V
Vic Russell
Hi,
We have SBS 2003 which is the pdc and a Win2k server which is also a Global
catalog server in the same domain.
Our DNS is showing two zones for some reason; mycompany.com and also
_msdcs.mycompany.com
The Win2k server was previously a Global catalog server on the mycompany.com
domain which I had collapsed before starting off with a new domain (also
mycompany.com) on the SBS 2003 server - it had to be the first server in the
domain. I think this is where the problem came from.
If I look at the NTDS settings in Active Directory Sites and Services, the
domain alias is BFAF49FE-CCAD-433A-B365-D525FCAB9298._msdcs.mycompany.com
which seems to imply that the _msdcs.mycompany.com zone is the correct one.
However, putting test host records in this zone does not seem to work when I
ping one of them. Putting them in mycompany.com does work.
Replication of the two zones appears to be working OK.
Can anyone trow any light on this?
In addition, we are getting the following System log entries every hour:-
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 09/01/2004
Time: 16:08:26
User: N/A
Computer: EAGLE
Description:
The Security System detected an authentication error for the server
DNS/eagle.mycompany.com. The failure code from authentication protocol
Kerberos was "The attempted logon is invalid. This is either due to a bad
username or authentication information.
(0xc000006d)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
AND
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 09/01/2004
Time: 16:08:26
User: N/A
Computer: EAGLE
Description:
The Security System could not establish a secured connection with the server
DNS/eagle.mycompany.com. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
Also we are getting the following in the DNS log :-
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 08/01/2004
Time: 13:08:11
User: N/A
Computer: EAGLE
Description:
The zone mycompany.com was previously loaded from the directory partition
MicrosoftDNS but another copy of the zone has been found in directory
partition DomainDnsZones.mycompany.com. The DNS Server will ignore this new
copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no action
is necessary. The deletion of the original copy of the zone should soon
replicate to this server.
If there are two copies of this zone in two different directory partitions
but this is not a transient caused by a zone move operation then one of
these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 89 25 00 00 ‰%..
We have SBS 2003 which is the pdc and a Win2k server which is also a Global
catalog server in the same domain.
Our DNS is showing two zones for some reason; mycompany.com and also
_msdcs.mycompany.com
The Win2k server was previously a Global catalog server on the mycompany.com
domain which I had collapsed before starting off with a new domain (also
mycompany.com) on the SBS 2003 server - it had to be the first server in the
domain. I think this is where the problem came from.
If I look at the NTDS settings in Active Directory Sites and Services, the
domain alias is BFAF49FE-CCAD-433A-B365-D525FCAB9298._msdcs.mycompany.com
which seems to imply that the _msdcs.mycompany.com zone is the correct one.
However, putting test host records in this zone does not seem to work when I
ping one of them. Putting them in mycompany.com does work.
Replication of the two zones appears to be working OK.
Can anyone trow any light on this?
In addition, we are getting the following System log entries every hour:-
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 09/01/2004
Time: 16:08:26
User: N/A
Computer: EAGLE
Description:
The Security System detected an authentication error for the server
DNS/eagle.mycompany.com. The failure code from authentication protocol
Kerberos was "The attempted logon is invalid. This is either due to a bad
username or authentication information.
(0xc000006d)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
AND
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 09/01/2004
Time: 16:08:26
User: N/A
Computer: EAGLE
Description:
The Security System could not establish a secured connection with the server
DNS/eagle.mycompany.com. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
Also we are getting the following in the DNS log :-
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 08/01/2004
Time: 13:08:11
User: N/A
Computer: EAGLE
Description:
The zone mycompany.com was previously loaded from the directory partition
MicrosoftDNS but another copy of the zone has been found in directory
partition DomainDnsZones.mycompany.com. The DNS Server will ignore this new
copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no action
is necessary. The deletion of the original copy of the zone should soon
replicate to this server.
If there are two copies of this zone in two different directory partitions
but this is not a transient caused by a zone move operation then one of
these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 89 25 00 00 ‰%..