netdiag /fix error

  • Thread starter Thread starter Clautmcp
  • Start date Start date
C

Clautmcp

This error occurs on the my DC DNS server when I run
netdiag /fix.
Dns Test ..... : Failed
[warning] Cannot find a primary authoritative dns server
for the name 'lkb10.domain1.lkbinc' [ rcode_server-failure]
The name 'lkb10.domain1.lkbinc' may not be registered in
dns.
[fatal] Failed to fix: DC DNS entry
_ldap.tcp.pdc._msdcs.domain1.lkbinc. re-registeration on
dns server '172.17.1.10' failed.
[fatal] Failed to fix: netdiag failed to re-register
missing DNS entries for this DC on the DNS
server '172.17.1.10'
[fatal] no DNS servers have the dns records for this dc
registered.

Any clue on how to correct this error?
Thanks in advance.
 
In (e-mail address removed) <[email protected]> posted a
question
Then Kevin replied below:
: This error occurs on the my DC DNS server when I run
: netdiag /fix.
: Dns Test ..... : Failed
: [warning] Cannot find a primary authoritative dns server
: for the name 'lkb10.domain1.lkbinc' [ rcode_server-failure]
: The name 'lkb10.domain1.lkbinc' may not be registered in
: dns.
: [fatal] Failed to fix: DC DNS entry
: _ldap.tcp.pdc._msdcs.domain1.lkbinc. re-registeration on
: dns server '172.17.1.10' failed.
: [fatal] Failed to fix: netdiag failed to re-register
: missing DNS entries for this DC on the DNS
: server '172.17.1.10'
: [fatal] no DNS servers have the dns records for this dc
: registered.
:
: Any clue on how to correct this error?
: Thanks in advance.

No real clue, but if you will post an unedited ipconfig /all from the DC
from that domain it will tell us where to start looking.
 
here is the Ipconfig /all output
I have also run the dcdiag and it reports all pass

Windows 2000 IP Configuration
host name.........lkb10
primary DNS Suffix..domain1.lkbinc
Node Type...Hybrid
IP Routing enabled...no
Wins Proxy Enable....no
DNS Suffix Search List ...domain1.lkbinc

Ethernet adapter Intel 82544gc Based Network Connection -
onboard:
Connection-specific Dns Suffix . :
Description.........:intel pro/1000 XT Network Connection
Physical Address....: 00-06-5B-8E-F8-8F
Dhcp Enabled .......no
Ip Address..........172.17.1.10
Subnet Mask.........255.255.0.0
Default Gateway.....
Dns Server..........:172.17.1.10
 
The Dns forward lookup zone is not populating even with
the allow dynamic updates turned on.
The reverse lookup is populating OK
 
In addition I am getting a Netlogon error 5781
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 1/24/2004
Time: 8:24:03 AM
User: N/A
Computer: LKB10
Description:
Dynamic registration or deregistration of one or more DNS
records failed because no DNS servers are available.
Data:
0000: 2a 23 00 00 *#..
I have renamed the netlogon dns and dnb files and
restarted the netlogon service
 
I have 2 DC, windows 2000 sp4
lkb10 is a file print server and the second is a exchange
2000 server w/sp3. there are no errors/events on the
exchange server.
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
: here is the Ipconfig /all output
: I have also run the dcdiag and it reports all pass
:
: Windows 2000 IP Configuration
: host name.........lkb10
: primary DNS Suffix..domain1.lkbinc
: Node Type...Hybrid
: IP Routing enabled...no
: Wins Proxy Enable....no
: DNS Suffix Search List ...domain1.lkbinc
:
: Ethernet adapter Intel 82544gc Based Network Connection -
: onboard:
: Connection-specific Dns Suffix . :
: Description.........:intel pro/1000 XT Network Connection
: Physical Address....: 00-06-5B-8E-F8-8F
: Dhcp Enabled .......no
: Ip Address..........172.17.1.10
: Subnet Mask.........255.255.0.0
: Default Gateway.....
: Dns Server..........:172.17.1.10
:
:: -----Original Message-----
:: This error occurs on the my DC DNS server when I run
:: netdiag /fix.
:: Dns Test ..... : Failed
:: [warning] Cannot find a primary authoritative dns server
:: for the name 'lkb10.domain1.lkbinc' [ rcode_server- failure]
:: The name 'lkb10.domain1.lkbinc' may not be registered in
:: dns.
:: [fatal] Failed to fix: DC DNS entry
:: _ldap.tcp.pdc._msdcs.domain1.lkbinc. re-registeration on
:: dns server '172.17.1.10' failed.
:: [fatal] Failed to fix: netdiag failed to re-register
:: missing DNS entries for this DC on the DNS
:: server '172.17.1.10'
:: [fatal] no DNS servers have the dns records for this dc
:: registered.
::
:: Any clue on how to correct this error?
:: Thanks in advance.
::
:: .

I am suspecting this is a disjointed namespace, your Primary DNS suffix does
not match your domain name.
Here is the clue:
Dns Test ..... : Failed
[warning] Cannot find a primary authoritative dns server
for the name 'lkb10.domain1.lkbinc'<---this is the zone name it is trying to
find
: host name.........lkb10
: primary DNS Suffix..domain1.lkbinc<---Your Primary DNS suffix

Look in ADU&C for the AD domain name, I suspect the AD domain name is
'lkb10.domain1.lkbinc' This occasionally pops up here, when you ran DCPROMO
and it asked for the FQDN of your AD domain, you mistakenly included your
server name in the FQDN for your domain.
There is a script for changing the primary DNS suffix, but in the meantime,
just to verify this create a zone with this name: 'lkb10.domain1.lkbinc'
(without quotes) set it to allow dynamic updates. Then on the NIC in the
Connection specific DNS suffix on the DC put 'lkb10.domain1.lkbinc' (without
quotes) in the field 'DNS suffix for this connection:' and check 'Register
the connection's addresses in DNS' and 'Use this connection's DNS suffix in
DNS registration'
Restart the Netlogon service and run ipconfig /registerdns I have never
verified this but I think this will work.

Please post back with the name of your AD domain or email me a screen print
of ADU&C if I verify this is a disjointed namespace I will email you a
script developed for MS Support Services for correcting the primary DNS
suffix. Keep in mind this will change the suffix to 'lkb10.domain1.lkbinc'
and give this DC a FQDN of 'lkb10.lkb10.domain1.lkbinc' this is not the best
choice.
 
In
I have 2 DC, windows 2000 sp4
lkb10 is a file print server and the second is a exchange
2000 server w/sp3. there are no errors/events on the
exchange server.
Click to expand...


On your machines, check to make sure that the subnet is the same.

ALso, since you have two DCs, it doesn't make sense why the ipconfig you
posted only shows one, unless you only have DNS setup on one of the DCs? If
DNS is not running on both of the DCs, I would suggest to do so. If DNS is
running on both of them, suggest to setup the DNS config in IP properties as
such (which eliminates a bunch of stuff) and make sure they are AD
Integrated.

DC1:
dc2's IP address
dc1's IP address

DC2:
dc1's IP address
dc2's IP address




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi Kevin,
The AD domain name is domain1.lkbinc
I have tried as you suggested but I am still getting the
errors.
Thank you again
Charlie
-----Original Message-----
In (e-mail address removed)
Click to expand...
posted a question
Then Kevin replied below:
: here is the Ipconfig /all output
: I have also run the dcdiag and it reports all pass
:
: Windows 2000 IP Configuration
: host name.........lkb10
: primary DNS Suffix..domain1.lkbinc
: Node Type...Hybrid
: IP Routing enabled...no
: Wins Proxy Enable....no
: DNS Suffix Search List ...domain1.lkbinc
:
: Ethernet adapter Intel 82544gc Based Network Connection -
: onboard:
: Connection-specific Dns Suffix . :
: Description.........:intel pro/1000 XT Network Connection
: Physical Address....: 00-06-5B-8E-F8-8F
: Dhcp Enabled .......no
: Ip Address..........172.17.1.10
: Subnet Mask.........255.255.0.0
: Default Gateway.....
: Dns Server..........:172.17.1.10
:
:: -----Original Message-----
:: This error occurs on the my DC DNS server when I run
:: netdiag /fix.
:: Dns Test ..... : Failed
:: [warning] Cannot find a primary authoritative dns server
:: for the name 'lkb10.domain1.lkbinc' [ rcode_server- failure]
:: The name 'lkb10.domain1.lkbinc' may not be registered in
:: dns.
:: [fatal] Failed to fix: DC DNS entry
:: _ldap.tcp.pdc._msdcs.domain1.lkbinc. re-registeration on
:: dns server '172.17.1.10' failed.
:: [fatal] Failed to fix: netdiag failed to re-register
:: missing DNS entries for this DC on the DNS
:: server '172.17.1.10'
:: [fatal] no DNS servers have the dns records for this dc
:: registered.
::
:: Any clue on how to correct this error?
:: Thanks in advance.
::
:: .

I am suspecting this is a disjointed namespace, your Primary DNS suffix does
not match your domain name.
Here is the clue:
Dns Test ..... : Failed
[warning] Cannot find a primary authoritative dns server
for the name 'lkb10.domain1.lkbinc'<---this is the zone name it is trying to
find
: host name.........lkb10
: primary DNS Suffix..domain1.lkbinc<---Your Primary DNS suffix

Look in ADU&C for the AD domain name, I suspect the AD domain name is
'lkb10.domain1.lkbinc' This occasionally pops up here, when you ran DCPROMO
and it asked for the FQDN of your AD domain, you mistakenly included your
server name in the FQDN for your domain.
There is a script for changing the primary DNS suffix, but in the meantime,
just to verify this create a zone with this name: 'lkb10.domain1.lkbinc'
(without quotes) set it to allow dynamic updates. Then on the NIC in the
Connection specific DNS suffix on the DC
Click to expand...
put 'lkb10.domain1.lkbinc' (without
quotes) in the field 'DNS suffix for this connection:' and check 'Register
the connection's addresses in DNS' and 'Use this connection's DNS suffix in
DNS registration'
Restart the Netlogon service and run
Click to expand...
ipconfig /registerdns I have never
 
Hi
This could be due to the configuration of DNS.

In this situation don't I'm about to explain, don't think of AD but just
flat DNS.

If you have created zone called lkbinc then you have a subdomain in DNS
called Domain1, from a Netlogon registration standpoint, this would be
considered a single labeled domain. Although I understand that you Forest
Root Name from AD standpoint is not since it would be domain1.lkbinc .
If you are configured the mentioned above you would need to apply the
registry changes listed in this article.

300684 Information About Configuring Windows 2000 for Domains With
Single-Label
http://support.microsoft.com/?id=300684

If this is not the case, can you confirm this is the only DNS update that
is failing?
Can you confirm that the subzone tcp.pdc._msdcs.domain1.lkbinc exists?


Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hello
tcp.pdc._msdcs.domain1.lkbinc does not exist.
-----Original Message-----
Hi
This could be due to the configuration of DNS.

In this situation don't I'm about to explain, don't think of AD but just
flat DNS.

If you have created zone called lkbinc then you have a subdomain in DNS
called Domain1, from a Netlogon registration standpoint, this would be
considered a single labeled domain. Although I understand that you Forest
Root Name from AD standpoint is not since it would be domain1.lkbinc .
If you are configured the mentioned above you would need to apply the
registry changes listed in this article.

300684 Information About Configuring Windows 2000 for Domains With
Single-Label
http://support.microsoft.com/?id=300684

If this is not the case, can you confirm this is the only DNS update that
is failing?
Can you confirm that the subzone
Click to expand...
tcp.pdc._msdcs.domain1.lkbinc exists?
Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

.
Click to expand...
 
I have tried the reg. fix 300684 from MS but I am still
having the same results.
-----Original Message-----
Hi
This could be due to the configuration of DNS.

In this situation don't I'm about to explain, don't think of AD but just
flat DNS.

If you have created zone called lkbinc then you have a subdomain in DNS
called Domain1, from a Netlogon registration standpoint, this would be
considered a single labeled domain. Although I understand that you Forest
Root Name from AD standpoint is not since it would be domain1.lkbinc .
If you are configured the mentioned above you would need to apply the
registry changes listed in this article.

300684 Information About Configuring Windows 2000 for Domains With
Single-Label
http://support.microsoft.com/?id=300684

If this is not the case, can you confirm this is the only DNS update that
is failing?
Can you confirm that the subzone
Click to expand...
tcp.pdc._msdcs.domain1.lkbinc exists?
Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

.
Click to expand...
 
Hi Charlie,

On your DNS server, how many NIC do you have installed? On the Tcpip properties, Internet Protocol (properties),
advanced tab, DNS Tab, Do you have anything in the "DNS suffix for this connection"? Are you using Append these
DNS suffixes(in order) or Append primary and connection specific DNS suffixes? Is it possible for you to run the
MPSReports and send them to use? here is the link
To help me trouble shoot this issue please download the Microsoft Product Support Reporting tool from the link
below:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-
30b0bd915706/MPSRPT_NETWORK.EXE
This information will help us to determine what factors are involved with the issue(s) we are experiencing with your
system.
The MPS utility will take about 5 to 15 minutes to gather information. This can be run at any time and will utilize
minimal processor time and memory and is quite unobtrusive to clients currently accessing the server.
It is required that the currently logged on user have Administrative rights in order to allow for proper operations of
the MPS Reporting Tool.
If you have any questions regarding the usage or operations of the MPS Reporting Tool please review the link below:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-
30b0bd915706/MPSRPT_Network_Readme.txt
DIRECTORY STRUCTURE:
========================
%SystemRoot%\MPSReports---|
|-- Network --|
|-- Bin --|
|-- Reports--|
|-- Cab
ADDITIONAL INFORMATION:
=======================
On your system a CAB file will be generated for your convenience in the %systemroot%\MPSReports\Network\Bin
\Reports\Cab directory called:
%COMPUTERNAME%_MPSReports.CAB.
The CAB file will contain the reports generated by the MPS Reporting Tool. Please email me back the cab file.

Thanks,
Tim Roberts [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top