2003: "dns server unable to open active directory" (id 4000, and others)

J

Josh Converse

I have a single 2003 PDC which runs AD, DNS, and DHCP. Since I
installed SP1 (~2 days ago), DNS has been dead. In the event viewer, I
get the following errors:

4000: "dns server unable to open active directory"

4007: The DNS server was unable to open zone _msdcs.cbhp.ua.edu in the
Active Directory from the application directory partition
ForestDnsZones.cbhp.ua.edu. This DNS server is configured to obtain and
use information from the directory for this zone and is unable to load
the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.


I know this is related to AD not starting properly, but when I view the
event viewer for directory services, I see the following error:

---------------------------------
Active Directory was unable to establish a connection with the global
catalog.

Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200c67

User Action:
Make sure a global catalog is available in the forest, and is reachable
from this domain controller. You may use the nltest utility to
diagnose this problem.
---------------------------------

Any insight into this problem would be greatly appreciated. I have
googled the topic to death, and all of the kb articles don't really fit
my problem. Attached below are a few outputs from various tools:

/////////////////////////////
// Unedited ipconfig /all
/////////////////////////////
Windows IP Configuration

Host Name . . . . . . . . . . . . : mario
Primary Dns Suffix . . . . . . . : cbhp.ua.edu
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cbhp.ua.edu
ua.edu

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-11-43-D8-4C-C5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 130.160.121.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 130.160.121.1
DNS Servers . . . . . . . . . . . : 130.160.121.254

/////////////////////////////
// netdiag
/////////////////////////////
......................................

Computer Name: MARIO
DNS Host Name: mario.cbhp.ua.edu
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mario
IP Address . . . . . . . . : 130.160.121.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 130.160.121.1
Dns Servers. . . . . . . . : 130.160.121.254

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly
on DNS se
rver '130.160.121.254'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/mario.cbhp.ua.edu.


LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed
information


The command completed successfully

/////////////////////////////
// dcdiag
/////////////////////////////
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\MARIO
Starting test: Connectivity
The host
cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu)
couldn't be
resolved, the server name (mario.cbhp.ua.edu) resolved to the
IP
address (130.160.121.254) and was pingable. Check that the IP
address
is registered correctly with the DNS server.
......................... MARIO failed test Connectivity

Doing primary tests

Testing server: Default-First-Site\MARIO
Skipping all tests, because server MARIO is
not responding to directory service requests

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : cbhp
Starting test: CrossRefValidation
......................... cbhp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... cbhp passed test CheckSDRefDom

Running enterprise tests on : cbhp.ua.edu
Starting test: Intersite
......................... cbhp.ua.edu passed test Intersite
Starting test: FsmoCheck
......................... cbhp.ua.edu passed test FsmoCheck



Sorry for the long post. Any insight/prior experience would be greatly
appreciated.
--Josh Converse
 
S

Steve Duff [MVP]

Since you think this is SP1-related, have you considered uninstalling SP1? You can also try a DS restore if you have a pre-SP1
backup of your AD that is useable.

And you should always double-check your system time/date/time zone since a problem there can manifest in the most mysterious ways.

If none of that is feasible or doesn't help, try getting your DNS zone loaded and running as a 'standard primary' instead of
AD-integrated. This may require loading from .dns files if you can't get to the zone at all the way it is, but it is certainly
do-able.

Once you have a functioning DNS you can do a dcdiag /fix and netdiag /fix to clean it up, and then you're in a much better position
to dig in to try and see what is really wrong with AD. It may be a permissions problem inside AD or netvol, but with a
malfunctioning DNS, it is very hard to see past that.

I have installed SP1 on several servers and have not seen this problem, but you're making me nervous...

Steve Duff [MVP]
Ergodic Systems, Inc.

Josh Converse said:
I have a single 2003 PDC which runs AD, DNS, and DHCP. Since I
installed SP1 (~2 days ago), DNS has been dead. In the event viewer, I
get the following errors:

4000: "dns server unable to open active directory"

4007: The DNS server was unable to open zone _msdcs.cbhp.ua.edu in the
Active Directory from the application directory partition
ForestDnsZones.cbhp.ua.edu. This DNS server is configured to obtain and
use information from the directory for this zone and is unable to load
the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.


I know this is related to AD not starting properly, but when I view the
event viewer for directory services, I see the following error:

---------------------------------
Active Directory was unable to establish a connection with the global
catalog.

Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200c67

User Action:
Make sure a global catalog is available in the forest, and is reachable
from this domain controller. You may use the nltest utility to
diagnose this problem.
---------------------------------

Any insight into this problem would be greatly appreciated. I have
googled the topic to death, and all of the kb articles don't really fit
my problem. Attached below are a few outputs from various tools:

/////////////////////////////
// Unedited ipconfig /all
/////////////////////////////
Windows IP Configuration

Host Name . . . . . . . . . . . . : mario
Primary Dns Suffix . . . . . . . : cbhp.ua.edu
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cbhp.ua.edu
ua.edu

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-11-43-D8-4C-C5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 130.160.121.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 130.160.121.1
DNS Servers . . . . . . . . . . . : 130.160.121.254

/////////////////////////////
// netdiag
/////////////////////////////
.....................................

Computer Name: MARIO
DNS Host Name: mario.cbhp.ua.edu
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mario
IP Address . . . . . . . . : 130.160.121.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 130.160.121.1
Dns Servers. . . . . . . . : 130.160.121.254

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly
on DNS se
rver '130.160.121.254'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/mario.cbhp.ua.edu.


LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed
information


The command completed successfully

/////////////////////////////
// dcdiag
/////////////////////////////
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\MARIO
Starting test: Connectivity
The host
cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu)
couldn't be
resolved, the server name (mario.cbhp.ua.edu) resolved to the
IP
address (130.160.121.254) and was pingable. Check that the IP
address
is registered correctly with the DNS server.
......................... MARIO failed test Connectivity

Doing primary tests

Testing server: Default-First-Site\MARIO
Skipping all tests, because server MARIO is
not responding to directory service requests

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : cbhp
Starting test: CrossRefValidation
......................... cbhp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... cbhp passed test CheckSDRefDom

Running enterprise tests on : cbhp.ua.edu
Starting test: Intersite
......................... cbhp.ua.edu passed test Intersite
Starting test: FsmoCheck
......................... cbhp.ua.edu passed test FsmoCheck



Sorry for the long post. Any insight/prior experience would be greatly
appreciated.
--Josh Converse
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

2k8r2 endpoint mapper error 3
SRV record missing after promoting windows server 2003 to domain controller 0
dns lookup failure 3
dynamic registration of the DNS record ERROR 3
Problem getting additional 2K DC onto 2K3 domain 3
DCDiag.exe errors 1
I also miss the zones _ msdcs, _ sites, _tcp etc. 9
Domain Rename Problem 1

Top