missing dns records such as _msdcs and getting error 5781 on win2k dc

[Marc I.]

hi,

users cannot join the domain due to dns issues.....the server is missing
records such as _msdcs and getting eventID error 5781 on a win2k dc

how I populate DNS with all the required srv and _msdcs records since all
there is now is one A record for the server


Marc

 

[Marc I.]

This windows 2000 single DC has its primary IP pointed to itself see below
for more info

Dynamic registration or deregistration of one or more DNS records failed
because no DNS servers are available.

C:\>dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\TESTRADIX01
Starting test: Connectivity
TESTRADIX01's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(e368693c-4cce-4d33-8528-3395b1f04a00._msdcs.IHSTESTRADIX) couldn't
be
resolved, the server name (testradix01.IHSTESTRADIX) resolved to
the
IP address (192.168.92.98) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... TESTRADIX01 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\TESTRADIX01
Skipping all tests, because server TESTRADIX01 is
not responding to directory service requests

Running enterprise tests on : IHSTESTRADIX
Starting test: Intersite
......................... IHSTESTRADIX passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
......................... IHSTESTRADIX failed test FsmoCheck

 

[Ace Fekay [MVP]]

In Marc I. <[email protected]> made a post then I commented below
:: This windows 2000 single DC has its primary IP pointed to itself see
:: below for more info
::
:: Dynamic registration or deregistration of one or more DNS records
:: failed because no DNS servers are available.
::
<snip>

The main issue I see is your domain is a single label name. This does not
follow DNS RFC naming conventions. DNS is also hierarchal, such as the name
"domain.com.". It's like a tree. Turn the tree upside down. The Root is the
period at the end of it. The second level (or branch) is the TLD called
"com", the third level is "domain", etc. There is no hierarchy with a single
label name.

W2k SP4 and newer stopped the ability for registration into DNS with single
label zones. This is due to the excessive traffic to the DNS Internet Root
servers by a DNS server with a single label name zone. It "thinks" it's a
TLD. such as 'com'. 'edu', 'net', etc. So it's hits the Roots repeatedly
asking who knows of the TLD called "IHSTESTRADIX". Eventually it will come
back to look to itself. Microsoft stopped this behavior to protect the
Internet Root servers and eliminate the excessive queries to the Roots.

About the SRV records, they are auto registered by the DCs. You don't
normally manually enter them. If they are not populating, that is due to
your single label name domain. How do you fix this? If remaining with W2k, a
fresh domain build will be needed, since the domain cannot be renamed. Of
course that is not an easy task, especially if Exchange is in the picture.
If upgraded to W2k3, you can use the domain rename tools. If you you have
Exchange 2k, that needs to be upgraded first to 2k3, with SP1 (it has a
rename tool as well), then upgrade the domain and rename it

You could alter the registry to force registration.

251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option {more than likely due to single label name]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684

826743 - Clients cannot dynamically register DNS records in a single-label
forward lookup zone:
http://support.microsoft.com/default.aspx?scid=kb;en-us;826743



Also, I had another question. You originally stated:

"This windows 2000 single DC has its primary IP pointed to itself..."

Does that mean there's a second DNS IP?
Can you post an unedited ipconfig /all please?


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Marc I.]

I created a new forward zone called " _msdcs.domainname " and cycled the
netlogon service which resolved the issue and populated all missing entries

"Ace Fekay [MVP]"

In Marc I. <[email protected]> made a post then I commented below
:: This windows 2000 single DC has its primary IP pointed to itself see
:: below for more info
::
:: Dynamic registration or deregistration of one or more DNS records
:: failed because no DNS servers are available.
::
<snip>

The main issue I see is your domain is a single label name. This does not
follow DNS RFC naming conventions. DNS is also hierarchal, such as the
name "domain.com.". It's like a tree. Turn the tree upside down. The Root
is the period at the end of it. The second level (or branch) is the TLD
called "com", the third level is "domain", etc. There is no hierarchy with
a single label name.

W2k SP4 and newer stopped the ability for registration into DNS with
single label zones. This is due to the excessive traffic to the DNS
Internet Root servers by a DNS server with a single label name zone. It
"thinks" it's a TLD. such as 'com'. 'edu', 'net', etc. So it's hits the
Roots repeatedly asking who knows of the TLD called "IHSTESTRADIX".
Eventually it will come back to look to itself. Microsoft stopped this
behavior to protect the Internet Root servers and eliminate the excessive
queries to the Roots.

About the SRV records, they are auto registered by the DCs. You don't
normally manually enter them. If they are not populating, that is due to
your single label name domain. How do you fix this? If remaining with W2k,
a fresh domain build will be needed, since the domain cannot be renamed.
Of course that is not an easy task, especially if Exchange is in the
picture. If upgraded to W2k3, you can use the domain rename tools. If you
you have Exchange 2k, that needs to be upgraded first to 2k3, with SP1 (it
has a rename tool as well), then upgrade the domain and rename it

You could alter the registry to force registration.

251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option {more than likely due to single label name]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684

826743 - Clients cannot dynamically register DNS records in a single-label
forward lookup zone:
http://support.microsoft.com/default.aspx?scid=kb;en-us;826743



Also, I had another question. You originally stated:

"This windows 2000 single DC has its primary IP pointed to itself..."

Does that mean there's a second DNS IP?
Can you post an unedited ipconfig /all please?


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Ace Fekay [MVP]]

In

I created a new forward zone called " _msdcs.domainname " and cycled
the netlogon service which resolved the issue and populated all
missing entries

I would honestly try to address the single label domain name for future
peace of mind.



Ace