Event 5774

  • Thread starter Thread starter JC
  • Start date Start date
J

JC

I'm running AD only - not integrated. I'm seeing 5774 "DNS server not
authoritaive for zone".
The DC registers the SRVs ok on it's domain, but it gets this error
when trying to register the SRVs on the root domain.
I don't see them all the time, but maybe once or twice a day.
Any ideas ?
 
In
JC said:
I'm running AD only - not integrated. I'm seeing 5774 "DNS server not
authoritaive for zone".
The DC registers the SRVs ok on it's domain, but it gets this error
when trying to register the SRVs on the root domain.
I don't see them all the time, but maybe once or twice a day.
Any ideas ?
Click to expand...

This normally comes up if a machine is configured with the ISP's or some
other DNS server that is not hosting the AD name. If this is the case,
remove them and only point to your own DNS server. Use a forwarder for
efficient Internet resolution as described here below Step3:
http://support.microsoft.com/?id=300202

If this isn't your reasons, then we'll need a little more info, since you
mentioned a "root" domain. Is this a DC in a child domain with this issue?
If so, are you using delegation?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
This is a DC in a child domain - using delegation.
As I mentioned - the error happens intermittently against the root domain.
I wonder if the error is related to either network latency or perhaps
performance problems on the master server.
My understanding is that dynamic updates occurr over UDP, unless the size of
the packets get bigger than 512k , then it switches to TCP.
Is there a timeout threshold when the client must receive the answer
(confirmation) ?

"Ace Fekay [MVP]"
 
Hello All,

5774, 5775 and 5781 are usually indications of a misconfigured DNS.

As per 284963 Domain Controller Generates a Netlogon Error Event ID 5774
CAUSE
=====
This behavior can occur when the DNS server that is
authoritative for the Active Directory domain name is not listed on the
DNS tab of the Advanced TCP/IP Settings dialog box.

RESOLUTION
==========
To resolve this behavior, add the Internet Protocol (IP)
address of the DNS server that is authoritative for the Active Directory
domain
name to the IP Protocol (TCP/IP) Properties, and then move it to the top
of the list:

1. On the desktop, right-click My Network Places, and then click
Properties.
2. Right-click the appropriate connection object, and then click
Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Cick Advanced.
5. Clck DNS.
6. Click Add, type the IP address of the DNS server in the DNS server
box, and then click Add.
7. Click the arrows to move the IP address of the Active Directory DNS
server to the top of the list.
8. Click OK in the open dialog boxes to close them and save the new
settings.
9. Stop and then restart the Netlogon Service. The Event ID 5774 error
messages should no longer occur.

OR

266054 Event ID 5774 Occurs When Domain Controller Is Slow to Start
CAUSE
=====
This issue can occur if the domain controller is using
Cisco Network Registrar as the DNS server. The Net Logon service on a
Windows
2000 domain controller tries to register its DNS domain name as a Host (A)
record. If the existing zone name is the same as the Active Directory
domain
name and the DNS server is a Cisco Network Registrar, this request is
refused
by the Cisco Network Registrar DNS server.

This behavior does not
occur when a Windows 2000 DNS server is used.
WORKAROUND
==========
To work around this issue, use any of the following
methods:
- Disable only the registration of the local IP addresses.
For additional information about how to disable this setting,
click the following article number to view the article in the Microsoft
Knowledge Base:

KBLink:295328.KB.EN-US: Private Network Interfaces on a Domain
Controller Are Registered in DNS

- Disable the "Netlogon A registrations"
setting.

For additional information about how to disable this setting, click the
following
article number to view the article in the Microsoft Knowledge Base:

KBLink:246804.KB.EN-US: How to Enable/Disable Windows 2000 Dynamic DNS
Registrations

- Configure the Windows NT domain to be a subdomain
(<Windows2000>.<mydomain>.com) instead of the top-level domain
(<mydomain>.com)

((((((((((((((((((((((((((((
General setup for Active Directory with DNS on the same server.

TCP/IP settings

1.)Right click "My network places" and select properties.
2.)For the LAN connection right click and select properties.
3.)On the properties page double click TCP/IP
4.)At the bottom of the protocols page select Preferred DNS Server option
and enter the IP address for the server itself.
5.)Click the advanced button. In the advanced setting make sure the
"Register this connection's address in DNS" selection is checked at the
bottom of the display.

DNS settings

1.)Open up the DNS console.
2.)Once opened, right click on the server in the right hand pane and select
properties.
3.)Once the properties page is up, select the "Forwarders" tab.
4.)Check the "Enable forwarders" selection at the top.
5.)Add the IP address of the DNS in which to forward requests. If this is
the only DNS , add the IP address for the ISP's DNS. (note- In the TCP/IP
settings, we selected the choice for DNS to point to itself. If name
resolution cannot be resolved then a request is made to the forwarders. If
resolution cannot be made via the internal DNS and there are no forwarders
listed, then no resolution will be made at all.)
6.)Click OK.
7.)Expand the "Forward Lookup Zones"
8.)If there is a folder with a dot "." listed then delete it. (note- This
indicates to the server that it is the root server, which means do not go
beyond this server for name resolution.)
9.)Right click the domain folder and select properties. Make sure that
"Allow dynamic updates is selected."

Close out the DNS console.

Open up a command prompt and type the following:

1.)At the prompt type ipconfig /flushdns and wait for the services to
flush.
2.)ipconfig /registerdns wait for the services to regiser.
3.)net stop netlogon
4.)net start netlogon

If you receive an error during this process go to control panel, admin.
tools, services. Make sure the DHCP client service is started, even if
they are not using DHCP they still need the service started. Once all of
this is done. Open the DNS console again. Expand the forward lookup zones,
then expand the domain folder. You should see the underscore folders below:

_msdcs
_sites
_tcp
_udp

If you see these, then all is right with the world.


Hope this helps.


Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking
 
Larry,
the first posssible case is not correct. It implies the master server must
be the one the DC uses for resolution. This cannot be right.
The Dynamic Update RFC does not mention this requirement at all, in fact it
mentions that a dynamic update request received by a slave server will be
forwarded to the master.
Sorry, but I think whatever you got this info from is wrong.

The second case does not apply.
 
Mr. Ace,
I have doubled checked all you suggest, and everything has been set they way
it should.

"Ace Fekay [MVP]"
 
Hello All,


The information referenced in my previous post was from Microsoft KB
articles 284963 and 266054.

If everything checks out ok and you can visually verify that the DC is
registering records as needed, I would run both
a dcdiag and netdiag both with the verbose switch to run a diagnostics and
give us an overall picture of the AD health and
DNS registration of the DC.

To install the Windows 2000 Support Tools:
1. Start Windows 2000. Note that you must log on as a member of the
administrator group to install these tools.

2. Insert the Windows 2000 CD-ROM into your CD-ROM drive.

3. Click Browse this CD, and then open the Support\Tools folder.

4. Double-click Setup.exe, and then follow the instructions that appear
on the screen.

5. Once ran, open up a command prompt and navigate to the same directory
as the location of the support tools install.
By default c:\program files\ support tools unless you specify
elsewhere.

6. Once there type "netdiag /v >c:\netdiag.txt" This will place the
output into a text file on the C drive called netdiag.txt. Also
run a "dcdiag /v >c:\dcdiag.txt".

Open up the text files and go over them and notate any errors that may show
up. On the netdiag look closely at the DNS test performed for any
failures. On the DCdiag look at the FSMO role test and the replication
test.

If you wish you can send them to me, I don't mind going over them and
giving you my 2 cents worth. :)


(Larry) Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking
 
Back
Top