W2000Server DNS config wrong, how to fix or replace?

dmorgan-with-suffixed-\1\-ATdslextreme.com · Mar 25, 2004

DNS is wrong on a Win2000Server and I want to figure out how to make
it right.

It's Windows2000 Advanced Server in a small, non-critical test
network. For experiment I configured DNS on it one day, using
"windows.bogus" for a fictitious DNS domain name. A week later I
dcpromo'd so the machine became a domain controller. The
domain name is ACME. The server's IP is 192.168.3.3 and hostname is
EMACH2.

I became aware DNS is wrong when a Win2000Pro machine (192.168.3.11)
couldn't join the domain. Here's that attempt, in a packet capture
taken at the server while the 2000Pro tried to join:

Source Destination Protocol Info

192.168.3.11 192.168.3.3 DNS Standard query
SRV _ldap._tcp.dc._msdcs.ACME

192.168.3.3 192.168.3.11 DNS Standard query
response, No such name

00:90:27:9a:b5:b4 03:00:00:00:00:01 NETLOGON SAM LOGON request
from client

00:90:27:9a:b5:b4 03:00:00:00:00:01 NETLOGON SAM LOGON request
from client

00:90:27:9a:b5:b4 03:00:00:00:00:01 NETLOGON SAM LOGON request
from client

The netlogon appeals are unanswered by the server. I think becuase of
the DNS inability in the 2nd packet to resolve the inquiry of the 1st.
I know linux but am weak on windows, and uncertain what the inquiry is
asking.

I could happily blow away my DNS configuration to build a correct one
from scratch but don't know how. Any tips appreciated.

-------------------------------------------------------------
Additional info - results of 2 diagnostics:

dcdiag /test:connectivity /v and
netdiag /test

NS /v /l

1) Result of dcdiag /test:connectivity /v:

DC Diagnosis

Performing initial setup:
* Verifing that the local machine emach2, is a DC.
* Connecting to directory service on server emach2.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\EMACH2
Starting test: Connectivity
* Active Directory LDAP Services Check
EMACH2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a3e47f92-0f42-4ec2-80db-8e2041e71ac0._msdcs.windows.bogus) couldn't
be

resolved, the server name (emach2.windows.bogus) resolved to the IP
address (192.168.3.3) and was pingable. Check

that the IP address is registered correctly with the DNS
server.
......................... EMACH2 failed test Connectivity

2) Result of netdiag /test

NS /v /l:

Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DNS
[WARNING] The DNS entries for this DC are not registered correctly
on DNS server '192.168.3.3'. Please wait for 30

minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC
registered.

Tests complete.

Computer Name: EMACH2
DNS Host Name: emach2.windows.bogus
DNS Domain Name: windows.bogus
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
Hotfixes :
Installed? Name
Yes Q147222

Netcard queries test . . . . . . . : Passed

Information of Netcard drivers:

---------------------------------------------------------------------------
Description: NETGEAR FA310TX Fast Ethernet Adapter (DC21x4)
Device: \DEVICE\{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}

Media State: Connected

Device State: Connected
Connect Time: 05:58:58
Media Speed: 100 Mbps

Packets Sent: 471092
Bytes Sent (Optional): 669237589

Packets Received: 475860
Directed Pkts Recd (Optional): 475408
Bytes Received (Optional): 60307308
Directed Bytes Recd (Optional): 60307308

---------------------------------------------------------------------------
[PASS] - At least one netcard is in the 'Connected' state.

Per interface results:

Adapter : Local Area Connection
Adapter ID . . . . . . . . :
{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}

Netcard queries test . . . : Passed

Global results:

Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller
Emulator
Netbios Domain name. . . . . . : ACME
Dns domain name. . . . . . . . : windows.bogus
Dns forest name. . . . . . . . : windows.bogus
Domain Guid. . . . . . . . . . :
{79E56F16-347B-4C63-BADD-6545B51D70CB}
Domain Sid . . . . . . . . . . :
S-1-5-21-1060284298-920026266-1202660629
Logon User . . . . . . . . . . : administrator
Logon Domain . . . . . . . . . : ACME

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
1 NetBt transport currently configured.

DNS test . . . . . . . . . . . . . : Failed
Interface {6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
DNS Domain:
DNS Servers: 192.168.3.3
IP Address: 192.168.3.3
Expected registration with PDN (primary DNS domain name):
Hostname: emach2.windows.bogus.
[WARNING] Cannot find a primary authoritative DNS server for
the name
'emach2.windows.bogus.'. [RCODE_SERVER_FAILURE]
The name 'emach2.windows.bogus.' may not be registered in
DNS.
Check the DNS registration for DCs entries on DNS server '192.168.3.3'
The Record is correct on DNS server '192.168.3.3'.

The Record is correct on DNS server '192.168.3.3'.

The Record is correct on DNS server '192.168.3.3'.

The Record is correct on DNS server '192.168.3.3'.

Query for DC DNS entry windows.bogus. on DNS server 192.168.3.3
failed.
DNS Error code: 0x0000251D
Query for DC DNS entry _ldap._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _ldap._tcp.pdc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _ldap._tcp.gc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
_ldap._tcp.79e56f16-347b-4c63-badd-6545b51d70cb.domains._msdcs.windows.bogus.
on DNS server

192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry gc._msdcs.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
a3e47f92-0f42-4ec2-80db-8e2041e71ac0._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kerberos._tcp.dc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _ldap._tcp.dc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kerberos._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _gc._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kerberos._udp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kpasswd._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kpasswd._udp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.windows.bogus. on
DNS server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
[WARNING] The DNS entries for this DC are not registered correctly
on DNS server '192.168.3.3'. Please wait for 30

minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC
registered.

The command completed successfully

Herb Martin · Mar 25, 2004

DNS is wrong on a Win2000Server and I want to figure out how to make
it right.

It's Windows2000 Advanced Server in a small, non-critical test
network. For experiment I configured DNS on it one day, using
"windows.bogus" for a fictitious DNS domain name. A week later I
dcpromo'd so the machine became a domain controller. The
domain name is ACME. The server's IP is 192.168.3.3 and hostname is
EMACH2.

This domain is unrelated to the windows.bogus Zone. You need a zone
corresponding to ACME -- and since single tag domain names are a
very bad idea and this is a test domain, I would suggest you first DCPromo,
destroy the domain, set the machine name to a full DNS name and the
re-perform the DCPromo to create a (new) domain.

I became aware DNS is wrong when a Win2000Pro machine (192.168.3.11)
couldn't join the domain. Here's that attempt, in a packet capture
taken at the server while the 2000Pro tried to join:

You need a Dynamic DNS zone corresponding to the Windows Domain
name -- the domain really should be TWO or more tags, e.g., domain.com
or domain.bogus but not just "domainname".

All clients of the domain -- including DCs -- must configure ONLY the
internal DNS server (set) in their NIC\IP properties.

--
Herb Martin

Source Destination Protocol Info

192.168.3.11 192.168.3.3 DNS Standard query
SRV _ldap._tcp.dc._msdcs.ACME

192.168.3.3 192.168.3.11 DNS Standard query
response, No such name

00:90:27:9a:b5:b4 03:00:00:00:00:01 NETLOGON SAM LOGON request
from client

00:90:27:9a:b5:b4 03:00:00:00:00:01 NETLOGON SAM LOGON request
from client

00:90:27:9a:b5:b4 03:00:00:00:00:01 NETLOGON SAM LOGON request
from client

The netlogon appeals are unanswered by the server. I think becuase of
the DNS inability in the 2nd packet to resolve the inquiry of the 1st.
I know linux but am weak on windows, and uncertain what the inquiry is
asking.

I could happily blow away my DNS configuration to build a correct one
from scratch but don't know how. Any tips appreciated.

-------------------------------------------------------------
Additional info - results of 2 diagnostics:

dcdiag /test:connectivity /v and
netdiag /testNS /v /l

1) Result of dcdiag /test:connectivity /v:

DC Diagnosis

Performing initial setup:
* Verifing that the local machine emach2, is a DC.
* Connecting to directory service on server emach2.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\EMACH2
Starting test: Connectivity
* Active Directory LDAP Services Check
EMACH2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a3e47f92-0f42-4ec2-80db-8e2041e71ac0._msdcs.windows.bogus) couldn't
be

resolved, the server name (emach2.windows.bogus) resolved to the IP
address (192.168.3.3) and was pingable. Check

that the IP address is registered correctly with the DNS
server.
......................... EMACH2 failed test Connectivity

2) Result of netdiag /testNS /v /l:

Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DNS
[WARNING] The DNS entries for this DC are not registered correctly
on DNS server '192.168.3.3'. Please wait for 30

minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC
registered.

Tests complete.

Computer Name: EMACH2
DNS Host Name: emach2.windows.bogus
DNS Domain Name: windows.bogus
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
Hotfixes :
Installed? Name
Yes Q147222

Netcard queries test . . . . . . . : Passed

Information of Netcard drivers:

-------------------------------------------------------------------------- -
Description: NETGEAR FA310TX Fast Ethernet Adapter (DC21x4)
Device: \DEVICE\{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}

Media State: Connected

Device State: Connected
Connect Time: 05:58:58
Media Speed: 100 Mbps

Packets Sent: 471092
Bytes Sent (Optional): 669237589

Packets Received: 475860
Directed Pkts Recd (Optional): 475408
Bytes Received (Optional): 60307308
Directed Bytes Recd (Optional): 60307308

-------------------------------------------------------------------------- -
[PASS] - At least one netcard is in the 'Connected' state.

Per interface results:

Adapter : Local Area Connection
Adapter ID . . . . . . . . :
{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}

Netcard queries test . . . : Passed

Global results:

Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller
Emulator
Netbios Domain name. . . . . . : ACME
Dns domain name. . . . . . . . : windows.bogus
Dns forest name. . . . . . . . : windows.bogus
Domain Guid. . . . . . . . . . :
{79E56F16-347B-4C63-BADD-6545B51D70CB}
Domain Sid . . . . . . . . . . :
S-1-5-21-1060284298-920026266-1202660629
Logon User . . . . . . . . . . : administrator
Logon Domain . . . . . . . . . : ACME

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
1 NetBt transport currently configured.

DNS test . . . . . . . . . . . . . : Failed
Interface {6D381BC8-D278-4F18-AD7A-3F50879F5FAD}
DNS Domain:
DNS Servers: 192.168.3.3
IP Address: 192.168.3.3
Expected registration with PDN (primary DNS domain name):
Hostname: emach2.windows.bogus.
[WARNING] Cannot find a primary authoritative DNS server for
the name
'emach2.windows.bogus.'. [RCODE_SERVER_FAILURE]
The name 'emach2.windows.bogus.' may not be registered in
DNS.
Check the DNS registration for DCs entries on DNS server '192.168.3.3'
The Record is correct on DNS server '192.168.3.3'.

The Record is correct on DNS server '192.168.3.3'.

The Record is correct on DNS server '192.168.3.3'.

The Record is correct on DNS server '192.168.3.3'.

Query for DC DNS entry windows.bogus. on DNS server 192.168.3.3
failed.
DNS Error code: 0x0000251D
Query for DC DNS entry _ldap._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _ldap._tcp.pdc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _ldap._tcp.gc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
_ldap._tcp.79e56f16-347b-4c63-badd-6545b51d70cb.domains._msdcs.windows.bogus
..
on DNS server

192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry gc._msdcs.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
a3e47f92-0f42-4ec2-80db-8e2041e71ac0._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kerberos._tcp.dc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _ldap._tcp.dc._msdcs.windows.bogus. on DNS
server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kerberos._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _gc._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kerberos._udp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kpasswd._tcp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry _kpasswd._udp.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.windows.bogus. on DNS server
192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
Query for DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.windows.bogus. on
DNS server 192.168.3.3 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS
server)
[WARNING] The DNS entries for this DC are not registered correctly
on DNS server '192.168.3.3'. Please wait for 30

minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC
registered.

The command completed successfully

dmorgan-with-suffixed-\1\-ATdslextreme.com · Mar 26, 2004

This worked. Thank you. Now I have a side-effect problem.

Demoting then re-promoting the machine as a domain controller
destroyed the old "administrator" account, and created a new one. The
user profile settings of the old one (which I want) is left behind in
the C:\Documents and Settings\Administrator folder.

Is there some way I can create a new account, but have it adopt the
profile in that subfolder instead of creating a new default set of
settings?? And also have it able to log in locally?

Herb Martin · Mar 26, 2004

This worked. Thank you. Now I have a side-effect problem.

Demoting then re-promoting the machine as a domain controller
destroyed the old "administrator" account, and created a new one. The
user profile settings of the old one (which I want) is left behind in
the C:\Documents and Settings\Administrator folder.

Sorry, I would have mentioned that you might lose stuff if you hadn't
said it was a test setup.

Is there some way I can create a new account, but have it adopt the
profile in that subfolder instead of creating a new default set of
settings?? And also have it able to log in locally?

Sure, IF you save the old profile or still have it on the disk. Just
copy it over the new profile location.

Here's what I actually do (it sounds weird but it is the safest):

Copy the old profile somewhere (two copies in case I screw it up.)
Copy the new profile somewhere (two copies in case I screw it up.)
Copy the new profile over a copy of the old profile (so new settings
take precedence)
Copy the whole thing back over the current location.

xcopy /s /y etc etc etc.

W2000Server DNS config wrong, how to fix or replace?

dmorgan-with-suffixed-\1\-ATdslextreme.com

Herb Martin

dmorgan-with-suffixed-\1\-ATdslextreme.com

Herb Martin