perplexing dns problem

  • Thread starter Thread starter FurBot
  • Start date Start date
F

FurBot

Hi all.

Im having a slight problem with my windows 2003 domain. In my event viewer
i keep getting eventid 40961 with this message;

The Security System could not establish a secured connection with the server
DNS/****.****.org. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
This DNS server does not belong to our isp

We have no external dns here and only rely it on for internal use. so im not
sure why it would be trying to go to an outside dns server.

Ive checked the error message and it says its usually resolved by the time
you see the message but im getting it every few minutes.

Im not noticing any real problem on the domain. Exchange and all clients
are working properly.
The only problem i can see is excessive logon times. As in after the
password is typed its about 13 minutes before you actually hit the desktop.
Im unsure if these are related. DNS does appear to be working correctly
though as everyone can see the domain controller/exchang server properly and
i have no problem with clients joining the domain.


Anyone have a resolution for this?
 
Can you give me some more information on your IP addressing configuruation
and DNS server config?

It sounds like your sever is trying to register it's reverse PTR record to
an outside source, which is a common problem if you have not configured your
own internal reverse DNS zone.

I assume that you have your server pointing to itself for DNS name
registration and that the server is configured with Root Hints that point to
internet resources for unknown client name resolutions.

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided “AS IS†with no warranties and confers no rights.
 
Im using 192.168.0.* for my internal network. DC points to itself as primary
DNS server. There are two other DNS servers running for a w2k domain also in
the building. Those DNS servers are reflected in DHCP info as well. And
root hints point outside for internet addresses.
DNS is active directory integrated.
I have not created a reverse dns zone internally.


Rick Claus said:
Can you give me some more information on your IP addressing configuruation
and DNS server config?

It sounds like your sever is trying to register it's reverse PTR record to
an outside source, which is a common problem if you have not configured
your
own internal reverse DNS zone.

I assume that you have your server pointing to itself for DNS name
registration and that the server is configured with Root Hints that point
to
internet resources for unknown client name resolutions.

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided "AS IS" with no warranties and confers no rights.

FurBot said:
Hi all.

Im having a slight problem with my windows 2003 domain. In my event
viewer
i keep getting eventid 40961 with this message;

The Security System could not establish a secured connection with the
server
DNS/****.****.org. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
This DNS server does not belong to our isp

We have no external dns here and only rely it on for internal use. so im
not
sure why it would be trying to go to an outside dns server.

Ive checked the error message and it says its usually resolved by the
time
you see the message but im getting it every few minutes.

Im not noticing any real problem on the domain. Exchange and all clients
are working properly.
The only problem i can see is excessive logon times. As in after the
password is typed its about 13 minutes before you actually hit the
desktop.
Im unsure if these are related. DNS does appear to be working correctly
though as everyone can see the domain controller/exchang server properly
and
i have no problem with clients joining the domain.


Anyone have a resolution for this?
Click to expand...
Click to expand...
 
How are the clients set up? They should reference *ONLY* the internal
DNS. If they are configured with internal AND external addresses, then
the results are slow logins, and other DNS lookup problems. I doesn't
seem to me that this is the cause of the Event Viewer message, but it
may be related to the looong login times.

Have a look at this:

http://www.microsoft.com/resources/...erv/2003/all/techref/en-us/w2k3tr_dns_how.asp

or (alternative link to same reference)

http://tinyurl.com/6eunb

"By default, the Windows Server 2003 DNS Client service will
dynamically update host (A) resource records in DNS when configured
for TCP/IP. The Windows Server 2003 DNS Server service is configured,
by default, to allow only secure dynamic update. You must change this
configuration if you will be using dynamic update only."

You may have one or more of the DNS servers configured for secure DNS
dynamic updates. This may be causing the problems. Just a guess
though.

Cheers,

Cliff


Im using 192.168.0.* for my internal network. DC points to itself as primary
DNS server. There are two other DNS servers running for a w2k domain also in
the building. Those DNS servers are reflected in DHCP info as well. And
root hints point outside for internet addresses.
DNS is active directory integrated.
I have not created a reverse dns zone internally.


Rick Claus said:
Can you give me some more information on your IP addressing configuruation
and DNS server config?

It sounds like your sever is trying to register it's reverse PTR record to
an outside source, which is a common problem if you have not configured
your
own internal reverse DNS zone.

I assume that you have your server pointing to itself for DNS name
registration and that the server is configured with Root Hints that point
to
internet resources for unknown client name resolutions.

Rick Claus [MSFT], MCSE
TechNet CDN - IT Pro Advisor

No Email Please... This alias is for newsgroup purposes only.
This posting is provided "AS IS" with no warranties and confers no rights.

FurBot said:
Hi all.

Im having a slight problem with my windows 2003 domain. In my event
viewer
i keep getting eventid 40961 with this message;

The Security System could not establish a secured connection with the
server
DNS/****.****.org. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
This DNS server does not belong to our isp

We have no external dns here and only rely it on for internal use. so im
not
sure why it would be trying to go to an outside dns server.

Ive checked the error message and it says its usually resolved by the
time
you see the message but im getting it every few minutes.

Im not noticing any real problem on the domain. Exchange and all clients
are working properly.
The only problem i can see is excessive logon times. As in after the
password is typed its about 13 minutes before you actually hit the
desktop.
Im unsure if these are related. DNS does appear to be working correctly
though as everyone can see the domain controller/exchang server properly
and
i have no problem with clients joining the domain.


Anyone have a resolution for this?
Click to expand...
Click to expand...
Click to expand...
 
Back
Top