DNS Problems

  • Thread starter Thread starter guv
  • Start date Start date
G

guv

We are running a windows 2000 native domain, where we have some windows 2003
domain controllers. Our primary DC and DNS is a windows 2003 domain
controller. This servers primary DNS server is pointed at itself, as it is
a DNS server itself. We have other secondary DNS servers.

We had an issue where the DNS on this windows 2003 DC, whereby it stopped
working. All servers pointing to this server for DNS such as our exchange
server also stopped working. The windows 2003 server itself was running and
pingable. I checked the event logs in the DNS and got the following errors:

Event ID: 4015

The DNS server has encountered a critical error from the Active Directory.
Check that the active directory is functioning properly. The extended error
debug information ( which may be empty) is "". The event data conatins the
error.

Then afterwards we get the following error:

Event ID: 3000

The DNS server has encountered numerous run-time events. To determine the
inital cause of these run-time events, examine the DNS server event log
entries that precde this event. To prevent the DNS server from filling the
event log too quickly, subsequent events with Event IDs higher than 3000
will be suppressed until events are no longer neing genrated at higher rate.

I went into the DNS snapin in this server and there was a red cross and it
was inaccessible. I restarted the server and the same issue still existed.
I checked all the services and they are all running including the DNS
service, but the DNS did not work. This affected our exchange server has it
used this server for DNS. Do as anyone know what DNS Stopped and what those
errors are above.

To quickly resolve this I changed the primary DNS of this windows 2003
server to point to another DNS server, when I did this everything came
backup meaning the DNS snapin started to work and all our exchange services
started to work.
SO currently all our servers are using this windows 2003 DC as their primary
DNS but this Windows 2003 server has now a different DNS setting on its
primary server, so its kind of redirecting the DNS server request. How come
this setup works and why would we get the above error.

Also how does the primary and secondary DNS settings work, as the primary
DNS went down but I dont think the secondary DNS server kicked in. Does
primary server have to go down fully such as unpingable for the secondary
DNS to kick in.

This is an urgent matter for us, can anyone please help.
 
Hello guv,

Do you run AD integrated zones? Are the other DNS servers, member servers
or Domain controllers? Check your event viewer for Event IDs 4523 and 4524
are being logged, stop and start, and that no events in the range 4000 to
4019 appear in the Domain Name System (DNS) event log.

Also run dcdiag /v and netdiag /v and post the output here.

Also see here:
http://www.eventid.net/display.asp?eventid=4015&eventno=333&source=DNS&phase=1

http://support.microsoft.com/kb/267855

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
I have attached the dcdiag:

Domain Controller Diagnosis

Performing initial setup:

* Verifying that the local machine eukdc03, is a DC.

* Connecting to directory service on server eukdc03.

* Collecting site info.

* Identifying all servers.

* Identifying all NC cross-refs.

* Found 15 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests


Testing server: Default-First-Site-Name\EUKDC03

Starting test: Connectivity

* Active Directory LDAP Services Check

* Active Directory RPC Services Check

.......................... EUKDC03 passed test Connectivity

Doing primary tests


Testing server: Default-First-Site-Name\EUKDC03

Starting test: Replications

* Replications Check

* Replication Latency Check

CN=Schema,CN=Configuration,DC=euphony,DC=com

Latency information for 9 entries in the vector were ignored.

9 were retired Invocations. 0 were either: read-only replicas and are not
verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).

CN=Configuration,DC=euphony,DC=com

Latency information for 10 entries in the vector were ignored.

9 were retired Invocations. 0 were either: read-only replicas and are not
verifiably latent, or dc's no longer replicating this nc. 1 had no latency
information (Win2K DC).

DC=euphony,DC=com

Latency information for 7 entries in the vector were ignored.

7 were retired Invocations. 0 were either: read-only replicas and are not
verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).

DC=ForestDnsZones,DC=euphony,DC=com

Latency information for 2 entries in the vector were ignored.

2 were retired Invocations. 0 were either: read-only replicas and are not
verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).

DC=DomainDnsZones,DC=euphony,DC=com

Latency information for 1 entries in the vector were ignored.

1 were retired Invocations. 0 were either: read-only replicas and are not
verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).

DC=Test,DC=euphony,DC=com

Latency information for 18 entries in the vector were ignored.

6 were retired Invocations. 12 were either: read-only replicas and are not
verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).

* Replication Site Latency Check

.......................... EUKDC03 passed test Replications

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC EUKDC03.

* Security Permissions Check for

DC=ForestDnsZones,DC=euphony,DC=com

(NDNC,Version 2)

* Security Permissions Check for

DC=DomainDnsZones,DC=euphony,DC=com

(NDNC,Version 2)

* Security Permissions Check for

CN=Schema,CN=Configuration,DC=euphony,DC=com

(Schema,Version 2)

* Security Permissions Check for

CN=Configuration,DC=euphony,DC=com

(Configuration,Version 2)

* Security Permissions Check for

DC=euphony,DC=com

(Domain,Version 2)

* Security Permissions Check for

DC=Test,DC=euphony,DC=com

(Domain,Version 2)

.......................... EUKDC03 passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check

Verified share \\EUKDC03\netlogon

Verified share \\EUKDC03\sysvol

.......................... EUKDC03 passed test NetLogons

Starting test: Advertising

The DC EUKDC03 is advertising itself as a DC and having a DS.

The DC EUKDC03 is advertising as an LDAP server

The DC EUKDC03 is advertising as having a writeable directory

The DC EUKDC03 is advertising as a Key Distribution Center

The DC EUKDC03 is advertising as a time server

The DS EUKDC03 is advertising as a GC.

.......................... EUKDC03 passed test Advertising

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com

Role Domain Owner = CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com

Role PDC Owner = CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com

Role Rid Owner = CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com

Role Infrastructure Update Owner = CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com

.......................... EUKDC03 passed test KnowsOfRoleHolders

Starting test: RidManager

* Available RID Pool for the Domain is 1228601 to 1073741823

* eukdc03.euphony.com is the RID Master

* DsBind with RID Master was successful

* rIDAllocationPool is 1226601 to 1227100

* rIDPreviousAllocationPool is 1226601 to 1227100

* rIDNextRID: 1226648

.......................... EUKDC03 passed test RidManager

Starting test: MachineAccount

Checking machine account for DC EUKDC03 on DC EUKDC03.

* SPN found :LDAP/eukdc03.euphony.com/euphony.com

* SPN found :LDAP/eukdc03.euphony.com

* SPN found :LDAP/EUKDC03

* SPN found :LDAP/eukdc03.euphony.com/EUPHONYNET

* SPN found :LDAP/f3cd9e00-aa4f-4800-b0d1-5852adb964d6._msdcs.euphony.com

* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/f3cd9e00-aa4f-4800-b0d1-5852adb964d6/euphony.com

* SPN found :HOST/eukdc03.euphony.com/euphony.com

* SPN found :HOST/eukdc03.euphony.com

* SPN found :HOST/EUKDC03

* SPN found :HOST/eukdc03.euphony.com/EUPHONYNET

* SPN found :GC/eukdc03.euphony.com/euphony.com

.......................... EUKDC03 passed test MachineAccount

Starting test: Services

* Checking Service: Dnscache

* Checking Service: NtFrs

* Checking Service: IsmServ

* Checking Service: kdc

* Checking Service: SamSs

* Checking Service: LanmanServer

* Checking Service: LanmanWorkstation

* Checking Service: RpcSs

* Checking Service: w32time

* Checking Service: NETLOGON

.......................... EUKDC03 passed test Services

Test omitted by user request: OutboundSecureChannels

Starting test: ObjectsReplicated

EUKDC03 is in domain DC=euphony,DC=com

Checking for CN=EUKDC03,OU=Domain Controllers,DC=euphony,DC=com in domain
DC=euphony,DC=com on 1 servers

Object is up-to-date on all servers.

Checking for CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com
in domain CN=Configuration,DC=euphony,DC=com on 1 servers

Object is up-to-date on all servers.

.......................... EUKDC03 passed test ObjectsReplicated

Starting test: frssysvol

* The File Replication Service SYSVOL ready test

File Replication Service's SYSVOL is ready

.......................... EUKDC03 passed test frssysvol

Starting test: frsevent

* The File Replication Service Event log test

There are warning or error events within the last 24 hours after the SYSVOL
has been shared. Failing SYSVOL replication problems may cause Group Policy
problems.

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:43:18

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:43:18

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:43:19

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:47:06

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:47:06

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:47:06

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:47:06

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:47:06

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 21:47:18

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C4

Time Generated: 11/10/2008 22:02:06

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:03:40

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:04:22

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:04:23

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:05:07

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:05:43

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:11:38

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/10/2008 22:15:19

(Event String could not be retrieved)

An Warning Event occured. EventID: 0x800034C5

Time Generated: 11/11/2008 09:48:46

(Event String could not be retrieved)

.......................... EUKDC03 failed test frsevent

Starting test: kccevent

* The KCC Event log test

Found no KCC errors in Directory Service Event log in the last 15 minutes.

.......................... EUKDC03 passed test kccevent

Starting test: systemlog

* The System Event log test

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:16

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:17

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:17

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:18

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:18

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:18

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:19

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:19

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:19

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:20

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:20

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:22

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:23

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 11/11/2008 11:05:23

(Event String could not be retrieved)

.......................... EUKDC03 failed test systemlog

Test omitted by user request: VerifyReplicas

Starting test: VerifyReferences

The system object reference (serverReference) CN=EUKDC03,OU=Domain
Controllers,DC=euphony,DC=com and backlink on
CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com
are correct.

The system object reference (frsComputerReferenceBL) CN=EUKDC03,CN=Domain
System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=euphony,DC=com and backlink on CN=EUKDC03,OU=Domain
Controllers,DC=euphony,DC=com are correct.

The system object reference (serverReferenceBL) CN=EUKDC03,CN=Domain System
Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=euphony,DC=com and backlink on CN=NTDS
Settings,CN=EUKDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=euphony,DC=com
are correct.

.......................... EUKDC03 passed test VerifyReferences

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: CheckSecurityError


Running partition tests on : ForestDnsZones

Starting test: CrossRefValidation

.......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

.......................... ForestDnsZones passed test CheckSDRefDom


Running partition tests on : DomainDnsZones

Starting test: CrossRefValidation

.......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

.......................... DomainDnsZones passed test CheckSDRefDom


Running partition tests on : Schema

Starting test: CrossRefValidation

.......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

.......................... Schema passed test CheckSDRefDom


Running partition tests on : Configuration

Starting test: CrossRefValidation

.......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

.......................... Configuration passed test CheckSDRefDom


Running partition tests on : euphony

Starting test: CrossRefValidation

.......................... euphony passed test CrossRefValidation

Starting test: CheckSDRefDom

.......................... euphony passed test CheckSDRefDom


Running enterprise tests on : euphony.com

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.

Skipping site Belgium, this site is outside the scope provided by the
command line arguments provided.

Skipping site COLO, this site is outside the scope provided by the command
line arguments provided.

Skipping site Spain, this site is outside the scope provided by the command
line arguments provided.

Skipping site Czech, this site is outside the scope provided by the command
line arguments provided.

Skipping site Portugal, this site is outside the scope provided by the
command line arguments provided.

.......................... euphony.com passed test Intersite

Starting test: FsmoCheck

GC Name: \\eukdc03.euphony.com

Locator Flags: 0xe00001fd

PDC Name: \\eukdc03.euphony.com

Locator Flags: 0xe00001fd

Time Server Name: \\eukdc03.euphony.com

Locator Flags: 0xe00001fd

Preferred Time Server Name: \\EHCVSDC04.euphony.com

Locator Flags: 0xe000037c

KDC Name: \\eukdc03.euphony.com

Locator Flags: 0xe00001fd

.......................... euphony.com passed test FsmoCheck

Test omitted by user request: DNS

Test omitted by user request: DNS
 
We have AD integrated zones and other DNS servers which are domain
controllers.

I am thinking of removing the DNS service from the windows 2003 DC and then
readding it and then pointing the DNS to itself.
Is this a good idea.

I try to put the output of dcdiag and netdiag but its saying not enough
capacity here. But all the tests say they are passed.
 
Hello guv,

Make sure that it also uses another DNS server in the same site, if possible, as secondary DNS on the NIC. Please post an unedited ipconfig /all from it. Do you use Dynamic updates? Is it correct thtat you have in total 15 DC's in your domain in different sites? Are all of them DNS servers?

Which of these is the domain time server:
eukdc03.euphony.com or EHCVSDC04.euphony.com

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
We are running AD integrated zones. Our other domain controllers are DNS
servers. I cannot see any Event IDs 4523 and 4524.

I am thinking of removing the DNS setting from the windows 2003 domain
controller and then readding and then pointing the DNS server to itself.
Is this a good idea.

I ran the dcdiag and netdiag, and passed all tests. I tried to put the
output here but I get an error saying not enough capacity on this post.
 
C:\Documents and Settings\backupexec.EUPHONYNET>ipconfig /all



Windows IP Configuration



Host Name . . . . . . . . . . . . : eukdc03

Primary Dns Suffix . . . . . . . : euphony.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : euphony.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/1000 MB Dual Port
Network Co

nnection

Physical Address. . . . . . . . . : 00-14-22-0D-40-10

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 172.16.0.166

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 172.16.0.1

DNS Servers . . . . . . . . . . . : 172.16.0.225

172.16.0.122

Primary WINS Server . . . . . . . : 172.16.0.122



We use dynamic updates- nonsecure and secure.

We have 15 DC in our domain in different sites.



How does secondary dns work. Our exchange server had a secondary DNS but it
did not failover when the primary DNS failed. So how does it failover to
secondary, does the primary server need to unreachable. Our primary DNS was
reachable but the DNS was not working.



Also do you reccommend us removing DNS and readding in windows 2003 DC (
EUkdc03) and then point to itself.



How do you work out the domain time server as well



Thanks for your help

<Meinolf Weber> wrote in message
Hello guv,

Make sure that it also uses another DNS server in the same site, if
possible, as secondary DNS on the NIC. Please post an unedited ipconfig /all
from it. Do you use Dynamic updates? Is it correct thtat you have in total
15 DC's in your domain in different sites? Are all of them DNS servers?

Which of these is the domain time server:
eukdc03.euphony.com or EHCVSDC04.euphony.com

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
Back
Top