cant get dns corrected

  • Thread starter Thread starter buttnut
  • Start date Start date
B

buttnut

Heres our story:
Single W2k server upgraded from WNT4PDC (hosting an exchange 5.5 server too)
with the upgrade wizard.
All seemed to go well until I ran dnslint and got the following messages. I
have included the forward and reverse zone info. Where did we screw up and
how could we rectify the situation?
Any help is greatly appreciated. Please post response here.
Thank You.

DNSLint Report
System Date: Tue Sep 21 15:12:20 2004
Command run:
dnslint /ad /s localhost
Root of Active Directory Forest:
FOREST
Active Directory Forest Replication GUIDs Found:
DC: CEDAR
GUID: 3da78a10-1501-4006-91c2-8e811f97b6d2
Total GUIDs found: 1
----------------------------------------------------------------------------
----
Results from querying the locally configured DNS server(s):
Alias (CNAME) and glue (A) records for forest GUIDs from server:
Total number of CNAME records found by local system: 0
Total number of CNAME records local system could not find: 1
Total number of glue (A) records local system could not find: 0
CNAME records for forest GUIDs not found:
GUID: 3da78a10-1501-4006-91c2-8e811f97b6d2._msdcs.FOREST
DC: CEDAR
----------------------------------------------------------------------------
----
Notes:
At least one CNAME record for an AD forest GUID could not be found

Our forward zones are:

Name Type Data
(same as parent folder) Start of Authority [6], cedar.forest., admin.
(same as parent folder) Name Server cedar.forest.
(same as parent folder) Name Server cedar.forest.local.
cedar Host 192.168.1.120

Reverse zones are:
Name Type Data
168
(same as parent folder) Start of Authority [9], cedar.forest.,
administrator.forest.
(same as parent folder) Name Server cedar.forest.
(same as parent folder) Name Server cedar.forest.local.
 
In
buttnut said:
Heres our story:
Single W2k server upgraded from WNT4PDC (hosting an exchange 5.5
server too) with the upgrade wizard.
All seemed to go well until I ran dnslint and got the following
messages. I have included the forward and reverse zone info. Where
did we screw up and how could we rectify the situation?
Any help is greatly appreciated. Please post response here.
Thank You.

DNSLint Report
System Date: Tue Sep 21 15:12:20 2004
Command run:
dnslint /ad /s localhost
Root of Active Directory Forest:
FOREST
Active Directory Forest Replication GUIDs Found:
DC: CEDAR
GUID: 3da78a10-1501-4006-91c2-8e811f97b6d2
Total GUIDs found: 1
----------------------------------------------------------------------------
----
Results from querying the locally configured DNS server(s):
Alias (CNAME) and glue (A) records for forest GUIDs from server:
Total number of CNAME records found by local system: 0
Total number of CNAME records local system could not find: 1
Total number of glue (A) records local system could not find: 0
CNAME records for forest GUIDs not found:
GUID: 3da78a10-1501-4006-91c2-8e811f97b6d2._msdcs.FOREST
DC: CEDAR
----------------------------------------------------------------------------
----
Notes:
At least one CNAME record for an AD forest GUID could not be found

Our forward zones are:

Name Type Data
(same as parent folder) Start of Authority [6], cedar.forest., admin.
(same as parent folder) Name Server cedar.forest.
(same as parent folder) Name Server cedar.forest.local.
cedar Host 192.168.1.120

Reverse zones are:
Name Type Data
168
(same as parent folder) Start of Authority [9], cedar.forest.,
administrator.forest.
(same as parent folder) Name Server cedar.forest.
(same as parent folder) Name Server cedar.forest.local.
Click to expand...

The CNAME record for the (or each) domain will be found under the SRV
records, specifically:

_msdcs zone

It should look like:
e89e84db-d83b-4c41-b68f-103e3da72239 Alias server.domain.com

Does something like that exist for your domain?

Do your SRV records exist? If they do not, then could you post some more
info, such as:

1. an ipconfig /all
2. Your AD DNS domain name
3. The zone name in DNS and if updates are allowed

Thanks

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Thank you for the response. the IP Config info is as follows:

Windows 2000 IP Configuration:
Host Name.........Cedar
Primary DNS Sufix...FOREST
Node Type...Broadcast
IP Routing Enabled.....No
WINS Enabled.....No
DNS Suffix Search List........FOREST


Eathernet Local Area Connection:
Connection-specific DNS Suffix...:
Description......3Com....
Physical Address....00-01-03-.......
DHCP Enabled.....No
IP Address......192.168.1.120
Subnet Mask....255.255.255.0
Default Gateway....192.168.1.1
DNS Servers.........192.168.1.120
206.13.29.12
 
In
buttnut said:
Thank you for the response. the IP Config info is as
follows:

Windows 2000 IP Configuration:
Host Name.........Cedar
Primary DNS Sufix...FOREST
Node Type...Broadcast
IP Routing Enabled.....No
WINS Enabled.....No
DNS Suffix Search List........FOREST


Eathernet Local Area Connection:
Connection-specific DNS Suffix...:
Description......3Com....
Physical Address....00-01-03-.......
DHCP Enabled.....No
IP Address......192.168.1.120
Subnet Mask....255.255.255.0
Default Gateway....192.168.1.1
DNS Servers.........192.168.1.120
206.13.29.12
Click to expand...

What is the domain name in ADUC? forest or forest.local?
If it is forest that is a single-label domain name which causes many
problems and requires registry entries to work around. If it is forest.local
it appears to be a disjointed namespace, which is repaired by running a
script from the KB article below.
Remove the ISP's DNS from TCP/IP properties. Never use an ISP's DNS in
TCP/IP properties!

257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
Name
http://support.microsoft.com/?id=257623

826743 - Clients cannot dynamically register DNS records in a single-label
forward lookup zone:
http://support.microsoft.com/?id=826743
 
Thank you for all your support folks.Got the dns to work. had to manually
add the _msdcs.FOREST folder to the forward look up and the reports (netdiag
and dslint) show no problems. My only problems now are trying to upgrade the
Exchange5.5 server to Exchange2000 using the inplace method. When I run the
setup with the /forestprep option I get an error. I will post it ti the
exchange group now.
Thanks Again!!
 
In
buttnut said:
Thank you for all your support folks.Got the dns to work. had to
manually add the _msdcs.FOREST folder to the forward look up and the
reports (netdiag and dslint) show no problems. My only problems now
are trying to upgrade the Exchange5.5 server to Exchange2000 using
the inplace method. When I run the setup with the /forestprep option
I get an error. I will post it ti the exchange group now.
Thanks Again!!
Click to expand...

What is the forestprep error?

The error may be related to the single label name, that is if it is a single
label name?

Is this a Win2k3 server or W2k server? Are the rest of the SRVs there? The
_msdcs zone is automatically created as well as the SRVs, so there's
something else going on. Your ipconfig shows "FOREST" as the Primary DNS
Suffix. Is that the name of the domain or is it forest.local as the previous
post? This is important because you MUST get AD to work BEFORE you can even
think about getting Exchange to function.

Ace
 
Hi Ace,
Thanks for the response. We did not set up the domain originally(WinNT4) and
the guy who did used the domain name of forest. with the computer name of
CEDAR and the Exchange server [Exchange server CEDAR in the Site FOREST -
NATPLAN] I am using the 'join or upgrade existing 5.5 organization' option
and when I enter the exchange server name - CEDAR - I get an error that says
"setup encountered anerror while attempting to bind to the Exchange server
"CEDAR"; 0XC10308A3(2211); the directory service is not theexpected type
(Windows 2000 Activedirectory vs. Exhange Directory). Any Ideas? I'm
thinking its in the naming somewhere.
Thank You very much.

"Ace Fekay [MVP]"
 
In
buttnut said:
Hi Ace,
Thanks for the response. We did not set up the domain
originally(WinNT4) and the guy who did used the domain name of
forest. with the computer name of CEDAR and the Exchange server
[Exchange server CEDAR in the Site FOREST - NATPLAN] I am using the
'join or upgrade existing 5.5 organization' option and when I enter
the exchange server name - CEDAR - I get an error that says "setup
encountered anerror while attempting to bind to the Exchange server
"CEDAR"; 0XC10308A3(2211); the directory service is not theexpected
type (Windows 2000 Activedirectory vs. Exhange Directory). Any Ideas?
I'm thinking its in the naming somewhere.
Thank You very much.

"Ace Fekay [MVP]"
In

What is the forestprep error?

The error may be related to the single label name, that is if it is
a single label name?

Is this a Win2k3 server or W2k server? Are the rest of the SRVs
there? The _msdcs zone is automatically created as well as the SRVs,
so there's something else going on. Your ipconfig shows "FOREST" as
the Primary DNS Suffix. Is that the name of the domain or is it
forest.local as the previous post? This is important because you
MUST get AD to work BEFORE you can even think about getting Exchange
to function.

Ace
Click to expand...
Click to expand...

Its the single label domain name that's causing the whole problem. Look at
this link below, but I think its more of a bandaid then a fix. Since AD
follows the DNS hierarchy and relies on DNS, DNS must follow a hierarchal
name, such as domain.com, domain.local, etc, not just a single label name.
My feelings are the SRV records for the domain don't exist, hence the
problem.

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684

Keep in mind, GPOs will probably fail. This is due to the client side
machine looking up the LdapIpAddress record for the domain to connect to
this share:

\\domain.com\sysvol\domain.com\policies\{GuidNumberOfPolicyHereEtc}

It will be looking for 'domain.com''s IP address, which looks like this
under your zone:
(same as parent) A 192.168.x.x

Now if its a single label name, with that fix above or not, it looks like
this:

\\forest\sysvol\forest\policies\{Guid....}

Look at that above. The client will now query for "forest". Because of the
single lable name, as seen above, it now looks like a NetBIOS UNC and is now
treated as a machine name and not a domain name, hence the failure of GPOs.
DFS, replication and other things in AD will be affected by this.

My only true suggestion is to possibly think about and planning on rebuiding
the domain from scratch or upgrade it to Windows 2003 and put it into
Windows 2003 Forest Functional and WIndows 2003 Domain mode and use the
domain rename tool available in the new operating system.

Sorry for the bad news...

Ace
 
Thanks Again,
I found an article on MS regarding changing the LDAP port in the 5.5
protocols and after implementing all of the previous suggestions this last
one did the trick!!:) Domain and Forest prep worked and upgrade/install
worked and all the clients can connect and get their stuff.

"Ace Fekay [MVP]"
In
buttnut said:
Hi Ace,
Thanks for the response. We did not set up the domain
originally(WinNT4) and the guy who did used the domain name of
forest. with the computer name of CEDAR and the Exchange server
[Exchange server CEDAR in the Site FOREST - NATPLAN] I am using the
'join or upgrade existing 5.5 organization' option and when I enter
the exchange server name - CEDAR - I get an error that says "setup
encountered anerror while attempting to bind to the Exchange server
"CEDAR"; 0XC10308A3(2211); the directory service is not theexpected
type (Windows 2000 Activedirectory vs. Exhange Directory). Any Ideas?
I'm thinking its in the naming somewhere.
Thank You very much.

"Ace Fekay [MVP]"
In buttnut <[email protected]> made a post then I commented
below
Thank you for all your support folks.Got the dns to work. had to
manually add the _msdcs.FOREST folder to the forward look up and the
reports (netdiag and dslint) show no problems. My only problems now
are trying to upgrade the Exchange5.5 server to Exchange2000 using
the inplace method. When I run the setup with the /forestprep option
I get an error. I will post it ti the exchange group now.
Thanks Again!!

What is the forestprep error?

The error may be related to the single label name, that is if it is
a single label name?

Is this a Win2k3 server or W2k server? Are the rest of the SRVs
there? The _msdcs zone is automatically created as well as the SRVs,
so there's something else going on. Your ipconfig shows "FOREST" as
the Primary DNS Suffix. Is that the name of the domain or is it
forest.local as the previous post? This is important because you
MUST get AD to work BEFORE you can even think about getting Exchange
to function.

Ace
Click to expand...
Click to expand...

Its the single label domain name that's causing the whole problem. Look at
this link below, but I think its more of a bandaid then a fix. Since AD
follows the DNS hierarchy and relies on DNS, DNS must follow a hierarchal
name, such as domain.com, domain.local, etc, not just a single label name.
My feelings are the SRV records for the domain don't exist, hence the
problem.

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684

Keep in mind, GPOs will probably fail. This is due to the client side
machine looking up the LdapIpAddress record for the domain to connect to
this share:

\\domain.com\sysvol\domain.com\policies\{GuidNumberOfPolicyHereEtc}

It will be looking for 'domain.com''s IP address, which looks like this
under your zone:
(same as parent) A 192.168.x.x

Now if its a single label name, with that fix above or not, it looks like
this:

\\forest\sysvol\forest\policies\{Guid....}

Look at that above. The client will now query for "forest". Because of the
single lable name, as seen above, it now looks like a NetBIOS UNC and is now
treated as a machine name and not a domain name, hence the failure of GPOs.
DFS, replication and other things in AD will be affected by this.

My only true suggestion is to possibly think about and planning on rebuiding
the domain from scratch or upgrade it to Windows 2003 and put it into
Windows 2003 Forest Functional and WIndows 2003 Domain mode and use the
domain rename tool available in the new operating system.

Sorry for the bad news...

Ace
Click to expand...
 
In
buttnut said:
Thanks Again,
I found an article on MS regarding changing the LDAP port in the 5.5
protocols and after implementing all of the previous suggestions this
last one did the trick!!:) Domain and Forest prep worked and
upgrade/install worked and all the clients can connect and get their
stuff.
Click to expand...

Interesting. I didn't think to realize that Exchange 55 was sitting on an AD
DC. Yes, that will cause an LDAP conflict.

Glad you figured it out...

:-)

Ace
 
Back
Top