dcdiag - ... not responding to directory service requests

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

3 servers on this win2k domain...
Because of a HD crash I rebuit the machine using pieces of the raid set
(both drives died simultaniously) and got it working, I then had a USN
rollback problem so I demoted my mail server, did a metadata cleanup and
promoted again. That alowwed me to add users again and it seems OK but...
Now my Role holder event log is throwing KCC errors (event ID 1265) that
refer to DNS entries.
I found that the dsa address guid (cname) was different from the mail
server's dns entries so I deleted and created an identical record. but still
the 1265 error

DCDIAG run on both the Role holder and the mailserver in question skip the
mail server with the message "Not responding to directory service requests"

I can ping it by name or IP from any machine on the lan but I am at the end
of my experience now.

What would be the next step in resolving this?
 
In
[email protected] said:
3 servers on this win2k domain...
Because of a HD crash I rebuit the machine using pieces of the raid
set (both drives died simultaniously) and got it working, I then had
a USN rollback problem so I demoted my mail server, did a metadata
cleanup and promoted again. That alowwed me to add users again and it
seems OK but... Now my Role holder event log is throwing KCC
errors (event ID 1265) that refer to DNS entries.
I found that the dsa address guid (cname) was different from the mail
server's dns entries so I deleted and created an identical record.
but still the 1265 error

DCDIAG run on both the Role holder and the mailserver in question
skip the mail server with the message "Not responding to directory
service requests"
I can ping it by name or IP from any machine on the lan but I am at
the end of my experience now.

What would be the next step in resolving this?
Click to expand...

I can't see how demoting a mail server will help, unless it was a domain
controller. If that is the case, and you (assuming) reproted the DC into a
brand new domain, then I would also assume it would populate fresh data into
DNS, unless of course this was not the only DC in the domain. (Good reason
not to install Exchnage on a DC).

If you had a complete system state and Exchange backup, you could have
rebuilt the machine, then restored the system state, then restore Exchange,
then ran Exchange setup again with the setup /disasterrecovery switch.

If this is the only DC in the domain, and you've already lost your user
accounts, and you do not have backups, I would assume the best course of
action is to just rebuild from scratch and install Exchange (preferrably on
another machine), then disjoin and then rejoin the clients to the new
domain.

If you are trying to repair this, I would suggest to delete all the SRV
entries in DNS, and run ipconfig /registerdns, then restart the netlogon
service to repopulate the SRV records. If they are not populating
(registering) , (assuming that DNS is pointed to itself and the zone is
allowed updates, along with the domain is NOT a single label name), then
something else is going on, and if it's that far gone, a fresh rebuild may
be in order.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
 
Ace Fekay said:
In

I can't see how demoting a mail server will help, unless it was a domain
controller. If that is the case, and you (assuming) reproted the DC into a
brand new domain, then I would also assume it would populate fresh data
into DNS, unless of course this was not the only DC in the domain. (Good
reason not to install Exchnage on a DC).

If you had a complete system state and Exchange backup, you could have
rebuilt the machine, then restored the system state, then restore
Exchange, then ran Exchange setup again with the setup /disasterrecovery
switch.

If this is the only DC in the domain, and you've already lost your user
accounts, and you do not have backups, I would assume the best course of
action is to just rebuild from scratch and install Exchange (preferrably
on another machine), then disjoin and then rejoin the clients to the new
domain.

If you are trying to repair this, I would suggest to delete all the SRV
entries in DNS, and run ipconfig /registerdns, then restart the netlogon
service to repopulate the SRV records. If they are not populating
(registering) , (assuming that DNS is pointed to itself and the zone is
allowed updates, along with the domain is NOT a single label name), then
something else is going on, and if it's that far gone, a fresh rebuild may
be in order.
Click to expand...

Hello Ace . mmac here. Good to see you are still around.
The dcpromo was in response to the failure of the HD set. After the
repair, the server functioned and served mail but if I tried to add a user
it wouldn't populate to the mail server the event log error were for USN
rollback. The soution was to demote, and remove metadata that referred to
theat machine and repromote. So I seized the roles and did just that.
So it does seem to be a DNS issue and I'll follow your advice this
evening.
Since there are three DNS servers I assume that I should delete those
records from them all?
And then reregister just the mail server? -correct?
 
In
Hello Ace . mmac here. Good to see you are still around.
The dcpromo was in response to the failure of the HD set. After the
repair, the server functioned and served mail but if I tried to add a
user it wouldn't populate to the mail server the event log error were
for USN rollback. The soution was to demote, and remove metadata that
referred to theat machine and repromote. So I seized the roles and
did just that. So it does seem to be a DNS issue and I'll follow
your advice this evening.
Since there are three DNS servers I assume that I should delete those
records from them all?
And then reregister just the mail server? -correct?
Click to expand...

Hi Mike, nice to hear from you again!

I haven't seen a "USN rollback" error or msg yet. Did you follow this
article to fix it (which also includes a couple relevant Microsoft
articles):
http://www.jsifaq.com/SUBR/tip8900/rh8952.htm

As for DNS, all machines don't need to register other than DCs. If this is a
DC, it must register.

Ace
 
Ace Fekay said:
In

Hi Mike, nice to hear from you again!

I haven't seen a "USN rollback" error or msg yet. Did you follow this
article to fix it (which also includes a couple relevant Microsoft
articles):
http://www.jsifaq.com/SUBR/tip8900/rh8952.htm

As for DNS, all machines don't need to register other than DCs. If this is
a DC, it must register.

Ace
Click to expand...
Yes, I did follow the USN rollback procedure, though it was a bit above my
pay grade. (and there was a message to that effect way back in the log )

BTW The machine throwing the error is different from the machine that had
the problem.
Here is the error from DCDIAG on the offending (untouched) machine. (MAIL is
the machine that had the USN rollback.)
(P.S. Doesn't a mail server with AD have to be a DC?)
Testing server: Default-First-Site-Name\MAIL
Starting test: Connectivity
MAIL's server GUID DNS name could not be resolved to an IP address. Check
the DNS server, DHCP, server name, etc

Although the Guid DNS name
(de287dd9-8987-44b7-99b6-ddf74125c1d0._msdcs.mydomain.com) couldn't be
resolved, the server name (mail.mydomain.com) resolved to the IP address
(xxx.xxx.xxx.26) and was pingable. Check that the IP address is registered
correctly with the DNS server.

.......................... MAIL failed test Connectivity
Testing server: Default-First-Site-Name\MAIL

Skipping all tests, because server MAIL is not responding to directory
service requests

-mmac
 
In
Yes, I did follow the USN rollback procedure, though it was a bit
above my pay grade. (and there was a message to that effect way back
in the log )
BTW The machine throwing the error is different from the machine that
had the problem.
Here is the error from DCDIAG on the offending (untouched) machine.
(MAIL is the machine that had the USN rollback.)
(P.S. Doesn't a mail server with AD have to be a DC?)
Testing server: Default-First-Site-Name\MAIL
Starting test: Connectivity
MAIL's server GUID DNS name could not be resolved to an IP address.
Check the DNS server, DHCP, server name, etc

Although the Guid DNS name
(de287dd9-8987-44b7-99b6-ddf74125c1d0._msdcs.mydomain.com) couldn't be
resolved, the server name (mail.mydomain.com) resolved to the IP
address (xxx.xxx.xxx.26) and was pingable. Check that the IP address
is registered correctly with the DNS server.

......................... MAIL failed test Connectivity
Testing server: Default-First-Site-Name\MAIL

Skipping all tests, because server MAIL is not responding to directory
service requests

-mmac
Click to expand...

Pay grade? :-)

See if this ghows up anywhere under _msdcs folder:
de287dd9-8987-44b7-99b6-ddf74125c1d0._msdcs.mydomain.com

If not, run ipconfig /registerdns. Make sure the DNS address in IP
properties is only using this DNS.

As for Exchange on a DC? That's taboo. Highly recommend Exchange NOT be on a
DC.

Ace
 
Ace Fekay said:
In

Pay grade? :-)

See if this ghows up anywhere under _msdcs folder:
de287dd9-8987-44b7-99b6-ddf74125c1d0._msdcs.mydomain.com

If not, run ipconfig /registerdns. Make sure the DNS address in IP
properties is only using this DNS.

As for Exchange on a DC? That's taboo. Highly recommend Exchange NOT be on
a DC.
Ace
Click to expand...

on this machine de287dd9-8987-44b7-99b6-ddf74125c1d0 is not shown on
another it's a different number and at one time there were two numbers, this
one and another. How do I know that this number is correct?

Why is an exchange machine not recommended to be a DC (assuming that there
are other DC's of course) ?
 
In
on this machine de287dd9-8987-44b7-99b6-ddf74125c1d0 is not shown on
another it's a different number and at one time there were two
numbers, this one and another.
Click to expand...

That is the domain record under the _msdcs zone or folder, depending on
operating system skew.
How do I know that this number is
correct?
Click to expand...

It should self register. I believe you can use LDP to determine the domain
GUID, but I forget the exact attribute or record to look for. However, if
you delete the system32\config\netlogon.dns and .dnb files, and restart the
netlogon service, it will recreate those two files. Open the netlogon.dns
file, and look for the _msdcs records and it will show you what the GUID
should be. That is the file that the netlogon service uses once assembled,
to registers into DNS.
Why is an exchange machine not recommended to be a DC (assuming that
there are other DC's of course) ?
Click to expand...

Numerous reasons. Performance for one, backup and recoverability as well.
DCs kill the write-cache function on the drive to protect the AD database in
case of power failure and it cannot be changed back. This slows it down by
about 10%. Exchange is a heavy hitter, therefore an additional slow down,
and can affect domain functionality and email access during peak usage.

Recoverability as well. Ever loose a DC with Exchange on it? Recovering it
is complex.
You also cannot do a system state and an Exchange backup in the same job.
NTBACKUP caveat for Exchange and system state backups:
http://searchexchange.techtarget.com/tip/1,289483,sid43_gci1138776,00.html?track=NL-368&ad=532361

Besides, you're probably also running DNS on it too, and possibly WINS and
DHCP? If not, what else is running on it?
Also, if you ever wanted to demote the DC, you cannot without uninstalling
Exchange FIRST.

There are a few other reasons, but I believe these should be convincing.

Ace
 
Ace Fekay said:
In

That is the domain record under the _msdcs zone or folder, depending on
operating system skew.


It should self register. I believe you can use LDP to determine the domain
GUID, but I forget the exact attribute or record to look for. However, if
you delete the system32\config\netlogon.dns and .dnb files, and restart
the netlogon service, it will recreate those two files. Open the
netlogon.dns file, and look for the _msdcs records and it will show you
what the GUID should be. That is the file that the netlogon service uses
once assembled, to registers into DNS.


Numerous reasons. Performance for one, backup and recoverability as well.
DCs kill the write-cache function on the drive to protect the AD database
in case of power failure and it cannot be changed back. This slows it down
by about 10%. Exchange is a heavy hitter, therefore an additional slow
down, and can affect domain functionality and email access during peak
usage.

Recoverability as well. Ever loose a DC with Exchange on it? Recovering it
is complex.
You also cannot do a system state and an Exchange backup in the same job.
NTBACKUP caveat for Exchange and system state backups:
http://searchexchange.techtarget.com/tip/1,289483,sid43_gci1138776,00.html?track=NL-368&ad=532361

Besides, you're probably also running DNS on it too, and possibly WINS and
DHCP? If not, what else is running on it?
Also, if you ever wanted to demote the DC, you cannot without uninstalling
Exchange FIRST.
There are a few other reasons, but I believe these should be convincing.

Ace
Click to expand...

Hoo Boy, this was a DC,GC, running Exchange2K, WINS, DNS and AntiSpyware.
AND it is the one I demoted (without removing exchange BTW). No wonder I've
had so much fun!
 
In
..:mmac:. said:
Hoo Boy, this was a DC,GC, running Exchange2K, WINS, DNS and
AntiSpyware. AND it is the one I demoted (without removing exchange
BTW). No wonder I've had so much fun!
Click to expand...

This calls for a berr and shot of Crown Royal, not to celebrate, but to ease
the stress...

Ace
 
Back
Top