DNS and LDAP Errors in Netdiag

  • Thread starter Thread starter sejinro
  • Start date Start date
S

sejinro

Hello,

I ran netdiag and below is the result. The results for DNS and LDAP
worry me. Anything I need to be concerned about? I ran netdiag on the
our PDC. I am running AD with AD DNS. Thanks!



.........................................

Computer Name: 1F7011
DNS Host Name: 1f7011.ds.cao.co.la.ca.us
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 4, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822343
KB822831
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828741
KB828749
KB829558
KB832353
KB832359
KB834707-IE6SP1-20040929.091901
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB883939-IE6SP1-20050428.125228
KB885250
KB885834
KB885835
KB885836
KB888113
KB889293-IE6SP1-20041111.235619
KB890046
KB890047
KB890175
KB890859
KB890923-IE6SP1-20050225.103456
KB891711
KB891781
KB893066
KB893086
KB893803
KB893803v2
KB894320
KB896358
KB896422
KB897715-OE6SP1-20050503.210336
Q147222
Q816093
Q828026
Update Rollup 1


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Main

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : 1f7011
IP Address . . . . . . . . : 159.83.135.200
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 159.83.132.1
Dns Servers. . . . . . . . : 159.83.135.200
159.83.135.205


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : Backup

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : 1f7011
IP Address . . . . . . . . : 10.1.1.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 127.0.0.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for
'1f7011.ds.cao.co.la.ca.us' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'159.83.135.200' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'159.83.135.205' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'1f7011.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'1d7041.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'2f8011.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'3F9011.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'3D9041.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'2d8041.ds.cao.co.la.ca.us'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully
 
It looks as though you might have an outside DNS server listed in your server's TCP/IP configuration.

This can typically happen if you have multiple network adapters in the server and one of them is for Internet access, and you
(mistakenly) list your ISPs DNS servers there. DNS servers are not adapter-specific.

If you've done that, open that adapter's TCP/IP properteis and just blank out any public DNS servers listed there. You don't even
need to reboot. As long as the other adapter has the private LAN DNS addresses and your inside DNS servers forward or use root hints
to resolve public names, you're fine.

The only DNS servers you can list on any machines in your domain are DNS servers that can answer queries for your domain. Which
invariably means only DNS servers on your LAN. Failure to observe this configuration rule -- especially on a domain controller --
leads to apparent network slowness, login failures, replication problems, etc.

It is possible to see this error from Netdiag and have it mean nothing, but the LDAP error seems to confirm that your server is
querying someplace that doesn't have the domain registrations.

If this isn't your issue, please post back.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hello,

I ran netdiag and below is the result. The results for DNS and LDAP
worry me. Anything I need to be concerned about? I ran netdiag on the
our PDC. I am running AD with AD DNS. Thanks!



........................................

Computer Name: 1F7011
DNS Host Name: 1f7011.ds.cao.co.la.ca.us
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 4, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822343
KB822831
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828741
KB828749
KB829558
KB832353
KB832359
KB834707-IE6SP1-20040929.091901
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB883939-IE6SP1-20050428.125228
KB885250
KB885834
KB885835
KB885836
KB888113
KB889293-IE6SP1-20041111.235619
KB890046
KB890047
KB890175
KB890859
KB890923-IE6SP1-20050225.103456
KB891711
KB891781
KB893066
KB893086
KB893803
KB893803v2
KB894320
KB896358
KB896422
KB897715-OE6SP1-20050503.210336
Q147222
Q816093
Q828026
Update Rollup 1


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Main

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : 1f7011
IP Address . . . . . . . . : 159.83.135.200
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 159.83.132.1
Dns Servers. . . . . . . . : 159.83.135.200
159.83.135.205


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : Backup

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : 1f7011
IP Address . . . . . . . . : 10.1.1.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 127.0.0.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for
'1f7011.ds.cao.co.la.ca.us' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'159.83.135.200' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'159.83.135.205' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'1f7011.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'1d7041.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'2f8011.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'3F9011.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'3D9041.ds.cao.co.la.ca.us'.
[WARNING] Failed to query SPN registration on DC
'2d8041.ds.cao.co.la.ca.us'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully
Click to expand...
 
Thanks for the reply. I read some other posts and discovered there was
an updated netdiag tool. I downloaded the tool and now the LDAP errors
are gone. However, the DNS fatal error continues to occur. Help is much
appreciated. Below, I also included an ipconfig /all output. Thanks!
.......................................

Computer Name: 1F7011
DNS Host Name: 1f7011.ds.cao.co.la.ca.us
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 4, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822343
KB822831
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828741
KB828749
KB829558
KB832353
KB832359
KB834707-IE6SP1-20040929.091901
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB883939-IE6SP1-20050428.125228
KB885250
KB885834
KB885835
KB885836
KB888113
KB889293-IE6SP1-20041111.235619
KB890046
KB890047
KB890175
KB890859
KB890923-IE6SP1-20050225.103456
KB891711
KB891781
KB893066
KB893086
KB893803
KB893803v2
KB894320
KB896358
KB896422
KB897715-OE6SP1-20050503.210336
Q147222
Q816093
Q828026
Update Rollup 1


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Main

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : 1f7011
IP Address . . . . . . . . : 159.83.135.200
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 159.83.132.1
Dns Servers. . . . . . . . : 159.83.135.200
159.83.135.205


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : Backup

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : 1f7011
IP Address . . . . . . . . : 10.1.1.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 159.83.135.200


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for
'1f7011.ds.cao.co.la.ca.us' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'159.83.135.200' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{CD21B825-CC00-4978-AFC1-86468D919E0C}
NetBT_Tcpip_{3CDFC9A7-0138-4FC1-8C55-DDAB5074F0A8}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully
******************************************************



Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : 1f7011
Primary DNS Suffix . . . . . . . : ds.cao.co.la.ca.us
Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ds.cao.co.la.ca.us
cao.co.la.ca.us
co.la.ca.us
la.ca.us
ca.us

Ethernet adapter Main:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-88-B1-67

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 159.83.135.200

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 159.83.132.1

DNS Servers . . . . . . . . . . . : 159.83.135.200
159.83.135.205

Ethernet adapter Backup:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-06-5B-88-B1-68

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.1.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 159.83.135.200
 
In
Host Name . . . . . . . . . . . . : 1f7011
Primary DNS Suffix . . . . . . . : ds.cao.co.la.ca.us
Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ds.cao.co.la.ca.us
cao.co.la.ca.us
co.la.ca.us
la.ca.us
ca.us

Ethernet adapter Main:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-88-B1-67

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 159.83.135.200

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 159.83.132.1

DNS Servers . . . . . . . . . . . : 159.83.135.200
159.83.135.205

Ethernet adapter Backup:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-06-5B-88-B1-68

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.1.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 159.83.135.200
Click to expand...

Multihomed Domain Controllers are problematic at best, make sure you have
DNS set to listen only on the Main NIC IP. Register this connections
addresses in DNS should only be enabled on the Main NIC. You don't want the
backup NIC registered in DNS as this will cause connection failures.

Can I assume the second DNS address is for another DC?

Run Netdiag /fix
-and-
DCdiag /fix
 
The backup nic is for our nightly backup. The backup uses the secondary
nic as it is on a faster gigabit lan. Where would I find documentation
on how to register only the primary nic in DNS?
 
Back
Top