D
Daniel Hienzsch
I have two servers setup on an independent network from our production
network. Only two servers on their own switch, own router, own internet
connection. I setup server01 with the base install then added the Domain
Controller role to it which installed and configured AD, DHCP and DNS. I
added a Primary Reverse Lookup Zone into DNS, then tested it using the
testing tool on the monitoring tab of the properties page.
I then built server02. It is a standard vanilla Win2K3 install. After
completing installation, I added it to the domain with no problem, then
rebooted. I then rebooted (as is required) and after each reboot, I get
error messages peppered throughout the event viewer on Server02 stating that
the domain controller cannot be found. DCDIAG confirms that the server can't
be seen. All MS Troubleshooting tips point to network connectivity being the
problem, but it isn't. I've checked the switch, NIC's, default network
settings, IP to no avail; it's all working right. I've checked and rechecked
every DNS entry for the Domain Controller in it's DNS setting, but I don't
see anything wrong in there.
And then after about 6 hours or so, DCDIAG starts working and I can see the
domain. If i reboot, I start the whole problem over again.
I've rebuilt these servers at least four times now trying to narrow down and
eliminate everything and this is about as basic as I can get the setup. One
DC, one member server, one switch, two network cables, one internet
connection, but I can't figure out what the problem is!
========================================================
Here is the complete list of DNS testing, DCDIAG testing and the actual
EVENT VIEWER errors reported...
For clarification:
Domain: domain.foo
Active Directory Controller / PDC Emulator: server01 = 10.55.1.10
Member Server: server02 = 10.55.1.11
C:\Documents and Settings\Administrator>dnslint /d domain.foo /s 10.55.1.10
/v
DNSLint will attempt to verify the DNS entries for:
domain.foo
This process may take several minutes to complete...
by-passing www.internic.net lookup...
using 10.55.1.10
Attempting to find host name for 10.55.1.10...name not found
Verifying the DNS records for the specified
domain name on each name server...
Checking SOA record on:
User Specified DNS Server (10.55.1.10)...
Authoritative name server: server01.domain.foo
Hostmaster: hostmaster
Zone serial number: 26
Refresh period: 900 seconds
Retry delay: 600 seconds
Zone expires in: 86400 seconds
Default (minimum) TTL: 3600 seconds
Querying for NS records...
Additional authoritative NS records for domain:
server01.domain.foo 10.55.1.10
querying for domain's host records...
Host records for domain:
10.55.1.10
querying for MX record data...
No MX records on that name server
=============================
Checking SOA record on:
server01.domain.foo (10.55.1.10)...
Authoritative name server: server01.domain.foo
Hostmaster: hostmaster
Zone serial number: 26
Refresh period: 900 seconds
Retry delay: 600 seconds
Zone expires in: 86400 seconds
Default (minimum) TTL: 3600 seconds
Querying for NS records...
Additional authoritative NS records for domain:
server01.domain.foo 10.55.1.10
querying for domain's host records...
Host records for domain:
10.55.1.10
querying for MX record data...
No MX records on that name server
=============================
generating report file....
A file called dnslint.htm already exists
Do you want to overwrite it? (Y/N)y
overwriting existing .htm file...
Creating report called dnslint.htm in current directory
C:\Documents and Settings\Administrator>ping server01.domain.foo
Pinging server01.domain.foo [10.55.1.10] with 32 bytes of data:
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Ping statistics for 10.55.1.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\Administrator>nslookup server01.domain.foo
*** Can't find server name for address 10.55.1.10: Non-existent domain
Server: UnKnown
Address: 10.55.1.10
Name: server01.domain.foo
Address: 10.55.1.10
C:\Documents and Settings\Administrator>nslookup server01.domain.foo
Server: server01.domain.foo
Address: 10.55.1.10
Name: server01.domain.foo
Address: 10.55.1.10
C:\Documents and Settings\Administrator>
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.domain>dcdiag /s:server01 |more
Domain Controller Diagnosis
Performing initial setup:
[server01] LDAP bind failed with error 8341,
A directory service error has occurred..
C:\Documents and Settings\Administrator.domain>dcdiag /s:server01 |more
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\server01
Starting test: Connectivity
The host 2713c23b-b7f2-4533-85a9-a747c557422a._msdcs.domain.foo c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
......................... server01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site\server01
Skipping all tests, because server server01 is
not responding to directory service requests
Running partition tests on : TAPI3Directory
Starting test: CrossRefValidation
......................... TAPI3Directory passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... TAPI3Directory passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domain
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Running enterprise tests on : domain.foo
Starting test: Intersite
......................... domain.foo passed test Intersite
Starting test: FsmoCheck
......................... domain.foo passed test FsmoCheck
C:\Documents and Settings\Administrator.domain>nslookup
*** Can't find server name for address 10.55.1.10: Non-existent domain
Default Server: UnKnown
Address: 10.55.1.10
Address: 10.55.1.10
_ldap._tcp.dc._msdcs.domain.foo SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = server01.domain.foo
server01.domain.foo internet address = 10.55.1.10
================================================
================================================
================================================
EVENT VIEWER ERRORS
================================================
================================================
================================================
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 1/21/2004
Time: 3:11:21 PM
User: NT AUTHORITY\SYSTEM
Computer: server02
Description:
Windows cannot obtain the domain controller name for your computer network.
(The specified domain either does not exist or could not be contacted. ).
Group Policy processing aborted.
For more information, see Help and
Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 1/21/2004
Time: 3:11:26 PM
User: N/A
Computer: server02
Description:
The master browser has received a server announcement from the computer
server01 that believes that it is the master browser for the domain on
transport NetBT_Tcpip_{3E658275-8CE8-4150. The master browser is stopping
or an election is being forced.
For more information, see Help and
Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00 ......N.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/21/2004
Time: 3:11:21 PM
User: N/A
Computer: server02
Description:
This computer was not able to set up a secure session with a domain
controller in domain domain due to the following:
There are currently no logon servers available to service the logon
request.
This may lead to authentication problems. Make sure that this computer
is connected to the network. If the problem persists, please contact
your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets
up the secure session to the primary domain controller emulator in the
specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
For more information,
see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0 ^..À
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 1/21/2004
Time: 3:04:05 PM
User: N/A
Computer: server02
Description:
The system failed to update and remove host (A) resource records (RRs) for
network adapter with settings:
Adapter Name : {E4AE94A6-F873-4BA2-A86B-41FC56F45A04}
Host Name : server02
Primary Domain Suffix : domain.foo
DNS server list :
10.55.1.10, 63.140.240.35
Sent update to server : <?>
IP Address(es) :
10.55.1.11
The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.
For more
information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 27 00 00 Q'..
network. Only two servers on their own switch, own router, own internet
connection. I setup server01 with the base install then added the Domain
Controller role to it which installed and configured AD, DHCP and DNS. I
added a Primary Reverse Lookup Zone into DNS, then tested it using the
testing tool on the monitoring tab of the properties page.
I then built server02. It is a standard vanilla Win2K3 install. After
completing installation, I added it to the domain with no problem, then
rebooted. I then rebooted (as is required) and after each reboot, I get
error messages peppered throughout the event viewer on Server02 stating that
the domain controller cannot be found. DCDIAG confirms that the server can't
be seen. All MS Troubleshooting tips point to network connectivity being the
problem, but it isn't. I've checked the switch, NIC's, default network
settings, IP to no avail; it's all working right. I've checked and rechecked
every DNS entry for the Domain Controller in it's DNS setting, but I don't
see anything wrong in there.
And then after about 6 hours or so, DCDIAG starts working and I can see the
domain. If i reboot, I start the whole problem over again.
I've rebuilt these servers at least four times now trying to narrow down and
eliminate everything and this is about as basic as I can get the setup. One
DC, one member server, one switch, two network cables, one internet
connection, but I can't figure out what the problem is!
========================================================
Here is the complete list of DNS testing, DCDIAG testing and the actual
EVENT VIEWER errors reported...
For clarification:
Domain: domain.foo
Active Directory Controller / PDC Emulator: server01 = 10.55.1.10
Member Server: server02 = 10.55.1.11
C:\Documents and Settings\Administrator>dnslint /d domain.foo /s 10.55.1.10
/v
DNSLint will attempt to verify the DNS entries for:
domain.foo
This process may take several minutes to complete...
by-passing www.internic.net lookup...
using 10.55.1.10
Attempting to find host name for 10.55.1.10...name not found
Verifying the DNS records for the specified
domain name on each name server...
Checking SOA record on:
User Specified DNS Server (10.55.1.10)...
Authoritative name server: server01.domain.foo
Hostmaster: hostmaster
Zone serial number: 26
Refresh period: 900 seconds
Retry delay: 600 seconds
Zone expires in: 86400 seconds
Default (minimum) TTL: 3600 seconds
Querying for NS records...
Additional authoritative NS records for domain:
server01.domain.foo 10.55.1.10
querying for domain's host records...
Host records for domain:
10.55.1.10
querying for MX record data...
No MX records on that name server
=============================
Checking SOA record on:
server01.domain.foo (10.55.1.10)...
Authoritative name server: server01.domain.foo
Hostmaster: hostmaster
Zone serial number: 26
Refresh period: 900 seconds
Retry delay: 600 seconds
Zone expires in: 86400 seconds
Default (minimum) TTL: 3600 seconds
Querying for NS records...
Additional authoritative NS records for domain:
server01.domain.foo 10.55.1.10
querying for domain's host records...
Host records for domain:
10.55.1.10
querying for MX record data...
No MX records on that name server
=============================
generating report file....
A file called dnslint.htm already exists
Do you want to overwrite it? (Y/N)y
overwriting existing .htm file...
Creating report called dnslint.htm in current directory
C:\Documents and Settings\Administrator>ping server01.domain.foo
Pinging server01.domain.foo [10.55.1.10] with 32 bytes of data:
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
Ping statistics for 10.55.1.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\Administrator>nslookup server01.domain.foo
*** Can't find server name for address 10.55.1.10: Non-existent domain
Server: UnKnown
Address: 10.55.1.10
Name: server01.domain.foo
Address: 10.55.1.10
C:\Documents and Settings\Administrator>nslookup server01.domain.foo
Server: server01.domain.foo
Address: 10.55.1.10
Name: server01.domain.foo
Address: 10.55.1.10
C:\Documents and Settings\Administrator>
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.domain>dcdiag /s:server01 |more
Domain Controller Diagnosis
Performing initial setup:
[server01] LDAP bind failed with error 8341,
A directory service error has occurred..
C:\Documents and Settings\Administrator.domain>dcdiag /s:server01 |more
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\server01
Starting test: Connectivity
The host 2713c23b-b7f2-4533-85a9-a747c557422a._msdcs.domain.foo c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
......................... server01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site\server01
Skipping all tests, because server server01 is
not responding to directory service requests
Running partition tests on : TAPI3Directory
Starting test: CrossRefValidation
......................... TAPI3Directory passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... TAPI3Directory passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domain
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Running enterprise tests on : domain.foo
Starting test: Intersite
......................... domain.foo passed test Intersite
Starting test: FsmoCheck
......................... domain.foo passed test FsmoCheck
C:\Documents and Settings\Administrator.domain>nslookup
*** Can't find server name for address 10.55.1.10: Non-existent domain
Default Server: UnKnown
Address: 10.55.1.10
Server: UnKnownset type=all
_ldap._tcp.dc._msdcs.domain.foo
Address: 10.55.1.10
_ldap._tcp.dc._msdcs.domain.foo SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = server01.domain.foo
server01.domain.foo internet address = 10.55.1.10
================================================
================================================
================================================
EVENT VIEWER ERRORS
================================================
================================================
================================================
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 1/21/2004
Time: 3:11:21 PM
User: NT AUTHORITY\SYSTEM
Computer: server02
Description:
Windows cannot obtain the domain controller name for your computer network.
(The specified domain either does not exist or could not be contacted. ).
Group Policy processing aborted.
For more information, see Help and
Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 1/21/2004
Time: 3:11:26 PM
User: N/A
Computer: server02
Description:
The master browser has received a server announcement from the computer
server01 that believes that it is the master browser for the domain on
transport NetBT_Tcpip_{3E658275-8CE8-4150. The master browser is stopping
or an election is being forced.
For more information, see Help and
Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00 ......N.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/21/2004
Time: 3:11:21 PM
User: N/A
Computer: server02
Description:
This computer was not able to set up a secure session with a domain
controller in domain domain due to the following:
There are currently no logon servers available to service the logon
request.
This may lead to authentication problems. Make sure that this computer
is connected to the network. If the problem persists, please contact
your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets
up the secure session to the primary domain controller emulator in the
specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
For more information,
see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0 ^..À
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 1/21/2004
Time: 3:04:05 PM
User: N/A
Computer: server02
Description:
The system failed to update and remove host (A) resource records (RRs) for
network adapter with settings:
Adapter Name : {E4AE94A6-F873-4BA2-A86B-41FC56F45A04}
Host Name : server02
Primary Domain Suffix : domain.foo
DNS server list :
10.55.1.10, 63.140.240.35
Sent update to server : <?>
IP Address(es) :
10.55.1.11
The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.
For more
information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 27 00 00 Q'..