Unable to replicate to new DC

  • Thread starter Thread starter Eric Foreman
  • Start date Start date
E

Eric Foreman

I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

......................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
 
Can you check the entries in DNS server against
%systemroot%\system32\config\netlogon.dns to see, that you have all records
registered in DNS ? aparently you are missing domain GUID cname record.
Error 1355 = The specified domain either does not exist or could not be
contacted. Which would point to DNS problem.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
Click to expand...
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
 
send the output from ipconfig /all. Do this on both servers

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
 
IPCONFIG from Thunder
========================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.LEISUREDOM>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : thunder
Primary DNS Suffix . . . . . . . : LEISUREDOM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LEISUREDOM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-08-02-46-25-77
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 10.10.1.8

C:\Documents and Settings\Administrator.LEISUREDOM>

IPCONFIG from server
========================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : LEISUREDOM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LEISUREDOM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Alert on LAN*
Mana
gement Adapter
Physical Address. . . . . . . . . : 00-D0-B7-73-FA-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 10.10.1.8

C:\Documents and Settings\Administrator>
Deji Akomolafe said:
send the output from ipconfig /all. Do this on both servers

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP
Click to expand...
address
is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
Click to expand...
 
Additional info on those;
#1) dns resolution problem - verify that the 2k server has all 4 "_"
folders in your forward lookup zone for your domain, that you can ping
leisuredom and get a reply (which you probably won't be able too since
unless you left off the .com, .local, etc from your post you have a single
label domain name, and if you've put sp4 on the dc's they won't register
correctly), and that the replica dc is pointed Only to the existing 2k dns
server for your domain. See the following if you have single label domain
name (no "." or extension on the domain name);
300684 Information About Configuring Windows 2000 for Domains With
Single-Label
http://support.microsoft.com/?id=300684
#2) also normally dns problem as it can't identify the rid master (via
dns). This can be resolved sometimes by moving the rid master role to the
machine complaining about the problem, but if dns isn't working properly
that won't work.
3) A separate problem most likely but not uncommon, and look at the
following to correct;
324383 Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/?id=324383

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
 
In Eric Foreman <[email protected]> posted a question
Then Kevin replied below:
: I've just installed a new DC to replace an old one and I'm having
: trouble with replication and SAM errors. I'm not sure wether this is
: DNS or AD related
Looks like you have a single label domain name.
This is just one of the many problems encountered with single label domain
names, some of which can be worked around by adding registry entries on your
DCs and all other domain members having Win2kSP4, WinXP and Windows Server
2003.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
 
What service pack are your DCs on? Your domain from the output listed below
is a single label domain name. If your DCs are on service pack 4 the
following KB article gives information about single-label domains.

300684 Information About Configuring Windows 2000 for Domains With
Single-Label http://support.microsoft.com/?id=300684

--
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
 
It doesn't have all 4 "_" folders in the forward lookup zone. I can't ping
leisuredom. I've tried removing and adding new forward lookup zones but the
"_" folders are never created.



David Brandt said:
Additional info on those;
#1) dns resolution problem - verify that the 2k server has all 4 "_"
folders in your forward lookup zone for your domain, that you can ping
leisuredom and get a reply (which you probably won't be able too since
unless you left off the .com, .local, etc from your post you have a single
label domain name, and if you've put sp4 on the dc's they won't register
correctly), and that the replica dc is pointed Only to the existing 2k dns
server for your domain. See the following if you have single label domain
name (no "." or extension on the domain name);
300684 Information About Configuring Windows 2000 for Domains With
Single-Label
http://support.microsoft.com/?id=300684
#2) also normally dns problem as it can't identify the rid master (via
dns). This can be resolved sometimes by moving the rid master role to the
machine complaining about the problem, but if dns isn't working properly
that won't work.
3) A separate problem most likely but not uncommon, and look at the
following to correct;
324383 Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/?id=324383

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP
Click to expand...
address
is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
Click to expand...
 
If you search this NewsGroup, you will likely find cupious notes from either
ACE or Kevin detailing how to fix "single-labeled" domain problems.

I think this is the cause of your problems. You are likely running SP4 on
your DCs and you are getting bitten by the single-label bug. Here's a tip I
got from experts-exchange a while back.

//add this one to the DNS Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Name: UpdateTopLevelDomainZones
Data Type: REG_DWORD
Value: 0x1

//add this one to all DC's and domain clients
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1

//add this one to all DC's and domain clients
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1


See http://support.microsoft.com/?kbid=300684 for a discussion of this.

HTH

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Eric Foreman said:
IPCONFIG from Thunder
========================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.LEISUREDOM>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : thunder
Primary DNS Suffix . . . . . . . : LEISUREDOM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LEISUREDOM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-08-02-46-25-77
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 10.10.1.8

C:\Documents and Settings\Administrator.LEISUREDOM>

IPCONFIG from server
========================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : LEISUREDOM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LEISUREDOM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Alert on LAN*
Mana
gement Adapter
Physical Address. . . . . . . . . : 00-D0-B7-73-FA-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 10.10.1.8

C:\Documents and Settings\Administrator>
Deji Akomolafe said:
send the output from ipconfig /all. Do this on both servers

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Click to expand...
the
IP
address (10.10.1.4) and was pingable. Check that the IP
Click to expand...
address
is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
Click to expand...
Click to expand...
 
If you search this NewsGroup, you will likely find cupious notes from either
ACE or Kevin detailing how to fix "single-labeled" domain problems.

I think this is the cause of your problems. You are likely running SP4 on
your DCs and you are getting bitten by the single-label bug. Here's a tip I
got from experts-exchange a while back.

//add this one to the DNS Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Name: UpdateTopLevelDomainZones
Data Type: REG_DWORD
Value: 0x1

//add this one to all DC's and domain clients
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1

//add this one to all DC's and domain clients
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1


See http://support.microsoft.com/?kbid=300684 for a discussion of this.

HTH

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Eric Foreman said:
IPCONFIG from Thunder
========================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.LEISUREDOM>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : thunder
Primary DNS Suffix . . . . . . . : LEISUREDOM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LEISUREDOM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-08-02-46-25-77
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 10.10.1.8

C:\Documents and Settings\Administrator.LEISUREDOM>

IPCONFIG from server
========================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : LEISUREDOM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LEISUREDOM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Alert on LAN*
Mana
gement Adapter
Physical Address. . . . . . . . . : 00-D0-B7-73-FA-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1
DNS Servers . . . . . . . . . . . : 10.10.1.8

C:\Documents and Settings\Administrator>
Deji Akomolafe said:
send the output from ipconfig /all. Do this on both servers

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Click to expand...
the
IP
address (10.10.1.4) and was pingable. Check that the IP
Click to expand...
address
is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
Click to expand...
Click to expand...
 
In Eric Foreman <[email protected]> posted a question
Then Kevin replied below:
: It doesn't have all 4 "_" folders in the forward lookup zone. I can't
: ping leisuredom. I've tried removing and adding new forward lookup
: zones but the "_" folders are never created.
:
That is because Starting with SP4 Win2k cannot register in DNS if you have a
single label domain name. You have to add the registry entries from 300684 -
Information About Configuring Windows 2000 for Domains with Single-Label DNS
Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
 
Thanks everyone. It was the single label dns name that caused it all. Once
the registry fixes were applied all is well.

Eric Foreman said:
I've just installed a new DC to replace an old one and I'm having trouble
with replication and SAM errors. I'm not sure wether this is DNS or AD
related

Old DC server.leisuredom, running DNS (AD integrated)
New DC thunder.leisuredom


The errors are

1) The DSA operation is unable to proceed because of a DNS lookup problem.
2) The account-identifier allocator failed to initialize properly.
3) Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.


Thanks in advance for any help you can offer.

Below is my NLTEST
=================================================
C:\Program Files\Support Tools>nltest /dsgetdc: /pdc /force /avoidself
DC: \\server.LEISUREDOM
Address: \\10.10.1.8
Dom Guid: bf57cae0-f90e-433d-b893-b311237d7c55
Dom Name: LEISUREDOM
Forest Name: LEISUREDOM
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC
DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully

C:\Program Files\Support Tools>nltest /dbflag:0x2000FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2000ffff
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>nltest /DSGETDC: /GC
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

=====================================================

Below is my DCDIAG & NETDIAG
=====================================================
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\THUNDER
Starting test: Connectivity
9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM's server
GUID DN
S name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(9617f994-936e-4bd0-bbfe-15fc8190f94a._msdcs.LEISUREDOM) couldn't
be
resolved, the server name (thunder.LEISUREDOM) resolved to the IP
address (10.10.1.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... THUNDER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\THUNDER
Skipping all tests, because server THUNDER is
not responding to directory service requests

Running enterprise tests on : LEISUREDOM
Starting test: Intersite
......................... LEISUREDOM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... LEISUREDOM failed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: THUNDER
DNS Host Name: thunder.LEISUREDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
KB829558
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : thunder
IP Address . . . . . . . . : 10.10.1.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.8


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'thunder.LEISUREDOM.'. [RCODE_SERVER_FAILURE]
The name 'thunder.LEISUREDOM.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.10.1.8'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A8CB8F48-C84A-4BE0-86B9-C14E7243418A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'LEISUREDOM' is to '\\SERVER'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'TWS-LC-SERVER'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>^A
Click to expand...
 
In
Deji Akomolafe said:
If you search this NewsGroup, you will likely find cupious notes from
either ACE or Kevin detailing how to fix "single-labeled" domain
problems.

I think this is the cause of your problems. You are likely running
SP4 on your DCs and you are getting bitten by the single-label bug.
Here's a tip I got from experts-exchange a while back.

//add this one to the DNS Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Name: UpdateTopLevelDomainZones
Data Type: REG_DWORD
Value: 0x1

//add this one to all DC's and domain clients
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1

//add this one to all DC's and domain clients
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
Name: AllowSingleLabelDnsDomain
Data Type: REG_DWORD
Value: 0x1


See http://support.microsoft.com/?kbid=300684 for a discussion of
this.

HTH


Dèjì Akómöláfé, MCSE MCSA MCP+I
Click to expand...


HI Deji,

Yep, we're all over the DNS newsgroups with that discussion. The fix
outlined in the article, just to point out, does not help GPO applying since
when the GetGPOList runs on the client looking Sysvol, since they're looking
for:
\\domain.com\sysvol\domain.com\policies

Problem with that, if there's a single label name, then it looks for:
\\domain\sysvol\domain\policies

So therefore, it will treat it as a computer NetBIOS name. We've had
discussions when Kevin came up with the idea to create a CNAME called
"domain" (or whatever the single label name is) and then creating an
additional search suffix on every client called "domain", but in a large
environment, this may not really be practical.

Or another way, to put a dot and the end of each policy, as Ulf suggested in
another post.

It's actually highly suggested to rename the domain one way or another.

Another big problem with single label names, is that it causes excessive
Internet query traffic to the ISC Roots. As been mentioned by Alan Wood, MS,
that we would rather be good folks in the Internet community to avoid this
unnecessary traffic to the Roots. That is why in W2k SP4 single label name
registration was stopped.

If the original poster of this thread needs more info on this and the single
label name issue, I can repost something from a thread explaining MS' take
on it and other info, such as rename options, etc.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top