
A

andy

Hi

Ok here we go, 3 servers running AD call them A, B and
C.Server A is the DC,RIDetc master and runs AD intergrated
DNS. Server B is running AD and no DNS as is server C.
Servers A and B talk to each other fine, but server C will
not replicate properly. In the end we killed server C and
replaced it with another server, fresh install same setup
(with different name and different IP address). It worked
fine for about 2 weeks then started with the exact same
errors as the one we trashed. Replication fails due to a
DNS error, the logs show nothing more specific than that.
Any suggestions?

DNS on server A shows under the forward lookup zone
entries for services such as LDAP and Kerberos for servers
A and B, however no entries are in for server C.

On server C DNS can be started and ran via contacting
serverA. If you try to run DNS on server C from itself it
reflects perfectly server A's DNS, however if you try to
configure the server as a secondary DNS it cannot because
the DNS root server cannot be contacted for the root
hints. Also Dcpromo fails because of DNS errors ( cannot
connect).

Forward and reverse lookups on nslookup resolve fine????
 
Andy, comments are in-line...
-----Original Message-----
Hi

Ok here we go, 3 servers running AD call them A, B and
C.Server A is the DC,RIDetc master and runs AD intergrated
DNS. Server B is running AD and no DNS as is server C.
Servers A and B talk to each other fine, but server C will
not replicate properly. In the end we killed server C and
replaced it with another server, fresh install same setup
(with different name and different IP address). It worked
fine for about 2 weeks then started with the exact same
errors as the one we trashed. Replication fails due to a
DNS error, the logs show nothing more specific than that.
Any suggestions?
Click to expand...


Just a few: is it feasible to make either B or C a DNS
Server as well? And to run DDNS? However, before we do
that ( should it be feasible ) we need to clean things
up. At the end of your post you answer this already - NO!

On all of your DCs please install my favorite utilities:
the Support Tools. The Support Tools are located in two
places: on the WIN2000 Server CD in the Support | Tools
folder and on the WIN2000 Service Pack CD in the Support |
Tools folder.

Once installed please run - again, on all DCs -
netdiag /fix from a command prompt. Give it about 15
minutes after you have run this on all three DCs. Then,
please run netdiag /v and dcdiag /v on all DCs. You might
want to redirect the output of both to a text file.

Now, please run repadmin /showreps on each DC. This
should show you the replication partners of each DC. You
can also run ReplMon, which is a GUI tool similar to ( and
more powerful than ) repadmin. You can also check to make
sure that all FSMO Roles are available and "bindable"
using ReplMon. Or, you could also use netdom query fsmo
just as well.

This is just basic informaion that we are gathering. We
want to make sure that all is where it should be. There
are also a couple of other tests that we could use, such
as nltest with a few switches but I think that we should
be good after this. Also, can you PING each server from
the other two servers via IP Address, host name and FQDN?
DNS on server A shows under the forward lookup zone
entries for services such as LDAP and Kerberos for servers
A and B, however no entries are in for server C.
Click to expand...


After running netdiag /fix does this change? Are you 100%
sure that in the TCP/IP settings for the NIC on C that it
is only pointing to the IP Address of A? Not to the ISP's
DNS Server(s)? B should be the same, right?

Also, make sure that you did not enter the incorrect
domain name IF you entered the DNS Suffix for this
Connection under the Advanced \ DNS settings. Since we
are there let's make sure that the Subnet Mask is correct
as well.

You can always run 'ipconfig /flushdns', 'net stop
netlogon', 'net start netlogon' and
finally 'ipconfig /registerdns' at a command prompt.

On server C DNS can be started and ran via contacting
serverA. If you try to run DNS on server C from itself it
reflects perfectly server A's DNS, however if you try to
configure the server as a secondary DNS it cannot because
the DNS root server cannot be contacted for the root
hints. Also Dcpromo fails because of DNS errors ( cannot
connect).

Forward and reverse lookups on nslookup resolve fine????
.
Click to expand...
While this has absolutely nothing to do with your issue (
most probably! ) do you have Active Directory Sites and
Services set up? Have you created the Subnets?
Associated each Subnet with the appropriate Site?

Even if you have a single subnet, single Site, single
Domain environment you should set up ADSS. Granted,
technically things will work just fine should you not have
done it. It is just better to have this set up. Lessens
the room for error and makesthings easier if and when you
do need to add a second or third Site.

HTH,

Cary
 
Thanks Cary,

I have run a few of the tests you suggested and have
confirmed what I suspected was the problem. Server C has
not been registered in DNS as a DC. In the DNS under
forward lookup\<domain>\_msdcs\dc\_sites\default-first-
site-name\_tcp there are kerberos and LDAP entries for
servers A and B but not C. It's the same story throughout
the DNS, entries for A and B, but not for C. I did
manually add a host record for server C but how do I add
these SRV records. Can it be done or does server C have to
be redone as these records it seems are automatically done
by AD.

Andy
 
That's a bandaid, not a fix. Until you know what is going wrong you
risk it happening again. DNS is not that complicated, so it should be
possible.

What is the default DNS server? Start DNS and see what the default
server is. Then exit from nslookup and you could try ipconfig
/registerdns. The last is a suggestion. I don't think it will do any
harm.

Cheers,

Cliff
 
Back
Top