No DNS servers configured for local system

[Yuri Palagin]

On my w2k+sp4 domain controller I receive every 2 hours the following
warning:

Event Source: NETLOGON
Event ID: 5782
User: N/A
Computer: DC1
Description:
Dynamic registration or deregistration of one or more DNS records failed
with the following error:
No DNS servers configured for local system.


What could be the problem? DNS server is running on DC1, DNS client settings
point to itself only.
Details are in my previous post.

Should I just ignore the warning?

ypal

 

[Herb Martin]

What could be the problem? DNS server is running on DC1, DNS client
settings

point to itself only.
Details are in my previous post.

Zone must be dynamic and the DC must point ONLY to the
internal DNS server (set) -- as you say in this case, itself.

Sounds like the zone is not dynamic, or mispelled etc..

 

[Yuri Palagin]

It does point to itself, nothing else. Here are the details I've posted
earlier:

I have a win2000 Active directory domain "ad.corp.com", 2 DCs in 1 site
(win2k+sp4), both DCs have DNS server running with the AD-integrated zone
"ad.corp.com" with Allow dynamic updates = Yes.
The first domain controller DC1 has 3 VLANs configured. The primary suffix
is "ad.corp.com", but each of the three virtual interfaces have
Connection-specific dns suffixes corresponding to the name of the subnet
they are in. Below is the ipconfig /all details:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : DC1
Primary DNS Suffix . . . . . . . : ad.corp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ad.corp.com
vlan1.corp.com
vlan2.corp.com
vlan3.corp.com
corp.com

Ethernet adapter VLAN vlan1, ID: 1:

Connection-specific DNS Suffix . : vlan1.corp.com
Physical Address. . . . . . . . . : 00-07-E9-17-FB-1E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.61.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.68.100
Primary WINS Server . . . . . . . : 192.168.61.250

Ethernet adapter VLAN vlan2, ID: 2:

Connection-specific DNS Suffix . : vlan2.corp.com
Physical Address. . . . . . . . . : 00-07-E9-17-FB-1E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.68.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.68.1
DNS Servers . . . . . . . . . . . : 192.168.68.100

Ethernet adapter VLAN vlan3, ID: 3:

Connection-specific DNS Suffix . : vlan3.corp.com
Physical Address. . . . . . . . . : 00-07-E9-17-FB-1E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.65.7
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.68.100


DNS name auto-registration is unchecked on all three interfaces, but all the
4 zones (ad, vlan1, vlan2, vlan3.corp.com) have manually configured
A-records. Zone ad.corp.com has 3 A-records for DC1 (all the three
IP-adresses); the other three zones have one A-record for DC1 each, and they
are hosted on another DNS server which is configured as the forwarder for
the two DCs.

The problem is, on DC1 I receive every 2 hours the following warning:


Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5782
Date: 12.04.2004
Time: 15:06:14
User: N/A
Computer: DC1
Description:
Dynamic registration or deregistration of one or more DNS records failed
with the following error:
No DNS servers configured for local system.
Data:
0000: 7c 26 00 00 |&..


What does that mean: no DNS servers configured for local system??? And what
records is NETLOGON trying to register?? Am I missing some configuration
issue? I've tried to look it up in KB by event ID number, to no avail...
Both DNS client and DHCP client are started on DC1. When configuring, I
followed KB 825036 - Best practices for DNS client... with one exception: I
unchecked "Register this connection's addresses in DNS" on each interface of
DC1.

 

[Herb Martin]

If you are manually configuring your zones for AD you
are just asking for trouble.

Turn on Dynamic DNS, let the DCs autoregister.

You have an exspecially difficult problem with multiple
AD integrated DCs and broken AD replication because
it is dependent on DNS which is dependent on AD etc.

You likely need to return to a single primary with secondaries
for a full AD replication cycle, with all DCs pointing to the
PRIMARY ONLY and their DNS server pulling from
there as secondaries.

 

[Ace Fekay [MVP]]

In

It does point to itself, nothing else. Here are the details I've
posted earlier:

I have a win2000 Active directory domain "ad.corp.com", 2 DCs in 1
site (win2k+sp4), both DCs have DNS server running with the
AD-integrated zone "ad.corp.com" with Allow dynamic updates = Yes.
The first domain controller DC1 has 3 VLANs configured. The primary
suffix is "ad.corp.com", but each of the three virtual interfaces have
Connection-specific dns suffixes corresponding to the name of the
subnet they are in. Below is the ipconfig /all details:

What does that mean: no DNS servers configured for local system???
And what records is NETLOGON trying to register?? Am I missing some
configuration issue? I've tried to look it up in KB by event ID
number, to no avail... Both DNS client and DHCP client are started
on DC1. When configuring, I followed KB 825036 - Best practices for
DNS client... with one exception: I unchecked "Register this
connection's addresses in DNS" on each interface of DC1.

<snip>

Is AD's DNS name ad.corp.com?
And does that zone allow updates in DNS?

As Herb mentions, you'll need to check that box to allow it to register into
DNS. DOing it manually is not the best way, but can be done. If manually,
probably best to use the netlogon.dns file to manually create the entries.





--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Kevin D. Goodknecht [MVP]]

In

It does point to itself, nothing else. Here are the details I've
posted earlier:

I have a win2000 Active directory domain "ad.corp.com", 2 DCs in 1
site (win2k+sp4), both DCs have DNS server running with the
AD-integrated zone "ad.corp.com" with Allow dynamic updates = Yes.
The first domain controller DC1 has 3 VLANs configured. The primary
suffix is "ad.corp.com", but each of the three virtual interfaces have
Connection-specific dns suffixes corresponding to the name of the
subnet they are in. Below is the ipconfig /all details:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : DC1
Primary DNS Suffix . . . . . . . : ad.corp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ad.corp.com
vlan1.corp.com
vlan2.corp.com
vlan3.corp.com
corp.com

Make sure you have a zone for ad.corp.com in the local DNS and that dynamic
updates are allowed.

 

[Yuri Palagin]

Is AD's DNS name ad.corp.com?

Yes, it surely is!

And does that zone allow updates in DNS?

Of course it does, I mentioned that:
both DCs have DNS server running with the AD-integrated zone
"ad.corp.com" with Allow dynamic updates = Yes

As Herb mentions, you'll need to check that box to allow it to register into
DNS.

As I have mentioned, each interface on DC1 has its own domain suffix, like
vlan1.corp.com, so I cannot turn on dynamic registration for the zones
vlan1.corp.com, vlan2.corp.com and vlan3.corp.com, because they are hosted
on another dns server which is the forwarder for DC1.
Or are you telling me that I have to leave connection-specific suffixes
blank, and auto-register all the three interfaces in zone ad.corp.com?

 

[Herb Martin]

As I have mentioned, each interface on DC1 has its own domain suffix, like

vlan1.corp.com, so I cannot turn on dynamic registration for the zones
vlan1.corp.com, vlan2.corp.com and vlan3.corp.com, because they are hosted
on another dns server which is the forwarder for DC1.

For a DC it's mainly need to register JUST the one you wish it
to be known (as a DC) by.

Or are you telling me that I have to leave connection-specific suffixes
blank, and auto-register all the three interfaces in zone ad.corp.com?

No, you can use them. And even leave them unregistered but you
NEED to let the "main name" register -- probably the one that is
in the System control panel -- the official name.,

You know I am not entirely sure those 'extra' NIC settings have anything
much to do (there may be an interaction) with the DC registration.

Those NICs probably register using the DHCP client service like any
other machine -- NetLogon service registers the DC specific stuff;
but hey, it may change what NetLogon does also.

 

[Ace Fekay [MVP]]

In

For a DC it's mainly need to register JUST the one you wish it
to be known (as a DC) by.



No, you can use them. And even leave them unregistered but you
NEED to let the "main name" register -- probably the one that is
in the System control panel -- the official name.,

You know I am not entirely sure those 'extra' NIC settings have
anything much to do (there may be an interaction) with the DC
registration.

Those NICs probably register using the DHCP client service like any
other machine -- NetLogon service registers the DC specific stuff;
but hey, it may change what NetLogon does also.

The Primary DNS Suffix is what dictates what zone the netlogon service
registers into. I would also probably make sure (not sure if discussed
already) that the NIC that you want to register is at the top of the binding
order, which is this NIC: 192.168.61.250, Then I would change what NIC DNS
is listening on to the same IP. THen I would change the DNS IP set on each
NIC to this as well.

Try that and see what's happening. If not, then I would assume something's
being blocked in your VLAN settings on the switch?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Ace Fekay [MVP]]

In Yuri Palagin <ypal@***ANTISPAM***utc.ru> posted their thoughts, then I
offered mine

Ok, one more point, since the is a DC/DNS server, this can be problematic
once you get registration to happen because ALL interfaces WILL register.
Why? Because DNS forces itself to reg itself, whether the checkbox is
checked or not. It will register the LdapIpAddresss and the GcIpAddress
mutliple times, which will cause you more headaches. To avert this (once you
get it to work), here's a repost from past posts about mutlihomed DC/DNS
servers...

================================
This will work to avoid that "Blank Domain FQDN" (as I call it) Private IP,
which is actually called the LdapIpAddress.
that you don't want to register. Step 2 is to actually manually create the
LdapIpAddress and the GcIpAddres that you want to register,

1.You need to disable the local IP address registration without stopping
netlogon from registering SRVs. Otherwise, you'll create a blank domain FQDN
with the external IP and delete the internal private IP just to find that
netlogon will re-register promptly every 60 minutes.
This will take care of that:
(taken from http://support.microsoft.com/?id=295328)

To disable only the registration of the local IP addresses, set the
following registry value:
Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Values: LdapIpAddress
GcIpAddress

2. Manually create what you need for the interface you want registered.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================