DNS and Active Directory

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I have some problem with DNS Server in W2K AD. It is a single domain
environment and active directory is installed. The previous
configuration is not done by me.

I couldn't understand why the DNS in Network Connection setting(TCP/IP)
is pointed to ISP, which does not provides SRV records, yet the current
AD still works. There is no DNS Server service currently installed.

The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
I try to extend the schema, join the 2003 server to 2000 domain, and
transfer the FSMO roles.

Unexpected things happens. There is no DNS Server service that provides
SRV records, and therefore the joining of 2003 AD failed, with error
message indicating SRV record cannot be found. I try to install DNS
Server service in Windows 2000 Server. After installation, I found out
there is no zones configured in forward lookup zones. I created one,
and enabled dynamic updates, as some guides says, then proceed to
netdiag /fix. But it returned error and the four lines that is suppose
to be in the DNS entries:
_msdcs
_sites
_tcp
_udp
doesn't come out. I am lost and I have no idea how should I manually
create DNS entries so that the Active Directory can recognize it, and
to facilitate my 2003 server to join the 2000 domain.

Can any of you guide me how to setup the DNS Server services with
Active Directory already in place? I can't demote the Active Directory
since there are users and policy, permission, etc.

Thanks.
5 answers Last reply
More about active directory
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    These are the errors when I run netdiag:
    Computer Name: SUNCITYSVR
    DNS Host Name: suncitysvr.local
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
    List of installed hotfixes :
    KB329115
    KB820888
    KB822831
    KB823182
    KB823559
    KB824105
    KB825119
    KB826232
    KB828035
    KB828741
    KB828749
    KB835732
    KB837001
    KB839643-DirectX9
    KB839645
    KB840315
    KB841872
    KB841873
    KB842526
    Q147222
    Q828026

    Netcard queries test . . . . . . . : Passed

    Per interface results:
    Adapter : Local Area Connection
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : suncitysvr
    IP Address . . . . . . . . : 192.168.100.1
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.100.3
    Dns Servers. . . . . . . . : 192.168.100.1
    165.21.100.88

    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    No remote names have been found.
    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.

    Global results:

    Domain membership test . . . . . . : Passed

    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
    1 NetBt transport currently configured.

    Autonet address test . . . . . . . : Passed

    IP loopback ping test. . . . . . . : Passed

    Default gateway test . . . . . . . : Passed

    NetBT name test. . . . . . . . . . : Passed

    Winsock test . . . . . . . . . . . : Passed

    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] Cannot find a primary authoritative DNS server for
    the name
    'suncitysvr.local.'. [RCODE_SERVER_FAILURE]
    The name 'suncitysvr.local.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry local. re-registeration on DNS
    server '1
    92.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.local.
    re-registeration on DN
    S server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _ldap._tcp.Default-First-Site-Name._site
    s.local. re-registeration on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.local.
    re-register
    ation on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.local.
    re-registera
    tion on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _ldap._tcp.Default-First-Site-Name._site
    s.gc._msdcs.local. re-registeration on DNS server '192.168.100.1'
    failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _ldap._tcp.f67a7e60-8cfc-4bdb-b96d-03a78
    c9a2396.domains._msdcs.local. re-registeration on DNS server
    '192.168.100.1' fai
    led.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry gc._msdcs.local.
    re-registeration on DNS
    server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    6f1134d1-de26-4311-a000-a2878e369b90._ms
    dcs.local. re-registeration on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.local.
    re-regis
    teration on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _kerberos._tcp.Default-First-Site-Name._
    sites.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
    failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.local.
    re-registera
    tion on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _ldap._tcp.Default-First-Site-Name._site
    s.dc._msdcs.local. re-registeration on DNS server '192.168.100.1'
    failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.local.
    re-registeration o
    n DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _kerberos._tcp.Default-First-Site-Name._
    sites.local. re-registeration on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.local.
    re-registeration on DNS
    server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry
    _gc._tcp.Default-First-Site-Name._sites.
    local. re-registeration on DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.local.
    re-registeration o
    n DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.local.
    re-registeration on
    DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.local.
    re-registeration on
    DNS server '192.168.100.1' failed.
    DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS
    entries for th
    is DC on DNS server '192.168.100.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{DCAB9168-37C1-4A7A-9E56-50ACF4673B1A}
    The browser is bound to 1 NetBt transport.

    DC discovery test. . . . . . . . . : Passed

    DC list test . . . . . . . . . . . : Passed

    Trust relationship test. . . . . . : Skipped

    Kerberos test. . . . . . . . . . . : Passed

    LDAP test. . . . . . . . . . . . . : Passed

    Bindings test. . . . . . . . . . . : Passed

    WAN configuration test . . . . . . : Skipped
    No active remote access connections.

    Modem diagnostics test . . . . . . : Passed
    IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.

    The command completed successfully
    C:\PROGRA~1\SUPPOR~1>NetBT name test. . . . . . . . . . : Passed
    'NetBT' is not recognized as an internal or external command,
    operable program or batch file.
    C:\PROGRA~1\SUPPOR~1>
    C:\PROGRA~1\SUPPOR~1>
    C:\PROGRA~1\SUPPOR~1>Winsock test . . . . . . . . . . . : Passed
    'Winsock' is not recognized as an internal or external command,
    operable program or batch file.
    C:\PROGRA~1\SUPPOR~1>
    C:\PROGRA~1\SUPPOR~1>
    C:\PROGRA~1\SUPPOR~1>DNS test . . . . . . . . . . . . . : Failed
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    It's hard to say what is wrong, but to update the AD records
    in DNS, firstly the DNS has to be set to allow updates (as
    you have done) and, I believe, that the clients must be set
    to update DNS dynamically. I believe that this is enable in
    the TCP/IP properties of the NIC. It's certainly so for XP
    clients.

    You don't say whether or not you rebooted or restarted any
    services. I think, (and I may be wrong) that you would at
    least need to restart the NetLogon service.

    In the DNS properties of the NIC on the DC it should point
    to itself if it is the DNS server or to the DNS server for
    the Domain.

    Cheers,

    Cliff

    ping wrote:
    > Hi,
    >
    > I have some problem with DNS Server in W2K AD. It is a single domain
    > environment and active directory is installed. The previous
    > configuration is not done by me.
    >
    > I couldn't understand why the DNS in Network Connection setting(TCP/IP)
    > is pointed to ISP, which does not provides SRV records, yet the current
    > AD still works. There is no DNS Server service currently installed.
    >
    > The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
    > I try to extend the schema, join the 2003 server to 2000 domain, and
    > transfer the FSMO roles.
    >
    > Unexpected things happens. There is no DNS Server service that provides
    > SRV records, and therefore the joining of 2003 AD failed, with error
    > message indicating SRV record cannot be found. I try to install DNS
    > Server service in Windows 2000 Server. After installation, I found out
    > there is no zones configured in forward lookup zones. I created one,
    > and enabled dynamic updates, as some guides says, then proceed to
    > netdiag /fix. But it returned error and the four lines that is suppose
    > to be in the DNS entries:
    > _msdcs
    > _sites
    > _tcp
    > _udp
    > doesn't come out. I am lost and I have no idea how should I manually
    > create DNS entries so that the Active Directory can recognize it, and
    > to facilitate my 2003 server to join the 2000 domain.
    >
    > Can any of you guide me how to setup the DNS Server services with
    > Active Directory already in place? I can't demote the Active Directory
    > since there are users and policy, permission, etc.
    >
    > Thanks.
    >


    --

    Barzoomian the Martian - http://barzoomian.blogspot.com
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:1126974621.930071.10400@g14g2000cwa.googlegroups.com,
    ping <wterng@gmail.com> made this post, which I then commented about below:
    > Hi,
    >
    > I have some problem with DNS Server in W2K AD. It is a single domain
    > environment and active directory is installed. The previous
    > configuration is not done by me.
    >
    > I couldn't understand why the DNS in Network Connection
    > setting(TCP/IP) is pointed to ISP, which does not provides SRV
    > records, yet the current AD still works. There is no DNS Server
    > service currently installed.
    >
    > The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
    > I try to extend the schema, join the 2003 server to 2000 domain, and
    > transfer the FSMO roles.
    >
    > Unexpected things happens. There is no DNS Server service that
    > provides SRV records, and therefore the joining of 2003 AD failed,
    > with error message indicating SRV record cannot be found. I try to
    > install DNS Server service in Windows 2000 Server. After
    > installation, I found out there is no zones configured in forward
    > lookup zones. I created one, and enabled dynamic updates, as some
    > guides says, then proceed to netdiag /fix. But it returned error and
    > the four lines that is suppose to be in the DNS entries:
    > _msdcs
    > _sites
    > _tcp
    > _udp
    > doesn't come out. I am lost and I have no idea how should I manually
    > create DNS entries so that the Active Directory can recognize it, and
    > to facilitate my 2003 server to join the 2000 domain.
    >
    > Can any of you guide me how to setup the DNS Server services with
    > Active Directory already in place? I can't demote the Active Directory
    > since there are users and policy, permission, etc.
    >
    > Thanks.

    First, you multiposted this post to multiple newsgroups. It would have been
    to YOUR advantage to "cross-post". This allows any responses to go to ALL
    the newsgroups you posted to. Otherwise you have to manually check each one.
    ___________________________
    Second, there are two problems with your configuration that is preventing
    registration:
    1. Your AD DNS Domain name is a single label name, "local".
    2. There is an ISP's DNS address in your IP configuration.
    ___________________________
    How to fix these issues?
    1. Either a domain rename, (difficulty depends on the operating system), or
    modifying the registry on each and every machine in your domain to allow
    single label name DNS registration.

    300684 - Information About Configuring Windows 2000 for Domains with
    Single-Label DNS Names:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;300684

    2. Remove the ISP's DNS. ONLY use the internal DNS, which appears to be
    192.168.100.1.

    ___________________________
    Also, a little background on AD and DNS, and how registration works:
    If you have your ISP's DNS addresses in your IP configuration (DCs and
    clients), they need to be REMOVED. This is what is causing *part* of the
    problem.

    AD uses DNS. DNS stores AD's resource and service locations in the form of
    SRV records, hence how everything that is part of the domain will find
    resources in the domain. If the ISP's DNS is configured in the any of the
    internal AD member machines' IP properties, (including all client machines
    and DCs), the machines will be asking the ISP's DNS 'where is the domain
    controller for my domain?", whenever it needs to perform a function, (such
    as a logon request, replication request, querying and applying GPOs, etc).
    Unfortunately, the ISP's DNS does not have that info and they reply with an
    "I dunno know", and things just fail.

    Therefore, you cannot use your ISP's DNS addresses anymore in your client or
    any other machines. You cannot use your router as a DNS or DHCP server
    either. If you are using your NT4 as a DNS server, that all needs to be
    changed over to Win2003 DNS. Same with DHCP. NT4 DNS cannot support AD's SRV
    requirements and dynamic updates.

    If your current scenario is using your NT4 DNS, your ISP's DNS or your
    router's DNS, it is strongly suggested and recommended to only use the
    internal DNS servers on the network that is hosting the AD zone name. This
    applies to all machines, (DCs and clients). Believe me, Internet resolution
    will still work with the use of the Root hints (as long as the root zone
    doesn't exist).

    For more effcient Internet resolution, it's HIGHLY recommended to configure
    a forwarder. If the forwarding option is grayed out, delete the Root zone
    (looks like a period). If not sure how to preform these two tasks, please
    follow one of the two articles listed below, depending on your operating
    system. They show a step by step on how to perform these tasks:

    323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
    http://support.microsoft.com/?id=323380

    300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
    http://support.microsoft.com/?id=300202

    Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
    Domain
    http://support.microsoft.com/default.aspx?scid=kb;en-us;555040

    825036 - Best practices for DNS client settings in Windows 2000 Server and
    in Windows Server 2003:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

    DNS and AD (Windows 2000 & 2003) FAQ:
    http://support.microsoft.com/?id=291382

    --
    Regards,
    Ace

    If this post is viewed at a non-Microsoft community website, and you were to
    respond to it through that community's website, I may not see your reply.
    Therefore, please direct all replies ONLY to the Microsoft public newsgroup
    this thread originated in so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Fix up your dns before anything else. Install and configure a DNS server on
    your internal network, create appropriate zones related to your AD domains,
    make sure the records are registered and so on.

    Incorrect DNS configuration is the source of about 90% of all AD-related
    problems.

    --
    Dmitry Korolyov [d__k@removethispart.mail.ru]
    MVP: Windows Server - Directory Services


    "ping" <wterng@gmail.com> wrote in message
    news:1126974621.930071.10400@g14g2000cwa.googlegroups.com...
    > Hi,
    >
    > I have some problem with DNS Server in W2K AD. It is a single domain
    > environment and active directory is installed. The previous
    > configuration is not done by me.
    >
    > I couldn't understand why the DNS in Network Connection setting(TCP/IP)
    > is pointed to ISP, which does not provides SRV records, yet the current
    > AD still works. There is no DNS Server service currently installed.
    >
    > The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
    > I try to extend the schema, join the 2003 server to 2000 domain, and
    > transfer the FSMO roles.
    >
    > Unexpected things happens. There is no DNS Server service that provides
    > SRV records, and therefore the joining of 2003 AD failed, with error
    > message indicating SRV record cannot be found. I try to install DNS
    > Server service in Windows 2000 Server. After installation, I found out
    > there is no zones configured in forward lookup zones. I created one,
    > and enabled dynamic updates, as some guides says, then proceed to
    > netdiag /fix. But it returned error and the four lines that is suppose
    > to be in the DNS entries:
    > _msdcs
    > _sites
    > _tcp
    > _udp
    > doesn't come out. I am lost and I have no idea how should I manually
    > create DNS entries so that the Active Directory can recognize it, and
    > to facilitate my 2003 server to join the 2000 domain.
    >
    > Can any of you guide me how to setup the DNS Server services with
    > Active Directory already in place? I can't demote the Active Directory
    > since there are users and policy, permission, etc.
    >
    > Thanks.
    >
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    I've did some searches and this might be appropriate for your case:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;260371

    It even sais how to recreate your zone and the missing records (netlogon
    stop/start).

    and as Dmitry said, if DNS is not working properly, neither your AD will
    work properly.

    Andrei Ungureanu
    www.eventid.net

    "Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
    news:O6JXUsFvFHA.908@tk2msftngp13.phx.gbl...
    > Fix up your dns before anything else. Install and configure a DNS server
    > on your internal network, create appropriate zones related to your AD
    > domains, make sure the records are registered and so on.
    >
    > Incorrect DNS configuration is the source of about 90% of all AD-related
    > problems.
    >
    > --
    > Dmitry Korolyov [d__k@removethispart.mail.ru]
    > MVP: Windows Server - Directory Services
    >
    >
    > "ping" <wterng@gmail.com> wrote in message
    > news:1126974621.930071.10400@g14g2000cwa.googlegroups.com...
    >> Hi,
    >>
    >> I have some problem with DNS Server in W2K AD. It is a single domain
    >> environment and active directory is installed. The previous
    >> configuration is not done by me.
    >>
    >> I couldn't understand why the DNS in Network Connection setting(TCP/IP)
    >> is pointed to ISP, which does not provides SRV records, yet the current
    >> AD still works. There is no DNS Server service currently installed.
    >>
    >> The problem arise when I try to migrate the 2000 Server AD to 2003 AD.
    >> I try to extend the schema, join the 2003 server to 2000 domain, and
    >> transfer the FSMO roles.
    >>
    >> Unexpected things happens. There is no DNS Server service that provides
    >> SRV records, and therefore the joining of 2003 AD failed, with error
    >> message indicating SRV record cannot be found. I try to install DNS
    >> Server service in Windows 2000 Server. After installation, I found out
    >> there is no zones configured in forward lookup zones. I created one,
    >> and enabled dynamic updates, as some guides says, then proceed to
    >> netdiag /fix. But it returned error and the four lines that is suppose
    >> to be in the DNS entries:
    >> _msdcs
    >> _sites
    >> _tcp
    >> _udp
    >> doesn't come out. I am lost and I have no idea how should I manually
    >> create DNS entries so that the Active Directory can recognize it, and
    >> to facilitate my 2003 server to join the 2000 domain.
    >>
    >> Can any of you guide me how to setup the DNS Server services with
    >> Active Directory already in place? I can't demote the Active Directory
    >> since there are users and policy, permission, etc.
    >>
    >> Thanks.
    >>
    >
    >
Ask a new question

Read More

Internet Service Providers Active Directory DNS Server DNS Servers Windows