Archived from groups: microsoft.public.win2000.dns (
More info?)
Hi Ace
Thanks very much for your reply
Here is the information you requested:
The AD DNS name is ad.farlite.co.nz
The DNS Zone name in the Forward Lookup Zone is ad.farlite.co.nz
Here is the output from the Ipconfig /all command:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : dcrep
Primary DNS Suffix . . . . . . . : ad.farlite.co.nz
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ad.farlite.co.nz
farlite.co.nz
co.nz
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI For
Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-E0-18-92-4E-5C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.249
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.8
DNS Servers . . . . . . . . . . . : 192.168.1.250
192.168.0.9
Running Win2k server SP4
I think the problem is related to the fact that a couple of days ago
we lost our main DNS server sited in NZ (I am in Aus). I'm not sure
that the server was demoted correctly, so a lot of information in the
AD is still pointing to that server (farlite). I have built another
DNS server (192.168.0.9) to take the place of it, but dcdiag is
failing on the replication test. (info below)
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SydneySite\DCREP
Starting test: Connectivity
......................... DCREP passed test Connectivity
Doing primary tests
Testing server: SydneySite\DCREP
Starting test: Replications
[Replications Check,DCREP] A recent replication attempt
failed:
From DLAPPS to DCREP
Naming Context:
CN=Schema,CN=Configuration,DC=ad,DC=farlite,DC=co,DC=nz
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS
lookup failure.
The failure occurred at 2004-10-06 08:20.40.
The last success occurred at 2004-10-05 04:53.15.
38 failures have occurred since the last success.
The guid-based DNS name
b19d71b0-cd0f-4a2a-817d-84ee7284385f._msdcs.ad.farlite.co.nz
is not registered on one or more DNS servers.
[Replications Check,DCREP] A recent replication attempt
failed:
From PILWEB to DCREP
Naming Context:
CN=Schema,CN=Configuration,DC=ad,DC=farlite,DC=co,DC=nz
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS
lookup failure.
The failure occurred at 2004-10-06 09:05.39.
The last success occurred at 2004-10-05 13:35.57.
156 failures have occurred since the last success.
The guid-based DNS name
4addc731-c1de-4d53-baf2-3575f90363dd._msdcs.ad.farlite.co.nz
is not registered on one or more DNS servers.
[Replications Check,DCREP] A recent replication attempt
failed:
From DLAPPS to DCREP
Naming Context:
CN=Configuration,DC=ad,DC=farlite,DC=co,DC=nz
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS
lookup failure.
The failure occurred at 2004-10-06 08:20.40.
The last success occurred at 2004-10-05 04:53.15.
38 failures have occurred since the last success.
The guid-based DNS name
b19d71b0-cd0f-4a2a-817d-84ee7284385f._msdcs.ad.farlite.co.nz
is not registered on one or more DNS servers.
[Replications Check,DCREP] A recent replication attempt
failed:
From PILWEB to DCREP
Naming Context:
CN=Configuration,DC=ad,DC=farlite,DC=co,DC=nz
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS
lookup failure.
The failure occurred at 2004-10-06 09:05.39.
The last success occurred at 2004-10-05 13:35.56.
156 failures have occurred since the last success.
The guid-based DNS name
4addc731-c1de-4d53-baf2-3575f90363dd._msdcs.ad.farlite.co.nz
is not registered on one or more DNS servers.
[Replications Check,DCREP] A recent replication attempt
failed:
From DLAPPS to DCREP
Naming Context: DC=ad,DC=farlite,DC=co,DC=nz
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS
lookup failure.
The failure occurred at 2004-10-06 08:20.40.
The last success occurred at 2004-10-05 04:53.14.
38 failures have occurred since the last success.
The guid-based DNS name
b19d71b0-cd0f-4a2a-817d-84ee7284385f._msdcs.ad.farlite.co.nz
is not registered on one or more DNS servers.
[Replications Check,DCREP] A recent replication attempt
failed:
From PILWEB to DCREP
Naming Context: DC=ad,DC=farlite,DC=co,DC=nz
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS
lookup failure.
The failure occurred at 2004-10-06 09:05.39.
The last success occurred at 2004-10-05 13:35.55.
156 failures have occurred since the last success.
The guid-based DNS name
4addc731-c1de-4d53-baf2-3575f90363dd._msdcs.ad.farlite.co.nz
is not registered on one or more DNS servers.
......................... DCREP passed test Replications
Starting test: NCSecDesc
......................... DCREP passed test NCSecDesc
Starting test: NetLogons
......................... DCREP passed test NetLogons
Starting test: Advertising
......................... DCREP passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: CN="NTDS Settings
DEL:d013e16e-8ccf-4c4b-8c32-774f0e7f4fdb",CN="farlite
DEL:7a5ad4ad-5120-43ca-9c9c-83a829c3f2b3",CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=ad,DC=farlite,DC=co,DC=nz
is the Schema Owner, but is deleted.
[DLAPPS] DsBind() failed with error 1722,
The RPC server is unavailable..
Warning: DLAPPS is the Domain Owner, but is not responding to
DS RPC Bind.
[DLAPPS] LDAP connection failed with error 58,
The specified server cannot perform the requested operation..
Warning: DLAPPS is the Domain Owner, but is not responding to
LDAP Bind.
Warning: DLAPPS is the PDC Owner, but is not responding to DS
RPC Bind.
Warning: DLAPPS is the PDC Owner, but is not responding to
LDAP Bind.
Warning: DLAPPS is the Rid Owner, but is not responding to DS
RPC Bind.
Warning: DLAPPS is the Rid Owner, but is not responding to
LDAP Bind.
Warning: DLAPPS is the Infrastructure Update Owner, but is
not responding to DS RPC Bind.
Warning: DLAPPS is the Infrastructure Update Owner, but is
not responding to LDAP Bind.
......................... DCREP failed test
KnowsOfRoleHolders
Starting test: RidManager
[DCREP] DsBindWithCred() failed with error 1722. The RPC
server is unavailable.
......................... DCREP failed test RidManager
Starting test: MachineAccount
......................... DCREP passed test MachineAccount
Starting test: Services
......................... DCREP passed test Services
Starting test: ObjectsReplicated
......................... DCREP passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... DCREP passed test frssysvol
Starting test: kccevent
......................... DCREP passed test kccevent
Starting test: systemlog
......................... DCREP passed test systemlog
Running enterprise tests on : ad.farlite.co.nz
Starting test: Intersite
......................... ad.farlite.co.nz passed test
Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... ad.farlite.co.nz failed test
FsmoCheck
As you can see from this - farlite is still being listed as holding
the fsmo rules and several other important roles.
The strange thing is that this particular DC (dcrep) cannot resolve
the server now holding the FSMO rules (dlapps) whereas all the other
servers can. I can perform a reverse lookup from IP address to
hostname, but a hostname to IP address lookup fails.
I am contemplating promoting a member server to a DC, in the hope that
this will re-sync all the AD information between the DC's and remove
the corruption - would this help?
Sorry for the long post - I hope that this information will help!
Thanks again
Phil
"Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in message news:<OfUfgWqqEHA.536@TK2MSFTNGP11.phx.gbl>...
> In news:fdafe567.0410042108.2c407c8d@posting.google.com,
> Phil Teale <phil.teale@gmail.com> made a post then I commented below
> > Hi There
> >
> > We lost our main DNS server a couple of weeks ago and have since been
> > having replication issues. After running dcdiag I am pretty sure that
> > the culprit is the SRV records in the DNS server pointing to the dead
> > box: I have looked in all the sub-keys of the _msdcs tree and they
> > are showing the old DNS server name.
> >
> > Will I need to go an manually edit all the isntances of this to point
> > to the new DNS server? I have enabled dynamic updates, but am not
> > sure if this will update the SRV records on the DNS server.
> >
> > Any help would be very much appreciated.
> >
> > Thanks
> >
> > Phil Teale
>
> You shouldn't have to manually do anything. SRVs are auto-created. However,
> to make it work, there are a few things that need to be set in place:
>
> 1. AD DNS domain name is NOT a single label name (such as "domain" rather
> than the required format "domain.com").
> 2. The zone name in DNS must match the AD DNS name in #1.
> 3. The Primary DNS Suffix of the machine (found in My Comp properties,
> computername tab) MUST match #1 and #2 above.
> 4. Zone needs updates to be allowed.
>
> If you are not sure where to proceed with this info, please post:
>
> 1. Unedited ipconfig /all of the DC
> 2. AD DNS Domain name
> 3. The zone name in DNS.
> 4. OS version and Service Pack level.
>
> Thanks
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
Facebook
Twitter
Instagram