Registration DNS server unable to interpret format

[mark]

Please read this message all the way through before replying. I know
the error message I'm quoting is a common problem when DNS isn't
configured properly, but I've investigated that angle and I suspect
I've got a different sort of problem here.

I've got one Windows 2000 DC in our environment that repeatedly logs
the following error:

----------
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 28/02/2005
Time: 08:53:23
User: N/A
Computer: DCSERVERNAME
Description:
Registration of the DNS record '_ldap._tcp. ._sites.europe.domain.com.
600 IN SRV 0 100 389 DCSERVERNAME.europe.domain.com.' failed with the
following error:
DNS server unable to interpret format.
Data:
0000: 29 23 00 00 )#..
----------

There are also errors registering similar records for _kerberos and
_gc.

I have verified that the DNS servers and zones referenced in this
server's IP config are configured to allow updates (secure only). Other
servers including DCs register their records with these DNS servers
without error. I have reviewed Microsoft articles 266054 & 259277.

It seems as if this DC is trying to register using an invalid value for
the site name. Note in the error message the repeated periods between
_tcp and _sites. This is where the site name should go, but the error
shows a blank space.

I've verified that the server is in the correct site from AD Sites and
Services.

The _ldap, _kerberos, and _gc SRV records do exist in DNS in the
correct site path. They have a date/time stamp from two days ago, but
this error has been logged for months.

Any ideas on this mystery? I was considering moving the server to a
different site and then back, because I'm leaning towards the theory
that the server doesn't have its own site information configured
properly. However I wanted to check for advice before trying that.

Thanks!
/mark

 

[Ace Fekay [MVP]]

In

There are also errors registering similar records for _kerberos and
_gc.

I have verified that the DNS servers and zones referenced in this
server's IP config are configured to allow updates (secure only).
Other servers including DCs register their records with these DNS
servers without error. I have reviewed Microsoft articles 266054 &
259277.

It seems as if this DC is trying to register using an invalid value
for the site name. Note in the error message the repeated periods
between _tcp and _sites. This is where the site name should go, but
the error shows a blank space.

I've verified that the server is in the correct site from AD Sites and
Services.

The _ldap, _kerberos, and _gc SRV records do exist in DNS in the
correct site path. They have a date/time stamp from two days ago, but
this error has been logged for months.

Any ideas on this mystery? I was considering moving the server to a
different site and then back, because I'm leaning towards the theory
that the server doesn't have its own site information configured
properly. However I wanted to check for advice before trying that.

Thanks!
/mark

A 5774 error can be caused by a simple fact that the netlogon service is
intializing prior to AD, and the zone is unavailable at that point in time
when the machine is starting up. This can be ignored in some cases (such as
a single DC or a DC pointing to itself with other DCs across the WAN, or an
overloaded slow old machine), and point #4 below will address that. Is this
occuring during startup or is it an ongoing problem??

There are a number of factors that dictate registration (DCs, member servers
or clients). Let's go over them and see if your servers have been configured
properly.

1. The DNS address(es) in your machines must ONLY use your internal DNS
servers (no ISP's addresses).
2. The zone name in DNS MUST MATCH the AD DNS Domain name and allow
registration.
3. The Primary DNS Suffix MUST MATCH the AD domain name. If this is set to a
different name, or missing, then we have a major issue.The netlogon services
pulls the data from AD, builds the netlogon.dns file, then looks at the
Primary DNS Suffix for the name of the zone to register into, then registers
the data in that file into the zone.
4. If you have more than one DC/DNS server, point to a partner DNS (if one
exists in the same Site) as the first entry, and itself as the second entry.
If the partner DCs are across a WAN, just stick to pointing to itself as the
first, and the partner in the second.
5. (Not necessarily effecting registration, but can cause other problems) If
Windows 2003, the replication scope on all zone properties on each server
must match. If one is set to "DNS servers in the AD domain Application
Partition, and the other is set to AD Integrated compatible with Windows
2000, then there will be duplicates in the AD database, and will cause
issues.
6. The AD DNS domain name and zone name MUST NOT BE A SINGLE LABEL NAME.
7. The DHCP Client Service MUST BE RUNNING. Mis-named, this service (and not
the DNS Client service), is the service that actually does the
registration, static IP or not.
8. No personal firewall installed. If Zone Alarm was installed, and
uninstalled, it leaves dlls behind that cause problems, which one can go to
their website for the list to manually remove.


Once you've corrected (if any corrections need to be done), then to force
registration in a command prompt:
ipconfig /registerdns
net stop netlogon
net start netlogon

Hope that helps for starters. If not, can we see:
1. ipconfig /all from the offending machine(s)
2. A "net start"
3. dcdiag /v > c:\dcdiag.txt
4. netdiag /v /fix > c:\netdiag.txt
(Attach the text files and please don't use doc files.)

Thanks

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
=================================