DNS lookup

[Azz]

We run windows 2000 domain. DC1 is the main domain controller and DC2 is the
second. Now they won't replicate. have redo the DNS installation but it
won't run. DCDIAG says issues with DC2, same as netdiag. Can someone guide
through what to do?
Thanx

--

 

[William Stacey]

Please post the results of the diags. How else could we help you?

 

[Azz]

I've a good mind to demote this dc and promote it again.
This is the situation:
DC2 is pointing to DC1.
DNS don't matter if Active or primary because the result is the same.
I have tried reinstalling it (deleting the DNS folders on both domains) and
reinstalling them.
Does error 5781 have anything to do with this? I notice this problem after
installing on DC2 SP4. Luckily I restrained from SP4 on DC1 which is the
main DC. Both runs windows 2000

Please help ...

--

Please post the results of the diags. How else could we help you?

 

[Ace Fekay [MVP]]

In

I've a good mind to demote this dc and promote it again.
This is the situation:
DC2 is pointing to DC1.
DNS don't matter if Active or primary because the result is the same.
I have tried reinstalling it (deleting the DNS folders on both
domains) and reinstalling them.
Does error 5781 have anything to do with this? I notice this problem
after installing on DC2 SP4. Luckily I restrained from SP4 on DC1
which is the main DC. Both runs windows 2000

Please help ...

Try this: Go into the reg under:

HKLM\system\currentcontrolset\services\tcpip\parameters

And if there is a setting called:

disabledynamicupdate" with a value of "1" under

Change it to 0 (to allow updates).

If that doesn;t work, delete this key. If you want, export the TCP/IP key
before you do so to have a backup.

Kind of bet this will work. Been hearing many issues with SP4 and 5781, but
no one seems to know why. One other guy did this and it worked for him, so
it looks promising. THe key is not really required unless you want to
disable registration and you would manually enter it. I'm not sure, but the
key is NOT normally in there and if it is, willing to bet that SP4 threw it
in there.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Azz]

Thanks Ace,
but the key is not there. So now what ?
The DCs are not replicating and DCDIAG on DC2 is not correct.

Here's the sample:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\BDC
Starting test: Connectivity
BDC's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(b2b1a235-a813-4691-b5b1-12d99cd079de._msdcs.CONSARCDG) couldn't be

resolved, the server name (bdc.CONSARCDG) resolved to the IP
address

(192.0.0.6) and was pingable. Check that the IP address is
registered

correctly with the DNS server.
......................... BDC failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\BDC
Skipping all tests, because server BDC is
not responding to directory service requests

Running enterprise tests on : CONSARCDG
Starting test: Intersite
......................... CONSARCDG passed test Intersite
Starting test: FsmoCheck
......................... CONSARCDG passed test FsmoCheck

 

[Ace Fekay, MVP]

Seems like you may have a single label name, which is NOT good, but need to
confirm this. Can you post an ipconfig /all to confirm this? If you can,
please don't edit the result and just copy and paste it in your reply to
help give us a start in diagnosis.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Thanks Ace,
but the key is not there. So now what ?
The DCs are not replicating and DCDIAG on DC2 is not correct.

Here's the sample:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\BDC
Starting test: Connectivity
BDC's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(b2b1a235-a813-4691-b5b1-12d99cd079de._msdcs.CONSARCDG) couldn't be

resolved, the server name (bdc.CONSARCDG) resolved to the IP
address

(192.0.0.6) and was pingable. Check that the IP address is
registered

correctly with the DNS server.
......................... BDC failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\BDC
Skipping all tests, because server BDC is
not responding to directory service requests

Running enterprise tests on : CONSARCDG
Starting test: Intersite
......................... CONSARCDG passed test Intersite
Starting test: FsmoCheck
......................... CONSARCDG passed test FsmoCheck

 

[Azz]

Hi,

I wouldn't worry about the single label name. It had been hunky dory till
now, unless the Sp4 have anything to do with it.

Here's the tcp/ip:
windows 2000 IP Configuration

Host name : BDC
Primary DNS suffix : CONSARCDG
Node type: hybrid
IP routing enabled : No
WINS proxy enabled : No
DNS suffix search list : CONSARCDG
DHCP Enabled : No
IP address: 192.0.0.6
Subnet mask : 255.255.255.0
Default gateway: 192.0.0.9
DNS servers: 192.0.0.2
192.0.0.6

Note:
The main server-2 DCDIAG is OK except a few, but that will be next after
this DNS issue got sorted.



--

Seems like you may have a single label name, which is NOT good, but need to
confirm this. Can you post an ipconfig /all to confirm this? If you can,
please don't edit the result and just copy and paste it in your reply to
help give us a start in diagnosis.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Thanks Ace,
but the key is not there. So now what ?
The DCs are not replicating and DCDIAG on DC2 is not correct.

Here's the sample:

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\BDC
Starting test: Connectivity
BDC's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(b2b1a235-a813-4691-b5b1-12d99cd079de._msdcs.CONSARCDG)

couldn't

be

resolved, the server name (bdc.CONSARCDG) resolved to the IP
address

(192.0.0.6) and was pingable. Check that the IP address is
registered

correctly with the DNS server.
......................... BDC failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\BDC
Skipping all tests, because server BDC is
not responding to directory service requests

Running enterprise tests on : CONSARCDG
Starting test: Intersite
......................... CONSARCDG passed test Intersite
Starting test: FsmoCheck
......................... CONSARCDG passed test FsmoCheck

him,

 

[Azz]

Now you got me worried. In other words, I am snookered. To change the domain
from CONSARCDG to CONSARCDG.COM will involved late nights which I am
reluctant to do since summer is here and don't want to be like last year.
Nevertheless you are right that both these names were exactly CONSARCDG.

So how do I fix this? Regardless, when we grow this will have to be done.
Unless there are some other way to do this.

HELP !!!

--

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Thanks for posting that info.

Actually (unofrtunately), I would worry about it. Hate to be the
bearer of bad news, but single label names don't play well with DNS
and goes against the DNS RFCs. The names need to be in the form of a
domain and it's TLD, such as, domain.com and not just domain. That's
just a simple DNS RFC rule. Hence the errors in DCDIAG, since AD
requires DNS and it follows the DNS rules.

So to fix the DNS problems, you actually need to address this issue,
since AD requires DNS and soley works off of it.

What is your Active Directory domain name? Is it in the form of
"domain.com" or is it the same as your Primary DNS Suffix, which is,
from the ipconfig output:


If the AD name is a normal domain.com name, such as consarcdg.com,
then I have a script that will fix the Primary DNS Suffix.

FYI: The way AD works, and what it relies on for proper
functionality, the Primary DNS, *needs* to be the exact same name as
the AD domain name and the zone name in DNS. They all need to be
exactly the same and not a single label name.

There is a reg entry to force DNS to accept single label names, but
in the long run as you grow and expand, it will cause problems.

It's not recommended by any engineer (MS, MVP, etc), to do it this
way, but it's a pseudo fix. Here's the article about it:
http://support.microsoft.com/?id=300684

Let me know about the AD name, the zone name if they are the same or
not to determine if the script will help.

As for SP4 and 5781 errors, there have been recent issues about it,
but haven't heard anything definitive on it, which I'm curious as to
why myself. But for your case, the problem is deeper, unfortunately.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Hi Ace,
I don't know if you noticed but that artcle has been updated and
specifically states that single label DNS names on SP4 will cause 5781.
I wonder if all the 5781s we've seen on SP4 can be attributed to this.
I pulled this fron the article:

By default, Windows XP and Windows 2000 SP4-based DNS clients do not attempt
dynamic updates of any single-label DNS zone (.com, .net, .org, corp, and so
on). To enable such clients to attempt dynamic updates of a single-label DNS
zones, set the UpdateTopLevelDomainZones (REG_DWORD) registry value to 0x1
under the following registry key on clients that attempt to dynamically
update the single-label DNS zone:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters

 

[Azz]

Hi Ace,

Your reply:> Either way, I would highly suggest to change it. If he has a
BDC, he can do

a re-install without losing accounts, if not, hmm... can export them using
CSVDE, rebuild it from scratch, and then reimport them into after some
modification.

Doesn't changing this means I have to go from machine to machine and do a
complete overhaul regardless if the BDC is working or not? The Server-2 is
not replicating to BDC (which is by the way only a name although it is a
DC). So I was not able to see newly created accounts created on server-2 on
BDC.

If this is because of service pack 4, wouldn't I be better off to demote the
BDC to member server, reinstall widows 2000, and make it a DC ? Then
replication would take place (like before) ?

Thanx

 

[Frank Hanfland]

How about

http://support.microsoft.com/default.aspx?scid=kb;en-us;300684

?
regards
Frank