|
Question : No DSN SRV records for AD
|
|
NETLOGON will not register SRV DNS records.
Single W2k server functioning as the DC and DNS
DNS forward zone has been deleted and rebuilt to no avail. Ran NETDIAG and DCDIAG variations, error output is below. HELP!!
NETDIAG /FIX
DNS test . . . . . . . . . . . . . : Failed [FATAL] Failed to fix: DC DNS entry WilliamsonSneed. re-registeration on server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.WilliamsonSneed. re-regist tion on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._s s.WilliamsonSneed. re-registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.WilliamsonSneed e-registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.WilliamsonSneed. -registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._s s.gc._msdcs.WilliamsonSneed. re-registeration on DNS server '192.168.0.30' fa d. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.258e97ea-0d2b-4b44-ba83-f6 bc8fcfe.domains._msdcs.WilliamsonSneed. re-registeration on DNS server '192.1 0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry gc._msdcs.WilliamsonSneed. re-registe ion on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry abe800ae-7f96-429b-b97a-5aef465b63a5. dcs.WilliamsonSneed. re-registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.WilliamsonSn . re-registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Nam sites.dc._msdcs.WilliamsonSneed. re-registeration on DNS server '192.168.0.30 ailed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.WilliamsonSneed. -registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._s s.dc._msdcs.WilliamsonSneed. re-registeration on DNS server '192.168.0.30' fa d. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.WilliamsonSneed. re-re teration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Nam sites.WilliamsonSneed. re-registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _gc._tcp.WilliamsonSneed. re-register on on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sit WilliamsonSneed. re-registeration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kerberos._udp.WilliamsonSneed. re-re teration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.WilliamsonSneed. re-reg eration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.WilliamsonSneed. re-reg eration on DNS server '192.168.0.30' failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for is DC on DNS server '192.168.0.30'. [FATAL] No DNS servers have the DNS records for this DC registered.
dcdiag /test:connectivity
Testing server: Default-First-Site-Name\6ZQF88OZYNAIYL8 Starting test: Connectivity 6ZQF88OZYNAIYL8's server GUID DNS name could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (abe800ae-7f96-429b-b97a-5aef465b63a5._msdcs.WilliamsonSneed) couldn't be resolved, the server name (6zqf88ozynaiyl8.WilliamsonSneed) resolved to the IP address (192.168.0.30) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... 6ZQF88OZYNAIYL8 failed test Connectivity
DNS looks like this: forward lookup zone is 6zqf88ozynaiyl8.williamsonsneed entries are: SOA 6zqf88ozynaiyl8.williamsonsneed NS 6zqf88ozynaiyl8.williamsonsneed A 192.169.0.30 (this is the IP of the server 6zqf88...) A all the other hosts in the domain ....
|
Answer : No DSN SRV records for AD
|
|
You don't necessarily need to rebuild the the complete machine. You could try to dcpromo it down, then run dcpromo again with a new domain name. Make sure you have a working backup, though; dcpromo relies on a functioning DNS as well. If your domain is still running in mixed mode, you don't even have to lose the domain, you could use an NT4 BDC as backup:
How to Rename the DNS Name of a Windows 2000 Domain http://support.microsoft.com/?kbid=292541
DNS Namespace Planning http://support.microsoft.com/?kbid=254680
Don't know what happened to the article in the MSKB; they might have withdrawn it, or it's just a glitch in the database; you can still find references in Google. Anyway, here's the complete article:
====8<----[Clients cannot dynamically register DNS records in a single-label forward lookup zone]---- PSS ID Number: 826743
Article Last Modified on 5/3/2004
-------------------------------------------------------------------------------- The information in this article applies to:
Microsoft Windows Server 2003, Standard Edition Microsoft Windows Server 2003, Datacenter Edition Microsoft Windows Server 2003, Enterprise Edition Microsoft Windows XP Professional Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Server Microsoft Windows 2000 Professional
--------------------------------------------------------------------------------
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry
SYMPTOMS Clients cannot dynamically register DNS records in a single-label forward lookup zone. Specific symptoms vary according to the version of Microsoft Windows that is installed. The following list describes the symptoms: After you install Microsoft Windows Service Pack 4 (SP4), all domain controllers may not be able to register DNS records. The system event log of the domain controller may consistently log NETLOGON 5781 warnings that are similar to the following example: Event Type: Warning Event Source: NETLOGON Event Category: None Event ID: 5781 Description: Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
Data Words: 0000: 0000232a Note Status code 0000232a maps to the DNS_ERROR_RCODE_SERVER_FAILURE error code. The following are additional status codes and error codes that may appear in log files such as Netdiag.log: DNS Error Code: 0x0000251D = DNS_INFO_NO_RECORDS DNS_ERROR_RCODE_ERROR RCODE_SERVER_FAILURE Windows 2000 SP4-based computers will not register in a single-label domain. A warning that is similar to the following example is recorded in the system event log of the computer: Event Type: Warning Event Source: DnsApi Event Category: None Event ID: 11151 Description: The system failed to register network adapter with settings:
Adapter Name : {89317B1A-C246-4C7B-81D5-2CA8930EB721} Host Name : FileServer Adapter-specific Domain Suffix : domain.local DNS server list : 209.242.21.82, 209.242.0.2, 209.242.0.5 Sent update to server : None IP Address(es) : 192.168.127.254
The cause of this DNS registration failure was because of DNS server failure. This may be due to a zone transfer that has locked the DNS server for the applicable zone that your computer needs to register itself with. (The applicable zone should typically correspond to the Adapter-specific Domain Suffix that was indicated above.) You can manually retry registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your network systems administrator to verify network conditions. A Microsoft Windows Server 2003-based computer is not updating its SRV records and its host records in the DNS zone. Clients with fresh installations of Microsoft Windows XP cannot register with DNS dynamic update protocol on a DNS server. A message that is similar to the following example is recorded in the Windows XP system event log: Event Type: Warning Event ID: 11165 Source: DnsApi Description: The system failed to register host (A) resource records (RRs) for network adapter with settings:
Adapter Name : {8E866057-FDA9-4EBE-9F99-4D530A2933FD} Host Name : SV2019 Primary Domain Suffix : mydom DNS server list : 192.168.213.100, 204.246.1.20 Sent update to server : > IP Address(es) : 192.168.213.101
The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.
To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator. CAUSE These issues may occur for either one of the following reasons if you have implemented a single-label domain namespace: Starting with Windows 2000 SP4, the default setting for dynamically registering DNS records changed. In Windows 2000 SP4 and later, Windows does not dynamically register DNS records in a single-label domain. By default, Windows XP, Windows Server 2003, and Windows 2000 SP4 and later do not send updates to top-level domains. You can change this behavior by using one of the methods that is shown in the "Resolution" section of this article. RESOLUTION Microsoft does not recommend that you use Active Directory directory service domains with single-label DNS names. If you want to keep your single-label DNS structure, use one of the following methods to allow Windows-based clients to perform dynamic updates to single-label DNS zones. Method 1: Use Registry Editor Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. On a client that is trying to dynamically update the single-label DNS zone, start Registry Editor.
Note The term "client" also applies to domain controllers. Locate one of the following subkeys, depending on the client's operating system: Windows XP or Windows 2000 SP4: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
Windows Server 2003: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
IMPORTANT If the DNSClient subkey does not exist, you must create it. To do so: Right-click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
Point to New, and then click Key. Type DNSClient, and then press ENTER. Right-click the subkey, point to New, and then click DWORD Value. Type UpdateTopLevelDomainZones, and then press ENTER. Right-click the UpdateTopLevelDomainZones entry, and then click Modify. In the Value data box, type 1. To enable Active Directory domain members (clients, domain controllers, and DNS servers) to use DNS to locate domain controllers in domains with single-label DNS names, locate the following subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Right-click the subkey, point to New, and then click DWORD Value. Type AllowSingleLabelDnsDomain, and then press ENTER. Right-click the AllowSingleLabelDnsDomain entry, and then click Modify. In the Value data box, type 1. Repeat steps 1 through 11 for other clients that are trying to dynamically update the single-label DNS zone. For the changes to take effect, restart the computers where you changed the registry keys. Summary of registry settings The following list summarizes the registry entry settings that you create by using Method 1. For your convenience, this list is organized by operating system and by the computer's role in the domain.
For Windows 2000 SP4 domain clients, for Windows 2000 SP4 domain controllers, and for Windows XP domain members:
Subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters Entry name: UpdateTopLevelDomainZones Data type: DWORD Value: 1
Subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters Entry name: AllowSingleLabelDnsDomain Data type: DWORD Value: 1
For Windows Server 2003 domain members and for Windows Server 2003 domain controllers:
Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient Entry name: UpdateTopLevelDomainZones Data type: DWORD Value: 1
Subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters Entry name: AllowSingleLabelDnsDomain Data type: DWORD Value: 1 Method 2: Use Group Policy Using Group Policy, enable the Update Top Level Domain Zones policy under the following folder on the root domain container in Users and Computers or on all organizational units (OUs) that host machine accounts for member computers and for domain controllers in the domain: ComputerConfiguration\AdministrativeTemplates\Network\DNS Client
Note This policy is supported only on Windows Server 2003-based computers and on Windows XP-based computers.
To enable this policy, follow these steps on the root domain container: Click Start, click Run, type gpedit.msc, and then click OK. Under Local Computer Policy, expand Computer Configuration. Expand Administrative Templates. Expand Network. Click DNS Client. In the right pane, double-click Update Top Level Domain Zones. Click Enabled. Click Apply, and then click OK. Quit Group Policy. For additional information about this new policy, click the following article number to view the article in the Microsoft Knowledge Base: 294785 New group policies for DNS in Windows Server 2003
The following article describes in detail how to use Group Policy Editor to change local policy settings for computers in all OUs that host machine accounts for member computers and domain controllers in the domain. 307882 HOW TO: Use the Group Policy Editor to manage local computer policy in Windows XP
On DNS servers, make sure that root servers are not created unintentionally. You may have to delete the root zone "." on the Windows 2000-based DNS server to have the DNS records correctly declared. (The root zone is automatically created when DNS is installed because it cannot reach the root hints. This issue was corrected in Windows Server 2003.)
Root servers may be created by the DCpromo Wizard. If the "." zone exists, a root server has been created. You may have to remove this zone for name resolution to work correctly.
New and modified DNS policy settings for Windows Server 2003 The Update Top Level Domain Zones policy
If this policy is specified, it creates a REG_DWORD UpdateTopLevelDomainZones entry under the following registry subkey: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient
The following are the entry values for UpdateTopLevelDomainZones: Enabled (0x1). An 0x1 setting means that computers may try to update the TopLevelDomain zones. That is, if the UpdateTopLevelDomainZones setting is enabled, computers that have this policy applied send dynamic updates to any zone that is authoritative for the resource records that the computer must update, except for the root zone. Disabled (0x0). An 0x0 setting means that computers may not try to update the TLD zones. That is, if this setting is disabled, computers that have this policy applied do not send dynamic updates to the root zone or to the top-level domain zones that are authoritative for the resource records that the computer must update. If this setting is not configured, the policy is not applied to any computers, and computers use their local configuration. The Register PTR Records policy
A new possible value, 0x2, of the REG_DWORD RegisterReverseLookup entry was added under the following registry subkey: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient
The following are the entry values for RegisterReverseLookup: 0x2 - Register only if A record registration succeeds. Computers try PTR resource records registration only if they successfully registered the corresponding A resource records. 0x1 - Register. Computers try PTR resource records registration regardless of the success of the A records registration. 0x0 - Do not register. Computers never try PTR resource records registration. For additional information about the single-label domain name issue, click the following article number to view the article in the Microsoft Knowledge Base: 300684 Information about configuring Windows for domains with single-label DNS names
MORE INFORMATION The event ID 5781 Netlogon warning is seen on Active Directory-integrated DNS servers and on domain controllers with the Allow Dynamic Updates policy setting enabled.
If the registry entries that are described in Method 1 are present in the registry and if their values are set to 1, dynamic updates to the top-level domain zone will occur successfully.
By default, the registry entries are not present. If they are not present, or if they are present and if their values are set to 0, dynamic updates to the top-level domain zones will not succeed. The RCODE_SERVER_FAILURE error code will appear on the screen, or the following error code will appear in the DNS section of the log file if you run the Netdiag.exe diagnostic utility:DNS test . . . . . . . . . . . . . : Passed Interface {6B1ED1B7-626E-4DDF-A4EB-B6A196573563} DNS Domain: DNS Servers: 172.20.200.72 172.20.200.30 IP Address: 172.20.200.30 Expected registration with PDN (primary DNS domain name): Hostname: DC01.mydom. [WARNING] Cannot find a primary authoritative DNS server for the name 'DC01.mydom.'. [RCODE_SERVER_FAILURE] The name 'DC01.mydom.' may not be registered in DNS. REFERENCES For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base: 300684 Information about configuring Windows for domains with single-label DNS names
254680 DNS namespace planning
285983 Considerations for designing namespaces in Windows 2000-based domains
294785 New group policies for DNS in Windows Server 2003
324601 Support WebCast: Domain controller promotion: The process and how to troubleshoot it
Additional query words: DDNS promote DCPROMO forward lookup zone backward PTR, active directory, SP4, dnsapi.dll, single label AD zone, AllowSingleLabelDnsDomainName, TLD, lable, Netlogon, DC Domain Controller, DNS_ERROR_RCODE_ERROR, RCODE_SERVER_FAILURE
Keywords: KB826743 Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinServ2003Data kbWinServ2003DataSearch kbWinServ2003Ent kbWinServ2003EntSearch kbWinServ2003Search kbWinServ2003St kbWinXPPro kbWinXPProSearch kbWinXPSearch ====8<----[Clients cannot dynamically register DNS records in a single-label forward lookup zone]----
|
|
|
|