Event ID 5504

  • Thread starter Thread starter cst112
  • Start date Start date
C

cst112

I am wondering how to avoid this message.

I did some searches for this error. Microsoft's site says there is a hotfix
that may solve this particular problem but you have to contact them to get
the hotfix.


I have and Active Directory Domain controller setup to use DNS Forwarders (I
use my ISP's primary and secondary controllers).
I have port 53 open on the firewall. If I am just using forwarders, I
probably don't need to open that port. I used to provide DNS services for a
different domain.
Here is the error message.
The DNS server encountered an invalid domain name in a packet from (ip
address here)

I am assuming my ISP is sending hostnames using special characters and does
not follow the RFC perfectly???

Thanks in advance,

Kevin
 
In
cst112 said:
I am wondering how to avoid this message.

I did some searches for this error. Microsoft's site says there is a
hotfix that may solve this particular problem but you have to contact
them to get the hotfix.


I have and Active Directory Domain controller setup to use DNS
Forwarders (I use my ISP's primary and secondary controllers).
I have port 53 open on the firewall. If I am just using forwarders, I
probably don't need to open that port. I used to provide DNS
services for a different domain.
Here is the error message.
The DNS server encountered an invalid domain name in a packet from (ip
address here)

I am assuming my ISP is sending hostnames using special characters
and does not follow the RFC perfectly???

Thanks in advance,

Kevin
Click to expand...


5504's are based on an illegal character. No undrescores, spaces, etc are
allowed. You;ll have to find the offending machine that has that IP and
rename it. Here's more info on it.
http://www.eventid.net/display.asp?eventid=5504&eventno=642&source=DNS&phase=1

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Thanks for replying Ace.

I read that article before I posted.
I am getting these errors from my ISP's DNS servers.
Does this mean I can't do anything about the errors?

Kevin


"Ace Fekay [MVP]"
 
In
cst112 said:
Thanks for replying Ace.

I read that article before I posted.
I am getting these errors from my ISP's DNS servers.
Does this mean I can't do anything about the errors?

Kevin
Click to expand...


ISP's DNS server? Hmm...

Are you ONLY using your internal DNS on all your machines? You can't use
your ISP's DNS on any AD machine (DC or clients) or guranteed that many
things WILL go wrong.

Do you have forwarding configured? If so, what are you using as a forwarder


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Forgot about this post for a while. Hopefully your still checking it.

My clients are all using our active directory DNS.
I have 2 Active Directory Controllers acting as my DNS.
I have forwarders configured on these servers to point to my ISP's DNS
servers.
The 5504 error are coming from my isp's DNS servers (it says the IP in the
event log).

Kevin


"Ace Fekay [MVP]"
 
In
cst112 said:
Forgot about this post for a while. Hopefully your still checking it.

My clients are all using our active directory DNS.
I have 2 Active Directory Controllers acting as my DNS.
I have forwarders configured on these servers to point to my ISP's DNS
servers.
The 5504 error are coming from my isp's DNS servers (it says the IP
in the event log).

Kevin
Click to expand...

Hi Kevin, yes, I'm still checking your post!

It usuallymeans one of your internal machines has an illegal character in
it's name. Underscores are usually the culprit. Could be a space as well.
You'll have to check your PC inventory.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
I have check all my computer names. They don't have spaces or underscores.
Some computers have a hyphen but do not have any illegal characters. I do
have printers/photocopiers that use the underscore but that doesn't make
sense why I would get an error message saying there is an invalid packet
from my dns server.

Here is the error message again with event id 5504

The DNS server encountered an invalid domain name in a packet from
142.165.5.2. The packet is rejected. (142.165.5.2 is my isp's DNS server)





"Ace Fekay [MVP]"
 
In
cst112 said:
I have check all my computer names. They don't have
spaces or underscores. Some computers have a hyphen but
do not have any illegal characters. I do have
printers/photocopiers that use the underscore but that
doesn't make sense why I would get an error message
saying there is an invalid packet from my dns server.

Here is the error message again with event id 5504

The DNS server encountered an invalid domain name in a
packet from 142.165.5.2. The packet is rejected.
(142.165.5.2 is my isp's DNS server)
Click to expand...

For some reason your DNS server may be sending a query for an illegal
single-label top level domain, there was a case a few weeks back, DNS was
querying the ISPs DNS for localhost that was causing the 5504. Creating a
zone named localhost with a blank host with IP 127.0.0.1 stopped the 5504s.
We never figure out why DNS was trying to resolve localhost because machines
should not be sending queries for localhost to DNS in the first place,
localhost should be resolved in the hosts file and should not even go to
DNS.
 
For some reason your DNS server may be sending a query for an illegal
single-label top level domain, there was a case a few weeks back, DNS was
querying the ISPs DNS for localhost that was causing the 5504. Creating a
zone named localhost with a blank host with IP 127.0.0.1 stopped the
Click to expand...
5504s.

So in my DNS under
Forward lookup Zone I create a new zone called localhost

example:
Forward Lookup Zones
mydomain.com
localhost

then I create blank hostname A record with 127.0.0.1. ( it gives me a
warning that it is an illegal hostname)


( I don't fully understand how localhost is a zone as opposed to an A record
in mydomain.com)


Thanks,

Kevin
 
In
cst112 said:
So in my DNS under
Forward lookup Zone I create a new zone called localhost

example:
Forward Lookup Zones
mydomain.com
localhost

then I create blank hostname A record with 127.0.0.1. (
it gives me a warning that it is an illegal hostname)
Click to expand...

Did you click OK to create the record anyway?
That is a message Win2k popped up, just click OK to create the record
anyway, Win2k3 no longer gives the message.
( I don't fully understand how localhost is a zone as
opposed to an A record in mydomain.com)
Click to expand...

If you created a host named localhost in your mydomain.com zone the FQDN of
that record would be localhost.mydomain.com. In the localhost zone its name
is just "localhost", with no domain suffix.
 
Did you click OK to create the record anyway?
That is a message Win2k popped up, just click OK to create the record
anyway, Win2k3 no longer gives the message.
Click to expand...

Yes, I created the host anyways. I have checked my logs but I am still
getting an error event id 5504 every 15 mins.
The only thing I can think of is my printers with underscores on them.
example Printer1_LAS. I have checked my DNS for host names of computers
and they all seem to comply. There are a few computer name that use a
hyphen. I am stumped by this error and I just can't seem to find any
information on the net to get rid of it. Should I be phoning Microsoft and
applying the hot fix? I don't want to spend a lot of money on support from
Microsoft.

My Error EventID 5504
"The DNS server encountered an invalid domain name in a packet from
142.165.5.2. The packet is rejected." (142.165.5.2 is my isp's DNS server)


Thanks,

Kevin
 
In
cst112 said:
Yes, I created the host anyways. I have checked my logs
but I am still getting an error event id 5504 every 15
mins.
The only thing I can think of is my printers with
underscores on them. example Printer1_LAS. I have
checked my DNS for host names of computers and they all
seem to comply. There are a few computer name that use a
hyphen. I am stumped by this error and I just can't seem
to find any information on the net to get rid of it.
Should I be phoning Microsoft and applying the hot fix?
I don't want to spend a lot of money on support from
Microsoft.
Click to expand...

5504's are very hard to diagnose unless you use a packet sniffer to see what
queries are being sent to the ISP's DNS that are being rejected. It could
very well be an incorrect name in the DNS Suffix search list, but you would
have to verify this by running ipconfig /all on all your clients.

I'm not sure what the hotfix your speaking of fixes, I am aware of the
hofix, but there are no details on what is causing the error, and what the
hotfix actually fixes.
You can call Microsoft with the KB article # and request the hotfix, there
is no charge for hotfixes.
 
The way the error log sounds, it seems like my server is rejecting the
packet from my ISP. Is that incorrect?

Kevin
 
In
cst112 said:
The way the error log sounds, it seems like my server is
rejecting the packet from my ISP. Is that incorrect?
Click to expand...

It is but that is just the way it happens.
 
Back
Top