DNS and Active Directory

Toggle sidebar Toggle sidebar
P

ping

Distinguished
Aug 17, 2004
12
0
18,510
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I have some problem with DNS Server in W2K AD. It is a single domain
environment and active directory is installed. The previous
configuration is not done by me.

I couldn't understand why the DNS in Network Connection setting(TCP/IP)
is pointed to ISP, which does not provides SRV records, yet the current
AD still works. There is no DNS Server service currently installed.

The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
I try to extend the schema, join the 2003 server to 2000 domain, and
transfer the FSMO roles.

Unexpected things happens. There is no DNS Server service that provides
SRV records, and therefore the joining of 2003 AD failed, with error
message indicating SRV record cannot be found. I try to install DNS
Server service in Windows 2000 Server. After installation, I found out
there is no zones configured in forward lookup zones. I created one,
and enabled dynamic updates, as some guides says, then proceed to
netdiag /fix. But it returned error and the four lines that is suppose
to be in the DNS entries:
_msdcs
_sites
_tcp
_udp
doesn't come out. I am lost and I have no idea how should I manually
create DNS entries so that the Active Directory can recognize it, and
to facilitate my 2003 server to join the 2000 domain.

Can any of you guide me how to setup the DNS Server services with
Active Directory already in place? I can't demote the Active Directory
since there are users and policy, permission, etc.

Thanks.
 
P

ping

Distinguished
Aug 17, 2004
12
0
18,510
Archived from groups: microsoft.public.win2000.active_directory (More info?)

These are the errors when I run netdiag:
Computer Name: SUNCITYSVR
DNS Host Name: suncitysvr.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643-DirectX9
KB839645
KB840315
KB841872
KB841873
KB842526
Q147222
Q828026

Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : suncitysvr
IP Address . . . . . . . . : 192.168.100.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.3
Dns Servers. . . . . . . . : 192.168.100.1
165.21.100.88

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'suncitysvr.local.'. [RCODE_SERVER_FAILURE]
The name 'suncitysvr.local.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry local. re-registeration on DNS
server '1
92.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.local.
re-registeration on DN
S server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.local.
re-register
ation on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.local.
re-registera
tion on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.f67a7e60-8cfc-4bdb-b96d-03a78
c9a2396.domains._msdcs.local. re-registeration on DNS server
'192.168.100.1' fai
led.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.local.
re-registeration on DNS
server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
6f1134d1-de26-4311-a000-a2878e369b90._ms
dcs.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.local.
re-regis
teration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.local.
re-registera
tion on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.local.
re-registeration o
n DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.local.
re-registeration on DNS
server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
local. re-registeration on DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.local.
re-registeration o
n DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.local.
re-registeration on
DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.local.
re-registeration on
DNS server '192.168.100.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS
entries for th
is DC on DNS server '192.168.100.1'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully
C:\PROGRA~1\SUPPOR~1>NetBT name test. . . . . . . . . . : Passed
'NetBT' is not recognized as an internal or external command,
operable program or batch file.
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>Winsock test . . . . . . . . . . . : Passed
'Winsock' is not recognized as an internal or external command,
operable program or batch file.
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>
C:\PROGRA~1\SUPPOR~1>DNS test . . . . . . . . . . . . . : Failed
 
E

enkidu

Distinguished
Feb 28, 2002
251
0
18,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

It's hard to say what is wrong, but to update the AD records
in DNS, firstly the DNS has to be set to allow updates (as
you have done) and, I believe, that the clients must be set
to update DNS dynamically. I believe that this is enable in
the TCP/IP properties of the NIC. It's certainly so for XP
clients.

You don't say whether or not you rebooted or restarted any
services. I think, (and I may be wrong) that you would at
least need to restart the NetLogon service.

In the DNS properties of the NIC on the DC it should point
to itself if it is the DNS server or to the DNS server for
the Domain.

Cheers,

Cliff

ping wrote:
> Hi,
>
> I have some problem with DNS Server in W2K AD. It is a single domain
> environment and active directory is installed. The previous
> configuration is not done by me.
>
> I couldn't understand why the DNS in Network Connection setting(TCP/IP)
> is pointed to ISP, which does not provides SRV records, yet the current
> AD still works. There is no DNS Server service currently installed.
>
> The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
> I try to extend the schema, join the 2003 server to 2000 domain, and
> transfer the FSMO roles.
>
> Unexpected things happens. There is no DNS Server service that provides
> SRV records, and therefore the joining of 2003 AD failed, with error
> message indicating SRV record cannot be found. I try to install DNS
> Server service in Windows 2000 Server. After installation, I found out
> there is no zones configured in forward lookup zones. I created one,
> and enabled dynamic updates, as some guides says, then proceed to
> netdiag /fix. But it returned error and the four lines that is suppose
> to be in the DNS entries:
> _msdcs
> _sites
> _tcp
> _udp
> doesn't come out. I am lost and I have no idea how should I manually
> create DNS entries so that the Active Directory can recognize it, and
> to facilitate my 2003 server to join the 2000 domain.
>
> Can any of you guide me how to setup the DNS Server services with
> Active Directory already in place? I can't demote the Active Directory
> since there are users and policy, permission, etc.
>
> Thanks.
>



--

Barzoomian the Martian - http://barzoomian.blogspot.com
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:1126974621.930071.10400@g14g2000cwa.googlegroups.com,
ping <wterng@gmail.com> made this post, which I then commented about below:
> Hi,
>
> I have some problem with DNS Server in W2K AD. It is a single domain
> environment and active directory is installed. The previous
> configuration is not done by me.
>
> I couldn't understand why the DNS in Network Connection
> setting(TCP/IP) is pointed to ISP, which does not provides SRV
> records, yet the current AD still works. There is no DNS Server
> service currently installed.
>
> The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
> I try to extend the schema, join the 2003 server to 2000 domain, and
> transfer the FSMO roles.
>
> Unexpected things happens. There is no DNS Server service that
> provides SRV records, and therefore the joining of 2003 AD failed,
> with error message indicating SRV record cannot be found. I try to
> install DNS Server service in Windows 2000 Server. After
> installation, I found out there is no zones configured in forward
> lookup zones. I created one, and enabled dynamic updates, as some
> guides says, then proceed to netdiag /fix. But it returned error and
> the four lines that is suppose to be in the DNS entries:
> _msdcs
> _sites
> _tcp
> _udp
> doesn't come out. I am lost and I have no idea how should I manually
> create DNS entries so that the Active Directory can recognize it, and
> to facilitate my 2003 server to join the 2000 domain.
>
> Can any of you guide me how to setup the DNS Server services with
> Active Directory already in place? I can't demote the Active Directory
> since there are users and policy, permission, etc.
>
> Thanks.

First, you multiposted this post to multiple newsgroups. It would have been
to YOUR advantage to "cross-post". This allows any responses to go to ALL
the newsgroups you posted to. Otherwise you have to manually check each one.
___________________________
Second, there are two problems with your configuration that is preventing
registration:
1. Your AD DNS Domain name is a single label name, "local".
2. There is an ISP's DNS address in your IP configuration.
___________________________
How to fix these issues?
1. Either a domain rename, (difficulty depends on the operating system), or
modifying the registry on each and every machine in your domain to allow
single label name DNS registration.

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684

2. Remove the ISP's DNS. ONLY use the internal DNS, which appears to be
192.168.100.1.

___________________________
Also, a little background on AD and DNS, and how registration works:
If you have your ISP's DNS addresses in your IP configuration (DCs and
clients), they need to be REMOVED. This is what is causing *part* of the
problem.

AD uses DNS. DNS stores AD's resource and service locations in the form of
SRV records, hence how everything that is part of the domain will find
resources in the domain. If the ISP's DNS is configured in the any of the
internal AD member machines' IP properties, (including all client machines
and DCs), the machines will be asking the ISP's DNS 'where is the domain
controller for my domain?", whenever it needs to perform a function, (such
as a logon request, replication request, querying and applying GPOs, etc).
Unfortunately, the ISP's DNS does not have that info and they reply with an
"I dunno know", and things just fail.

Therefore, you cannot use your ISP's DNS addresses anymore in your client or
any other machines. You cannot use your router as a DNS or DHCP server
either. If you are using your NT4 as a DNS server, that all needs to be
changed over to Win2003 DNS. Same with DHCP. NT4 DNS cannot support AD's SRV
requirements and dynamic updates.

If your current scenario is using your NT4 DNS, your ISP's DNS or your
router's DNS, it is strongly suggested and recommended to only use the
internal DNS servers on the network that is hosting the AD zone name. This
applies to all machines, (DCs and clients). Believe me, Internet resolution
will still work with the use of the Root hints (as long as the root zone
doesn't exist).

For more effcient Internet resolution, it's HIGHLY recommended to configure
a forwarder. If the forwarding option is grayed out, delete the Root zone
(looks like a period). If not sure how to preform these two tasks, please
follow one of the two articles listed below, depending on your operating
system. They show a step by step on how to perform these tasks:

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
http://support.microsoft.com/?id=323380

300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
http://support.microsoft.com/?id=300202

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;555040

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

DNS and AD (Windows 2000 & 2003) FAQ:
http://support.microsoft.com/?id=291382

--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Fix up your dns before anything else. Install and configure a DNS server on
your internal network, create appropriate zones related to your AD domains,
make sure the records are registered and so on.

Incorrect DNS configuration is the source of about 90% of all AD-related
problems.

--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services


"ping" <wterng@gmail.com> wrote in message
news:1126974621.930071.10400@g14g2000cwa.googlegroups.com...
> Hi,
>
> I have some problem with DNS Server in W2K AD. It is a single domain
> environment and active directory is installed. The previous
> configuration is not done by me.
>
> I couldn't understand why the DNS in Network Connection setting(TCP/IP)
> is pointed to ISP, which does not provides SRV records, yet the current
> AD still works. There is no DNS Server service currently installed.
>
> The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
> I try to extend the schema, join the 2003 server to 2000 domain, and
> transfer the FSMO roles.
>
> Unexpected things happens. There is no DNS Server service that provides
> SRV records, and therefore the joining of 2003 AD failed, with error
> message indicating SRV record cannot be found. I try to install DNS
> Server service in Windows 2000 Server. After installation, I found out
> there is no zones configured in forward lookup zones. I created one,
> and enabled dynamic updates, as some guides says, then proceed to
> netdiag /fix. But it returned error and the four lines that is suppose
> to be in the DNS entries:
> _msdcs
> _sites
> _tcp
> _udp
> doesn't come out. I am lost and I have no idea how should I manually
> create DNS entries so that the Active Directory can recognize it, and
> to facilitate my 2003 server to join the 2000 domain.
>
> Can any of you guide me how to setup the DNS Server services with
> Active Directory already in place? I can't demote the Active Directory
> since there are users and policy, permission, etc.
>
> Thanks.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I've did some searches and this might be appropriate for your case:
http://support.microsoft.com/default.aspx?scid=kb;en-us;260371

It even sais how to recreate your zone and the missing records (netlogon
stop/start).

and as Dmitry said, if DNS is not working properly, neither your AD will
work properly.

Andrei Ungureanu
www.eventid.net

"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
news:O6JXUsFvFHA.908@tk2msftngp13.phx.gbl...
> Fix up your dns before anything else. Install and configure a DNS server
> on your internal network, create appropriate zones related to your AD
> domains, make sure the records are registered and so on.
>
> Incorrect DNS configuration is the source of about 90% of all AD-related
> problems.
>
> --
> Dmitry Korolyov [d__k@removethispart.mail.ru]
> MVP: Windows Server - Directory Services
>
>
> "ping" <wterng@gmail.com> wrote in message
> news:1126974621.930071.10400@g14g2000cwa.googlegroups.com...
>> Hi,
>>
>> I have some problem with DNS Server in W2K AD. It is a single domain
>> environment and active directory is installed. The previous
>> configuration is not done by me.
>>
>> I couldn't understand why the DNS in Network Connection setting(TCP/IP)
>> is pointed to ISP, which does not provides SRV records, yet the current
>> AD still works. There is no DNS Server service currently installed.
>>
>> The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
>> I try to extend the schema, join the 2003 server to 2000 domain, and
>> transfer the FSMO roles.
>>
>> Unexpected things happens. There is no DNS Server service that provides
>> SRV records, and therefore the joining of 2003 AD failed, with error
>> message indicating SRV record cannot be found. I try to install DNS
>> Server service in Windows 2000 Server. After installation, I found out
>> there is no zones configured in forward lookup zones. I created one,
>> and enabled dynamic updates, as some guides says, then proceed to
>> netdiag /fix. But it returned error and the four lines that is suppose
>> to be in the DNS entries:
>> _msdcs
>> _sites
>> _tcp
>> _udp
>> doesn't come out. I am lost and I have no idea how should I manually
>> create DNS entries so that the Active Directory can recognize it, and
>> to facilitate my 2003 server to join the 2000 domain.
>>
>> Can any of you guide me how to setup the DNS Server services with
>> Active Directory already in place? I can't demote the Active Directory
>> since there are users and policy, permission, etc.
>>
>> Thanks.
>>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom