NetpCheckDomainNameIsValid returns 0x54b

  • Thread starter Thread starter Pat Coghlan
  • Start date Start date
P

Pat Coghlan

Our enterprise has 4 domains. All computers (DCs and workstations) in
our enterprise are pointed to a master DNS server now, but initially
each DC was configured to run DNS. All workstations joined their
respective domains when DNS ran on each DC.

Now that all computers are pointing to the backbone DNS server, attempts
to join one specific domain always fails. NetSetup.LOG shows that
NetpCheckDomainNameIsValid returns 0x54b. The other 3 domains can be
joined successfully.

How are domain names entered into the DNS server, since it does not
reside on a DC? When DNS is installed on a DC, I think the installation
process creates the forward lookup zone, but how is the zone created on
a DNS server running on a remote (Unix?) platform?

Do the DCs register the zone itself, similar to the way they register as
a DC for the zone?
 
In
Pat Coghlan said:
Our enterprise has 4 domains. All computers (DCs and workstations) in
our enterprise are pointed to a master DNS server now, but initially
each DC was configured to run DNS. All workstations joined their
respective domains when DNS ran on each DC.

Now that all computers are pointing to the backbone DNS server,
attempts to join one specific domain always fails. NetSetup.LOG
shows that NetpCheckDomainNameIsValid returns 0x54b. The other 3
domains can be joined successfully.

How are domain names entered into the DNS server, since it does not
reside on a DC? When DNS is installed on a DC, I think the
installation process creates the forward lookup zone, but how is the
zone created on a DNS server running on a remote (Unix?) platform?

Do the DCs register the zone itself, similar to the way they register
as a DC for the zone?
Click to expand...

You will have to register all the domain controller records in the Unix DNS
server. It would be easier if the Unix DNS had a secondary of the Windows
DNS server's zone. Otherwise you will have to manually create all the
records for all Domain Controllers on the Unix server.
You can make the BIND dynamic and let the DCs register in the BIND zone, but
it won't be secure.
 
I'm not sure what platform is used for our master DNS server, but if
it's a Windows server running DNS (but not a DC), do the records
(forward lookup zones etc.) still need to be created manually, or are
the DCs capable of registering this information themselves?
 
In
Pat Coghlan said:
I'm not sure what platform is used for our master DNS server, but if
it's a Windows server running DNS (but not a DC), do the records
(forward lookup zones etc.) still need to be created manually, or are
the DCs capable of registering this information themselves?
Click to expand...

Microsoft DNS on Win2k and Win2k3 both support dynamic DNS on primary zones,
only Active Directory Zones support secure dynamic updates. If the zone does
not support dynamic updating you will have to manually create all the
records or run it as a secondary of a zone that supports these features.
 
In other words, if everything is properly configured for dynamic updates
etc., I shouldn't have to ask our network people to manually create zone
names on the master DNS server, correct? It should all work automatically.
 
I found the problem.

In the DNS admin tool window, the AD zone type must be set to Primary
and not Active Directory-Integrated, else the records from the text file
are not uploaded to the DNS server.

Once I made this change, all workstations were able to join the domain.

Too bad our network people didn't suggest this a few weeks ago :-(

-Pat
 
Back
Top