DCDIAG test fails

G

Gops

When I run DCDIAG test it fails. The out put is enclosed
below. (In the TCP/IP configuration the DNS entry is the
server's IP address).
How can I rectify this?
------------------------------
C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVERNAME
Starting test: Connectivity 353c8b1b-525e-4cca-813e-
a2db0ead48cc._msdcs.DOMAIN-NAME's server GUID DNS name
could not be resolved to an IP address. Check the DNS
server, DHCP, server name, etc Although the Guid DNS name
(353c8b1b-525e-4cca-813e-a2db0ead48cc._msdcs.DOMAIN-NAME)
couldn't be resolved, the server name (servername.DOMAIN-
NAME) resolved to the IP address (192.168.34.18) and was
pingable. Check that the IP address is registered
correctly with the DNS server.
......................... SERVERNAME failed test
Connectivity
------------------------------
 
H

Herb Martin

DNS problem.

Either the DNS server is not set Dynamic, or your DC
doesn't have the correct DNS server (set) configured in it's
CLIENT NIC properties for DNS server.

(Or because you have it configured but ALSO tried to put
EXTERNAL DNS servers in there on -one of - the NICs)

DCs are DNS clients too.

After fixing, restart NetLogon service.
 
A

Ace Fekay [MVP]

In
Herb Martin said:
DNS problem.

Either the DNS server is not set Dynamic, or your DC
doesn't have the correct DNS server (set) configured in it's
CLIENT NIC properties for DNS server.

(Or because you have it configured but ALSO tried to put
EXTERNAL DNS servers in there on -one of - the NICs)

DCs are DNS clients too.

After fixing, restart NetLogon service.


In addition, it seems like the domain name is a single label name ('domain'
vs the required format of 'domain.com'), unless the name was munged. If a
single label name, numerous other issues will occur if using SP4.

And/or even a possible ISP DNS server IP address in IP properties will cause
this as well.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
S

Stefan Buchman

Have you made any recent changes to the DNS server(s) that house the
zone for your domain?

- Stefan
 
M

msnews.microsoft.com

Hi,

Try searching the netlogon.dns, in that file is described all the dns
registers that are being
added to the DNS server. Check if all of them
are present in the DNS, if not, try adding it
manually.

Good luck!
 
H

Herb Martin

Try searching the netlogon.dns, in that file is described all the dns
registers that are being
added to the DNS server. Check if all of them
are present in the DNS, if not, try adding it
manually.

Why? Usually (always?) this would just get overwritten
and the real problem will come back next time you make
a change that affects sites etc.

The real answer is to SOLVE the underlying problem so
that the NetLogon.dns gets automatically re-written
correctly.

Check:
Two OR MORE "tag.dns" name. Dynamic DNS on
zone. All DCs using ONLY the internal DNS servers
on ALL of their NICs.

Re-start NetLogon service if you change any of the above.

(All clients doing the same.)
 
G

Gops

I am unable to get through this issue. I have enclosed
the"NETDIAG" result also. Someone please suggest me step
by step how to resolve this issue.

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative
DNS server for the name 'servername.DOMAINAME.'.
[RCODE_SERVER_FAILURE]
The name 'servername.DOMAINAME.' may not be
registered in DNS.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server '192.
168.34.8'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this
DC registered.
 
H

Herb Martin

I am unable to get through this issue. I have enclosed
the"NETDIAG" result also. Someone please suggest me step
by step how to resolve this issue.

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative
DNS server for the name 'servername.DOMAINAME.'.
[RCODE_SERVER_FAILURE]
The name 'servername.DOMAINAME.' may not be
registered in DNS.

Look RIGHT HERE: "server...may not be registered in DNS."

Then compare this with my (repeated frequently) posts about DNS:

DNS must be dynamic
Clients must use ONLY the internal DNS server (set)
(The internal DNS server set must be replicated, and if
there are multiple zones properly delegated.)
DCs are CLIENTS of DNS too!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Go check your DC client NICs and make sure that NO
OUTSIDE DNS servers appear there (even through DHCP
if you have external NICs) and that the INTERNAL DYNAMIC
DNS server set is configured there.

Re-start NetLogon on the DC. Check the DNS server to see
that the _underscore domains are in the zone and that the server
is registered in the proper site.

Run DCDIAG on all DCs to confirm the above (but it's easier
to just fix it.)

--
Herb Martin
Gops said:
I am unable to get through this issue. I have enclosed
the"NETDIAG" result also. Someone please suggest me step
by step how to resolve this issue.

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative
DNS server for the name 'servername.DOMAINAME.'.
[RCODE_SERVER_FAILURE]
The name 'servername.DOMAINAME.' may not be
registered in DNS.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server '192.
168.34.8'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this
DC registered.
-----Original Message-----
In Herb Martin <[email protected]> posted their thoughts, then I offered mine


In addition, it seems like the domain name is a single label name ('domain'
vs the required format of 'domain.com'), unless the name was munged. If a
single label name, numerous other issues will occur if using SP4.

And/or even a possible ISP DNS server IP address in IP properties will cause
this as well.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.
 
A

Ace Fekay [MVP]

In
Gops said:
I am unable to get through this issue. I have enclosed
the"NETDIAG" result also. Someone please suggest me step
by step how to resolve this issue.

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative
DNS server for the name 'servername.DOMAINAME.'.
[RCODE_SERVER_FAILURE]
The name 'servername.DOMAINAME.' may not be
registered in DNS.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server '192.
168.34.8'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this
DC registered.


Gops, your whole issue is a single label name. Look at this article below.
But it's highly suggested to rebuild your domain with the proper name of
"domainname.com" instead of just "DOMAINNAME". THis is because AD is DNS
based. DNS is hierarchal. THere is no hierarchal structure with a single
label name such as what you have. A name of "domainname.com" does have a
hierarchy, it has a firstlevel domain name (com) and a second level domain
name (domainname), combined is domainname.com. DNS doesn't know how to
handle it, so therefore DNS will cause excessibe queries to the Root servers
on the Internet. Mirosoft stopped this excessive traffic with SP4, since
that was the right thing to do to calm down the excessive traffic to the ISC
Roots. The link below shows how to bypass that restricition. You need to do
this on all your machines. However, this may or may not guarantee that GPOs
will work properly, since when the GetGpoList function runs, it finds the
GPOs by connecting to a UNC such as:
\\domainname.com\sysvol\domainname.com\policies.
if it were a single label name, it connects to:
\\domainname\sysvol\domainname\policies
and will treat it as a computer name instead of the domain name and may
fail. Same with DFS.

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names [needs the domain.com name and cannot be
just --domain--]:
http://support.microsoft.com/?id=300684

Good luck.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top