Sign in with
Sign up | Sign in
Your question

Cannot find a primary authoritative DNS server

Last response: in Windows 2000/NT
Share
Anonymous
July 27, 2004 6:08:02 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I cannot open AD Users and computers or any other utility. Error "Naming information cannot be located because the network path was not found". I ran a DcDiag which failed the DNS test with "Cannot find a primary authoritative DNS server for the name 'servername.domainname.com' [DNS_ERROR_NO_TCPIP]. The name 'servername.domainname.com' may not be correctly registered on DNS server 172.21.151.2. Please wait for 30 min for DNS server replication. [FATAL]No DNS servers have the DNS records for this DC registered". A reboot fixes this but the problem eventually comes back. I checked the 172.21.151.2 server which is the primary DNS server and FSMO role holder and this DC has a record created. TCP/IP properties on the affected server has primary DNS pointing to 172.21.151.2. Any thoughts?

Thanks
Anonymous
July 27, 2004 6:30:06 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I forgot to mention...

The O/S is 2003. The server has only 1 NIC and I ran netdiag, not dcdiag.

Thanks

"InAjAm" wrote:

> I cannot open AD Users and computers or any other utility. Error "Naming information cannot be located because the network path was not found". I ran a DcDiag which failed the DNS test with "Cannot find a primary authoritative DNS server for the name 'servername.domainname.com' [DNS_ERROR_NO_TCPIP]. The name 'servername.domainname.com' may not be correctly registered on DNS server 172.21.151.2. Please wait for 30 min for DNS server replication. [FATAL]No DNS servers have the DNS records for this DC registered". A reboot fixes this but the problem eventually comes back. I checked the 172.21.151.2 server which is the primary DNS server and FSMO role holder and this DC has a record created. TCP/IP properties on the affected server has primary DNS pointing to 172.21.151.2. Any thoughts?
>
> Thanks
Anonymous
July 27, 2004 7:29:36 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Maybe:
SRV Resource Records May Not Be Created on Domain Controller

http://support.microsoft.com/default.aspx?scid=kb;en-us;239897



How to Verify the Creation of SRV Records for a Domain Controller

http://support.microsoft.com/default.aspx?scid=kb;en-us;241515





hth

DDS W 2k MVP MCSE



"InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
news:5BC8C369-EF60-4E6D-A8E3-BBE48642C430@microsoft.com...
> I cannot open AD Users and computers or any other utility. Error "Naming
information cannot be located because the network path was not found". I
ran a DcDiag which failed the DNS test with "Cannot find a primary
authoritative DNS server for the name 'servername.domainname.com'
[DNS_ERROR_NO_TCPIP]. The name 'servername.domainname.com' may not be
correctly registered on DNS server 172.21.151.2. Please wait for 30 min for
DNS server replication. [FATAL]No DNS servers have the DNS records for this
DC registered". A reboot fixes this but the problem eventually comes back.
I checked the 172.21.151.2 server which is the primary DNS server and FSMO
role holder and this DC has a record created. TCP/IP properties on the
affected server has primary DNS pointing to 172.21.151.2. Any thoughts?
>
> Thanks
Related resources
Anonymous
July 27, 2004 7:35:03 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks,

I don't know if this applies to my situation. I upgraded from windows 2000 to 2003 about 3 months ago and this problem just recently started. No DNS changes have been made to any records.

"Danny Sanders" wrote:

> Maybe:
> SRV Resource Records May Not Be Created on Domain Controller
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;239897
>
>
>
> How to Verify the Creation of SRV Records for a Domain Controller
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;241515
>
>
>
>
>
> hth
>
> DDS W 2k MVP MCSE
>
>
>
> "InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
> news:5BC8C369-EF60-4E6D-A8E3-BBE48642C430@microsoft.com...
> > I cannot open AD Users and computers or any other utility. Error "Naming
> information cannot be located because the network path was not found". I
> ran a DcDiag which failed the DNS test with "Cannot find a primary
> authoritative DNS server for the name 'servername.domainname.com'
> [DNS_ERROR_NO_TCPIP]. The name 'servername.domainname.com' may not be
> correctly registered on DNS server 172.21.151.2. Please wait for 30 min for
> DNS server replication. [FATAL]No DNS servers have the DNS records for this
> DC registered". A reboot fixes this but the problem eventually comes back.
> I checked the 172.21.151.2 server which is the primary DNS server and FSMO
> role holder and this DC has a record created. TCP/IP properties on the
> affected server has primary DNS pointing to 172.21.151.2. Any thoughts?
> >
> > Thanks
>
>
>
Anonymous
July 28, 2004 3:52:11 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:2E492E5C-9885-467E-90D3-E5D1CAF219C5@microsoft.com,
InAjAm <InAjAm@discussions.microsoft.com> asked for help and I offered my
suggestions below:
> Thanks,
>
> I don't know if this applies to my situation. I upgraded from
> windows 2000 to 2003 about 3 months ago and this problem just
> recently started. No DNS changes have been made to any records.
>

Can we see:
1. Unedited ipconfig /all
2. THe zone name in DNS and whether updates are allowed on the zone.
3. Your AD DNS domain name

Thanks, this will give us a good start to better assist you if we can
understand your specific configuration.

One concern I have is that you say the server's primary address in IP
properties is pointing to 172.21.151.2. What's the other one pointing to? If
a reboot fixes it, than I suspect something else is in there. Let's see that
info and we can better address this for you.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Anonymous
July 28, 2004 4:03:26 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

restart the netlogon service on the "missing" server, it will recreate the
SRV records.

"InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
news:F6AF22BA-6A4F-4DFB-A9C0-F30E00C19426@microsoft.com...
>I forgot to mention...
>
> The O/S is 2003. The server has only 1 NIC and I ran netdiag, not dcdiag.
>
> Thanks
>
> "InAjAm" wrote:
>
>> I cannot open AD Users and computers or any other utility. Error "Naming
>> information cannot be located because the network path was not found". I
>> ran a DcDiag which failed the DNS test with "Cannot find a primary
>> authoritative DNS server for the name 'servername.domainname.com'
>> [DNS_ERROR_NO_TCPIP]. The name 'servername.domainname.com' may not be
>> correctly registered on DNS server 172.21.151.2. Please wait for 30 min
>> for DNS server replication. [FATAL]No DNS servers have the DNS records
>> for this DC registered". A reboot fixes this but the problem eventually
>> comes back. I checked the 172.21.151.2 server which is the primary DNS
>> server and FSMO role holder and this DC has a record created. TCP/IP
>> properties on the affected server has primary DNS pointing to
>> 172.21.151.2. Any thoughts?
>>
>> Thanks
Anonymous
July 28, 2004 9:45:05 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Mark,
This service will not restart, nor will any other service I stop, in the state the server's in. I had to reboot and everything is working for now...

"Mark Scott" wrote:

> restart the netlogon service on the "missing" server, it will recreate the
> SRV records.
>
> "InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
> news:F6AF22BA-6A4F-4DFB-A9C0-F30E00C19426@microsoft.com...
> >I forgot to mention...
> >
> > The O/S is 2003. The server has only 1 NIC and I ran netdiag, not dcdiag.
> >
> > Thanks
> >
> > "InAjAm" wrote:
> >
> >> I cannot open AD Users and computers or any other utility. Error "Naming
> >> information cannot be located because the network path was not found". I
> >> ran a DcDiag which failed the DNS test with "Cannot find a primary
> >> authoritative DNS server for the name 'servername.domainname.com'
> >> [DNS_ERROR_NO_TCPIP]. The name 'servername.domainname.com' may not be
> >> correctly registered on DNS server 172.21.151.2. Please wait for 30 min
> >> for DNS server replication. [FATAL]No DNS servers have the DNS records
> >> for this DC registered". A reboot fixes this but the problem eventually
> >> comes back. I checked the 172.21.151.2 server which is the primary DNS
> >> server and FSMO role holder and this DC has a record created. TCP/IP
> >> properties on the affected server has primary DNS pointing to
> >> 172.21.151.2. Any thoughts?
> >>
> >> Thanks
>
>
>
Anonymous
July 28, 2004 10:21:06 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

> 1. Unedited ipconfig /all
Windows IP Configuration

Sorry I had to modify but I could not post actual names. Everything else is how you see it

Host Name . . . . . . . . . . . . : ServerName
Primary Dns Suffix . . . . . . . : DomainName.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DomainName.com
ServerName.DomainName.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : ServerName.DomainName.com
Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0B-CD-6B-9B-38
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.21.110.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.21.110.1
DNS Servers . . . . . . . . . . . : 172.21.151.2
Primary WINS Server . . . . . . . : 172.21.110.2

The reason you see Local Area Conn 2 is that the server had a bad M/B and drives were removed and placed into another ML370 but with a different NIC. I found the original NIC that was hidden in the O/S and removed it but this never went back to Local Area 1.


> 2. THe zone name in DNS and whether updates are allowed on the zone.
DomainName.com
Yes, Nonsecure and secure.

> 3. Your AD DNS domain name
DomainName.com

Thanks for your help Ace...



"Ace Fekay [MVP]" wrote:

> In news:2E492E5C-9885-467E-90D3-E5D1CAF219C5@microsoft.com,
> InAjAm <InAjAm@discussions.microsoft.com> asked for help and I offered my
> suggestions below:
> > Thanks,
> >
> > I don't know if this applies to my situation. I upgraded from
> > windows 2000 to 2003 about 3 months ago and this problem just
> > recently started. No DNS changes have been made to any records.
> >
>
> Can we see:
> 1. Unedited ipconfig /all
> 2. THe zone name in DNS and whether updates are allowed on the zone.
> 3. Your AD DNS domain name
>
> Thanks, this will give us a good start to better assist you if we can
> understand your specific configuration.
>
> One concern I have is that you say the server's primary address in IP
> properties is pointing to 172.21.151.2. What's the other one pointing to? If
> a reboot fixes it, than I suspect something else is in there. Let's see that
> info and we can better address this for you.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
Anonymous
July 28, 2004 1:50:40 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
news:D AA2F7B6-01EB-415E-9E7F-CF709E0F2A2E@microsoft.com...
> > 1. Unedited ipconfig /all
> Windows IP Configuration
>
> Sorry I had to modify but I could not post actual names. Everything else
is how you see it
>
> Host Name . . . . . . . . . . . . : ServerName
> Primary Dns Suffix . . . . . . . : DomainName.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : DomainName.com
> ServerName.DomainName.com
>
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . : ServerName.DomainName.com
> Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
> Physical Address. . . . . . . . . : 00-0B-CD-6B-9B-38
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 172.21.110.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 172.21.110.1
> DNS Servers . . . . . . . . . . . : 172.21.151.2
> Primary WINS Server . . . . . . . : 172.21.110.2
>
> The reason you see Local Area Conn 2 is that the server had a bad M/B and
drives were removed and placed into another ML370 but with a different NIC.
I found the original NIC that was hidden in the O/S and removed it but this
never went back to Local Area 1.
>
>
> > 2. THe zone name in DNS and whether updates are allowed on the zone.
> DomainName.com
> Yes, Nonsecure and secure.
>
> > 3. Your AD DNS domain name
> DomainName.com
>
> Thanks for your help Ace...
>
>
>

Hi, thanks for posting the info. Its ok and understand why you changed the
domain name for posting, at least you allowed the other info.

The first thing that I see is this:

> DNS Suffix Search List. . . . . . : DomainName.com
> ServerName.DomainName.com

Why does the search list contain the server's FQDN? It should only show
domainname.com, nothing else, unless there's mutliple domains in your
organization, but from what I'm assuming, you just have the one.

The search list is for client side resolution (even the DC/DNS is a client
of itself), say when you ping 'machinename', the system will first append it
to the suffix in the search list, so it will look like
machinename.domainname.com, and try to find it in cache, then a DNS, then a
hosts file, then attempts NetBIOS resolution. Then if it cannot find it,
then if there are other suffixes, it will append that suffix. Your other
suffix is the system's FQDN. So it will look like
machinename.servernam.domainname.com. See what I mean? Need to remove that.

Ok, that said, back to the issue. About the DNS server you have listed:
> DNS Servers . . . . . . . . . . . : 172.21.151.2

Where is that? According to the IP of the machine compared to the IP of the
DNS server and looking at the subnet mask, its on a different subnet. Is
this correct or should it be on the same subnet? If supposed to be on the
same subnet, then the mask is incorrect.

Can you ping the DNS server by IP address?
Is there any event log errors on the DC/DNS server itself?
Is this machine you posted the ipconfig for a DC as well?

I see this machine (172.21.151.2) is a DNS and DC since you said it holds
one or more Op master role. The message that its giving you:

> [FATAL]No DNS servers have the DNS records for this DC registered

Means that the SRV records maybe missing. Do you have the SRV records
registered in the zone called domainname.com?

What event log errors are there on it or any machine while we're at it?

Thanks!


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Anonymous
July 28, 2004 1:50:41 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Why does the search list contain the server's FQDN? It should only show
> domainname.com, nothing else, unless there's mutliple domains in your
> organization, but from what I'm assuming, you just have the one
I thought I read an article that said this had to be filled in. I have made the change and now my search list says "DomainName.com"

"Ace Fekay [MVP]" wrote:

>
> "InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
> news:D AA2F7B6-01EB-415E-9E7F-CF709E0F2A2E@microsoft.com...
> > > 1. Unedited ipconfig /all
> > Windows IP Configuration
> >
> > Sorry I had to modify but I could not post actual names. Everything else
> is how you see it
> >
> > Host Name . . . . . . . . . . . . : ServerName
> > Primary Dns Suffix . . . . . . . : DomainName.com
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : DomainName.com
> > ServerName.DomainName.com
> >
> > Ethernet adapter Local Area Connection 2:
> >
> > Connection-specific DNS Suffix . : ServerName.DomainName.com
> > Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
> > Physical Address. . . . . . . . . : 00-0B-CD-6B-9B-38
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 172.21.110.2
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 172.21.110.1
> > DNS Servers . . . . . . . . . . . : 172.21.151.2
> > Primary WINS Server . . . . . . . : 172.21.110.2
> >
> > The reason you see Local Area Conn 2 is that the server had a bad M/B and
> drives were removed and placed into another ML370 but with a different NIC.
> I found the original NIC that was hidden in the O/S and removed it but this
> never went back to Local Area 1.
> >
> >
> > > 2. THe zone name in DNS and whether updates are allowed on the zone.
> > DomainName.com
> > Yes, Nonsecure and secure.
> >
> > > 3. Your AD DNS domain name
> > DomainName.com
> >
> > Thanks for your help Ace...
> >
> >
> >
>
> Hi, thanks for posting the info. Its ok and understand why you changed the
> domain name for posting, at least you allowed the other info.
>
> The first thing that I see is this:
>
> > DNS Suffix Search List. . . . . . : DomainName.com
> > ServerName.DomainName.com
>
> Why does the search list contain the server's FQDN? It should only show
> domainname.com, nothing else, unless there's mutliple domains in your
> organization, but from what I'm assuming, you just have the one.
>
> The search list is for client side resolution (even the DC/DNS is a client
> of itself), say when you ping 'machinename', the system will first append it
> to the suffix in the search list, so it will look like
> machinename.domainname.com, and try to find it in cache, then a DNS, then a
> hosts file, then attempts NetBIOS resolution. Then if it cannot find it,
> then if there are other suffixes, it will append that suffix. Your other
> suffix is the system's FQDN. So it will look like
> machinename.servernam.domainname.com. See what I mean? Need to remove that.
>
> Ok, that said, back to the issue. About the DNS server you have listed:
> > DNS Servers . . . . . . . . . . . : 172.21.151.2
>
> Where is that? According to the IP of the machine compared to the IP of the
> DNS server and looking at the subnet mask, its on a different subnet. Is
> this correct or should it be on the same subnet? If supposed to be on the
> same subnet, then the mask is incorrect.
>
> Can you ping the DNS server by IP address?
> Is there any event log errors on the DC/DNS server itself?
> Is this machine you posted the ipconfig for a DC as well?
>
> I see this machine (172.21.151.2) is a DNS and DC since you said it holds
> one or more Op master role. The message that its giving you:
>
> > [FATAL]No DNS servers have the DNS records for this DC registered
>
> Means that the SRV records maybe missing. Do you have the SRV records
> registered in the zone called domainname.com?
>
> What event log errors are there on it or any machine while we're at it?
>
> Thanks!
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
>
>
>
>
>
Anonymous
July 28, 2004 1:50:41 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Sorry..I hit post button by accident.

> Why does the search list contain the server's FQDN? It should only show
> domainname.com, nothing else, unless there's mutliple domains in your
> organization, but from what I'm assuming, you just have the one.

The change has been made and it now says "DomainName.com"

Ok, that said, back to the issue. About the DNS server you have listed:
> > DNS Servers . . . . . . . . . . . : 172.21.151.2
>
> Where is that? According to the IP of the machine compared to the IP of the
> DNS server and looking at the subnet mask, its on a different subnet. Is
> this correct or should it be on the same subnet? If supposed to be on the
> same subnet, then the mask is incorrect.

172.21.110.2 (running DNS) Is problem server
172.21.151.2 (running DNS) Is at another site on a different network but on the same subnet. I don't know what you mean different subnet? Do my DC's need to point to themselves for Primary DNS? They are both DC's.

> Can you ping the DNS server by IP address?
> Is there any event log errors on the DC/DNS server itself?
> Is this machine you posted the ipconfig for a DC as well?
They can both ping via name and IP.
Yes...They are both DC's

These are events from the 172.21.151.2 server
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 7/15/2004
Time: 9:48:51 AM
User: N/A
Computer: US15102
Description:
The DNS server was unable to complete directory service enumeration of zone uscenturybank.com. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 7/27/2004
Time: 4:20:28 PM
User: N/A
Computer: US15102
Description:
The DNS server encountered an invalid domain name in a packet from 216.73.81.10. The packet will be rejected. The event data contains the DNS packet.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 08 26 84 00 01 00 01 00 .&?.....
0008: 04 00 04 00 07 64 65 33 .....de3
0010: 64 6e 73 31 0b 64 6f 75 dns1.dou
0018: 62 6c 65 63 6c 69 63 6b bleclick
0020: 03 6e 65 74 00 00 01 00 .net....
0028: 01 c0 0c 00 01 00 01 00 .À......
0030: 00 2a 30 00 04 d4 ac 3c .*0..Ô¬<
0038: 96 c0 14 00 02 00 01 00 ?À......
0040: 09 3a 80 00 06 03 6e 73 .:?...ns
0048: 33 c0 14 c0 14 00 02 00 3À.À....
0050: 01 00 09 3a 80 00 06 03 ...:?...
0058: 6e 73 34 c0 14 c0 14 00 ns4À.À..
0060: 02 00 01 00 09 3a 80 00 .....:?.
0068: 06 03 6e 73 31 c0 14 c0 ..ns1À.À
0070: 14 00 02 00 01 00 09 3a .......:
0078: 80 00 06 03 6e 73 32 c0 ?...ns2À

These events are from the 172.21.110.2 server
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 7/28/2004
Time: 8:18:05 AM
User: N/A
Computer: US11002
Description:
The DNS server was unable to complete directory service enumeration of zone 110.21.172.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 7/28/2004
Time: 8:18:05 AM
User: N/A
Computer: US11002
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 7/27/2004
Time: 5:42:18 PM
User: N/A
Computer: US11002
Description:
The DNS server encountered an invalid domain name in a packet from 216.73.81.10. The packet will be rejected. The event data contains the DNS packet.

I don't know what this IP is.

> Do you have the SRV records
> registered in the zone called domainname.com?

Yes...Both servers are registered in each others zone "DomainName.com"
I just noticed that the problem server 172.21.110.2 has a HostA record and nameserver record under the domainname.com zone and is also listed as a folder as "servername" under the domainname.com zone.

Thanks










"Ace Fekay [MVP]" wrote:

>
> "InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
> news:D AA2F7B6-01EB-415E-9E7F-CF709E0F2A2E@microsoft.com...
> > > 1. Unedited ipconfig /all
> > Windows IP Configuration
> >
> > Sorry I had to modify but I could not post actual names. Everything else
> is how you see it
> >
> > Host Name . . . . . . . . . . . . : ServerName
> > Primary Dns Suffix . . . . . . . : DomainName.com
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : DomainName.com
> > ServerName.DomainName.com
> >
> > Ethernet adapter Local Area Connection 2:
> >
> > Connection-specific DNS Suffix . : ServerName.DomainName.com
> > Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
> > Physical Address. . . . . . . . . : 00-0B-CD-6B-9B-38
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 172.21.110.2
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 172.21.110.1
> > DNS Servers . . . . . . . . . . . : 172.21.151.2
> > Primary WINS Server . . . . . . . : 172.21.110.2
> >
> > The reason you see Local Area Conn 2 is that the server had a bad M/B and
> drives were removed and placed into another ML370 but with a different NIC.
> I found the original NIC that was hidden in the O/S and removed it but this
> never went back to Local Area 1.
> >
> >
> > > 2. THe zone name in DNS and whether updates are allowed on the zone.
> > DomainName.com
> > Yes, Nonsecure and secure.
> >
> > > 3. Your AD DNS domain name
> > DomainName.com
> >
> > Thanks for your help Ace...
> >
> >
> >
>
> Hi, thanks for posting the info. Its ok and understand why you changed the
> domain name for posting, at least you allowed the other info.
>
> The first thing that I see is this:
>
> > DNS Suffix Search List. . . . . . : DomainName.com
> > ServerName.DomainName.com
>
> Why does the search list contain the server's FQDN? It should only show
> domainname.com, nothing else, unless there's mutliple domains in your
> organization, but from what I'm assuming, you just have the one.
>
> The search list is for client side resolution (even the DC/DNS is a client
> of itself), say when you ping 'machinename', the system will first append it
> to the suffix in the search list, so it will look like
> machinename.domainname.com, and try to find it in cache, then a DNS, then a
> hosts file, then attempts NetBIOS resolution. Then if it cannot find it,
> then if there are other suffixes, it will append that suffix. Your other
> suffix is the system's FQDN. So it will look like
> machinename.servernam.domainname.com. See what I mean? Need to remove that.
>
> Ok, that said, back to the issue. About the DNS server you have listed:
> > DNS Servers . . . . . . . . . . . : 172.21.151.2
>
> Where is that? According to the IP of the machine compared to the IP of the
> DNS server and looking at the subnet mask, its on a different subnet. Is
> this correct or should it be on the same subnet? If supposed to be on the
> same subnet, then the mask is incorrect.
>
> Can you ping the DNS server by IP address?
> Is there any event log errors on the DC/DNS server itself?
> Is this machine you posted the ipconfig for a DC as well?
>
> I see this machine (172.21.151.2) is a DNS and DC since you said it holds
> one or more Op master role. The message that its giving you:
>
> > [FATAL]No DNS servers have the DNS records for this DC registered
>
> Means that the SRV records maybe missing. Do you have the SRV records
> registered in the zone called domainname.com?
>
> What event log errors are there on it or any machine while we're at it?
>
> Thanks!
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
>
>
>
>
>
Anonymous
July 28, 2004 5:58:31 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
news:CBA6357E-D802-4926-9571-CA52CBC88D9C@microsoft.com...
> > Why does the search list contain the server's FQDN? It should only show
> > domainname.com, nothing else, unless there's mutliple domains in your
> > organization, but from what I'm assuming, you just have the one
> I thought I read an article that said this had to be filled in. I have
made the change and now my search list says "DomainName.com"
>

Very good. How about the other suggestions I mentioned?

Ace
Anonymous
July 28, 2004 6:37:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Ok, sorry I didn't read thjs before I replied to your other post!!
:-)

Read below...

"InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
news:AD754605-56E6-4E9E-99EC-6E3D4CEEC075@microsoft.com...
> Sorry..I hit post button by accident.
>
> > Why does the search list contain the server's FQDN? It should only show
> > domainname.com, nothing else, unless there's mutliple domains in your
> > organization, but from what I'm assuming, you just have the one.
>
> The change has been made and it now says "DomainName.com"
>
> Ok, that said, back to the issue. About the DNS server you have listed:
> > > DNS Servers . . . . . . . . . . . : 172.21.151.2
> >
> > Where is that? According to the IP of the machine compared to the IP of
the
> > DNS server and looking at the subnet mask, its on a different subnet. Is
> > this correct or should it be on the same subnet? If supposed to be on
the
> > same subnet, then the mask is incorrect.
>
> 172.21.110.2 (running DNS) Is problem server
> 172.21.151.2 (running DNS) Is at another site on a different network but
on the same subnet. I don't know what you mean different subnet?

Different subnets means a different network segment with a unique IP range
and mask. Your current config for the machine you posted is:
> > IP Address. . . . . . . . . . . . : 172.21.110.2
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0

This means using this mask, the available IP range for this subnet is
172.21.110.1 thru 172.21.110.254. So obviously 172.21.151.2 is on a
completely different subnet, unless the 172.21.110.2 machine's mask is
incorrect. The mask defines the subnet based on the network bits. Since you
say its in a different site on a different network, then that tells me its
in a different subnet, so you're ok.

> Do my DC's need to point to themselves for Primary DNS? They are both
DC's.
>

Its recommended to point to a partner machine for the first DNS entry, and
itself for the second entry, but since the other machine is on a different
subnet, we can get away with pointing to itself as the first. This now leads
me to think there maybe possible firewall rules or restrictions between your
sites?

> > Can you ping the DNS server by IP address?
> > Is there any event log errors on the DC/DNS server itself?
> > Is this machine you posted the ipconfig for a DC as well?
> They can both ping via name and IP.
> Yes...They are both DC's
>
<snip>

Event ID errors:
4004: AD zone enumeration error
4015: AD zone enumeration error
5504: Invalid hostname, usually an underscore or space will cause this. That
IP is an adware junk DNS server:

Name: ns4.doubleclick.net
Address: 216.73.81.10

Check your HOSTS files to make sure there is nothing else in them except
127.0.0.1 and local host. Make sure that no adware software is installed.
Run Lavasoft's Adaware 60 to remove them.

Make sure that Secure Cache against pollution is checked under DNS
properties, advanced tab.


>
> > Do you have the SRV records
> > registered in the zone called domainname.com?
>
> Yes...Both servers are registered in each others zone "DomainName.com"
> I just noticed that the problem server 172.21.110.2 has a HostA record and
nameserver record under the domainname.com zone and is also listed as a
folder as "servername" under the domainname.com zone.


INTERESTING issue!! That may have been due to your setting for the
connection suffix. You may have checked the box to regsiter this connection
in DNS as well as the default. Do me a favor and delete that subfolder
called 'servername'. That may be causing a majority of your problems.


>
> Thanks
>
>

We're getting closer...


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Anonymous
July 28, 2004 11:09:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Its recommended to point to a partner machine for the first DNS entry, and
> itself for the second entry, but since the other machine is on a different
> subnet, we can get away with pointing to itself as the first. This now leads
> me to think there maybe possible firewall rules or restrictions between your
> sites?

I have no firewall between these two sites and the routers have no Access lists. All DC's are running DNS and they all point to 172.21.151.2 first then themselves second? This is how Microsoft recommended I set it up after having replication issues a while back that were fixed with DCPromo.

> Check your HOSTS files to make sure there is nothing else in them except
> 127.0.0.1 and local host. Make sure that no adware software is installed.
> Run Lavasoft's Adaware 60 to remove them.
I cleared all hosts files on the DC's. Some of them had the problem server 172.21.110.2 listed.
I will run adware when on-site tomorrow.

> Make sure that Secure Cache against pollution is checked under DNS
> properties, advanced tab.
Setting is enabled. I think by default...

You may have checked the box to regsiter this connection
> in DNS as well as the default. Do me a favor and delete that subfolder
> called 'servername'. That may be causing a majority of your problems
I did...Folder has been deleted.

"Ace Fekay [MVP]" wrote:

> Ok, sorry I didn't read thjs before I replied to your other post!!
> :-)
>
> Read below...
>
> "InAjAm" <InAjAm@discussions.microsoft.com> wrote in message
> news:AD754605-56E6-4E9E-99EC-6E3D4CEEC075@microsoft.com...
> > Sorry..I hit post button by accident.
> >
> > > Why does the search list contain the server's FQDN? It should only show
> > > domainname.com, nothing else, unless there's mutliple domains in your
> > > organization, but from what I'm assuming, you just have the one.
> >
> > The change has been made and it now says "DomainName.com"
> >
> > Ok, that said, back to the issue. About the DNS server you have listed:
> > > > DNS Servers . . . . . . . . . . . : 172.21.151.2
> > >
> > > Where is that? According to the IP of the machine compared to the IP of
> the
> > > DNS server and looking at the subnet mask, its on a different subnet. Is
> > > this correct or should it be on the same subnet? If supposed to be on
> the
> > > same subnet, then the mask is incorrect.
> >
> > 172.21.110.2 (running DNS) Is problem server
> > 172.21.151.2 (running DNS) Is at another site on a different network but
> on the same subnet. I don't know what you mean different subnet?
>
> Different subnets means a different network segment with a unique IP range
> and mask. Your current config for the machine you posted is:
> > > IP Address. . . . . . . . . . . . : 172.21.110.2
> > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> This means using this mask, the available IP range for this subnet is
> 172.21.110.1 thru 172.21.110.254. So obviously 172.21.151.2 is on a
> completely different subnet, unless the 172.21.110.2 machine's mask is
> incorrect. The mask defines the subnet based on the network bits. Since you
> say its in a different site on a different network, then that tells me its
> in a different subnet, so you're ok.
>
> > Do my DC's need to point to themselves for Primary DNS? They are both
> DC's.
> >
>
> Its recommended to point to a partner machine for the first DNS entry, and
> itself for the second entry, but since the other machine is on a different
> subnet, we can get away with pointing to itself as the first. This now leads
> me to think there maybe possible firewall rules or restrictions between your
> sites?
>
> > > Can you ping the DNS server by IP address?
> > > Is there any event log errors on the DC/DNS server itself?
> > > Is this machine you posted the ipconfig for a DC as well?
> > They can both ping via name and IP.
> > Yes...They are both DC's
> >
> <snip>
>
> Event ID errors:
> 4004: AD zone enumeration error
> 4015: AD zone enumeration error
> 5504: Invalid hostname, usually an underscore or space will cause this. That
> IP is an adware junk DNS server:
>
> Name: ns4.doubleclick.net
> Address: 216.73.81.10
>
> Check your HOSTS files to make sure there is nothing else in them except
> 127.0.0.1 and local host. Make sure that no adware software is installed.
> Run Lavasoft's Adaware 60 to remove them.
>
> Make sure that Secure Cache against pollution is checked under DNS
> properties, advanced tab.
>
>
> >
> > > Do you have the SRV records
> > > registered in the zone called domainname.com?
> >
> > Yes...Both servers are registered in each others zone "DomainName.com"
> > I just noticed that the problem server 172.21.110.2 has a HostA record and
> nameserver record under the domainname.com zone and is also listed as a
> folder as "servername" under the domainname.com zone.
>
>
> INTERESTING issue!! That may have been due to your setting for the
> connection suffix. You may have checked the box to regsiter this connection
> in DNS as well as the default. Do me a favor and delete that subfolder
> called 'servername'. That may be causing a majority of your problems.
>
>
> >
> > Thanks
> >
> >
>
> We're getting closer...
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
>
Anonymous
July 29, 2004 2:29:43 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:13E10190-B5F3-4D1A-B910-FB585F014D8E@microsoft.com,
InAjAm <InAjAm@discussions.microsoft.com> asked for help and I offered my
suggestions below:
>> Its recommended to point to a partner machine for the first DNS
>> entry, and itself for the second entry, but since the other machine
>> is on a different subnet, we can get away with pointing to itself as
>> the first. This now leads me to think there maybe possible firewall
>> rules or restrictions between your sites?
>
> I have no firewall between these two sites and the routers have no
> Access lists. All DC's are running DNS and they all point to
> 172.21.151.2 first then themselves second? This is how Microsoft
> recommended I set it up after having replication issues a while back
> that were fixed with DCPromo.
>
>> Check your HOSTS files to make sure there is nothing else in them
>> except 127.0.0.1 and local host. Make sure that no adware software
>> is installed. Run Lavasoft's Adaware 60 to remove them.
> I cleared all hosts files on the DC's. Some of them had the problem
> server 172.21.110.2 listed.
> I will run adware when on-site tomorrow.
>
>> Make sure that Secure Cache against pollution is checked under DNS
>> properties, advanced tab.
> Setting is enabled. I think by default...
>
> You may have checked the box to regsiter this connection
>> in DNS as well as the default. Do me a favor and delete that
>> subfolder called 'servername'. That may be causing a majority of
>> your problems
> I did...Folder has been deleted.
>
> "Ace Fekay [MVP]" wrote:
>

Recently I've been seeing more of these 'can't resolve this or that' and I'm
starting to wonder if something else is going on....

See if some of these things will help it, post back please and let me know.

Ace
!