Someone kindly told me the dcdiag tool could help me with
my dns issues, being I'm new to win2k and DNS, I dont know
how to fix the the error.


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
SERVER's server GUID DNS name could not be
resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name

(f2b81a75-9ee4-4a3b-bbea-
6317c107d292._msdcs.Bogy.local) couldn't be

resolved, the server name (server.Bogy.local)
resolved to the IP

address (192.168.0.121) and was pingable. Check
that the IP address

is registered correctly with the DNS server.
......................... SERVER failed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Skipping all tests, because server SERVER is
not responding to directory service requests

Running enterprise tests on : Bogy.local
Starting test: Intersite
......................... Bogy.local passed test
Intersite
Starting test: FsmoCheck
......................... Bogy.local passed test
FsmoCheck

Sorry for the dumb question, but I could really use some
help, the Windows help file is useless, or it could just
be my brain.

Chris

In news:027b01c340c5$1cdf0a20$(E-Mail Removed),
Chris <(E-Mail Removed)> posted his concerns then I replied down below:
> Someone kindly told me the dcdiag tool could help me with
> my dns issues, being I'm new to win2k and DNS, I dont know
> how to fix the the error.
>
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\SERVER
> Starting test: Connectivity
> SERVER's server GUID DNS name could not be
> resolved to an
> IP address. Check the DNS server, DHCP, server
> name, etc
> Although the Guid DNS name
>
> (f2b81a75-9ee4-4a3b-bbea-
> 6317c107d292._msdcs.Bogy.local) couldn't be
>
> resolved, the server name (server.Bogy.local)
> resolved to the IP
>
> address (192.168.0.121) and was pingable. Check
> that the IP address
>
> is registered correctly with the DNS server.
> ......................... SERVER failed test
> Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\SERVER
> Skipping all tests, because server SERVER is
> not responding to directory service requests
>
> Running enterprise tests on : Bogy.local
> Starting test: Intersite
> ......................... Bogy.local passed test
> Intersite
> Starting test: FsmoCheck
> ......................... Bogy.local passed test
> FsmoCheck
>
> Sorry for the dumb question, but I could really use some
> help, the Windows help file is useless, or it could just
> be my brain.
>
> Chris

Here's the basics of AD and DNS:
http://support.microsoft.com/?id=291382

Basically, in your IP properties of all your internal machines (DCs and
clients) point only to your DNS server. Do not use an ISP's or any other
external DNS server. LOTS and LOTS of errors will result if you do. TOo many
to list here, with yours being one of them.

Make sure that the Primary DNS Suffix is ste to the exact name of AD's
domain name and it is NOT a single label name. It should be "domain.com" or
domain.local" but not just "domain.

Make sure updates are set to YES on the zone property that you created in
DNS and is spelled exactly the same as the Primary DNS Suffix and the AD
domain name.

Make sure if you are in a routed environment with mutliple sites, that you
are not trying to go thru a NAT, since it doesn't support RPC, Kerberos or
LDAP communication, which AD requires. Evern though it can ping or resolve
to the name, once it tries to communicate thru LDAP with using RPC, and the
resulting Kerberos authentication tries to take place, it all fails and
returns an error saying it cannot establish communication with such and
such.

If using a VPN, DO NOT alter the MTU settings, or the results will also be
as a NAT issue above.

If you need Internet resolution, make sure your machines are pointing to
your own (as in the first paragraph above) and setup a forwarder on your own
DNS server to send the query to the ISP's. Shown how to here:
http://support.microsoft.com/?id=300202

The help files do not go into this detail and requires either taking courses
with a qualified instructor or actual JIT or OTJ (just in time or on the
job) training and learning the hard way!

:-)


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

I'm back, still having issues.
I reinstalled Win Advanced Server, ran "dcpromo" created
the domain, "Bogy.Family"

IN System Properties-Network Identification states:
Full computer Name: Server.Bogy.Family
Domain: Bogy.Family

TCP/IT properties:
IP address: 192.168.0.121
Subnet: 255.255.255.0
Default Gateway: 192.168.0.1-----this is my router to isp.
Perferred DNS Server: 192.168.0.121

Installed DNS:
Zone Name: Server
Under Forward lookup zone I have
Bogy.Family in this I have these folders _msdc, _sites,
_tcp, _udp all with proper records within,
For records under Bogy.Family I have SOA, NS, and 2 "A"
host records.
I deleted the "." root.
I changed the "Allow Dynamic Updates" to "Yes" then I ran
net stop netlogon, then net start logon and finally
ipconfig /registerdns

DCDIAG now displays this:
Domain Controller Diagnosis

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
......................... SERVER passed test
Replications
Starting test: NCSecDesc
......................... SERVER passed test
NCSecDesc
Starting test: NetLogons
......................... SERVER passed test
NetLogons
Starting test: Advertising
......................... SERVER passed test
Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test
RidManager
Starting test: MachineAccount
......................... SERVER passed test
MachineAccount
Starting test: Services
......................... SERVER passed test
Services
Starting test: ObjectsReplicated
......................... SERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test
frssysvol
Starting test: kccevent
......................... SERVER passed test
kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/02/2003 15:15:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/02/2003 16:00:31
(Event String could not be retrieved)
......................... SERVER failed test
systemlog

Running enterprise tests on : Bogy.Family
Starting test: Intersite
......................... Bogy.Family passed test
Intersite
Starting test: FsmoCheck
......................... Bogy.Family passed test
FsmoCheck


Now when I run the NSLOOKUP command I get this:

*** Can't find server namefor address 192.168.0.121: Non-
existent domain
***Default Server: UnKnown
Address: 192.168.0.1

And finally when I try to join any of my XP machines to
the domain, I receive the error: "The following error
occurred attempting to join the domain "Bogy.Family": the
network path was not found.

TCP/IP of XP machines
IP: are static ie.192.168.0.122
Default gateway: 192.168.0.1
DNS setting are set to 192.168.0.121

My question after all that is, why does NSLOOKUP not work
but DCDIAG work?? And why the domain error on the XP
machines?

I must be a dumb ass or something.
Thanks again.

Chris

In news:490e01c340f0$2d471df0$(E-Mail Removed),
Chris <(E-Mail Removed)> posted his concerns then I replied down below:
> I'm back, still having issues.
> I reinstalled Win Advanced Server, ran "dcpromo" created
> the domain, "Bogy.Family"
>
> IN System Properties-Network Identification states:
> Full computer Name: Server.Bogy.Family
> Domain: Bogy.Family
>
> TCP/IT properties:
> IP address: 192.168.0.121
> Subnet: 255.255.255.0
> Default Gateway: 192.168.0.1-----this is my router to isp.
> Perferred DNS Server: 192.168.0.121
>
> Installed DNS:
> Zone Name: Server
> Under Forward lookup zone I have
> Bogy.Family in this I have these folders _msdc, _sites,
> _tcp, _udp all with proper records within,
> For records under Bogy.Family I have SOA, NS, and 2 "A"
> host records.
> I deleted the "." root.
> I changed the "Allow Dynamic Updates" to "Yes" then I ran
> net stop netlogon, then net start logon and finally
> ipconfig /registerdns
>
> DCDIAG now displays this:
> Domain Controller Diagnosis
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\SERVER
> Starting test: Connectivity
> ......................... SERVER passed test
> Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\SERVER
> Starting test: Replications
> ......................... SERVER passed test
> Replications
> Starting test: NCSecDesc
> ......................... SERVER passed test
> NCSecDesc
> Starting test: NetLogons
> ......................... SERVER passed test
> NetLogons
> Starting test: Advertising
> ......................... SERVER passed test
> Advertising
> Starting test: KnowsOfRoleHolders
> ......................... SERVER passed test
> KnowsOfRoleHolders
> Starting test: RidManager
> ......................... SERVER passed test
> RidManager
> Starting test: MachineAccount
> ......................... SERVER passed test
> MachineAccount
> Starting test: Services
> ......................... SERVER passed test
> Services
> Starting test: ObjectsReplicated
> ......................... SERVER passed test
> ObjectsReplicated
> Starting test: frssysvol
> ......................... SERVER passed test
> frssysvol
> Starting test: kccevent
> ......................... SERVER passed test
> kccevent
> Starting test: systemlog
> An Error Event occured. EventID: 0x8000003E
> Time Generated: 07/02/2003 15:15:30
> (Event String could not be retrieved)
> An Error Event occured. EventID: 0x8000003E
> Time Generated: 07/02/2003 16:00:31
> (Event String could not be retrieved)
> ......................... SERVER failed test
> systemlog
>
> Running enterprise tests on : Bogy.Family
> Starting test: Intersite
> ......................... Bogy.Family passed test
> Intersite
> Starting test: FsmoCheck
> ......................... Bogy.Family passed test
> FsmoCheck
>
>
> Now when I run the NSLOOKUP command I get this:
>
> *** Can't find server namefor address 192.168.0.121: Non-
> existent domain
> ***Default Server: UnKnown
> Address: 192.168.0.1
>
> And finally when I try to join any of my XP machines to
> the domain, I receive the error: "The following error
> occurred attempting to join the domain "Bogy.Family": the
> network path was not found.
>
> TCP/IP of XP machines
> IP: are static ie.192.168.0.122
> Default gateway: 192.168.0.1
> DNS setting are set to 192.168.0.121
>
> My question after all that is, why does NSLOOKUP not work
> but DCDIAG work?? And why the domain error on the XP
> machines?
>
> I must be a dumb ass or something.
> Thanks again.
>
> Chris


Also to add about XP and logons *if* using XP SP1:

331519 - Error Messages When You Open or Copy Network Files on Windows XP
SP1 Clients That Require SMB Signing [XP Login to AD issues with XP SP1]:
http://support.microsoft.com/?id=331519

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Q) Is the Kerberos KDC service running?
A) I have no clue on how to check that.


Q)Are you using WINS?
A)NO


Q)DId you disable any services, such
as File and Print Services?
A)Client for Microsoft Networks, F&P is running.


Q)Did you recently change the clock? Logged on as
Enterprise Admin? Change anything at all,
even any minor settings, maybe even kill the MS Client
service or NetBIOS?
A) All I did was uncheck Client for Microsoft Networks,
Since I'm running Win 2K Server and Win XP I dont need
it. Or so I've read.


Q)Did you change any other settings as far as security,
group policy, local
security policy, etc?
A)I didn't change any policys, It was a fresh install,
all I've done is installed AD and DNS.



Q)What Errors are in your Event Viewer? Post the Event ID
# please.
A) Events 62, 5781, and 34

Q)If you joined by the NetBIOS name, which I'm assuming
is "BOGY", do you get the same error?
A) I've tried to join with Server.Bogy.Family,
Bogy.Family, and Bogy, nothing worked

Q)Try a netdiag /fix on the DC and re-run DCDIAG.
A) I ran netdiag /fix then ran dcdiag, dcdiag has the
same error.

I have re-installed twice now and the same crap keeps
happening, Its starting to **** me off.

Chris

In news:542a01c341a5$4b63b220$(E-Mail Removed),
Chris <(E-Mail Removed)> posted his concerns then I replied down below:
> Q) Is the Kerberos KDC service running?
> A) I have no clue on how to check that.

Check services. If it's "started", then it's running.

>
>
> Q)Are you using WINS?
> A)NO
>
>
> Q)DId you disable any services, such
> as File and Print Services?
> A)Client for Microsoft Networks, F&P is running.
>
>
> Q)Did you recently change the clock? Logged on as
> Enterprise Admin? Change anything at all,
> even any minor settings, maybe even kill the MS Client
> service or NetBIOS?
> A) All I did was uncheck Client for Microsoft Networks,
> Since I'm running Win 2K Server and Win XP I dont need
> it. Or so I've read.

You'll need it. Enable it, start it, then run netdiag /fix, and then re-run
dcdiag.

>
>
> Q)Did you change any other settings as far as security,
> group policy, local
> security policy, etc?
> A)I didn't change any policys, It was a fresh install,
> all I've done is installed AD and DNS.
>
>
>
> Q)What Errors are in your Event Viewer? Post the Event ID
> # please.
> A) Events 62, 5781, and 34

5781:
http://www.eventid.net/display.asp?eventid=5781&source=
Due to (most likely) your zone is AD Integrated and AD has not quite
initialized at boot while netlogon is trying to register into DNS, and/or
due to the Client Service being disabled.

You can either ignore the error, or change the zone to a Primary. Matter of
fact in your case, I would change it to a Primary and see if it helps with
the main issue. You say the SRVs show up, then let;s do this after you
change it to a Primary (in this order):

Delete the SRV records.
Hit refresh to make sure they're gone.
Delete the system32\config\netlogon.dns and netlogon.dnb files
ipconfig /registerdns
net stop netlogon
net start netlogon

Then tell me if the SRVs pop back up. If all is set correctly, they should
with no problem.

62
Has nothing to do with your problem, but to clean it up, as should be done
on a DC with the time service, do this:
net time /setsntp:192.5.41.41
net stop w32time
w32tm -once
net start w32time

34
NOrmal using IDE on a DC. It disabled the harddrive's cache so the AD
database is consistent and upto date due to transactional logging.

>
> Q)If you joined by the NetBIOS name, which I'm assuming
> is "BOGY", do you get the same error?
> A) I've tried to join with Server.Bogy.Family,
> Bogy.Family, and Bogy, nothing worked

Due to probably the above service being disabled. Hopefully that is this
case.

>
> Q)Try a netdiag /fix on the DC and re-run DCDIAG.
> A) I ran netdiag /fix then ran dcdiag, dcdiag has the
> same error.
>
> I have re-installed twice now and the same crap keeps
> happening, Its starting to **** me off.

Don;t be ****ed. It maybe due to killing that one service. I've installed AD
hundreds of times, and that is probably an understatement and NEVER have had
any problems. It just works. Once anyone starts changing the defaults,
things start happening. Understand what you want to disabled and it's impact
before doing so. I'm not saying the MS Client is not causing it, but the
machine MUST be a client of itself to be able to do it's job.


>
> Chris



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

In news:000d01c341d2$5cfc92e0$(E-Mail Removed),
Chris <(E-Mail Removed)> posted his concerns then I replied down below:
> Check services. If it's "started", then it's running.
>
> (reply)How do I do that?

Go into the Services Console. Look at the service name. To the right of it,
it should say "started" if it actually is, and that means that it's
ruinning.

>
>
> You'll need it. Enable it, start it, then run
> netdiag /fix, and then
>
> re-run dcdiag.
>
> (reply) dcdiag shows the same error.
>
>> Q)What Errors are in your Event Viewer? Post the Event ID
>> # please.
>
>> A) Events 62, 5781, and 34
> (reply) I have some new errors in the event log/ system
> they are:
> 11 and 5781
>
> 5781:
> http://www.eventid.net/display.asp?eventid=5781&source=
> Due to (most likely) your zone is AD Integrated and AD has
> not quite
> initialized at boot while netlogon is trying to register
> into DNS,
>
> and/or
> due to the Client Service being disabled.
>
> You can either ignore the error, or change the zone to a
> Primary.
>
> Matter of
> fact in your case, I would change it to a Primary and see
> if it helps
>
> with
> the main issue. You say the SRVs show up, then let;s do
> this after you
> change it to a Primary (in this order):
>
> Delete the SRV records.
> Hit refresh to make sure they're gone.
> Delete the system32\config\netlogon.dns and netlogon.dnb
> files
> ipconfig /registerdns
> net stop netlogon
> net start netlogon
>
> Then tell me if the SRVs pop back up. If all is set
> correctly, they
>
> should with no problem.
>
> (reply) I created a primany when I installed DNS. I did
> all the above
>
> anyway, and yes the SRV records came back
>
> Do you think any of this would of happened if I installed
> DNS before AD??

No, it wouldn't have anything to do with it. You can completely delete DNS
and reinstall it if you like to give it a shot. But I need you to check if
you turned off any services. I also need you to renable the Microsoft Client
Service and FIle & Print Service (if you disalbed that too) to renable them
and try this all over again. That is done in the Network Card's properties.
If you want to try to delete DNS and reinstall it, let me know.

As I said, AD usually just works. I'm surprised that you';re having this
much difficutly with it. If certain services are disabled, then that would
cause problems.

>
> Chris



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

I just want to say, "Thanks for all your help!"
Kerberos KDC is running, and there are no other services
turned off, all are at default settings.

The Microsoft Client is checked and running.

Here is the list I'm getting now.
System: 5781 and 11
Application: 1000

I was finally able to logon to the domain (Bogy.Family)
from my XP computers! So I think the major problems were
fixed. What a pain in the ass!


Chris

In news:050901c3444d$ac9d33e0$(E-Mail Removed),
Chris <(E-Mail Removed)> posted his concerns then I replied down below:
> I just want to say, "Thanks for all your help!"
> Kerberos KDC is running, and there are no other services
> turned off, all are at default settings.
>
> The Microsoft Client is checked and running.
>
> Here is the list I'm getting now.
> System: 5781 and 11
> Application: 1000
>
> I was finally able to logon to the domain (Bogy.Family)
> from my XP computers! So I think the major problems were
> fixed. What a pain in the ass!
>
>
> Chris

Good
As for 5781, re-read my previous post.

As for Ebent ID 11, there are numerous Sources. So it depends. See here and
let me know the "Source".
http://www.eventid.net/display.asp?eventid=11&source=


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Event ID 11, this is being created because of my Adaptec
SCSI 19160 card. Adaptect says this card is not supported
my Windows 2000. The only fix is to remove it.
Boy am I glad I spent all that money on that card!

I went to Eventid.net and looked at error 5781 (thanks for
the link), couldn't get to the fix page cauz they want me
to pay, so I'll just ignor it.

Chris

>-----Original Message-----
>In news:050901c3444d$ac9d33e0$(E-Mail Removed),
>Chris <(E-Mail Removed)> posted his concerns then I
replied down below:
>> I just want to say, "Thanks for all your help!"
>> Kerberos KDC is running, and there are no other services
>> turned off, all are at default settings.
>>
>> The Microsoft Client is checked and running.
>>
>> Here is the list I'm getting now.
>> System: 5781 and 11
>> Application: 1000
>>
>> I was finally able to logon to the domain (Bogy.Family)
>> from my XP computers! So I think the major problems
were
>> fixed. What a pain in the ass!
>>
>>
>> Chris
>
>Good
>As for 5781, re-read my previous post.
>
>As for Ebent ID 11, there are numerous Sources. So it
depends. See here and
>let me know the "Source".
>http://www.eventid.net/display.asp?eventid=11&source=
>
>
>--
>Regards,
>Ace
>
>Please direct all replies to the newsgroup so all can
benefit.
>
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>Microsoft Windows MVP - Active Directory
>--
>=================================
>
>
>.
>