dns cant register in active directory

K

Kevin Laro

Hi I have an urgent problem,

I am running a win 2000 fileserver, domain controller, DNS-Server (all
the same machine). Just a small network with 20-30 clients
(win2k-winxp).

Now the dns does not register with active directory. I got the message
in the system log "Dynamic registration or deregistration of one or
more DNS records failed because no DNS servers are available".

Also the 4 folders _tcp, _udp etc are not present in the DNS Zone,
when I check.

The domain name is identically in IP settings on the server and DNS
and DC.

I tried to delete the old zone and set up a new one. Even removed DNS
and reinstalled it again. With no success. The DNS servers does not
register.

Doe anyone know, how to solve that Problem??

thanks,
Kevin Laro
________________________
(e-mail address removed)
 
D

David Ambokadze

I have the same problem. I just installed first DC in a new forest, but the
DNS doesn't load teh AD zone. I tried to reinstall DNS, completely reinstall
Windows 2000 Advanced Server three times, I tried to install OS with or
without DNS, and let DCPROMO to do all configurations itself, but nothing
has changed, there is no AD zone loaded in DNS!!!
 
R

Roland Hall

:
: Hi I have an urgent problem,
:
: I am running a win 2000 fileserver, domain controller, DNS-Server (all
: the same machine). Just a small network with 20-30 clients
: (win2k-winxp).
:
: Now the dns does not register with active directory. I got the message
: in the system log "Dynamic registration or deregistration of one or
: more DNS records failed because no DNS servers are available".
:
: Also the 4 folders _tcp, _udp etc are not present in the DNS Zone,
: when I check.
:
: The domain name is identically in IP settings on the server and DNS
: and DC.
:
: I tried to delete the old zone and set up a new one. Even removed DNS
: and reinstalled it again. With no success. The DNS servers does not
: register.

See if this helps...

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q259277

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
 
D

David Ambokadze

It's OK now. The issue is that I have a single label domain name "company"
as root domain name, this is why the DNS couldn't load the zone, changes in
windows registry can fix this issue, but I decided to rename the root domain
to "root.company" and it is OK now. thank
 
K

Kevin D. Goodknecht [MVP]

In Kevin Laro <[email protected]> posted a question
Then Kevin replied below:
: Hi I have an urgent problem,
:
: I am running a win 2000 fileserver, domain controller, DNS-Server (all
: the same machine). Just a small network with 20-30 clients
: (win2k-winxp).
:
: Now the dns does not register with active directory. I got the message
: in the system log "Dynamic registration or deregistration of one or
: more DNS records failed because no DNS servers are available".
:
: Also the 4 folders _tcp, _udp etc are not present in the DNS Zone,
: when I check.
:
: The domain name is identically in IP settings on the server and DNS
: and DC.
:
: I tried to delete the old zone and set up a new one. Even removed DNS
: and reinstalled it again. With no success. The DNS servers does not
: register.
:
: Doe anyone know, how to solve that Problem??
:
: thanks,
: Kevin Laro
: ________________________
: (e-mail address removed)

If you post your ipconfig /all it will give a a major clue.
 
A

Ace Fekay [MVP]

In
Kevin Laro said:
Hi I have an urgent problem,

I am running a win 2000 fileserver, domain controller, DNS-Server (all
the same machine). Just a small network with 20-30 clients
(win2k-winxp).

Now the dns does not register with active directory. I got the message
in the system log "Dynamic registration or deregistration of one or
more DNS records failed because no DNS servers are available".

Also the 4 folders _tcp, _udp etc are not present in the DNS Zone,
when I check.

The domain name is identically in IP settings on the server and DNS
and DC.

I tried to delete the old zone and set up a new one. Even removed DNS
and reinstalled it again. With no success. The DNS servers does not
register.

Doe anyone know, how to solve that Problem??

thanks,
Kevin Laro
________________________
(e-mail address removed)

Guidelines for registration:

1. No single label DNS domain name with SP4 installed
2. Updates set to at least Yes
3. Primary DNS suffix of DCs and clients are set to the same exact spelling
as the zone name in DNS.
4. The AD DNS domain name is set to the name in #3.

As Kevin requested, please post that info, and also please post the actual
AD DNS domain name as it shows up in ADUC to better assist.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
K

Kevin Laro

Here is the ipconfig:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : LAW-SERVER
Primary DNS Suffix . . . . . . . : xxx-law
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxx-law

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xxx-law
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
Network Connec
ion
Physical Address. . . . . . . . . : 00-0C-F1-75-8A-C9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.2
DNS Servers . . . . . . . . . . . : 192.168.0.100

I also noticed that reverse lookup seems to work with nslookup and
registers entrys to the AD. Just forward lookup zone seems to create
the problem.

Now I tried netdiag /fix but it gives me hundreds of error messages
that...... could not e reistered

Any clue??

Kevin
 
K

Kevin D. Goodknecht [MVP]

In Kevin Laro <[email protected]> posted a question
Then Kevin replied below:
: Here is the ipconfig:
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : LAW-SERVER
: Primary DNS Suffix . . . . . . . : xxx-law
: Node Type . . . . . . . . . . . . : Hybrid
: IP Routing Enabled. . . . . . . . : Yes
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : xxx-law
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . : xxx-law
: Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
: Network Connec
: ion
: Physical Address. . . . . . . . . : 00-0C-F1-75-8A-C9
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.0.100
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.0.2
: DNS Servers . . . . . . . . . . . : 192.168.0.100
:
: I also noticed that reverse lookup seems to work with nslookup and
: registers entrys to the AD. Just forward lookup zone seems to create
: the problem.
:
: Now I tried netdiag /fix but it gives me hundreds of error messages
: that...... could not e reistered
:
: Any clue??

Yes, the problem is that your domain name is a single label name, it has no
"." in the name had you named the domain xxx.law everything would have been
OK.
You are going to have to make registry entries on all domain members and the
DC before they will be able to register in the single label domain. Even
that won't cure all the problems because Group policies still won't work. If
you are not too far along in the setup I would suggest you demote the
machine and dcpromo it again with the name xxx.law. But even before you can
do that you must make the registry entries to allow the DC to register.
There are other options if this were an NT4 upgrade and you had another NT4
BDC.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
 
K

Kevin Laro

Yes, the problem is that your domain name is a single label name, it has no
"." in the name had you named the domain xxx.law everything would have been
OK.
You are going to have to make registry entries on all domain members and the
DC before they will be able to register in the single label domain. Even
that won't cure all the problems because Group policies still won't work. If
you are not too far along in the setup I would suggest you demote the
machine and dcpromo it again with the name xxx.law. But even before you can
do that you must make the registry entries to allow the DC to register.
There are other options if this were an NT4 upgrade and you had another NT4
BDC.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1

Kevin,
thank you so much. That seems to be the problem. As I want to set it
up right for a long term and might also be away often, I like to
begin it right and change the domain name.

Because I have made some user, policy entries in AD already I would
like to keep that. Therefore Iam thinking of using migration tool. Can
you recommend the following procedure?

1. on a spare computer I install temporarely a plain win2000 server
and set up as 2. DC with domain temp.xxx-law

2. with ADTM v2.0 I migrate all entries from DC 1 to the new DC 2

3. remove DNS service on DC 1and demote it with dcpromo.

4. dcpromo DC1 again to xxx.law.com, reinstalling DNS and set up
xxx.law.com DNS zones

5. with ADTM v2.0 I re-migrate all AD - entries from DC 2 to the DC 1
and getting rid of DC 2 again.

Do I have to make any regstry entries, as you mentioned before that
procedure, even if I remove dns server an reinstall it with correct
domain name?

Kevin
 
K

Kevin D. Goodknecht [MVP]

In Kevin Laro <[email protected]> posted a question
Then Kevin replied below:
: On Sat, 14 Feb 2004 11:37:07 -0600, "Kevin D. Goodknecht [MVP]"
:
:: Yes, the problem is that your domain name is a single label name, it
:: has no "." in the name had you named the domain xxx.law everything
:: would have been OK.
:: You are going to have to make registry entries on all domain members
:: and the DC before they will be able to register in the single label
:: domain. Even that won't cure all the problems because Group policies
:: still won't work. If you are not too far along in the setup I would
:: suggest you demote the machine and dcpromo it again with the name
:: xxx.law. But even before you can do that you must make the registry
:: entries to allow the DC to register. There are other options if this
:: were an NT4 upgrade and you had another NT4 BDC.
:: 300684 - Information About Configuring Windows 2000 for Domains with
:: Single-Label DNS Names
:: http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
::
:
: Kevin,
: thank you so much. That seems to be the problem. As I want to set it
: up right for a long term and might also be away often, I like to
: begin it right and change the domain name.
:
: Because I have made some user, policy entries in AD already I would
: like to keep that. Therefore Iam thinking of using migration tool. Can
: you recommend the following procedure?
:
: 1. on a spare computer I install temporarely a plain win2000 server
: and set up as 2. DC with domain temp.xxx-law

Actually I'd set this one up with the correct name, read below.

:
: 2. with ADTM v2.0 I migrate all entries from DC 1 to the new DC 2

Correct.

:
: 3. remove DNS service on DC 1and demote it with dcpromo.

Don't remove the DNS service.

:
: 4. dcpromo DC1 again to xxx.law.com, reinstalling DNS and set up
: xxx.law.com DNS zones
:
: 5. with ADTM v2.0 I re-migrate all AD - entries from DC 2 to the DC 1
: and getting rid of DC 2 again.

You can skip this step, if you use the good name on the temp DC. Then
DCPROMO DC1 into the temp DC's domain. Then demote the temp DC.

:
: Do I have to make any regstry entries, as you mentioned before that
: procedure, even if I remove dns server an reinstall it with correct
: domain name?

Yes you will, so the SRV records can be created and it can register its
addresses. You can remove the registry entries after you have it back up
with the correct DNS name.


You have one too many steps I believe, set up a temporary DC with the name
xxx.law or what ever name you choose, it doesn't have to be a registered
name.
If you use something like xxx.law.com then I would suggest you own the
registered domain so you can control both the public and private namespace.

Once you have the temp DC set up with the name you want, migrate the users
with ADMT. Then all you need to do is demote the DC with the single label
name to remove AD, then promote it as an additional DC in the domain you
just created, transfer the roles and the global catalog then demote the temp
DC. This will save you from having to migrate users twice.
 
K

Kevin Laro

Yes you will, so the SRV records can be created and it can register its
addresses. You can remove the registry entries after you have it back up
with the correct DNS name.


You have one too many steps I believe, set up a temporary DC with the name
xxx.law or what ever name you choose, it doesn't have to be a registered
name.
If you use something like xxx.law.com then I would suggest you own the
registered domain so you can control both the public and private namespace.

Once you have the temp DC set up with the name you want, migrate the users
with ADMT. Then all you need to do is demote the DC with the single label
name to remove AD, then promote it as an additional DC in the domain you
just created, transfer the roles and the global catalog then demote the temp
DC. This will save you from having to migrate users twice.

Thanks, I think I will do as suggested. For the moment I updated
registry entries on server and clients machines. Now it seems to work!

But you are right there are problems with user policies. At least I
get the warning in the event viewer that certain policies can not be
accessed. I assume as soon as I have 2-3 days without working anybody
I will start the procedure and setting up a 123.123 domain.

Thanks again,
Kevin
 
K

Kevin D. Goodknecht [MVP]

In Kevin Laro <[email protected]> posted a question
Then Kevin replied below:
: On Sun, 15 Feb 2004 00:28:17 -0600, "Kevin D. Goodknecht [MVP]"
:
:
::
:: Yes you will, so the SRV records can be created and it can register
:: its addresses. You can remove the registry entries after you have it
:: back up with the correct DNS name.
::
::
:: You have one too many steps I believe, set up a temporary DC with
:: the name xxx.law or what ever name you choose, it doesn't have to be
:: a registered name.
:: If you use something like xxx.law.com then I would suggest you own
:: the registered domain so you can control both the public and private
:: namespace.
::
:: Once you have the temp DC set up with the name you want, migrate the
:: users with ADMT. Then all you need to do is demote the DC with the
:: single label name to remove AD, then promote it as an additional DC
:: in the domain you just created, transfer the roles and the global
:: catalog then demote the temp DC. This will save you from having to
:: migrate users twice.
::
::
:
: Thanks, I think I will do as suggested. For the moment I updated
: registry entries on server and clients machines. Now it seems to work!
:
: But you are right there are problems with user policies. At least I
: get the warning in the event viewer that certain policies can not be
: accessed. I assume as soon as I have 2-3 days without working anybody
: I will start the procedure and setting up a 123.123 domain.
:
: Thanks again,
: Kevin

Group policy is the biggest problem with the single label name, one that
there seems to be no reasonable workaround. DNS cannot resolve a single
label domain name, properly through the TCP/IP stack in Windows, this
because of the way Windows appends domain names. There has been some
discussion in this group over the issue, one modifying the way GPOs are
published, one attempt at adding a CNAME for the domain name pointing to the
domain name, neither of which has been proven to allow GPOs to get applied.
The problem is that policies are published from the
\\domainname\SYSVOL\domainname\policies DFS share, this means that if the
domain name cannot be resolved correctly in DNS the DFS share cannot be
accessed because the single label DNS name cannot be resolved.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top