Cannot find a primary authoritative DNS server

[Mich]

Hello,

I had many DNS problems that I have corrected by reding tis newsgroup.
Eventhough I have no errors logged on the server nor on the client side; I
experience each couples hours a loss of the server connection. It start to
be very slow, ISA Client will loose the ISA server connection, MS Outlook
will not be able to contact the Exchange server and no Internet will be
available.
This could take 3 to 30 minutes. I have run a NETDIAG on the server and here
is the output.
Both the Internal ADSL modem and the Network Adapter have the "Register this
connection's addresses in DNS" checked.

Here is the output of NETDIAG.

Thanks for you help

Computer Name: cabal
DNS Host Name: cabal.ventura.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 6 Stepping 0, GenuineIntel
List of installed hotfixes :
KB820888
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
Q147222
Q828026


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Alcatel Speed Touch PC #3' may not be working
because it has not received any packets.



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 10.10.1.1
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.10.1.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : {D63C5ADD-A36E-46EC-81AF-E6BF09B744FF}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 80.1.36.217
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . : 80.238.1.136
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 217.136.10.22
217.136.10.21

IpConfig results . . . . . : Failed

[WARNING] Your default gateway is not on the same subnet as your
IP address.

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{38C9C4DC-A94E-48FB-A0CD-53DDCC4FCF38}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'cabal.ventura.local.'. [RCODE_SERVER_FAILURE]
The name 'cabal.ventura.local.' may not be registered in DNS.
[FATAL]: The DNS registration for 'cabal.ventura.local' is
incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'10.10.1.1'.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '217.136.10.22'. Please wait for 30 minutes for DNS server
replication.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '217.136.10.21'. Please wait for 30 minutes for DNS server
replication.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{38C9C4DC-A94E-48FB-A0CD-53DDCC4FCF38}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{38C9C4DC-A94E-48FB-A0CD-53DDCC4FCF38}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Passed
Entry Name: telnet
Device Type: Framing protocol : PPP
LCP Extensions : Disabled
Software Compression : Enabled
Network protocols :
NetBEUI
IPX
TCP/IP
IP Address : Specified
Name Server: Specified
IP Header compression : Enabled
Use default gateway on remote network : Enabled

Connection Statistics:
Bytes Transmitted : 3854623
Bytes Received : 27304610
Frames Transmitted : 28945
Frames Received : 68090
CRC Errors : 68090
Timeout Errors : 0
Alignment Errors : 0
H/W Overrun Errors : 0
Framing Errors : 0
Buffer Overrun Errors : 0
Compression Ratio In : 0
Compression Ratio Out : 0
Baud Rate ( Bps ) : 3360000
Connection Duration : 51832451


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hello,

I had many DNS problems that I have corrected by reding
tis newsgroup. Eventhough I have no errors logged on the
server nor on the client side; I experience each couples
hours a loss of the server connection. It start to be
very slow, ISA Client will loose the ISA server
connection, MS Outlook will not be able to contact the
Exchange server and no Internet will be available.
This could take 3 to 30 minutes. I have run a NETDIAG on
the server and here is the output.
Both the Internal ADSL modem and the Network Adapter have
the "Register this connection's addresses in DNS" checked.

Here is the output of NETDIAG.

Thanks for you help

Computer Name: cabal
DNS Host Name: cabal.ventura.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 6 Stepping 0,
GenuineIntel List of installed hotfixes :
KB820888
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
Q147222
Q828026


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Alcatel Speed Touch PC #3'
may not be working because it has not received any
packets.



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 10.10.1.1
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.10.1.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Adapter : {D63C5ADD-A36E-46EC-81AF-E6BF09B744FF}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 80.1.36.217
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . : 80.238.1.136
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 217.136.10.22
217.136.10.21

IpConfig results . . . . . : Failed

[WARNING] Your default gateway is not on the
same subnet as your IP address.

Here is your biggest problem, you cannot use any external DNS in TCP
properties on _any_ interface, you must use only the local DNS address on
all interfaces. Configure this interface with IP of the internal interface
for DNS.

You can configure these DNS addresses as a Forwarder for your local DNS
server as per this KB article:
300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

Another problem is this DC is multi-homed, multi-homing a DC requires
additional configuration to prevent the public interface addresses from
being registered in DNS. This creates a problem for file sharing and the
SYSVOL DFS share and can cause userenv 1000 events to be logged.

Please follow these steps.
1. In the DNS management console, on the properties of the DNS server,
interfaces tab, set DNS to only listen on the private IP you want in DNS for
the server.

2. Add this registry entry with regedt32 to stop the (same as parent folder)
records.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress

(If the DC is also a Global Catalog see note below)

3. Create a new host in DNS, leave the name field blank, give it the IP of
the internal interface. Win2k barks at you saying (same as parent folder) is
not a valid host name, click OK to create the record anyway.

4. Right click on Network places, choose properties, in the Advanced menu
select Advanced settings. Make sure the internal interface is at the top of
the connections pane and File sharing is enabled on the internal interface.


Note-

If the DC is also a Global Catalog use this registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress

And in addition to the (same as parent folder) record in the domain zone for
the domain name, expand _msdcs, open gc create new host with name field
blank and give it the IP of the internal interface. This resolves as
gc._msdcs.forestroot.

 

[Ace Fekay [MVP]]

In

Hello,

I had many DNS problems that I have corrected by reding tis newsgroup.
Eventhough I have no errors logged on the server nor on the client
side; I experience each couples hours a loss of the server
connection. It start to be very slow, ISA Client will loose the ISA
server connection, MS Outlook will not be able to contact the
Exchange server and no Internet will be available.
This could take 3 to 30 minutes. I have run a NETDIAG on the server
and here is the output.
Both the Internal ADSL modem and the Network Adapter have the
"Register this connection's addresses in DNS" checked.

Here is the output of NETDIAG.

<snip>

Hi Mich,

Whenever it comes down to a multihomed DNS/DC, especially with the PPPoE
software (WinPoet), we see this alot in here and in the AD groups. Kevin's
suggestions are right on the mark, that is if you want to go thru all of
that, which even with folks like Kevin, William, and the others that post
and help out here and as long as we've been in the business, we would rather
not change our default system settings, but have done so for many a client.
Usually the *easiest* way to circumvent all of this is to purchase a USD
$39.00 Linksys DSL/Cable router (there's a rebate going on for them) that
will securely connect your network to the Internet. Then you can connect the
LAN side to the ISA box without the PPPoE software that is required for
ADSL, which is overhead and causes issues.

If you can, ideally, ISA should be installed on a member server or
standalone, depending on what mode its in. Part of the issue is the fact its
a multihomed DNS/AD machine, which causes issues with AD and DNS, as you're
experiencing. If you can get another machine for this function, (depending
on the number of users, a decent desktop will do the trick) unless of course
this is SBS, (which you can't separate ISA and other features), that would
improve performance, especially withoput the PPPoE software.

Unless of coures, you can follow Kevin's suggestions, which is what we
normally suggest for this sort of scenario.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Mich]

"Ace Fekay [MVP]"

In
<snip>

Hi Mich,

Whenever it comes down to a multihomed DNS/DC, especially with the PPPoE
software (WinPoet), we see this alot in here and in the AD groups. Kevin's
suggestions are right on the mark, that is if you want to go thru all of
that, which even with folks like Kevin, William, and the others that post
and help out here and as long as we've been in the business, we would rather
not change our default system settings, but have done so for many a client.
Usually the *easiest* way to circumvent all of this is to purchase a USD
$39.00 Linksys DSL/Cable router (there's a rebate going on for them) that
will securely connect your network to the Internet. Then you can connect the
LAN side to the ISA box without the PPPoE software that is required for
ADSL, which is overhead and causes issues.

If you can, ideally, ISA should be installed on a member server or
standalone, depending on what mode its in. Part of the issue is the fact its
a multihomed DNS/AD machine, which causes issues with AD and DNS, as you're
experiencing. If you can get another machine for this function, (depending
on the number of users, a decent desktop will do the trick) unless of course
this is SBS, (which you can't separate ISA and other features), that would
improve performance, especially withoput the PPPoE software.

Unless of coures, you can follow Kevin's suggestions, which is what we
normally suggest for this sort of scenario.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

Thank you for your help.
I have made the required changes and restarted the server. NETDIAG is ok now
.. I just wait and see if the intermittent server disconnection will surface
again.

With regards,
Mich

 

[Ace Fekay [MVP]]

In Mich <nobody@home> either posted for help, or replied to my previous
response, or just wanted to comment or offer an addition, whichever the
reason, spurred me to reply below

"Ace Fekay [MVP]"


Thank you for your help.
I have made the required changes and restarted the server. NETDIAG is
ok now . I just wait and see if the intermittent server disconnection
will surface again.

With regards,
Mich

Sounds good. Hope it clears it up.

-- Ace