DNS Server and Active Directory

  • Thread starter Thread starter wterng
  • Start date Start date
W

wterng

Hi,

I have some problem with DNS Server in W2K AD. It is a single domain
environment and active directory is installed. The previous
configuration is not done by me.

I couldn't understand why the DNS in Network Connection setting(TCP/IP)
is pointed to ISP, which does not provides SRV records, yet the current
AD still works. There is no DNS Server service currently installed.

The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
I try to extend the schema, join the 2003 server to 2000 domain, and
transfer the FSMO roles.

Unexpected things happens. There is no DNS Server service that provides
SRV records, and therefore the joining of 2003 AD failed, with error
message indicating SRV record cannot be found. I try to install DNS
Server service in Windows 2000 Server. After installation, I found out
there is no zones configured in forward lookup zones. I created one,
and enabled dynamic updates, as some guides says, then proceed to
netdiag /fix. But it returned error and the four lines that is suppose
to be in the DNS entries:
_msdcs
_sites
_tcp
_udp
doesn't come out. I am lost and I have no idea how should I manually
create DNS entries so that the Active Directory can recognize it, and
to facilitate my 2003 server to join the 2000 domain.

Can any of you guide me how to setup the DNS Server services with
Active Directory already in place? I can't demote the Active Directory
since there are users and policy, permission, etc.

Thanks.
 
error by netdiag:

Computer Name: SUNCITYSVR
DNS Host Name: suncitysvr.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643-DirectX9
KB839645
KB840315
KB841872
KB841873
KB842526
Q147222
Q828026

Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : suncitysvr
IP Address . . . . . . . . : 192.168.100.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.3
Dns Servers. . . . . . . . : 192.168.100.1
165.21.100.88

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'suncitysvr.local.'. [RCODE_SERVER_FAILURE]
The name 'suncitysvr.local.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry local. re-registeration on DNS
server '1
92.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.local.
re-registeration on DN
S server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.local.
re-register
ation on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.local.
re-registera
tion on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.f67a7e60-8cfc-4bdb-b96d-03a78
c9a2396.domains._msdcs.local. re-registeration on DNS server
'192.168.100.1' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.local.
re-registeration on DNS
server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
6f1134d1-de26-4311-a000-a2878e369b90._ms
dcs.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.local.
re-regis
teration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.local.
re-registera
tion on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.local.
re-registeration o
n DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.local.
re-registeration on DNS
server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.local.
re-registeration o
n DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.local.
re-registeration on
DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.local.
re-registeration on
DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS
entries for th
is DC on DNS server '192.168.100.1'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully
C:\PROGRA~1\SUPPOR~1>NetBT name test. . . . . . . . . . : Passed
'NetBT' is not recognized as an internal or external command,
operable program or batch file.
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>Winsock test . . . . . . . . . . . : Passed
'Winsock' is not recognized as an internal or external command,
operable program or batch file.
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>DNS test . . . . . . . . . . . . . : Failed
 
ping said:
error by netdiag:
Click to expand...

It appears your AD domain name is local, (Verify this in AD User &
Computers) this is a single-label DNS name and requires registry edits on
the DC and all machines you add as members. You also need to remove the
ISP's DNS from TCP/IP properties.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&sd=RMVP
Computer Name: SUNCITYSVR
DNS Host Name: suncitysvr.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643-DirectX9
KB839645
KB840315
KB841872
KB841873
KB842526
Q147222
Q828026

Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : suncitysvr
IP Address . . . . . . . . : 192.168.100.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.3
Dns Servers. . . . . . . . : 192.168.100.1
165.21.100.88

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'suncitysvr.local.'. [RCODE_SERVER_FAILURE]
The name 'suncitysvr.local.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry local. re-registeration on DNS
server '1
92.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.local.
re-registeration on DN
S server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.local.
re-register
ation on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.local.
re-registera
tion on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.f67a7e60-8cfc-4bdb-b96d-03a78
c9a2396.domains._msdcs.local. re-registeration on DNS server
'192.168.100.1' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.local.
re-registeration on DNS
server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
6f1134d1-de26-4311-a000-a2878e369b90._ms
dcs.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.local. re-regis
teration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.local.
re-registera
tion on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.local.
re-registeration o
n DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.local.
re-registeration on DNS
server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.local.
re-registeration o
n DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.local.
re-registeration on
DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.local.
re-registeration on
DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS
entries for th
is DC on DNS server '192.168.100.1'.
[FATAL] No DNS servers have the DNS records for this DC
registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully
C:\PROGRA~1\SUPPOR~1>NetBT name test. . . . . . . . . . : Passed
'NetBT' is not recognized as an internal or external command,
operable program or batch file.
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>Winsock test . . . . . . . . . . . : Passed
'Winsock' is not recognized as an internal or external command,
operable program or batch file.
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>DNS test . . . . . . . . . . . . . : Failed
Click to expand...
 
Do you think these steps will solve the issues?

1. Install DNS Server service. Configure forward lookup zone name same
as the domain name(in this case, local), enable dynamic updates

2. Modify registry on Win2k Server & client so that dynamic updates can
be done.

3. restart netlogon

4. Join 2003 Server to the domain(after adprep)

5. Transfer FSMO roles

Am I missing anything, and please provide attention that I should pay
during the migration.

Thanks
 
In
ping said:
Do you think these steps will solve the issues?

1. Install DNS Server service. Configure forward lookup zone name same
as the domain name(in this case, local), enable dynamic updates

2. Modify registry on Win2k Server & client so that dynamic updates
can be done.

3. restart netlogon

4. Join 2003 Server to the domain(after adprep)

5. Transfer FSMO roles

Am I missing anything, and please provide attention that I should pay
during the migration.

Thanks
Click to expand...

I would suggest to install Win2003 as a new domain in a new forest called
"domain.local", and use ADMT to migrate your user accounts, group accounts,
etc, into the new domain from the old single label name Win2000 domain. This
will insure a brand new worry-free properly named domain.

Single label named domains may work with dynamic registration after you make
the registry changes, but it won't help your clients, which will have
problems locating the DC by the single label name, especially XP. You can go
and make those changes on those clients as well. Also, remember another
issue with single label names is that the DNS server creates excessive Root
hint traffic when asked to resolve something. Why? It thinks the single
label name is a TLD, such as "com", "net", "edu", etc. So it's asking the
Roots for "who knows the GTLD that stores the "local" name (in your case),
and has to wait for it to time out, since no such TLD exists on the
Internet, before it goes back to your server. That was why Microsoft stopped
single label name registration in Windows DNS.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
 
Hi,


I have made changes in the registry on Windows 2000 Server. I have
double checked the registry entry is correctly modified. The Netlogon
failure still occur, as recorded by eventlog, until I rename the
netlogon.dns and dnb file in the Winnt\system32\config. Netlogon issues

is now resolved.


However, I can't locate the key in Win2k03 Server - >
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient


I can only locate the registry tree
->HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT


Therefore I create a DNSClient key and add the appropriate DWORD
UpdateTopLevelDomainZones and its value (1).


After the registry modification on Windows 2000 Server & Windows 2003
Server, I restart the netlogon services.


I proceed to join Windows2003 Server to the Win2K domain(previously ran

adprep on it). I received the error, as shown below. I entered the
domain name 'Local', not netbios domain name(SUNCITYSVR). I tried to
ping the host local.ibmtest and no problem on it. I have enabled the
dynamic updates on Win2K server. Included also the netdiag result.
Please help.


--------------
The domain name local might be a NetBIOS domain name. If this is the
case, verify that the domain name is properly registered with WINS.


If you are certain that the name is not a NetBIOS domain name, then the

following information can help you troubleshoot your DNS configuration.



DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain local:


The query was for the SRV record for _ldap._tcp.dc._msdcs.local


The following domain controllers were identified by the query:


ibmdesk.local


Common causes of this error include:


- Host (A) records that map the name of the domain controller to its IP

addresses are missing or contain incorrect addresses.


- Domain controllers registered in DNS are not connected to the network

or are not running.


For information about correcting this problem, click Help.


----
C:\Documents and Settings\Administrator.IBMDESK.000>netdiag


......................................


Computer Name: IBMDESK
DNS Host Name: ibmdesk.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB822343
KB823182
KB823559
KB824105
KB824151
KB825119
KB826232
KB828035
KB828741
KB828749
KB832353
KB832359
KB835732
KB837001
KB839643
KB839645
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB871250
KB873333
KB873339
KB885250
KB885834
KB885835
KB885836
KB888113
KB890046
KB890859
KB891781
KB893066
KB893086
KB893756
KB893803v2
KB894320
KB896358
KB896422
KB896423
KB896688-IE501SP4-20050909.233456
KB896727-IE501SP4-20050719.165544
KB897715-OE55SP2-20050503.113444
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905749
Q147222
Q828026
Update Rollup 1


Netcard queries test . . . . . . . : Passed


Per interface results:


Adapter : Local Area Connection


Netcard queries test . . . : Passed


Host Name. . . . . . . . . : ibmdesk
IP Address . . . . . . . . : 192.168.1.199
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.10
Dns Servers. . . . . . . . : 192.168.1.199


AutoConfiguration results. . . . . . : Passed


Default gateway test . . . : Passed


NetBT name test. . . . . . : Passed


WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A78B74B7-C592-4C0A-8F22-4F774A8D77CA}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.1.19
9'.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A78B74B7-C592-4C0A-8F22-4F774A8D77CA}
The redir is bound to 1 NetBt transport.


List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A78B74B7-C592-4C0A-8F22-4F774A8D77CA}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ibmdesk.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
 
In
ping said:
Hi,


I have made changes in the registry on Windows 2000 Server. I have
double checked the registry entry is correctly modified. The Netlogon
failure still occur, as recorded by eventlog, until I rename the
netlogon.dns and dnb file in the Winnt\system32\config. Netlogon
issues

is now resolved.


However, I can't locate the key in Win2k03 Server - >
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient


I can only locate the registry tree
->HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT


Therefore I create a DNSClient key and add the appropriate DWORD
UpdateTopLevelDomainZones and its value (1).


After the registry modification on Windows 2000 Server & Windows 2003
Server, I restart the netlogon services.


I proceed to join Windows2003 Server to the Win2K domain(previously
ran

adprep on it). I received the error, as shown below. I entered the
domain name 'Local', not netbios domain name(SUNCITYSVR). I tried to
ping the host local.ibmtest and no problem on it. I have enabled the
dynamic updates on Win2K server. Included also the netdiag result.
Please help.


--------------
The domain name local might be a NetBIOS domain name. If this is the
case, verify that the domain name is properly registered with WINS.


If you are certain that the name is not a NetBIOS domain name, then
the

following information can help you troubleshoot your DNS
configuration.



DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain local:


The query was for the SRV record for _ldap._tcp.dc._msdcs.local


The following domain controllers were identified by the query:


ibmdesk.local


Common causes of this error include:


- Host (A) records that map the name of the domain controller to its
IP

addresses are missing or contain incorrect addresses.


- Domain controllers registered in DNS are not connected to the
network

or are not running.


For information about correcting this problem, click Help.
Click to expand...

<snip>

Ping, single label domain names are very problematic, as you've encountered.
Even the netdiag recognizes the single label name and is confused. I'm not
sure where to help here because of that. It is a known issue with XP and
newer machines that they may not be able to resolve single label domain name
queries against a DNS server. This is basically because DNS is a hierarchal
tree structure. A single label domain name has no hierarchy tree, it's flat,
like a NetBIOS name.

Did you consider trying what I previously suggested?

Ace
 
Hi Ace,

Do you trace any problem with the netdiag error?

Yes, I am considering your solution of creating new domain and ADMT.
 
Hi Ace,

Is there a simpler way if I just want to preserve the Active Directory
username and password? Any easier way to export the user name and
password(eg using comma seperated value)?
 
In
ping said:
Hi Ace,

Do you trace any problem with the netdiag error?

Yes, I am considering your solution of creating new domain and ADMT.
Click to expand...

Yes, it appears that the single label name is the issue. It states that in
the netdiag, hence my previous comments. I think ADMT with a new domain is a
good bet to consider.

You can use the PWDMIG tool to preserve your passwords.

Ace
 
Hi Ace,

I have solved the single-label domain issues. Looks like I am missing a
registry changes, which the KB mentioned need to be done on WinXP
machine. As suggested by the Kevin on other thread I've posted, I can
now join the Win2003 machine. I will look at the PWDMIG tools.

Thanks.
 
In
ping said:
Hi Ace,

I have solved the single-label domain issues. Looks like I am missing
a registry changes, which the KB mentioned need to be done on WinXP
machine. As suggested by the Kevin on other thread I've posted, I can
now join the Win2003 machine. I will look at the PWDMIG tools.

Thanks.
Click to expand...

Very good. Unfortunate that all the machines will require the reg changes.
If the domain was of the proper format, it would have been easier for you.

Keep in mind, a machine with a single label name will create excessive
queries to the Internet Root servers each and everytime a registration
request or query is made from the inside. This is because DNS is treating
the single label name as a TLD. The ISC did a study on all the excessive
queries out there going to the Roots and found they were Microsoft Windows
DNS machines inadvertenly configured with single label AD DNS domain names.
That was why Microsoft disabled single name registration to help reduce this
non-required excessive traffic to the Internet Root servers to help the ISC.

I thought to mention that to help better understand the other implications
of keeping the single label name for any length of time. Keep in mind, if
you do upgrade to a new domain, remove the reg entries off your client
machines.

Ace
 
Back
Top