Bad packets and invalid domain names Please help

Archived from groups: microsoft.public.win2000.dns (More info?)

I am having some issues with DNS. here is my situation, i am unable to
authenticate any shares or printers on my domain, kerebos logins work fine
however the user to share SID check is not working. upon inspection my dns
log is filling with the following errors.

Event ID: 3000
Source DNS
The DNS server has encountered numerous run-time events. To determine the
initial cause of these run-time events, examine the DNS server event log
entries that precede this event. To prevent the DNS server from filling the
event log too quickly, subsequent events with Event IDs higher than 3000 will
be suppressed until events are no longer being generated at a high rate.

Event ID: 5501
Source DNS
The DNS server encountered a bad packet from X.X.X.X. Packet processing
leads beyond packet length. The event data contains the DNS packet.

Where X.X.X.X is the internal IP of my router.


Event ID: 5506
Source DNS
The DNS server encountered an invalid domain name offset in a packet from
X.X.X.X. The event data contains the DNS packet.

Event ID: 5504
Source DNS
The DNS server encountered an invalid domain name in a packet from X.X.X.X.
The packet will be rejected. The event data contains the DNS packet.

I am at a complete loss as to what i need to do next as i have never seen
this problem before.

all of the information i can find related to these event IDs typically have
to do with a problem with the ISP dns servers IP address causing the problem,
not a router.
7 answers Last reply
More about packets invalid domain names help
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    The 5504 errors are usually from Exchange Server and if so are (more or less) benign. If you think the errors are from outside
    resolutions through your ISPs DNS, disable forwarders in your DNS and just resolve with the root hints - this can correct the bad
    packet errors and is a little more secure anyway. If you still can't track them down, you can load up Etherreal or netmon and filter
    on port 53 to see what they are. However I wouldn't spend a lot of time wandering down that road unless you can determine that is
    the source of the problems you are having.

    At any rate, it isn't clear whether these errors, or DNS at all, has anything to do with your issues. It also isn't entirely clear
    from your post what the specific problems are.

    If you can post a "netdiag /fix" log from a DC and any client-side events that are being logged contemporaneiously with the
    problems, it might help determine better what is going on. As a general (not absolute) rule, if a netdiag comes up clean, your
    internal DNS is probably configured properly for AD.

    Steve Duff,. MCSE, MVP
    Ergodic Systems, Inc.

    "Ken D" <KenD@discussions.microsoft.com> wrote in message news:01DD0655-229F-466F-9CB4-1480FCE21A15@microsoft.com...
    >I am having some issues with DNS. here is my situation, i am unable to
    > authenticate any shares or printers on my domain, kerebos logins work fine
    > however the user to share SID check is not working. upon inspection my dns
    > log is filling with the following errors.
    >
    > Event ID: 3000
    > Source DNS
    > The DNS server has encountered numerous run-time events. To determine the
    > initial cause of these run-time events, examine the DNS server event log
    > entries that precede this event. To prevent the DNS server from filling the
    > event log too quickly, subsequent events with Event IDs higher than 3000 will
    > be suppressed until events are no longer being generated at a high rate.
    >
    > Event ID: 5501
    > Source DNS
    > The DNS server encountered a bad packet from X.X.X.X. Packet processing
    > leads beyond packet length. The event data contains the DNS packet.
    >
    > Where X.X.X.X is the internal IP of my router.
    >
    >
    > Event ID: 5506
    > Source DNS
    > The DNS server encountered an invalid domain name offset in a packet from
    > X.X.X.X. The event data contains the DNS packet.
    >
    > Event ID: 5504
    > Source DNS
    > The DNS server encountered an invalid domain name in a packet from X.X.X.X.
    > The packet will be rejected. The event data contains the DNS packet.
    >
    > I am at a complete loss as to what i need to do next as i have never seen
    > this problem before.
    >
    > all of the information i can find related to these event IDs typically have
    > to do with a problem with the ISP dns servers IP address causing the problem,
    > not a router.
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    ok here is a situation, I am use to netdiag and dcdiag being in the
    tools\support directory on the CD, however this server is SBS2003. where can
    i locate these files

    "Steve Duff [MVP]" wrote:

    > The 5504 errors are usually from Exchange Server and if so are (more or less) benign. If you think the errors are from outside
    > resolutions through your ISPs DNS, disable forwarders in your DNS and just resolve with the root hints - this can correct the bad
    > packet errors and is a little more secure anyway. If you still can't track them down, you can load up Etherreal or netmon and filter
    > on port 53 to see what they are. However I wouldn't spend a lot of time wandering down that road unless you can determine that is
    > the source of the problems you are having.
    >
    > At any rate, it isn't clear whether these errors, or DNS at all, has anything to do with your issues. It also isn't entirely clear
    > from your post what the specific problems are.
    >
    > If you can post a "netdiag /fix" log from a DC and any client-side events that are being logged contemporaneiously with the
    > problems, it might help determine better what is going on. As a general (not absolute) rule, if a netdiag comes up clean, your
    > internal DNS is probably configured properly for AD.
    >
    > Steve Duff,. MCSE, MVP
    > Ergodic Systems, Inc.
    >
    > "Ken D" <KenD@discussions.microsoft.com> wrote in message news:01DD0655-229F-466F-9CB4-1480FCE21A15@microsoft.com...
    > >I am having some issues with DNS. here is my situation, i am unable to
    > > authenticate any shares or printers on my domain, kerebos logins work fine
    > > however the user to share SID check is not working. upon inspection my dns
    > > log is filling with the following errors.
    > >
    > > Event ID: 3000
    > > Source DNS
    > > The DNS server has encountered numerous run-time events. To determine the
    > > initial cause of these run-time events, examine the DNS server event log
    > > entries that precede this event. To prevent the DNS server from filling the
    > > event log too quickly, subsequent events with Event IDs higher than 3000 will
    > > be suppressed until events are no longer being generated at a high rate.
    > >
    > > Event ID: 5501
    > > Source DNS
    > > The DNS server encountered a bad packet from X.X.X.X. Packet processing
    > > leads beyond packet length. The event data contains the DNS packet.
    > >
    > > Where X.X.X.X is the internal IP of my router.
    > >
    > >
    > > Event ID: 5506
    > > Source DNS
    > > The DNS server encountered an invalid domain name offset in a packet from
    > > X.X.X.X. The event data contains the DNS packet.
    > >
    > > Event ID: 5504
    > > Source DNS
    > > The DNS server encountered an invalid domain name in a packet from X.X.X.X.
    > > The packet will be rejected. The event data contains the DNS packet.
    > >
    > > I am at a complete loss as to what i need to do next as i have never seen
    > > this problem before.
    > >
    > > all of the information i can find related to these event IDs typically have
    > > to do with a problem with the ISP dns servers IP address causing the problem,
    > > not a router.
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Here Is dcdiag /fix

    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\SERVER1

    Starting test: Connectivity
    ......................... SERVER1 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\SERVER1
    Starting test: Replications
    ......................... SERVER1 passed test Replications
    Starting test: NCSecDesc
    ......................... SERVER1 passed test NCSecDesc
    Starting test: NetLogons
    ......................... SERVER1 passed test NetLogons
    Starting test: Advertising
    Warning: SERVER1 is not advertising as a time server.
    ......................... SERVER1 failed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... SERVER1 passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... SERVER1 passed test RidManager
    Starting test: MachineAccount
    ......................... SERVER1 passed test MachineAccount
    Starting test: Services
    IsmServ Service is stopped on [SERVER1]
    ......................... SERVER1 failed test Services
    Starting test: ObjectsReplicated
    ......................... SERVER1 passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... SERVER1 passed test frssysvol
    Starting test: frsevent
    ......................... SERVER1 passed test frsevent
    Starting test: kccevent
    ......................... SERVER1 passed test kccevent
    Starting test: systemlog
    ......................... SERVER1 passed test systemlog
    Starting test: VerifyReferences
    ......................... SERVER1 passed test VerifyReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidati

    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidati

    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidatio
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : HOC
    Starting test: CrossRefValidation
    ......................... HOC passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... HOC passed test CheckSDRefDom

    Running enterprise tests on : HOC.Hutchinsonoil.com
    Starting test: Intersite
    ......................... HOC.Hutchinsonoil.com passed test Intersite
    Starting test: FsmoCheck
    Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1
    5
    A Good Time Server could not be located.
    ......................... HOC.Hutchinsonoil.com failed test FsmoCheck

    here is a netdiag /fix


    .......................................

    Computer Name: SERVER1
    DNS Host Name: server1.HOC.Hutchinsonoil.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
    List of installed hotfixes :
    KB819696
    KB822132
    KB822742
    KB822743
    KB822744
    KB822745
    KB822925
    KB823182
    KB823353
    KB823559
    KB823980
    KB824073
    KB824105
    KB824139
    KB824141
    KB824146
    KB824151
    KB825117
    KB825119
    KB826238
    KB826936
    KB828035
    KB828741
    KB833987
    KB834707
    KB835732
    KB837001
    KB837272
    KB839645
    KB840315
    KB840374
    KB840987
    KB841356
    KB841533
    KB842773
    KB867460
    KB870763
    KB871250
    KB873333
    KB873376
    KB883935
    KB883939
    KB885250
    KB885834
    KB885835
    KB885836
    KB885881
    KB886903
    KB887797
    KB888113
    KB890046
    KB890175
    KB890859
    KB890923
    KB891711
    KB891781
    KB893066
    KB893086
    KB893803v2
    KB896358
    KB896422
    KB896426
    KB896428
    KB897715
    KB901214
    KB903235
    Q147222
    Q828026


    Netcard queries test . . . . . . . : Failed
    GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'. [ERROR
    D_FUNCTION]
    [FATAL] - None of the netcard drivers provided satisfactory results.


    Per interface results:

    Adapter : Server Local Area Connection

    Netcard queries test . . . : Failed
    NetCard Status: UNKNOWN

    Host Name. . . . . . . . . : server1
    IP Address . . . . . . . . : 128.127.2.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 128.127.2.3
    Primary WINS Server. . . . : 192.168.16.5
    Dns Servers. . . . . . . . : 128.127.2.2

    IpConfig results . . . . . : Failed
    Pinging the Primary WINS server 192.168.16.5 - not reachable

    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Passed

    NetBT name test. . . . . . : Passed

    WINS service test. . . . . : Failed
    The test failed. We were unable to query the WINS servers.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    1 NetBt transport currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '128.1
    ..


    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    The browser is bound to 1 NetBt transport.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
    No active remote access connections.


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


    and here is a netdiag /test:dns /v


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Failed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing DNS
    PASS - All the DNS entries for DC are registered on DNS server
    '128.127.2.2'
    ..

    Tests complete.


    Computer Name: SERVER1
    DNS Host Name: server1.HOC.Hutchinsonoil.com
    DNS Domain Name: HOC.Hutchinsonoil.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
    Hotfixes :
    Installed? Name
    Yes KB819696
    Yes KB822132
    Yes KB822742
    Yes KB822743
    Yes KB822744
    Yes KB822745
    Yes KB822925
    Yes KB823182
    Yes KB823353
    Yes KB823559
    Yes KB823980
    Yes KB824073
    Yes KB824105
    Yes KB824139
    Yes KB824141
    Yes KB824146
    Yes KB824151
    Yes KB825117
    Yes KB825119
    Yes KB826238
    Yes KB826936
    Yes KB828035
    Yes KB828741
    Yes KB833987
    Yes KB834707
    Yes KB835732
    Yes KB837001
    Yes KB837272
    Yes KB839645
    Yes KB840315
    Yes KB840374
    Yes KB840987
    Yes KB841356
    Yes KB841533
    Yes KB842773
    Yes KB867460
    Yes KB870763
    Yes KB871250
    Yes KB873333
    Yes KB873376
    Yes KB883935
    Yes KB883939
    Yes KB885250
    Yes KB885834
    Yes KB885835
    Yes KB885836
    Yes KB885881
    Yes KB886903
    Yes KB887797
    Yes KB888113
    Yes KB890046
    Yes KB890175
    Yes KB890859
    Yes KB890923
    Yes KB891711
    Yes KB891781
    Yes KB893066
    Yes KB893086
    Yes KB893803v2
    Yes KB896358
    Yes KB896422
    Yes KB896426
    Yes KB896428
    Yes KB897715
    Yes KB901214
    Yes KB903235
    Yes Q147222
    Yes Q828026


    Netcard queries test . . . . . . . : Failed

    Information of Netcard drivers:


    ---------------------------------------------------------------------------
    Description: Intel(R) PRO/1000 MT Network Connection
    Device: \DEVICE\{35B3C83C-B68D-4155-96C4-A15832A28911}
    GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'.
    [ERROR_INVALI
    D_FUNCTION]

    ---------------------------------------------------------------------------
    [FATAL] - None of the netcard drivers provided satisfactory results.


    Per interface results:

    Adapter : Server Local Area Connection
    Adapter ID . . . . . . . . : {35B3C83C-B68D-4155-96C4-A15832A28911}

    Netcard queries test . . . : Failed
    NetCard Status: UNKNOWN


    Global results:


    Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : HOC
    Dns domain name. . . . . . . . : HOC.Hutchinsonoil.com
    Dns forest name. . . . . . . . : HOC.Hutchinsonoil.com
    Domain Guid. . . . . . . . . . : {AC6663A5-C1B5-4D4B-BD49-7AEEB070A1B2}
    Domain Sid . . . . . . . . . . : S-1-5-21-2040972775-2088865363-4077242360
    Logon User . . . . . . . . . . : .admin
    Logon Domain . . . . . . . . . : HOC


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    1 NetBt transport currently configured.


    DNS test . . . . . . . . . . . . . : Passed
    Interface {35B3C83C-B68D-4155-96C4-A15832A28911}
    DNS Domain:
    DNS Servers: 128.127.2.2
    IP Address: Expected registration with PDN (primary DNS
    domain n
    ame):
    Hostname: server1.HOC.Hutchinsonoil.com.
    Authoritative zone: HOC.Hutchinsonoil.com.
    Primary DNS server: server1.HOC.Hutchinsonoil.com 128.127.2.2
    Authoritative NS:128.127.2.2
    Check the DNS registration for DCs entries on DNS server '128.127.2.2'
    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    The Record is correct on DNS server '128.127.2.2'.

    PASS - All the DNS entries for DC are registered on DNS server
    '128.127.2.2'
    ..


    The command completed successfully

    Thank You For Your Help
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ken:

    We need to get the time service problem fixed. The lack of a reliable time source for the domain
    will cause all sorts of obscure problems with functions that depend on an accurate time source.
    Either the time service isn't working or the PDC role server itself is missing or misconfigured in AD.

    First, check that the server's date, time and time zone are all correct. Be sure to check the time zone
    as this is easy to overlook and will cause trouble if wrong.

    Next, check that the "Windows Time Service" is set to "Automatic" in services, and running. If not, see
    if you can start it. If it will not stay running there should be an event in the system event log giving a reason.

    Finally, we need to sync the DC to an outside time source. The command "net time /setsntp:<server>"
    will set the external time source to an outside server (e.g. net time /setsntp:ntp.ucsd.edu ). You can use
    the w32tm command to check the time service, but there are some differences between 2000 and 2003,
    the details are here, depending (watch the URL wrap):

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/TimeWin2K.asp
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx

    If you've fixed the time service problem then a dcdiag should now pass the advertising test and FSMO role
    check. (I'm not concerned about the netcard test since the network - I am assuming - is working, but you may
    want to look into this as a driver update issue.)

    If the time service isn't the problem, then it the PDC emulator "FSMO" role itself is likely the problem.

    Open AD Users and Computers, and right-click on the domain name at the top of the tree. Select
    "operations masters" and click the "PDC" tab. This will show you FQDN of the server that active
    directory has assigned as the PDC emulator. If this is not a functioning DC it will have to be fixed, so post
    back in that case.

    At the moment I don't see any DNS-related configuration problems. It is possible there is something
    else underneath your time service problem, but that has to be corrected first.

    Steve Duff, MCSE, MVP
    Ergodic Systems, Inc.

    "Ken D" <KenD@discussions.microsoft.com> wrote in message news:C8697F02-C13B-4C0D-9913-2F9C12D5FCB4@microsoft.com...
    > Here Is dcdiag /fix
    >
    > Domain Controller Diagnosis
    >
    > Performing initial setup:
    > Done gathering initial info.
    >
    > Doing initial required tests
    >
    > Testing server: Default-First-Site-Name\SERVER1
    >
    > Starting test: Connectivity
    > ......................... SERVER1 passed test Connectivity
    >
    > Doing primary tests
    >
    > Testing server: Default-First-Site-Name\SERVER1
    > Starting test: Replications
    > ......................... SERVER1 passed test Replications
    > Starting test: NCSecDesc
    > ......................... SERVER1 passed test NCSecDesc
    > Starting test: NetLogons
    > ......................... SERVER1 passed test NetLogons
    > Starting test: Advertising
    > Warning: SERVER1 is not advertising as a time server.
    > ......................... SERVER1 failed test Advertising
    > Starting test: KnowsOfRoleHolders
    > ......................... SERVER1 passed test KnowsOfRoleHolders
    > Starting test: RidManager
    > ......................... SERVER1 passed test RidManager
    > Starting test: MachineAccount
    > ......................... SERVER1 passed test MachineAccount
    > Starting test: Services
    > IsmServ Service is stopped on [SERVER1]
    > ......................... SERVER1 failed test Services
    > Starting test: ObjectsReplicated
    > ......................... SERVER1 passed test ObjectsReplicated
    > Starting test: frssysvol
    > ......................... SERVER1 passed test frssysvol
    > Starting test: frsevent
    > ......................... SERVER1 passed test frsevent
    > Starting test: kccevent
    > ......................... SERVER1 passed test kccevent
    > Starting test: systemlog
    > ......................... SERVER1 passed test systemlog
    > Starting test: VerifyReferences
    > ......................... SERVER1 passed test VerifyReferences
    >
    > Running partition tests on : ForestDnsZones
    > Starting test: CrossRefValidation
    > ......................... ForestDnsZones passed test CrossRefValidati
    >
    > Starting test: CheckSDRefDom
    > ......................... ForestDnsZones passed test CheckSDRefDom
    >
    > Running partition tests on : DomainDnsZones
    > Starting test: CrossRefValidation
    > ......................... DomainDnsZones passed test CrossRefValidati
    >
    > Starting test: CheckSDRefDom
    > ......................... DomainDnsZones passed test CheckSDRefDom
    >
    > Running partition tests on : Schema
    > Starting test: CrossRefValidation
    > ......................... Schema passed test CrossRefValidation
    > Starting test: CheckSDRefDom
    > ......................... Schema passed test CheckSDRefDom
    >
    > Running partition tests on : Configuration
    > Starting test: CrossRefValidation
    > ......................... Configuration passed test CrossRefValidatio
    > Starting test: CheckSDRefDom
    > ......................... Configuration passed test CheckSDRefDom
    >
    > Running partition tests on : HOC
    > Starting test: CrossRefValidation
    > ......................... HOC passed test CrossRefValidation
    > Starting test: CheckSDRefDom
    > ......................... HOC passed test CheckSDRefDom
    >
    > Running enterprise tests on : HOC.Hutchinsonoil.com
    > Starting test: Intersite
    > ......................... HOC.Hutchinsonoil.com passed test Intersite
    > Starting test: FsmoCheck
    > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    > A Time Server could not be located.
    > The server holding the PDC role is down.
    > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1
    > 5
    > A Good Time Server could not be located.
    > ......................... HOC.Hutchinsonoil.com failed test FsmoCheck
    >
    > here is a netdiag /fix
    >
    >
    > ......................................
    >
    > Computer Name: SERVER1
    > DNS Host Name: server1.HOC.Hutchinsonoil.com
    > System info : Microsoft Windows Server 2003 (Build 3790)
    > Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
    > List of installed hotfixes :
    > KB819696
    > KB822132
    > KB822742
    > KB822743
    > KB822744
    > KB822745
    > KB822925
    > KB823182
    > KB823353
    > KB823559
    > KB823980
    > KB824073
    > KB824105
    > KB824139
    > KB824141
    > KB824146
    > KB824151
    > KB825117
    > KB825119
    > KB826238
    > KB826936
    > KB828035
    > KB828741
    > KB833987
    > KB834707
    > KB835732
    > KB837001
    > KB837272
    > KB839645
    > KB840315
    > KB840374
    > KB840987
    > KB841356
    > KB841533
    > KB842773
    > KB867460
    > KB870763
    > KB871250
    > KB873333
    > KB873376
    > KB883935
    > KB883939
    > KB885250
    > KB885834
    > KB885835
    > KB885836
    > KB885881
    > KB886903
    > KB887797
    > KB888113
    > KB890046
    > KB890175
    > KB890859
    > KB890923
    > KB891711
    > KB891781
    > KB893066
    > KB893086
    > KB893803v2
    > KB896358
    > KB896422
    > KB896426
    > KB896428
    > KB897715
    > KB901214
    > KB903235
    > Q147222
    > Q828026
    >
    >
    > Netcard queries test . . . . . . . : Failed
    > GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'. [ERROR
    > D_FUNCTION]
    > [FATAL] - None of the netcard drivers provided satisfactory results.
    >
    >
    >
    > Per interface results:
    >
    > Adapter : Server Local Area Connection
    >
    > Netcard queries test . . . : Failed
    > NetCard Status: UNKNOWN
    >
    > Host Name. . . . . . . . . : server1
    > IP Address . . . . . . . . : 128.127.2.2
    > Subnet Mask. . . . . . . . : 255.255.255.0
    > Default Gateway. . . . . . : 128.127.2.3
    > Primary WINS Server. . . . : 192.168.16.5
    > Dns Servers. . . . . . . . : 128.127.2.2
    >
    > IpConfig results . . . . . : Failed
    > Pinging the Primary WINS server 192.168.16.5 - not reachable
    >
    > AutoConfiguration results. . . . . . : Passed
    >
    > Default gateway test . . . : Passed
    >
    > NetBT name test. . . . . . : Passed
    >
    > WINS service test. . . . . : Failed
    > The test failed. We were unable to query the WINS servers.
    >
    >
    > Global results:
    >
    >
    > Domain membership test . . . . . . : Passed
    >
    >
    > NetBT transports test. . . . . . . : Passed
    > List of NetBt transports currently configured:
    > NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    > 1 NetBt transport currently configured.
    >
    >
    > Autonet address test . . . . . . . : Passed
    >
    >
    > IP loopback ping test. . . . . . . : Passed
    >
    >
    > Default gateway test . . . . . . . : Passed
    >
    >
    > NetBT name test. . . . . . . . . . : Passed
    >
    >
    > Winsock test . . . . . . . . . . . : Passed
    >
    >
    > DNS test . . . . . . . . . . . . . : Passed
    > PASS - All the DNS entries for DC are registered on DNS server '128.1
    > .
    >
    >
    > Redir and Browser test . . . . . . : Passed
    > List of NetBt transports currently bound to the Redir
    > NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    > The redir is bound to 1 NetBt transport.
    >
    > List of NetBt transports currently bound to the browser
    > NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    > The browser is bound to 1 NetBt transport.
    >
    >
    > DC discovery test. . . . . . . . . : Passed
    >
    >
    > DC list test . . . . . . . . . . . : Passed
    >
    >
    > Trust relationship test. . . . . . : Skipped
    >
    >
    > Kerberos test. . . . . . . . . . . : Passed
    >
    >
    > LDAP test. . . . . . . . . . . . . : Passed
    >
    >
    > Bindings test. . . . . . . . . . . : Passed
    >
    >
    > WAN configuration test . . . . . . : Skipped
    > No active remote access connections.
    >
    >
    > Modem diagnostics test . . . . . . : Passed
    >
    > IP Security test . . . . . . . . . : Skipped
    >
    > Note: run "netsh ipsec dynamic show /?" for more detailed information
    >
    >
    > and here is a netdiag /test:dns /v
    >
    >
    > Gathering IPX configuration information.
    > Querying status of the Netcard drivers... Failed
    > Testing Domain membership... Passed
    > Gathering NetBT configuration information.
    > Testing DNS
    > PASS - All the DNS entries for DC are registered on DNS server
    > '128.127.2.2'
    > .
    >
    > Tests complete.
    >
    >
    > Computer Name: SERVER1
    > DNS Host Name: server1.HOC.Hutchinsonoil.com
    > DNS Domain Name: HOC.Hutchinsonoil.com
    > System info : Microsoft Windows Server 2003 (Build 3790)
    > Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
    > Hotfixes :
    > Installed? Name
    > Yes KB819696
    > Yes KB822132
    > Yes KB822742
    > Yes KB822743
    > Yes KB822744
    > Yes KB822745
    > Yes KB822925
    > Yes KB823182
    > Yes KB823353
    > Yes KB823559
    > Yes KB823980
    > Yes KB824073
    > Yes KB824105
    > Yes KB824139
    > Yes KB824141
    > Yes KB824146
    > Yes KB824151
    > Yes KB825117
    > Yes KB825119
    > Yes KB826238
    > Yes KB826936
    > Yes KB828035
    > Yes KB828741
    > Yes KB833987
    > Yes KB834707
    > Yes KB835732
    > Yes KB837001
    > Yes KB837272
    > Yes KB839645
    > Yes KB840315
    > Yes KB840374
    > Yes KB840987
    > Yes KB841356
    > Yes KB841533
    > Yes KB842773
    > Yes KB867460
    > Yes KB870763
    > Yes KB871250
    > Yes KB873333
    > Yes KB873376
    > Yes KB883935
    > Yes KB883939
    > Yes KB885250
    > Yes KB885834
    > Yes KB885835
    > Yes KB885836
    > Yes KB885881
    > Yes KB886903
    > Yes KB887797
    > Yes KB888113
    > Yes KB890046
    > Yes KB890175
    > Yes KB890859
    > Yes KB890923
    > Yes KB891711
    > Yes KB891781
    > Yes KB893066
    > Yes KB893086
    > Yes KB893803v2
    > Yes KB896358
    > Yes KB896422
    > Yes KB896426
    > Yes KB896428
    > Yes KB897715
    > Yes KB901214
    > Yes KB903235
    > Yes Q147222
    > Yes Q828026
    >
    >
    > Netcard queries test . . . . . . . : Failed
    >
    > Information of Netcard drivers:
    >
    >
    > ---------------------------------------------------------------------------
    > Description: Intel(R) PRO/1000 MT Network Connection
    > Device: \DEVICE\{35B3C83C-B68D-4155-96C4-A15832A28911}
    > GetStats failed for 'Intel(R) PRO/1000 MT Network Connection'.
    > [ERROR_INVALI
    > D_FUNCTION]
    >
    > ---------------------------------------------------------------------------
    > [FATAL] - None of the netcard drivers provided satisfactory results.
    >
    >
    >
    > Per interface results:
    >
    > Adapter : Server Local Area Connection
    > Adapter ID . . . . . . . . : {35B3C83C-B68D-4155-96C4-A15832A28911}
    >
    > Netcard queries test . . . : Failed
    > NetCard Status: UNKNOWN
    >
    >
    > Global results:
    >
    >
    > Domain membership test . . . . . . : Passed
    > Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    > Netbios Domain name. . . . . . : HOC
    > Dns domain name. . . . . . . . : HOC.Hutchinsonoil.com
    > Dns forest name. . . . . . . . : HOC.Hutchinsonoil.com
    > Domain Guid. . . . . . . . . . : {AC6663A5-C1B5-4D4B-BD49-7AEEB070A1B2}
    > Domain Sid . . . . . . . . . . : S-1-5-21-2040972775-2088865363-4077242360
    > Logon User . . . . . . . . . . : .admin
    > Logon Domain . . . . . . . . . : HOC
    >
    >
    > NetBT transports test. . . . . . . : Passed
    > List of NetBt transports currently configured:
    > NetBT_Tcpip_{35B3C83C-B68D-4155-96C4-A15832A28911}
    > 1 NetBt transport currently configured.
    >
    >
    > DNS test . . . . . . . . . . . . . : Passed
    > Interface {35B3C83C-B68D-4155-96C4-A15832A28911}
    > DNS Domain:
    > DNS Servers: 128.127.2.2
    > IP Address: Expected registration with PDN (primary DNS
    > domain n
    > ame):
    > Hostname: server1.HOC.Hutchinsonoil.com.
    > Authoritative zone: HOC.Hutchinsonoil.com.
    > Primary DNS server: server1.HOC.Hutchinsonoil.com 128.127.2.2
    > Authoritative NS:128.127.2.2
    > Check the DNS registration for DCs entries on DNS server '128.127.2.2'
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > The Record is correct on DNS server '128.127.2.2'.
    >
    > PASS - All the DNS entries for DC are registered on DNS server
    > '128.127.2.2'
    > .
    >
    >
    > The command completed successfully
    >
    > Thank You For Your Help
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:%23KuA6FzkFHA.572@TK2MSFTNGP15.phx.gbl,
    Steve Duff [MVP] <ergodic@ergodic-systems.com> stated, which I then
    commented on below:
    > Ken:
    >
    > We need to get the time service problem fixed. The lack of a reliable
    > time source for the domain will cause all sorts of obscure problems with
    > functions that depend
    > on an accurate time source. Either the time service isn't working or the
    > PDC role server itself
    > is missing or misconfigured in AD.
    > First, check that the server's date, time and time zone are all
    > correct. Be sure to check the time zone as this is easy to overlook and
    > will cause trouble if wrong.
    >
    > Next, check that the "Windows Time Service" is set to "Automatic" in
    > services, and running. If not, see if you can start it. If it will not
    > stay running there should be an
    > event in the system event log giving a reason.
    > Finally, we need to sync the DC to an outside time source. The
    > command "net time /setsntp:<server>" will set the external time source to
    > an outside server (e.g. net time
    > /setsntp:ntp.ucsd.edu ). You can use the w32tm command to check the time
    > service, but there are some
    > differences between 2000 and 2003, the details are here, depending (watch
    > the URL wrap):
    >
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/TimeWin2K.asp
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx
    >
    > If you've fixed the time service problem then a dcdiag should now
    > pass the advertising test and FSMO role check. (I'm not concerned about
    > the netcard test since the network -
    > I am assuming - is working, but you may want to look into this as a driver
    > update issue.)
    >
    > If the time service isn't the problem, then it the PDC emulator
    > "FSMO" role itself is likely the problem.
    > Open AD Users and Computers, and right-click on the domain name at
    > the top of the tree. Select "operations masters" and click the "PDC"
    > tab. This will show you FQDN of the server that active directory has
    > assigned as the PDC emulator. If this is not a
    > functioning DC it will have to be fixed, so post back in that case.
    >
    > At the moment I don't see any DNS-related configuration problems. It
    > is possible there is something else underneath your time service problem,
    > but that has to be
    > corrected first.
    > Steve Duff, MCSE, MVP
    > Ergodic Systems, Inc.


    Steve, good point about the time service and AD's Kerberos service's
    reliance on it.

    But just to point out, I saw a mix of referenced public IPs and private IPs
    in the ipconfig in the netdiag:

    Host Name. . . . . . . . . : server1
    IP Address . . . . . . . . : 128.127.2.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 128.127.2.3
    Primary WINS Server. . . . : 192.168.16.5
    Dns Servers. . . . . . . . : 128.127.2.2

    IpConfig results . . . . . : Failed
    Pinging the Primary WINS server 192.168.16.5 - not reachable

    If this is the case, where two DCs (or a DC on one side, and clients on the
    other) are on opposite sides of a NAT device, AD communication will not
    function across a NAT, unless there's a VPN created between them to allow
    communication.

    Just for the poster's benefit, NAT cannot traverse LDAP, RPC and Kerberos
    calls.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    Way good catch - completely missed that.

    Since it's the only place where that address shows up and isn't reachable my guess is
    that it is probably just a dud IP leftover from days of yore. I don't think it would
    explain the other symptoms, but it definitely should be pulled out. WINS is
    unnecessary to resolve any of these problems.

    Steve Duff, MCSE, MVP
    Ergodic Systems, Inc.

    "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in message
    news:OOJP94ElFHA.2916@TK2MSFTNGP14.phx.gbl...
    > In news:%23KuA6FzkFHA.572@TK2MSFTNGP15.phx.gbl,
    > Steve Duff [MVP] <ergodic@ergodic-systems.com> stated, which I then commented on below:
    >> Ken:
    >>
    >> We need to get the time service problem fixed. The lack of a reliable
    >> time source for the domain will cause all sorts of obscure problems with functions that depend
    >> on an accurate time source. Either the time service isn't working or the PDC role server itself
    >> is missing or misconfigured in AD.
    >> First, check that the server's date, time and time zone are all
    >> correct. Be sure to check the time zone as this is easy to overlook and will cause trouble if wrong.
    >>
    >> Next, check that the "Windows Time Service" is set to "Automatic" in
    >> services, and running. If not, see if you can start it. If it will not stay running there should be an
    >> event in the system event log giving a reason.
    >> Finally, we need to sync the DC to an outside time source. The
    >> command "net time /setsntp:<server>" will set the external time source to an outside server (e.g. net time
    >> /setsntp:ntp.ucsd.edu ). You can use the w32tm command to check the time service, but there are some
    >> differences between 2000 and 2003, the details are here, depending (watch the URL wrap):
    >>
    >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/TimeWin2K.asp
    >> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx
    >>
    >> If you've fixed the time service problem then a dcdiag should now
    >> pass the advertising test and FSMO role check. (I'm not concerned about the netcard test since the network -
    >> I am assuming - is working, but you may want to look into this as a driver update issue.)
    >>
    >> If the time service isn't the problem, then it the PDC emulator
    >> "FSMO" role itself is likely the problem.
    >> Open AD Users and Computers, and right-click on the domain name at
    >> the top of the tree. Select "operations masters" and click the "PDC"
    >> tab. This will show you FQDN of the server that active directory has assigned as the PDC emulator. If this is not a
    >> functioning DC it will have to be fixed, so post back in that case.
    >>
    >> At the moment I don't see any DNS-related configuration problems. It
    >> is possible there is something else underneath your time service problem, but that has to be
    >> corrected first.
    >> Steve Duff, MCSE, MVP
    >> Ergodic Systems, Inc.
    >
    >
    > Steve, good point about the time service and AD's Kerberos service's reliance on it.
    >
    > But just to point out, I saw a mix of referenced public IPs and private IPs in the ipconfig in the netdiag:
    >
    > Host Name. . . . . . . . . : server1
    > IP Address . . . . . . . . : 128.127.2.2
    > Subnet Mask. . . . . . . . : 255.255.255.0
    > Default Gateway. . . . . . : 128.127.2.3
    > Primary WINS Server. . . . : 192.168.16.5
    > Dns Servers. . . . . . . . : 128.127.2.2
    >
    > IpConfig results . . . . . : Failed
    > Pinging the Primary WINS server 192.168.16.5 - not reachable
    >
    > If this is the case, where two DCs (or a DC on one side, and clients on the other) are on opposite sides of a NAT device, AD
    > communication will not function across a NAT, unless there's a VPN created between them to allow communication.
    >
    > Just for the poster's benefit, NAT cannot traverse LDAP, RPC and Kerberos calls.
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    > Infinite Diversities in Infinite Combinations.
    > =================================
    >
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:e3WUNrGlFHA.2920@TK2MSFTNGP14.phx.gbl,
    Steve Duff [MVP] <ergodic@ergodic-systems.com> made this post, which I then
    commented about below:
    > Way good catch - completely missed that.
    >
    > Since it's the only place where that address shows up and isn't
    > reachable my guess is that it is probably just a dud IP leftover from days
    > of yore. I don't
    > think it would explain the other symptoms, but it definitely should be
    > pulled out.
    > WINS is unnecessary to resolve any of these problems.
    >
    > Steve Duff, MCSE, MVP
    > Ergodic Systems, Inc.

    Thanks.

    I agree WINS is useless here and should be removed. But I'm curious if
    there's another card on the machine or if the machine is or was on a
    multi-subnetted wire?

    Not that it would make a difference, but would the bad WINS address
    contribute to the netdiag [ERROR D_FUNCTION] of the NIC test in the results?
    I originally thought netdiag uses DNS, but maybe not, but since the WINS
    server is not reachable, I don't think it matters and wouldn have anything
    to do with failing the NIC test. I searched on that error, but couldn't find
    what it is or what can cause it.

    Back to the original post with the 5504 errors, that usually indicates an
    illegal character in a host name. But what's strange is it's coming from the
    router, so maybe an outside source is causing it and causing the NIC test to
    fail.
    http://www.eventid.net/display.asp?eventid=5504&eventno=642&source=DNS&phase=1

    I've also seen *similar* issues (not saying it's the cause here), in the
    past with NICs when an SQL server got slammed with the Slammer and it just
    flooded the entire network and affected every machine due to the useless UDP
    broadcasts.

    Ace
Ask a new question

Read More

DNS Server DNS Windows