J
JC
any ideas why a DC , NOT running DNS, would get this warning ?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A
Ace Fekay [MVP]
In
Because the netlogon service is trying to register or de-register records in
the normal DYnamic Update process to the DNS server listed in it's IP
properties. Now if you have an external DNS server listed in your IP
properties that is NOT hosting the AD zone name, then this error, among many
others, can occur, since the external (maybe your ISP's?) is refusing the
request, which is normal.
The recommendation is to point to only your internal DNS server, since that
DNS server has all of AD;s records that your DCs and clients need to locate
resources, logon, GPOs to work, replication, etc. Otherwise you'll have more
issue. Then use a Forwarder for efficient Internet name resolution. If the
option is grayed out, delete the Root zone, refresh the console, and try
again. These steps are outlined in this article, below Step3:
http://support.microsoft.com/?id=300202
More info on AD's requirements and it's DNS reliance:
http://support.microsoft.com/?id=291382
Now if you do not have an ISP's in your properties, then I would look at
your zone in DNS. Does it have Dynamic Updates set to at least "YES"?
Is your domain name a single label name ('domain' instead of the required
format of 'domain.com')?
Hope that helps.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
JC said:any ideas why a DC , NOT running DNS, would get this warning ?
Because the netlogon service is trying to register or de-register records in
the normal DYnamic Update process to the DNS server listed in it's IP
properties. Now if you have an external DNS server listed in your IP
properties that is NOT hosting the AD zone name, then this error, among many
others, can occur, since the external (maybe your ISP's?) is refusing the
request, which is normal.
The recommendation is to point to only your internal DNS server, since that
DNS server has all of AD;s records that your DCs and clients need to locate
resources, logon, GPOs to work, replication, etc. Otherwise you'll have more
issue. Then use a Forwarder for efficient Internet name resolution. If the
option is grayed out, delete the Root zone, refresh the console, and try
again. These steps are outlined in this article, below Step3:
http://support.microsoft.com/?id=300202
More info on AD's requirements and it's DNS reliance:
http://support.microsoft.com/?id=291382
Now if you do not have an ISP's in your properties, then I would look at
your zone in DNS. Does it have Dynamic Updates set to at least "YES"?
Is your domain name a single label name ('domain' instead of the required
format of 'domain.com')?
Hope that helps.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
J
JC
Mr Ace,
the DCs only point to internal DNS servers. No issue there.
What I think it's happenning , and I would like clarification from MS on
this, is the registration is taking place at the same time the DNS server is
in the process of writting the zone to disk. What I'm not clear on, is
whther or not DNS will allow a dynamic request while the zone is being
written. I'd think not, but I can't find ANY document that addresses this
scenario.
"Ace Fekay [MVP]"
the DCs only point to internal DNS servers. No issue there.
What I think it's happenning , and I would like clarification from MS on
this, is the registration is taking place at the same time the DNS server is
in the process of writting the zone to disk. What I'm not clear on, is
whther or not DNS will allow a dynamic request while the zone is being
written. I'd think not, but I can't find ANY document that addresses this
scenario.
"Ace Fekay [MVP]"
A
Ace Fekay [MVP]
In
I see, thanks for clarifying some of your configuration.
Since I don't know enough about your whole configuration, here are some
general thoughts on this. Disregard if they don't apply.
What OS?
What Service Pack is on this machine? (Note, there are some issues on SP4,
but need to know some more info if it would be the cause).
Just to confirm JC, your AD DNS domain name is not a single label name?
Where any reg entries altered?
Is the DHCP Client service running on the DC?
Yes, this can also come up due to the zone being AD Integrated and AD has
not quite intialized yet for the zone to be available as the netlogon
service tries to register at boot. But this applies if the DC is pointing to
itself and the only DNS server running is on itself and the zone is AD
Integ. If pointing to another internal DNS server, then as long as that zone
has updates allowed, and it's up and running, and it's not a single label
domain name, adn the zone is spelled correctly (same as the Primary DNS
Suffix on the DC and the same as the domain name in AD), I can't see why you
would get that. So yes, it will allow updates.
Also, if the server it's pointing to is not authorative for the zone or it
can't provide the authorative server for the zone, registration will fail
too.
Here's some articles I have on it. Once again, disregard if some or none of
them apply.
252695 - DNS Server Generates Event 4011 and Event ID 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q252695
257462 - Dynamic Update Does Not Work Using BIND DNS Forwarder [shows Event
ID 5781]: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q257462
259277 - Troubleshooting Netlogon Event 5774, 5775, and 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;259277
311354 - Event 5781 Occurs After Domain Controller Changes Domain:
http://support.microsoft.com/?id=311354
244669 - Dcpromo.exe Does Not Create Records in the DNS Zone When Windows
2000 Configures DNS and Event ID 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244669
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
JC said:Mr Ace,
the DCs only point to internal DNS servers. No issue there.
What I think it's happenning , and I would like clarification from MS
on this, is the registration is taking place at the same time the DNS
server is in the process of writting the zone to disk. What I'm not
clear on, is whther or not DNS will allow a dynamic request while the
zone is being written. I'd think not, but I can't find ANY document
that addresses this scenario.
I see, thanks for clarifying some of your configuration.
Since I don't know enough about your whole configuration, here are some
general thoughts on this. Disregard if they don't apply.
What OS?
What Service Pack is on this machine? (Note, there are some issues on SP4,
but need to know some more info if it would be the cause).
Just to confirm JC, your AD DNS domain name is not a single label name?
Where any reg entries altered?
Is the DHCP Client service running on the DC?
Yes, this can also come up due to the zone being AD Integrated and AD has
not quite intialized yet for the zone to be available as the netlogon
service tries to register at boot. But this applies if the DC is pointing to
itself and the only DNS server running is on itself and the zone is AD
Integ. If pointing to another internal DNS server, then as long as that zone
has updates allowed, and it's up and running, and it's not a single label
domain name, adn the zone is spelled correctly (same as the Primary DNS
Suffix on the DC and the same as the domain name in AD), I can't see why you
would get that. So yes, it will allow updates.
Also, if the server it's pointing to is not authorative for the zone or it
can't provide the authorative server for the zone, registration will fail
too.
Here's some articles I have on it. Once again, disregard if some or none of
them apply.
252695 - DNS Server Generates Event 4011 and Event ID 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q252695
257462 - Dynamic Update Does Not Work Using BIND DNS Forwarder [shows Event
ID 5781]: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q257462
259277 - Troubleshooting Netlogon Event 5774, 5775, and 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;259277
311354 - Event 5781 Occurs After Domain Controller Changes Domain:
http://support.microsoft.com/?id=311354
244669 - Dcpromo.exe Does Not Create Records in the DNS Zone When Windows
2000 Configures DNS and Event ID 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244669
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
J
JC
Ace,
I realized my reverze zone was not dynamic. Changed it to dynamic earlier
today and haven't seen the problem so far.
"Ace Fekay [MVP]"
I realized my reverze zone was not dynamic. Changed it to dynamic earlier
today and haven't seen the problem so far.
"Ace Fekay [MVP]"
InJC said:Mr Ace,
the DCs only point to internal DNS servers. No issue there.
What I think it's happenning , and I would like clarification from MS
on this, is the registration is taking place at the same time the DNS
server is in the process of writting the zone to disk. What I'm not
clear on, is whther or not DNS will allow a dynamic request while the
zone is being written. I'd think not, but I can't find ANY document
that addresses this scenario.
I see, thanks for clarifying some of your configuration.
Since I don't know enough about your whole configuration, here are some
general thoughts on this. Disregard if they don't apply.
What OS?
What Service Pack is on this machine? (Note, there are some issues on SP4,
but need to know some more info if it would be the cause).
Just to confirm JC, your AD DNS domain name is not a single label name?
Where any reg entries altered?
Is the DHCP Client service running on the DC?
Yes, this can also come up due to the zone being AD Integrated and AD has
not quite intialized yet for the zone to be available as the netlogon
service tries to register at boot. But this applies if the DC is pointing to
itself and the only DNS server running is on itself and the zone is AD
Integ. If pointing to another internal DNS server, then as long as that zone
has updates allowed, and it's up and running, and it's not a single label
domain name, adn the zone is spelled correctly (same as the Primary DNS
Suffix on the DC and the same as the domain name in AD), I can't see why you
would get that. So yes, it will allow updates.
Also, if the server it's pointing to is not authorative for the zone or it
can't provide the authorative server for the zone, registration will fail
too.
Here's some articles I have on it. Once again, disregard if some or none of
them apply.
252695 - DNS Server Generates Event 4011 and Event ID 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q252695
257462 - Dynamic Update Does Not Work Using BIND DNS Forwarder [shows Event
ID 5781]: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q257462
259277 - Troubleshooting Netlogon Event 5774, 5775, and 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;259277
311354 - Event 5781 Occurs After Domain Controller Changes Domain:
http://support.microsoft.com/?id=311354
244669 - Dcpromo.exe Does Not Create Records in the DNS Zone When Windows
2000 Configures DNS and Event ID 5781:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244669
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
A
Ace Fekay [MVP]
In
I should have asked earlier. You mean you enabled Dynamic Updates on the
zone?
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
JC said:Ace,
I realized my reverze zone was not dynamic. Changed it to dynamic
earlier today and haven't seen the problem so far.
I should have asked earlier. You mean you enabled Dynamic Updates on the
zone?
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
J
JC
Ace,
yes, i enabled dynamic DNS for the reverze zone.
"Ace Fekay [MVP]"
yes, i enabled dynamic DNS for the reverze zone.
"Ace Fekay [MVP]"
A
Ace Fekay [MVP]
In
Ok, thanks.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
JC said:Ace,
yes, i enabled dynamic DNS for the reverze zone.
Ok, thanks.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory