Trouble with dynamic DNS registration after SP4 installed

  • Thread starter Thread starter introuble
  • Start date Start date
I

introuble

AD Domain. 2 DNS servers with AD-integrated zone.
After SP4 installed, in Event Log appears a lot of warnings (evere 2 hours)
Netlogon 5781 about dynamic registration.
when I delete A-record from zones (forvard and reverse) and reboot clients
PC (domain member) A-record does not appear in forward zone, but appears in
reverse. I check SVR records - everything looks like normal.

Whats up? Help please!
 
In
introuble said:
AD Domain. 2 DNS servers with AD-integrated zone.
After SP4 installed, in Event Log appears a lot of warnings (evere 2
hours) Netlogon 5781 about dynamic registration.
when I delete A-record from zones (forvard and reverse) and reboot
clients PC (domain member) A-record does not appear in forward zone,
but appears in reverse. I check SVR records - everything looks like
normal.

Whats up? Help please!
Click to expand...

Is there an external or ISP's DNS in your IP properties? That can be a
cause. The other cause is that if you have an AD Integrated zone, the zone
is not loaded yet since AD has not quite loaded it's services when netlogon
is trying to register. Causes could be overloaded services, slow machine,
etc. 5781s can be ignored.
http://www.eventid.net/display.asp?eventid=5781&source=

Also another way to get rid of it if you have more than one DC/DNS, point
the first guy to the second as first in the list and vice versa for the
second DC.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Is there an external or ISP's DNS in your IP properties?
Yes, I have, but on other DC/DNS no any ISP DNS, but situation the same.
That can be a
cause. The other cause is that if you have an AD Integrated zone, the zone
is not loaded yet since AD has not quite loaded it's services when netlogon
is trying to register. Causes could be overloaded services, slow machine,
etc. 5781s can be ignored.
Click to expand...

After DC/DNS started, and all nedded services started, trying to restart
NETLOGON service, and after it restarts, ni Event Log appears known
warnings.
Also another way to get rid of it if you have more than one DC/DNS, point
the first guy to the second as first in the list and vice versa for the
second DC.
Click to expand...
Yes, this is current settings at both DC/DNS

But dynamic registration do noy work: "when I delete A-record from zones
(forvard and reverse) and reboot clients PC (domain member) A-record does
not appear in forward zone, but appears in reverse."

After SP4 installed, I do not change any settings. What shall I check at
first? I already have no idea......
 
In
introuble said:
Yes, I have, but on other DC/DNS no any ISP DNS, but situation the
same.

After DC/DNS started, and all nedded services started, trying to
restart NETLOGON service, and after it restarts, ni Event Log appears
known warnings.

Yes, this is current settings at both DC/DNS

But dynamic registration do noy work: "when I delete A-record from
zones (forvard and reverse) and reboot clients PC (domain member)
A-record does not appear in forward zone, but appears in reverse."

After SP4 installed, I do not change any settings. What shall I check
at first? I already have no idea......
Click to expand...

Well, remove the ISP addresses FIRST. Remove them from every machine in the
domain, clients too. That usually fixes a dozen problems when it comes to
AD.

Make sure both zone properties that updates are set to YES (change it from
secure to ensure it works). Not knowing what clients you have, also in DHCP,
make sure to allow updates for clients that cannot register. And follow the
guideline I mentioned about your DCs and the DNS addresses.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
introuble said:
Net diag fragment:

DNS test . . . . . . . . . . . . . : Passed
Interface {skipped}
DNS Domain:
DNS Servers: xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
IP Address: yyy.yyy.yyy.yyy
Expected registration with PDN (primary DNS domain name):
Hostname: dc1.domain.
[WARNING] Cannot find a primary authoritative DNS server
for the name
'dc1.domain.'. [RCODE_SERVER_FAILURE]
The name 'dc1.domain.' may not be registered in DNS.

My domain named "domain" (single word without any dots and suffixes)
Click to expand...

I should have read this one sooner. If I see what I think it's saying,
you've got a bigger problem. Domain names must be in the form of at least a
domain name and a TLD, such as "domain.com" and not just "domain". That's an
illegal DNS name. Maybe from what this is saying, that the info does not
exist in your zone. I;m also tending to think you may also have a disjointed
namespace, but need more info from you to determine that.

Tell you what, here's what we need from you to better help out, if you can
post this back for us to see, to better diagnose this issue

1. An actual (*unedited* - don't change anything in it please -) ipconfig
/all from a client and your DC. If you have more than one DC, please post
two of them.

2. The actual AD domain name according to what your ADUC says.

3. The actual name (exact spelling) of the zone name in DNS.

4. Is the zone properties set to allow updates? Set to Yes?

5. Type of clients: W9x, NT4, W2k, XP, etc.

6. If W9x and NT4, do you have DHCP set to force updates for these clients?

That should better help us out to help you.


Thanks

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Ragini Srinivasa Murthy said:
Also, its not best practice to use single label domain names.

Ragini
Click to expand...
I was just going to add that observation Ragini, but you beat me to it. I
wouldn't want to use this method at all.Invites too many issues down the
line.

Cheers!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
"> Thanks for posting that. Actually I was hoping for an *unedited*
version...

Sorry, but I must change it. The configuration you recieved are real,
exclude two first position in IP addresses.
Well, hard to tell everything going since you edited your DNS servers IP
addresses out. So I would like to assume that you are using ONLY your
internal DNS servers. Did you set a forwarder for Internet resolution? This
article shows how to do that:
http://support.microsoft.com/?id=300202
Click to expand...

Yes, PDC emulator has two forwarders.
As far as your Primary DNS Suffix, assuming that you didn't edited that too: Yes, it's real name.
Well, that's a classic single label domain name (as Ragini mentioned) and
more than likely a "disjointed namespace" and IS what's causing ALL the
problems, from what I see.

It *must* be in the form of a second level domain and TLD (Top Level Domain,
which some call the first level domain), such as trans2k.com, trans2k.local,
trans2k.introuble, etc. That article Ragini provided can help you overcome
it, but as stated, it is NOT best practice to do it and frankly, would
highly advise against it.

So let's see what we can do to fix this guy...

I have a script that can fix this on a DC. But, I need to determine if it
will help. To determine if the script will work for you, I need to know what
is your AD DNS domain name? You can find that when you open up your ADUC, at
the top.
TRANS2K

I also need to know, what is the zone name in DNS?
trans2k

As for the clients, you can change Option 015 in DHCP or with a GPO setting,
provided that you get the Primary DNS Suffix straightened out on the DCs
first.
Click to expand...

How can I change "Option 015"? and where i can find it? Explain please...
The Priamry DNS Suffix dictates what zone name that the Netlogon service
looks for when it registers it's domain services and locations (as SRV
records) into DNS. This is *really* important for AD functionality.
Click to expand...
Thanks for you patience.
 
In introuble <[email protected]>
posted their concerns,
Then Kevin D4Dad added his reply at the bottom.
"Ace Fekay [MVP]"


But it works. Thanks for solution. Shall I expect any troubles with
"single label domain name" in the future?
Click to expand...

You will have to edit the registry of any Win XP machine you add to the
domain.
 
In introuble <[email protected]> posted his concerns then I replied down below:

Sorry about reposting that link without reading the rest of the thread.
I'm glad it worked out, but it will require additional steps as Kevin
mentioned.

Hope everything works out for you.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I just started having the same issues as described on two servers
running as DC's. I have added the registry key and restarted the
netlogon svc and still get the same error. I am now restarting one of
the servers to see if the reg key will take.

Anyway, can't the registry key be added via a Group Policy or would it
be better to add using the login script?
In Ragini Srinivasa Murthy [MS] <[email protected]> posted
his concerns then I replied down below:
Also, its not best practice to use single label domain names.

Ragini

I was just going to add that observation Ragini, but you beat me to
it. I wouldn't want to use this method at all.Invites too many
issues down the line.
Click to expand...

But it works. Thanks for solution. Shall I expect any troubles with
"single label domain name" in the future?
Click to expand...

You will have to edit the registry of any Win XP machine you add to the
domain.
Click to expand...
 
In
Paul Armstrong said:
I just started having the same issues as described on two servers
running as DC's. I have added the registry key and restarted the
netlogon svc and still get the same error. I am now restarting one of
the servers to see if the reg key will take.

Anyway, can't the registry key be added via a Group Policy or would it
be better to add using the login script?
Click to expand...

A script would be better.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top