DNS Error--David Pharr

C

Chris Hall

I've setup a couple of test machines to try to work through installation
problems before installing on production servers....

My original issue began on 3/29/04. I decided that it would be best to just
reinstall the servers and sought advice in the thread "Installing Active
Directory and DNS 3/29/04"

I've installed the first test server and promoted to a DC without a problem
(verified AD install, etc..per suggestions in the above mentioned thread). I
installed the second server, setup static IP address, joined the domain,
made sure TCP/IP & DNS was all working and was getting ready to install DNS
on the second server per KB Articles 238369, when I noticed odd errors on
the first server. The errors I'm getting are Event ID: 4011 errors:


The DNS server was unable to add or write an update of domain name _ldap
in zone name.com to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The event data contains the error.

The DNS server was unable to add or write an update of domain name _gc
in zone name.com to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The event data contains the error.

The DNS server was unable to add or write an update of domain name gc in
zone name.com to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The event data contains the error.

This is the only server in this test network, so I can't move the GC to
another server. I don't want to promote the other server if DNS/AD isn't
functioning properly--I could since this is only a test network, but I'm
trying to run through things before I install this in a production
environment.

I've been told if we don't get this working, we'll be installing NetWare on
both servers.

Any suggestions?
 
C

Chris Hall

Chris Hall said:
I've setup a couple of test machines to try to work through installation
problems before installing on production servers....

My original issue began on 3/29/04. I decided that it would be best to just
reinstall the servers and sought advice in the thread "Installing Active
Directory and DNS 3/29/04"

I've installed the first test server and promoted to a DC without a problem
(verified AD install, etc..per suggestions in the above mentioned thread). I
installed the second server, setup static IP address, joined the domain,
made sure TCP/IP & DNS was all working and was getting ready to install DNS
on the second server per KB Articles 238369, when I noticed odd errors on
the first server. The errors I'm getting are Event ID: 4011 errors:


The DNS server was unable to add or write an update of domain name _ldap
in zone name.com to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The event data contains the error.

The DNS server was unable to add or write an update of domain name _gc
in zone name.com to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The event data contains the error.

The DNS server was unable to add or write an update of domain name gc in
zone name.com to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The event data contains the error.

This is the only server in this test network, so I can't move the GC to
another server. I don't want to promote the other server if DNS/AD isn't
functioning properly--I could since this is only a test network, but I'm
trying to run through things before I install this in a production
environment.

I've been told if we don't get this working, we'll be installing NetWare on
both servers.

Any suggestions?
Click to expand...
 
D

David Pharr [MSFT]

Hi Chris,

1. Is this machine multi-homed or is there a single NIC? It is not
recommended that a DC be multihomed. If it is multihomed you may have the
following issue:
263091 Windows 2000 May Send Unexpected DNS Request
http://support.microsoft.com/?id=263091

2. It sounds like dynamic registration is not enabled. Make sure the dhcp
client service is enabled and that the check box for "register this
connections addresses in dns" on the NIC's tcpip properties. The DHCP
client service is responsible for handling dynamic dns registrations.
264539 Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
http://support.microsoft.com/?id=264539

3. Ensure the dns zone accepts dynamic updates. "Allow dynamic updates"
should be Yes or Only Secure Updates.

4. Please download the Directory Services version of mpsreports
(mpsrpt_dirsvc.exe):
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-
88b7-f9c79b7306c0&DisplayLang=en

This file that contains a diagnostic utility that collects system
information on your Windows 2000 computer. It is in zipped format. Please
unzip this .exe file to a temporary directory and execute it.

The reports create a compressed file with the name of:
<ComputerName>_MPSReports.cab.

This file is created in the following directory:
\%systemroot%\MPSReports\DirSvc\Logs\cab

Please attach <ComputerName>_MPSReports.CAB to an email and forward to me
at (e-mail address removed).

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| Subject: DNS Error--David Pharr
| Date: Mon, 5 Apr 2004 17:22:22 -0400
| Lines: 43
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72300
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I've setup a couple of test machines to try to work through installation
| problems before installing on production servers....
|
| My original issue began on 3/29/04. I decided that it would be best to
just
| reinstall the servers and sought advice in the thread "Installing Active
| Directory and DNS 3/29/04"
|
| I've installed the first test server and promoted to a DC without a
problem
| (verified AD install, etc..per suggestions in the above mentioned
thread). I
| installed the second server, setup static IP address, joined the domain,
| made sure TCP/IP & DNS was all working and was getting ready to install
DNS
| on the second server per KB Articles 238369, when I noticed odd errors on
| the first server. The errors I'm getting are Event ID: 4011 errors:
|
|
| The DNS server was unable to add or write an update of domain name
_ldap
| in zone name.com to the Active Directory. Check that the Active
| Directory is functioning properly and add or update this domain name using
| the DNS console. The event data contains the error.
|
| The DNS server was unable to add or write an update of domain name _gc
| in zone name.com to the Active Directory. Check that the Active
| Directory is functioning properly and add or update this domain name using
| the DNS console. The event data contains the error.
|
| The DNS server was unable to add or write an update of domain name gc
in
| zone name.com to the Active Directory. Check that the Active
| Directory is functioning properly and add or update this domain name using
| the DNS console. The event data contains the error.
|
| This is the only server in this test network, so I can't move the GC to
| another server. I don't want to promote the other server if DNS/AD isn't
| functioning properly--I could since this is only a test network, but I'm
| trying to run through things before I install this in a production
| environment.
|
| I've been told if we don't get this working, we'll be installing NetWare
on
| both servers.
|
| Any suggestions?
|
|
|
|
 
C

Chris Hall

David,

Thanks for the reply. Since this is just a test environment, I went ahead
and DCPROMOed the 2nd server. I ran into other errors, which had to do with
the GC being on the same server as the FSMO roles holder, which is always
the case when you install the 1st server...so I moved the GC to the 2nd
server after it became a DC. I also ran into other errors that were
corrected afterd sp2 (I didn't install sp4...).

I'm going to go through the installation process again and will post the
results.

Thanks,
Chris

"David Pharr [MSFT]" said:
Hi Chris,

1. Is this machine multi-homed or is there a single NIC? It is not
recommended that a DC be multihomed. If it is multihomed you may have the
following issue:
263091 Windows 2000 May Send Unexpected DNS Request
http://support.microsoft.com/?id=263091

2. It sounds like dynamic registration is not enabled. Make sure the dhcp
client service is enabled and that the check box for "register this
connections addresses in dns" on the NIC's tcpip properties. The DHCP
client service is responsible for handling dynamic dns registrations.
264539 Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
http://support.microsoft.com/?id=264539

3. Ensure the dns zone accepts dynamic updates. "Allow dynamic updates"
should be Yes or Only Secure Updates.

4. Please download the Directory Services version of mpsreports
(mpsrpt_dirsvc.exe):
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-
88b7-f9c79b7306c0&DisplayLang=en

This file that contains a diagnostic utility that collects system
information on your Windows 2000 computer. It is in zipped format. Please
unzip this .exe file to a temporary directory and execute it.

The reports create a compressed file with the name of:
<ComputerName>_MPSReports.cab.

This file is created in the following directory:
\%systemroot%\MPSReports\DirSvc\Logs\cab

Please attach <ComputerName>_MPSReports.CAB to an email and forward to me
at (e-mail address removed).

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| Subject: DNS Error--David Pharr
| Date: Mon, 5 Apr 2004 17:22:22 -0400
| Lines: 43
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72300
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I've setup a couple of test machines to try to work through installation
| problems before installing on production servers....
|
| My original issue began on 3/29/04. I decided that it would be best to
just
| reinstall the servers and sought advice in the thread "Installing Active
| Directory and DNS 3/29/04"
|
| I've installed the first test server and promoted to a DC without a
problem
| (verified AD install, etc..per suggestions in the above mentioned
thread). I
| installed the second server, setup static IP address, joined the domain,
| made sure TCP/IP & DNS was all working and was getting ready to install
DNS
| on the second server per KB Articles 238369, when I noticed odd errors on
| the first server. The errors I'm getting are Event ID: 4011 errors:
|
|
| The DNS server was unable to add or write an update of domain name
_ldap
| in zone name.com to the Active Directory. Check that the Active
| Directory is functioning properly and add or update this domain name using
| the DNS console. The event data contains the error.
|
| The DNS server was unable to add or write an update of domain name _gc
| in zone name.com to the Active Directory. Check that the Active
| Directory is functioning properly and add or update this domain name using
| the DNS console. The event data contains the error.
|
| The DNS server was unable to add or write an update of domain name gc
in
| zone name.com to the Active Directory. Check that the Active
| Directory is functioning properly and add or update this domain name using
| the DNS console. The event data contains the error.
|
| This is the only server in this test network, so I can't move the GC to
| another server. I don't want to promote the other server if DNS/AD isn't
| functioning properly--I could since this is only a test network, but I'm
| trying to run through things before I install this in a production
| environment.
|
| I've been told if we don't get this working, we'll be installing NetWare
on
| both servers.
|
| Any suggestions?
|
|
|
|
Click to expand...
 
D

David Pharr [MSFT]

It sounds like you've got some dns configuration issue. Having the FSMO
roles on the only DC should not generate the errors you're seeing - your
logs should be pristine. The errors you're seeing could be the result of
the following article, but a quick workaround in that scenario would be to
make the zone a standard primary zone and ensure Allow Dynamic Updates on
the zone is changed from NO to Yes.

252695 DNS Server Generates Event 4011
http://support.microsoft.com/?id=252695

In a clean install you should always install the latest service pack to
ensure you're not encountering an issue that has already been resolved. At
a minimum, you need to have SP3 installed. The mpsreports utility I
mentioned runs a bunch of tests including netdiag and dcdiag as well as
gathering additional information about your DC. I'd be curious to see
what the results indicate.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: DNS Error--David Pharr
| Date: Wed, 7 Apr 2004 08:48:27 -0400
| Lines: 138
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72458
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| David,
|
| Thanks for the reply. Since this is just a test environment, I went ahead
| and DCPROMOed the 2nd server. I ran into other errors, which had to do
with
| the GC being on the same server as the FSMO roles holder, which is always
| the case when you install the 1st server...so I moved the GC to the 2nd
| server after it became a DC. I also ran into other errors that were
| corrected afterd sp2 (I didn't install sp4...).
|
| I'm going to go through the installation process again and will post the
| results.
|
| Thanks,
| Chris
|
| | > Hi Chris,
| >
| > 1. Is this machine multi-homed or is there a single NIC? It is not
| > recommended that a DC be multihomed. If it is multihomed you may have
the
| > following issue:
| > 263091 Windows 2000 May Send Unexpected DNS Request
| > http://support.microsoft.com/?id=263091
| >
| > 2. It sounds like dynamic registration is not enabled. Make sure the
| dhcp
| > client service is enabled and that the check box for "register this
| > connections addresses in dns" on the NIC's tcpip properties. The DHCP
| > client service is responsible for handling dynamic dns registrations.
| > 264539 Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
| > http://support.microsoft.com/?id=264539
| >
| > 3. Ensure the dns zone accepts dynamic updates. "Allow dynamic
updates"
| > should be Yes or Only Secure Updates.
| >
| > 4. Please download the Directory Services version of mpsreports
| > (mpsrpt_dirsvc.exe):
| >
|
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-
| > 88b7-f9c79b7306c0&DisplayLang=en
| >
| > This file that contains a diagnostic utility that collects system
| > information on your Windows 2000 computer. It is in zipped format.
| Please
| > unzip this .exe file to a temporary directory and execute it.
| >
| > The reports create a compressed file with the name of:
| > <ComputerName>_MPSReports.cab.
| >
| > This file is created in the following directory:
| > \%systemroot%\MPSReports\DirSvc\Logs\cab
| >
| > Please attach <ComputerName>_MPSReports.CAB to an email and forward to
me
| > at (e-mail address removed).
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | Subject: DNS Error--David Pharr
| > | Date: Mon, 5 Apr 2004 17:22:22 -0400
| > | Lines: 43
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:72300
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | I've setup a couple of test machines to try to work through
installation
| > | problems before installing on production servers....
| > |
| > | My original issue began on 3/29/04. I decided that it would be best to
| > just
| > | reinstall the servers and sought advice in the thread "Installing
Active
| > | Directory and DNS 3/29/04"
| > |
| > | I've installed the first test server and promoted to a DC without a
| > problem
| > | (verified AD install, etc..per suggestions in the above mentioned
| > thread). I
| > | installed the second server, setup static IP address, joined the
domain,
| > | made sure TCP/IP & DNS was all working and was getting ready to
install
| > DNS
| > | on the second server per KB Articles 238369, when I noticed odd errors
| on
| > | the first server. The errors I'm getting are Event ID: 4011 errors:
| > |
| > |
| > | The DNS server was unable to add or write an update of domain name
| > _ldap
| > | in zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | The DNS server was unable to add or write an update of domain name
| _gc
| > | in zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | The DNS server was unable to add or write an update of domain name
| gc
| > in
| > | zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | This is the only server in this test network, so I can't move the GC
to
| > | another server. I don't want to promote the other server if DNS/AD
isn't
| > | functioning properly--I could since this is only a test network, but
I'm
| > | trying to run through things before I install this in a production
| > | environment.
| > |
| > | I've been told if we don't get this working, we'll be installing
NetWare
| > on
| > | both servers.
| > |
| > | Any suggestions?
| > |
| > |
| > |
| > |
| >
| >
|
|
|
 
C

Chris Hall

After setting up both servers, I'm getting FRS errors and in the System log
in Event Viewer, I'm getting the message from w32time that our ntp server
didn't respond. I'll stop/start the service and try to synchronize time
service.

I've run the mpsrpt on both servers and will send that along shortly....

"David Pharr [MSFT]" said:
It sounds like you've got some dns configuration issue. Having the FSMO
roles on the only DC should not generate the errors you're seeing - your
logs should be pristine. The errors you're seeing could be the result of
the following article, but a quick workaround in that scenario would be to
make the zone a standard primary zone and ensure Allow Dynamic Updates on
the zone is changed from NO to Yes.

252695 DNS Server Generates Event 4011
http://support.microsoft.com/?id=252695

In a clean install you should always install the latest service pack to
ensure you're not encountering an issue that has already been resolved. At
a minimum, you need to have SP3 installed. The mpsreports utility I
mentioned runs a bunch of tests including netdiag and dcdiag as well as
gathering additional information about your DC. I'd be curious to see
what the results indicate.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: DNS Error--David Pharr
| Date: Wed, 7 Apr 2004 08:48:27 -0400
| Lines: 138
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72458
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| David,
|
| Thanks for the reply. Since this is just a test environment, I went ahead
| and DCPROMOed the 2nd server. I ran into other errors, which had to do
with
| the GC being on the same server as the FSMO roles holder, which is always
| the case when you install the 1st server...so I moved the GC to the 2nd
| server after it became a DC. I also ran into other errors that were
| corrected afterd sp2 (I didn't install sp4...).
|
| I'm going to go through the installation process again and will post the
| results.
|
| Thanks,
| Chris
|
| | > Hi Chris,
| >
| > 1. Is this machine multi-homed or is there a single NIC? It is not
| > recommended that a DC be multihomed. If it is multihomed you may have
the
| > following issue:
| > 263091 Windows 2000 May Send Unexpected DNS Request
| > http://support.microsoft.com/?id=263091
| >
| > 2. It sounds like dynamic registration is not enabled. Make sure the
| dhcp
| > client service is enabled and that the check box for "register this
| > connections addresses in dns" on the NIC's tcpip properties. The DHCP
| > client service is responsible for handling dynamic dns registrations.
| > 264539 Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
| > http://support.microsoft.com/?id=264539
| >
| > 3. Ensure the dns zone accepts dynamic updates. "Allow dynamic
updates"
| > should be Yes or Only Secure Updates.
| >
| > 4. Please download the Directory Services version of mpsreports
| > (mpsrpt_dirsvc.exe):
| >
|
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-
| > 88b7-f9c79b7306c0&DisplayLang=en
| >
| > This file that contains a diagnostic utility that collects system
| > information on your Windows 2000 computer. It is in zipped format.
| Please
| > unzip this .exe file to a temporary directory and execute it.
| >
| > The reports create a compressed file with the name of:
| > <ComputerName>_MPSReports.cab.
| >
| > This file is created in the following directory:
| > \%systemroot%\MPSReports\DirSvc\Logs\cab
| >
| > Please attach <ComputerName>_MPSReports.CAB to an email and forward to
me
| > at (e-mail address removed).
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | Subject: DNS Error--David Pharr
| > | Date: Mon, 5 Apr 2004 17:22:22 -0400
| > | Lines: 43
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:72300
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | I've setup a couple of test machines to try to work through
installation
| > | problems before installing on production servers....
| > |
| > | My original issue began on 3/29/04. I decided that it would be best to
| > just
| > | reinstall the servers and sought advice in the thread "Installing
Active
| > | Directory and DNS 3/29/04"
| > |
| > | I've installed the first test server and promoted to a DC without a
| > problem
| > | (verified AD install, etc..per suggestions in the above mentioned
| > thread). I
| > | installed the second server, setup static IP address, joined the
domain,
| > | made sure TCP/IP & DNS was all working and was getting ready to
install
| > DNS
| > | on the second server per KB Articles 238369, when I noticed odd errors
| on
| > | the first server. The errors I'm getting are Event ID: 4011 errors:
| > |
| > |
| > | The DNS server was unable to add or write an update of domain name
| > _ldap
| > | in zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | The DNS server was unable to add or write an update of domain name
| _gc
| > | in zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | The DNS server was unable to add or write an update of domain name
| gc
| > in
| > | zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | This is the only server in this test network, so I can't move the GC
to
| > | another server. I don't want to promote the other server if DNS/AD
isn't
| > | functioning properly--I could since this is only a test network, but
I'm
| > | trying to run through things before I install this in a production
| > | environment.
| > |
| > | I've been told if we don't get this working, we'll be installing
NetWare
| > on
| > | both servers.
| > |
| > | Any suggestions?
| > |
| > |
| > |
| > |
| >
| >
|
|
|
Click to expand...
 
C

Chris Hall

Both servers have been DCPROMOed and it seemed as if things were fine, so I
created an additional site, two subnets (assigned to the appropriate DCs),
renamed the default site and the default sitelink.

I'm getting an Event ID: 13508. Here's the rest of the error:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 4/9/2004
Time: 12:02:07 PM
User: N/A
Computer: SERVER2
Description:
The File Replication Service is having trouble enabling replication from
SERVER1 to SERVER2 for c:\winnt\sysvol\domain using the DNS name
server1.moon.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name server1.moon.com from this
computer.
[2] FRS is not running on server1.moon.com.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: 0d 00 00 00 ....

BOTH servers are pointing to the FIRST DC as the DNS server. No other DNS
servers are in TCP/IP properties. The DNS zones are AD Integrated and
Dynamic Updates are set to YES on both servers. Along the way, I've taken a
very methodical approach (verified AD installation per KB arcticles, etc...)
to installing the server and AD, but it seems like that didn't matter.



Chris Hall said:
After setting up both servers, I'm getting FRS errors and in the System log
in Event Viewer, I'm getting the message from w32time that our ntp server
didn't respond. I'll stop/start the service and try to synchronize time
service.

I've run the mpsrpt on both servers and will send that along shortly....

"David Pharr [MSFT]" said:
It sounds like you've got some dns configuration issue. Having the FSMO
roles on the only DC should not generate the errors you're seeing - your
logs should be pristine. The errors you're seeing could be the result of
the following article, but a quick workaround in that scenario would be to
make the zone a standard primary zone and ensure Allow Dynamic Updates on
the zone is changed from NO to Yes.

252695 DNS Server Generates Event 4011
http://support.microsoft.com/?id=252695

In a clean install you should always install the latest service pack to
ensure you're not encountering an issue that has already been resolved. At
a minimum, you need to have SP3 installed. The mpsreports utility I
mentioned runs a bunch of tests including netdiag and dcdiag as well as
gathering additional information about your DC. I'd be curious to see
what the results indicate.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: DNS Error--David Pharr
| Date: Wed, 7 Apr 2004 08:48:27 -0400
| Lines: 138
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72458
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| David,
|
| Thanks for the reply. Since this is just a test environment, I went ahead
| and DCPROMOed the 2nd server. I ran into other errors, which had to do
with
| the GC being on the same server as the FSMO roles holder, which is always
| the case when you install the 1st server...so I moved the GC to the 2nd
| server after it became a DC. I also ran into other errors that were
| corrected afterd sp2 (I didn't install sp4...).
|
| I'm going to go through the installation process again and will post the
| results.
|
| Thanks,
| Chris
|
| | > Hi Chris,
| >
| > 1. Is this machine multi-homed or is there a single NIC? It is not
| > recommended that a DC be multihomed. If it is multihomed you may have
the
| > following issue:
| > 263091 Windows 2000 May Send Unexpected DNS Request
| > http://support.microsoft.com/?id=263091
| >
| > 2. It sounds like dynamic registration is not enabled. Make sure the
| dhcp
| > client service is enabled and that the check box for "register this
| > connections addresses in dns" on the NIC's tcpip properties. The DHCP
| > client service is responsible for handling dynamic dns registrations.
| > 264539 Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
| > http://support.microsoft.com/?id=264539
| >
| > 3. Ensure the dns zone accepts dynamic updates. "Allow dynamic
updates"
| > should be Yes or Only Secure Updates.
| >
| > 4. Please download the Directory Services version of mpsreports
| > (mpsrpt_dirsvc.exe):
| >
|
Click to expand...
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-
| > 88b7-f9c79b7306c0&DisplayLang=en
| >
| > This file that contains a diagnostic utility that collects system
| > information on your Windows 2000 computer. It is in zipped format.
| Please
| > unzip this .exe file to a temporary directory and execute it.
| >
| > The reports create a compressed file with the name of:
| > <ComputerName>_MPSReports.cab.
| >
| > This file is created in the following directory:
| > \%systemroot%\MPSReports\DirSvc\Logs\cab
| >
| > Please attach <ComputerName>_MPSReports.CAB to an email and forward to
me
| > at (e-mail address removed).
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | Subject: DNS Error--David Pharr
| > | Date: Mon, 5 Apr 2004 17:22:22 -0400
| > | Lines: 43
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:72300
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | I've setup a couple of test machines to try to work through
installation
| > | problems before installing on production servers....
| > |
| > | My original issue began on 3/29/04. I decided that it would be
Click to expand...
best
to
| > just
| > | reinstall the servers and sought advice in the thread "Installing
Active
| > | Directory and DNS 3/29/04"
| > |
| > | I've installed the first test server and promoted to a DC without a
| > problem
| > | (verified AD install, etc..per suggestions in the above mentioned
| > thread). I
| > | installed the second server, setup static IP address, joined the
domain,
| > | made sure TCP/IP & DNS was all working and was getting ready to
install
| > DNS
| > | on the second server per KB Articles 238369, when I noticed odd errors
| on
| > | the first server. The errors I'm getting are Event ID: 4011 errors:
| > |
| > |
| > | The DNS server was unable to add or write an update of domain name
| > _ldap
| > | in zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | The DNS server was unable to add or write an update of domain name
| _gc
| > | in zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | The DNS server was unable to add or write an update of domain name
| gc
| > in
| > | zone name.com to the Active Directory. Check that the Active
| > | Directory is functioning properly and add or update this domain name
| using
| > | the DNS console. The event data contains the error.
| > |
| > | This is the only server in this test network, so I can't move the GC
to
| > | another server. I don't want to promote the other server if DNS/AD
isn't
| > | functioning properly--I could since this is only a test network, but
I'm
| > | trying to run through things before I install this in a production
| > | environment.
| > |
| > | I've been told if we don't get this working, we'll be installing
NetWare
| > on
| > | both servers.
| > |
| > | Any suggestions?
| > |
| > |
| > |
| > |
| >
| >
|
|
|
Click to expand...
Click to expand...
 
D

David Pharr [MSFT]

Hi Chris,

Sorry, been away for a few days. I looked at your initial logs and they
looked fine - ad replication, frs, permissions on your default domain
controller policy, fsmo roles, dcdiag and netdiag all look fine.

I took a quick look at your second set of logs and they look pretty good,
too. FRS is working fine - if FRS cycles through 13508 and 13509 you're
ok. You are having a problem if you continually get 13508 with no good
messages (13509 and 13516). The versions for the group policies on both
DCs matches according to the gpotool results so it looks like the contents
are synchronized.

The DNS 4004 error looks like the AD isn't fully up and running when it
tries to load the ad-integrated zone. It looks like it is trying to load
4 zones - your domain zone, two reverse lookup zones and another one. You
don't have a dot (.) zone, do you? If so, delete it - this machine is not
the root of the Internet so that dot (.) zone shouldn't be there.

I would venture to guess that the records are present on both DCs and that
you have no problem accessing resources or pinging machines by fqdn, ip
address or netbios names - is that correct? It may be a timing issue but
I'll have to check into this and get back to you when I'm more alert. A
quick workaround would be to change it from ad-integrated to standard
primary.

I'll get back to you this weekend with an update.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Tue, 6 Apr 2004 16:18:34 -0400
| Lines: 55
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72393
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
|
| | > I've setup a couple of test machines to try to work through installation
| > problems before installing on production servers....
| >
| > My original issue began on 3/29/04. I decided that it would be best to
| just
| > reinstall the servers and sought advice in the thread "Installing Active
| > Directory and DNS 3/29/04"
| >
| > I've installed the first test server and promoted to a DC without a
| problem
| > (verified AD install, etc..per suggestions in the above mentioned
thread).
| I
| > installed the second server, setup static IP address, joined the domain,
| > made sure TCP/IP & DNS was all working and was getting ready to install
| DNS
| > on the second server per KB Articles 238369, when I noticed odd errors
on
| > the first server. The errors I'm getting are Event ID: 4011 errors:
| >
| >
| > The DNS server was unable to add or write an update of domain name
| _ldap
| > in zone name.com to the Active Directory. Check that the Active
| > Directory is functioning properly and add or update this domain name
using
| > the DNS console. The event data contains the error.
| >
| > The DNS server was unable to add or write an update of domain name
_gc
| > in zone name.com to the Active Directory. Check that the Active
| > Directory is functioning properly and add or update this domain name
using
| > the DNS console. The event data contains the error.
| >
| > The DNS server was unable to add or write an update of domain name
gc
| in
| > zone name.com to the Active Directory. Check that the Active
| > Directory is functioning properly and add or update this domain name
using
| > the DNS console. The event data contains the error.
| >
| > This is the only server in this test network, so I can't move the GC to
| > another server. I don't want to promote the other server if DNS/AD isn't
| > functioning properly--I could since this is only a test network, but I'm
| > trying to run through things before I install this in a production
| > environment.
| >
| > I've been told if we don't get this working, we'll be installing NetWare
| on
| > both servers.
| >
| > Any suggestions?
| >
| >
| >
|
|
|
 
C

Chris Hall

Hi David,

I didn't see a "." zone in the dns console....if it existed, wouldn't it
show up in the Forward zones?

No problems pinging, accessing resources...over the weekend and this
morning, the event logs looked pretty clean. How often do clients/servers
try to sychronize time from the time source? I do have one of my servers set
to get time from an NTP server.

"David Pharr [MSFT]" said:
Hi Chris,

Sorry, been away for a few days. I looked at your initial logs and they
looked fine - ad replication, frs, permissions on your default domain
controller policy, fsmo roles, dcdiag and netdiag all look fine.

I took a quick look at your second set of logs and they look pretty good,
too. FRS is working fine - if FRS cycles through 13508 and 13509 you're
ok. You are having a problem if you continually get 13508 with no good
messages (13509 and 13516). The versions for the group policies on both
DCs matches according to the gpotool results so it looks like the contents
are synchronized.

The DNS 4004 error looks like the AD isn't fully up and running when it
tries to load the ad-integrated zone. It looks like it is trying to load
4 zones - your domain zone, two reverse lookup zones and another one. You
don't have a dot (.) zone, do you? If so, delete it - this machine is not
the root of the Internet so that dot (.) zone shouldn't be there.

I would venture to guess that the records are present on both DCs and that
you have no problem accessing resources or pinging machines by fqdn, ip
address or netbios names - is that correct? It may be a timing issue but
I'll have to check into this and get back to you when I'm more alert. A
quick workaround would be to change it from ad-integrated to standard
primary.

I'll get back to you this weekend with an update.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Tue, 6 Apr 2004 16:18:34 -0400
| Lines: 55
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:72393
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
|
| | > I've setup a couple of test machines to try to work through installation
| > problems before installing on production servers....
| >
| > My original issue began on 3/29/04. I decided that it would be best to
| just
| > reinstall the servers and sought advice in the thread "Installing Active
| > Directory and DNS 3/29/04"
| >
| > I've installed the first test server and promoted to a DC without a
| problem
| > (verified AD install, etc..per suggestions in the above mentioned
thread).
| I
| > installed the second server, setup static IP address, joined the domain,
| > made sure TCP/IP & DNS was all working and was getting ready to install
| DNS
| > on the second server per KB Articles 238369, when I noticed odd errors
on
| > the first server. The errors I'm getting are Event ID: 4011 errors:
| >
| >
| > The DNS server was unable to add or write an update of domain name
| _ldap
| > in zone name.com to the Active Directory. Check that the Active
| > Directory is functioning properly and add or update this domain name
using
| > the DNS console. The event data contains the error.
| >
| > The DNS server was unable to add or write an update of domain name
_gc
| > in zone name.com to the Active Directory. Check that the Active
| > Directory is functioning properly and add or update this domain name
using
| > the DNS console. The event data contains the error.
| >
| > The DNS server was unable to add or write an update of domain name
gc
| in
| > zone name.com to the Active Directory. Check that the Active
| > Directory is functioning properly and add or update this domain name
using
| > the DNS console. The event data contains the error.
| >
| > This is the only server in this test network, so I can't move the GC to
| > another server. I don't want to promote the other server if DNS/AD isn't
| > functioning properly--I could since this is only a test network, but I'm
| > trying to run through things before I install this in a production
| > environment.
| >
| > I've been told if we don't get this working, we'll be installing NetWare
| on
| > both servers.
| >
| > Any suggestions?
| >
| >
| >
|
|
|
Click to expand...
 
D

David Pharr [MSFT]

Hi Chris,

Yes, if you had a dot zone it would show up under the Forward Lookup Zone.

Did you configure the PDC Emulator at the root of the forest for time
synchronization with an outside time server? If everyone is using Nt5DS as
their type (the default setting), this allows them all to synchronize with
the PDC Emulator as the master time server and that machine should be the
one to monitor the time.

216734 How to Configure an Authoritative Time Server in Windows 2000
http://support.microsoft.com/?id=216734

If you pick a machine that is not a domain controller to be your time
server, none of the other machines will automatically discover that time
server. You can select any machine to be a time server, but you would have
to point everyone to that server via their registry settings for W32Time.

I believe (and I'll double-check this so that I'm not giving you bad
information) that the frequency is based upon the Period setting in the
W32Time parameter registry setting on that manually configured server.
These settings are all located in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.
..
Here's the normal time synchronization process for clients/servers in a
Windows 2000 domain:
224799 Basic Operation of the Windows Time Service
http://support.microsoft.com/?id=224799

For detailed information on Windows time in Windows 2000, checkout the
following white paper:
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser
v.asp

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<#[email protected]>
<[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Tue, 13 Apr 2004 12:37:40 -0400
| Lines: 140
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
..phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:76461
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi David,
|
| I didn't see a "." zone in the dns console....if it existed, wouldn't it
| show up in the Forward zones?
|
| No problems pinging, accessing resources...over the weekend and this
| morning, the event logs looked pretty clean. How often do clients/servers
| try to sychronize time from the time source? I do have one of my servers
set
| to get time from an NTP server.
|
| | > Hi Chris,
| >
| > Sorry, been away for a few days. I looked at your initial logs and they
| > looked fine - ad replication, frs, permissions on your default domain
| > controller policy, fsmo roles, dcdiag and netdiag all look fine.
| >
| > I took a quick look at your second set of logs and they look pretty
good,
| > too. FRS is working fine - if FRS cycles through 13508 and 13509 you're
| > ok. You are having a problem if you continually get 13508 with no good
| > messages (13509 and 13516). The versions for the group policies on both
| > DCs matches according to the gpotool results so it looks like the
contents
| > are synchronized.
| >
| > The DNS 4004 error looks like the AD isn't fully up and running when it
| > tries to load the ad-integrated zone. It looks like it is trying to
load
| > 4 zones - your domain zone, two reverse lookup zones and another one.
You
| > don't have a dot (.) zone, do you? If so, delete it - this machine is
not
| > the root of the Internet so that dot (.) zone shouldn't be there.
| >
| > I would venture to guess that the records are present on both DCs and
that
| > you have no problem accessing resources or pinging machines by fqdn, ip
| > address or netbios names - is that correct? It may be a timing issue
but
| > I'll have to check into this and get back to you when I'm more alert. A
| > quick workaround would be to change it from ad-integrated to standard
| > primary.
| >
| > I'll get back to you this weekend with an update.
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | References: <[email protected]>
| > | Subject: Re: DNS Error--Anyone?
| > | Date: Tue, 6 Apr 2004 16:18:34 -0400
| > | Lines: 55
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <#[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path:
| >
|
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
| > 8.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:72393
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > |
| > | | > | > I've setup a couple of test machines to try to work through
| installation
| > | > problems before installing on production servers....
| > | >
| > | > My original issue began on 3/29/04. I decided that it would be best
to
| > | just
| > | > reinstall the servers and sought advice in the thread "Installing
| Active
| > | > Directory and DNS 3/29/04"
| > | >
| > | > I've installed the first test server and promoted to a DC without a
| > | problem
| > | > (verified AD install, etc..per suggestions in the above mentioned
| > thread).
| > | I
| > | > installed the second server, setup static IP address, joined the
| domain,
| > | > made sure TCP/IP & DNS was all working and was getting ready to
| install
| > | DNS
| > | > on the second server per KB Articles 238369, when I noticed odd
errors
| > on
| > | > the first server. The errors I'm getting are Event ID: 4011 errors:
| > | >
| > | >
| > | > The DNS server was unable to add or write an update of domain
name
| > | _ldap
| > | > in zone name.com to the Active Directory. Check that the Active
| > | > Directory is functioning properly and add or update this domain name
| > using
| > | > the DNS console. The event data contains the error.
| > | >
| > | > The DNS server was unable to add or write an update of domain
name
| > _gc
| > | > in zone name.com to the Active Directory. Check that the Active
| > | > Directory is functioning properly and add or update this domain name
| > using
| > | > the DNS console. The event data contains the error.
| > | >
| > | > The DNS server was unable to add or write an update of domain
name
| > gc
| > | in
| > | > zone name.com to the Active Directory. Check that the Active
| > | > Directory is functioning properly and add or update this domain name
| > using
| > | > the DNS console. The event data contains the error.
| > | >
| > | > This is the only server in this test network, so I can't move the GC
| to
| > | > another server. I don't want to promote the other server if DNS/AD
| isn't
| > | > functioning properly--I could since this is only a test network, but
| I'm
| > | > trying to run through things before I install this in a production
| > | > environment.
| > | >
| > | > I've been told if we don't get this working, we'll be installing
| NetWare
| > | on
| > | > both servers.
| > | >
| > | > Any suggestions?
| > | >
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|
 
C

Chris Hall

Yes, the PDC Emulator is at the root of the forest and I configured the root
server as the time server. Again, everything looked good this morning in the
event logs. Looks like this is a good opportunity to learn all the nuances
of AD!


"David Pharr [MSFT]" said:
Hi Chris,

Yes, if you had a dot zone it would show up under the Forward Lookup Zone.

Did you configure the PDC Emulator at the root of the forest for time
synchronization with an outside time server? If everyone is using Nt5DS as
their type (the default setting), this allows them all to synchronize with
the PDC Emulator as the master time server and that machine should be the
one to monitor the time.

216734 How to Configure an Authoritative Time Server in Windows 2000
http://support.microsoft.com/?id=216734

If you pick a machine that is not a domain controller to be your time
server, none of the other machines will automatically discover that time
server. You can select any machine to be a time server, but you would have
to point everyone to that server via their registry settings for W32Time.

I believe (and I'll double-check this so that I'm not giving you bad
information) that the frequency is based upon the Period setting in the
W32Time parameter registry setting on that manually configured server.
These settings are all located in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

Here's the normal time synchronization process for clients/servers in a
Windows 2000 domain:
224799 Basic Operation of the Windows Time Service
http://support.microsoft.com/?id=224799

For detailed information on Windows time in Windows 2000, checkout the
following white paper:
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser
v.asp

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<#[email protected]>
<[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Tue, 13 Apr 2004 12:37:40 -0400
| Lines: 140
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:76461
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi David,
|
| I didn't see a "." zone in the dns console....if it existed, wouldn't it
| show up in the Forward zones?
|
| No problems pinging, accessing resources...over the weekend and this
| morning, the event logs looked pretty clean. How often do clients/servers
| try to sychronize time from the time source? I do have one of my servers
set
| to get time from an NTP server.
|
| | > Hi Chris,
| >
| > Sorry, been away for a few days. I looked at your initial logs and they
| > looked fine - ad replication, frs, permissions on your default domain
| > controller policy, fsmo roles, dcdiag and netdiag all look fine.
| >
| > I took a quick look at your second set of logs and they look pretty
good,
| > too. FRS is working fine - if FRS cycles through 13508 and 13509 you're
| > ok. You are having a problem if you continually get 13508 with no good
| > messages (13509 and 13516). The versions for the group policies on both
| > DCs matches according to the gpotool results so it looks like the
contents
| > are synchronized.
| >
| > The DNS 4004 error looks like the AD isn't fully up and running when it
| > tries to load the ad-integrated zone. It looks like it is trying to
load
| > 4 zones - your domain zone, two reverse lookup zones and another one.
You
| > don't have a dot (.) zone, do you? If so, delete it - this machine is
not
| > the root of the Internet so that dot (.) zone shouldn't be there.
| >
| > I would venture to guess that the records are present on both DCs and
that
| > you have no problem accessing resources or pinging machines by fqdn, ip
| > address or netbios names - is that correct? It may be a timing issue
but
| > I'll have to check into this and get back to you when I'm more alert. A
| > quick workaround would be to change it from ad-integrated to standard
| > primary.
| >
| > I'll get back to you this weekend with an update.
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | References: <[email protected]>
| > | Subject: Re: DNS Error--Anyone?
| > | Date: Tue, 6 Apr 2004 16:18:34 -0400
| > | Lines: 55
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <#[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path:
| >
|
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
| > 8.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:72393
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > |
| > | | > | > I've setup a couple of test machines to try to work through
| installation
| > | > problems before installing on production servers....
| > | >
| > | > My original issue began on 3/29/04. I decided that it would be best
to
| > | just
| > | > reinstall the servers and sought advice in the thread "Installing
| Active
| > | > Directory and DNS 3/29/04"
| > | >
| > | > I've installed the first test server and promoted to a DC without a
| > | problem
| > | > (verified AD install, etc..per suggestions in the above mentioned
| > thread).
| > | I
| > | > installed the second server, setup static IP address, joined the
| domain,
| > | > made sure TCP/IP & DNS was all working and was getting ready to
| install
| > | DNS
| > | > on the second server per KB Articles 238369, when I noticed odd
errors
| > on
| > | > the first server. The errors I'm getting are Event ID: 4011 errors:
| > | >
| > | >
| > | > The DNS server was unable to add or write an update of domain
name
| > | _ldap
| > | > in zone name.com to the Active Directory. Check that the Active
| > | > Directory is functioning properly and add or update this domain name
| > using
| > | > the DNS console. The event data contains the error.
| > | >
| > | > The DNS server was unable to add or write an update of domain
name
| > _gc
| > | > in zone name.com to the Active Directory. Check that the Active
| > | > Directory is functioning properly and add or update this domain name
| > using
| > | > the DNS console. The event data contains the error.
| > | >
| > | > The DNS server was unable to add or write an update of domain
name
| > gc
| > | in
| > | > zone name.com to the Active Directory. Check that the Active
| > | > Directory is functioning properly and add or update this domain name
| > using
| > | > the DNS console. The event data contains the error.
| > | >
| > | > This is the only server in this test network, so I can't move the GC
| to
| > | > another server. I don't want to promote the other server if DNS/AD
| isn't
| > | > functioning properly--I could since this is only a test network, but
| I'm
| > | > trying to run through things before I install this in a production
| > | > environment.
| > | >
| > | > I've been told if we don't get this working, we'll be installing
| NetWare
| > | on
| > | > both servers.
| > | >
| > | > Any suggestions?
| > | >
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|
Click to expand...
 
D

David Pharr [MSFT]

I'm glad to hear that all is working well.

Have fun learning AD - there's a ton of information out there. Two good
launching points:

White papers:
http://www.microsoft.com/windows2000/techinfo/howitworks/default.asp

Technology Centers:
http://www.microsoft.com/windows2000/technologies/default.asp

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<#[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Wed, 14 Apr 2004 10:37:09 -0400
| Lines: 249
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:73075
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Yes, the PDC Emulator is at the root of the forest and I configured the
root
| server as the time server. Again, everything looked good this morning in
the
| event logs. Looks like this is a good opportunity to learn all the nuances
| of AD!
|
|
| | > Hi Chris,
| >
| > Yes, if you had a dot zone it would show up under the Forward Lookup
Zone.
| >
| > Did you configure the PDC Emulator at the root of the forest for time
| > synchronization with an outside time server? If everyone is using Nt5DS
| as
| > their type (the default setting), this allows them all to synchronize
with
| > the PDC Emulator as the master time server and that machine should be
the
| > one to monitor the time.
| >
| > 216734 How to Configure an Authoritative Time Server in Windows 2000
| > http://support.microsoft.com/?id=216734
| >
| > If you pick a machine that is not a domain controller to be your time
| > server, none of the other machines will automatically discover that time
| > server. You can select any machine to be a time server, but you would
| have
| > to point everyone to that server via their registry settings for
W32Time.
| >
| > I believe (and I'll double-check this so that I'm not giving you bad
| > information) that the frequency is based upon the Period setting in the
| > W32Time parameter registry setting on that manually configured server.
| > These settings are all located in
| > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.
| >
| > Here's the normal time synchronization process for clients/servers in a
| > Windows 2000 domain:
| > 224799 Basic Operation of the Windows Time Service
| > http://support.microsoft.com/?id=224799
| >
| > For detailed information on Windows time in Windows 2000, checkout the
| > following white paper:
| >
|
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser
| > v.asp
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| >
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | References: <[email protected]>
| > <#[email protected]>
| > <[email protected]>
| > | Subject: Re: DNS Error--Anyone?
| > | Date: Tue, 13 Apr 2004 12:37:40 -0400
| > | Lines: 140
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path:
| >
|
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
| > phx.gbl
| > | Xref: cpmsftngxa10.phx.gbl
| microsoft.public.win2000.active_directory:76461
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | Hi David,
| > |
| > | I didn't see a "." zone in the dns console....if it existed, wouldn't
it
| > | show up in the Forward zones?
| > |
| > | No problems pinging, accessing resources...over the weekend and this
| > | morning, the event logs looked pretty clean. How often do
| clients/servers
| > | try to sychronize time from the time source? I do have one of my
servers
| > set
| > | to get time from an NTP server.
| > |
| > | | > | > Hi Chris,
| > | >
| > | > Sorry, been away for a few days. I looked at your initial logs and
| they
| > | > looked fine - ad replication, frs, permissions on your default
domain
| > | > controller policy, fsmo roles, dcdiag and netdiag all look fine.
| > | >
| > | > I took a quick look at your second set of logs and they look pretty
| > good,
| > | > too. FRS is working fine - if FRS cycles through 13508 and 13509
| you're
| > | > ok. You are having a problem if you continually get 13508 with no
| good
| > | > messages (13509 and 13516). The versions for the group policies on
| both
| > | > DCs matches according to the gpotool results so it looks like the
| > contents
| > | > are synchronized.
| > | >
| > | > The DNS 4004 error looks like the AD isn't fully up and running when
| it
| > | > tries to load the ad-integrated zone. It looks like it is trying
to
| > load
| > | > 4 zones - your domain zone, two reverse lookup zones and another
one.
| > You
| > | > don't have a dot (.) zone, do you? If so, delete it - this machine
is
| > not
| > | > the root of the Internet so that dot (.) zone shouldn't be there.
| > | >
| > | > I would venture to guess that the records are present on both DCs
and
| > that
| > | > you have no problem accessing resources or pinging machines by fqdn,
| ip
| > | > address or netbios names - is that correct? It may be a timing
issue
| > but
| > | > I'll have to check into this and get back to you when I'm more
alert.
| A
| > | > quick workaround would be to change it from ad-integrated to
standard
| > | > primary.
| > | >
| > | > I'll get back to you this weekend with an update.
| > | >
| > | > David Pharr, (e-mail address removed)
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | rights.
| > | > --------------------
| > | > | From: "Chris Hall" <[email protected]>
| > | > | References: <[email protected]>
| > | > | Subject: Re: DNS Error--Anyone?
| > | > | Date: Tue, 6 Apr 2004 16:18:34 -0400
| > | > | Lines: 55
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | > | Message-ID: <#[email protected]>
| > | > | Newsgroups: microsoft.public.win2000.active_directory
| > | > | NNTP-Posting-Host: 208.61.216.3
| > | > | Path:
| > | >
| > |
| >
|
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
| > | > 8.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | > | Xref: cpmsftngxa06.phx.gbl
| > | microsoft.public.win2000.active_directory:72393
| > | > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > | > |
| > | > |
| > | > | | > | > | > I've setup a couple of test machines to try to work through
| > | installation
| > | > | > problems before installing on production servers....
| > | > | >
| > | > | > My original issue began on 3/29/04. I decided that it would be
| best
| > to
| > | > | just
| > | > | > reinstall the servers and sought advice in the thread
"Installing
| > | Active
| > | > | > Directory and DNS 3/29/04"
| > | > | >
| > | > | > I've installed the first test server and promoted to a DC
without
| a
| > | > | problem
| > | > | > (verified AD install, etc..per suggestions in the above
mentioned
| > | > thread).
| > | > | I
| > | > | > installed the second server, setup static IP address, joined the
| > | domain,
| > | > | > made sure TCP/IP & DNS was all working and was getting ready to
| > | install
| > | > | DNS
| > | > | > on the second server per KB Articles 238369, when I noticed odd
| > errors
| > | > on
| > | > | > the first server. The errors I'm getting are Event ID: 4011
| errors:
| > | > | >
| > | > | >
| > | > | > The DNS server was unable to add or write an update of
domain
| > name
| > | > | _ldap
| > | > | > in zone name.com to the Active Directory. Check that the Active
| > | > | > Directory is functioning properly and add or update this domain
| name
| > | > using
| > | > | > the DNS console. The event data contains the error.
| > | > | >
| > | > | > The DNS server was unable to add or write an update of
domain
| > name
| > | > _gc
| > | > | > in zone name.com to the Active Directory. Check that the Active
| > | > | > Directory is functioning properly and add or update this domain
| name
| > | > using
| > | > | > the DNS console. The event data contains the error.
| > | > | >
| > | > | > The DNS server was unable to add or write an update of
domain
| > name
| > | > gc
| > | > | in
| > | > | > zone name.com to the Active Directory. Check that the Active
| > | > | > Directory is functioning properly and add or update this domain
| name
| > | > using
| > | > | > the DNS console. The event data contains the error.
| > | > | >
| > | > | > This is the only server in this test network, so I can't move
the
| GC
| > | to
| > | > | > another server. I don't want to promote the other server if
DNS/AD
| > | isn't
| > | > | > functioning properly--I could since this is only a test network,
| but
| > | I'm
| > | > | > trying to run through things before I install this in a
production
| > | > | > environment.
| > | > | >
| > | > | > I've been told if we don't get this working, we'll be installing
| > | NetWare
| > | > | on
| > | > | > both servers.
| > | > | >
| > | > | > Any suggestions?
| > | > | >
| > | > | >
| > | > | >
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|
 
C

Chris Hall

David,
You've been a big help. I learned a lot from this experience and appreciate
you sharing your knowledge and time.

Thanks,
Chris

"David Pharr [MSFT]" said:
I'm glad to hear that all is working well.

Have fun learning AD - there's a ton of information out there. Two good
launching points:

White papers:
http://www.microsoft.com/windows2000/techinfo/howitworks/default.asp

Technology Centers:
http://www.microsoft.com/windows2000/technologies/default.asp

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<#[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Wed, 14 Apr 2004 10:37:09 -0400
| Lines: 249
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:73075
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Yes, the PDC Emulator is at the root of the forest and I configured the
root
| server as the time server. Again, everything looked good this morning in
the
| event logs. Looks like this is a good opportunity to learn all the nuances
| of AD!
|
|
| | > Hi Chris,
| >
| > Yes, if you had a dot zone it would show up under the Forward Lookup
Zone.
| >
| > Did you configure the PDC Emulator at the root of the forest for time
| > synchronization with an outside time server? If everyone is using Nt5DS
| as
| > their type (the default setting), this allows them all to synchronize
with
| > the PDC Emulator as the master time server and that machine should be
the
| > one to monitor the time.
| >
| > 216734 How to Configure an Authoritative Time Server in Windows 2000
| > http://support.microsoft.com/?id=216734
| >
| > If you pick a machine that is not a domain controller to be your time
| > server, none of the other machines will automatically discover that time
| > server. You can select any machine to be a time server, but you would
| have
| > to point everyone to that server via their registry settings for
W32Time.
| >
| > I believe (and I'll double-check this so that I'm not giving you bad
| > information) that the frequency is based upon the Period setting in the
| > W32Time parameter registry setting on that manually configured server.
| > These settings are all located in
| > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.
| >
| > Here's the normal time synchronization process for clients/servers in a
| > Windows 2000 domain:
| > 224799 Basic Operation of the Windows Time Service
| > http://support.microsoft.com/?id=224799
| >
| > For detailed information on Windows time in Windows 2000, checkout the
| > following white paper:
| >
|
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser
| > v.asp
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| >
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | References: <[email protected]>
| > <#[email protected]>
| > <[email protected]>
| > | Subject: Re: DNS Error--Anyone?
| > | Date: Tue, 13 Apr 2004 12:37:40 -0400
| > | Lines: 140
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path:
| >
|
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
| > phx.gbl
| > | Xref: cpmsftngxa10.phx.gbl
| microsoft.public.win2000.active_directory:76461
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | Hi David,
| > |
| > | I didn't see a "." zone in the dns console....if it existed, wouldn't
it
| > | show up in the Forward zones?
| > |
| > | No problems pinging, accessing resources...over the weekend and this
| > | morning, the event logs looked pretty clean. How often do
| clients/servers
| > | try to sychronize time from the time source? I do have one of my
servers
| > set
| > | to get time from an NTP server.
| > |
| > | | > | > Hi Chris,
| > | >
| > | > Sorry, been away for a few days. I looked at your initial logs and
| they
| > | > looked fine - ad replication, frs, permissions on your default
domain
| > | > controller policy, fsmo roles, dcdiag and netdiag all look fine.
| > | >
| > | > I took a quick look at your second set of logs and they look pretty
| > good,
| > | > too. FRS is working fine - if FRS cycles through 13508 and 13509
| you're
| > | > ok. You are having a problem if you continually get 13508 with no
| good
| > | > messages (13509 and 13516). The versions for the group policies on
| both
| > | > DCs matches according to the gpotool results so it looks like the
| > contents
| > | > are synchronized.
| > | >
| > | > The DNS 4004 error looks like the AD isn't fully up and running when
| it
| > | > tries to load the ad-integrated zone. It looks like it is trying
to
| > load
| > | > 4 zones - your domain zone, two reverse lookup zones and another
one.
| > You
| > | > don't have a dot (.) zone, do you? If so, delete it - this machine
is
| > not
| > | > the root of the Internet so that dot (.) zone shouldn't be there.
| > | >
| > | > I would venture to guess that the records are present on both DCs
and
| > that
| > | > you have no problem accessing resources or pinging machines by fqdn,
| ip
| > | > address or netbios names - is that correct? It may be a timing
issue
| > but
| > | > I'll have to check into this and get back to you when I'm more
alert.
| A
| > | > quick workaround would be to change it from ad-integrated to
standard
| > | > primary.
| > | >
| > | > I'll get back to you this weekend with an update.
| > | >
| > | > David Pharr, (e-mail address removed)
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | rights.
| > | > --------------------
| > | > | From: "Chris Hall" <[email protected]>
| > | > | References: <[email protected]>
| > | > | Subject: Re: DNS Error--Anyone?
| > | > | Date: Tue, 6 Apr 2004 16:18:34 -0400
| > | > | Lines: 55
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | > | Message-ID: <#[email protected]>
| > | > | Newsgroups: microsoft.public.win2000.active_directory
| > | > | NNTP-Posting-Host: 208.61.216.3
| > | > | Path:
| > | >
| > |
| >
|
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
| > | > 8.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | > | Xref: cpmsftngxa06.phx.gbl
| > | microsoft.public.win2000.active_directory:72393
| > | > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > | > |
| > | > |
| > | > | | > | > | > I've setup a couple of test machines to try to work through
| > | installation
| > | > | > problems before installing on production servers....
| > | > | >
| > | > | > My original issue began on 3/29/04. I decided that it would be
| best
| > to
| > | > | just
| > | > | > reinstall the servers and sought advice in the thread
"Installing
| > | Active
| > | > | > Directory and DNS 3/29/04"
| > | > | >
| > | > | > I've installed the first test server and promoted to a DC
without
| a
| > | > | problem
| > | > | > (verified AD install, etc..per suggestions in the above
mentioned
| > | > thread).
| > | > | I
| > | > | > installed the second server, setup static IP address, joined the
| > | domain,
| > | > | > made sure TCP/IP & DNS was all working and was getting ready to
| > | install
| > | > | DNS
| > | > | > on the second server per KB Articles 238369, when I noticed odd
| > errors
| > | > on
| > | > | > the first server. The errors I'm getting are Event ID: 4011
| errors:
| > | > | >
| > | > | >
| > | > | > The DNS server was unable to add or write an update of
domain
| > name
| > | > | _ldap
| > | > | > in zone name.com to the Active Directory. Check that the Active
| > | > | > Directory is functioning properly and add or update this domain
| name
| > | > using
| > | > | > the DNS console. The event data contains the error.
| > | > | >
| > | > | > The DNS server was unable to add or write an update of
domain
| > name
| > | > _gc
| > | > | > in zone name.com to the Active Directory. Check that the Active
| > | > | > Directory is functioning properly and add or update this domain
| name
| > | > using
| > | > | > the DNS console. The event data contains the error.
| > | > | >
| > | > | > The DNS server was unable to add or write an update of
domain
| > name
| > | > gc
| > | > | in
| > | > | > zone name.com to the Active Directory. Check that the Active
| > | > | > Directory is functioning properly and add or update this domain
| name
| > | > using
| > | > | > the DNS console. The event data contains the error.
| > | > | >
| > | > | > This is the only server in this test network, so I can't move
the
| GC
| > | to
| > | > | > another server. I don't want to promote the other server if
DNS/AD
| > | isn't
| > | > | > functioning properly--I could since this is only a test network,
| but
| > | I'm
| > | > | > trying to run through things before I install this in a
production
| > | > | > environment.
| > | > | >
| > | > | > I've been told if we don't get this working, we'll be installing
| > | NetWare
| > | > | on
| > | > | > both servers.
| > | > | >
| > | > | > Any suggestions?
| > | > | >
| > | > | >
| > | > | >
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|
Click to expand...
 
D

David Pharr [MSFT]

You're very welcome. It was my pleasure.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Hall" <[email protected]>
| References: <[email protected]>
<#[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: DNS Error--Anyone?
| Date: Fri, 16 Apr 2004 14:50:38 -0400
| Lines: 356
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#neZ2O#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.61.216.3
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:76811
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| David,
| You've been a big help. I learned a lot from this experience and
appreciate
| you sharing your knowledge and time.
|
| Thanks,
| Chris
|
| | > I'm glad to hear that all is working well.
| >
| > Have fun learning AD - there's a ton of information out there. Two good
| > launching points:
| >
| > White papers:
| > http://www.microsoft.com/windows2000/techinfo/howitworks/default.asp
| >
| > Technology Centers:
| > http://www.microsoft.com/windows2000/technologies/default.asp
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Chris Hall" <[email protected]>
| > | References: <[email protected]>
| > <#[email protected]>
| > <[email protected]>
| > <[email protected]>
| > <[email protected]>
| > | Subject: Re: DNS Error--Anyone?
| > | Date: Wed, 14 Apr 2004 10:37:09 -0400
| > | Lines: 249
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 208.61.216.3
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:73075
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | Yes, the PDC Emulator is at the root of the forest and I configured
the
| > root
| > | server as the time server. Again, everything looked good this morning
in
| > the
| > | event logs. Looks like this is a good opportunity to learn all the
| nuances
| > | of AD!
| > |
| > |
| > | | > | > Hi Chris,
| > | >
| > | > Yes, if you had a dot zone it would show up under the Forward Lookup
| > Zone.
| > | >
| > | > Did you configure the PDC Emulator at the root of the forest for
time
| > | > synchronization with an outside time server? If everyone is using
| Nt5DS
| > | as
| > | > their type (the default setting), this allows them all to
synchronize
| > with
| > | > the PDC Emulator as the master time server and that machine should
be
| > the
| > | > one to monitor the time.
| > | >
| > | > 216734 How to Configure an Authoritative Time Server in Windows 2000
| > | > http://support.microsoft.com/?id=216734
| > | >
| > | > If you pick a machine that is not a domain controller to be your
time
| > | > server, none of the other machines will automatically discover that
| time
| > | > server. You can select any machine to be a time server, but you
would
| > | have
| > | > to point everyone to that server via their registry settings for
| > W32Time.
| > | >
| > | > I believe (and I'll double-check this so that I'm not giving you bad
| > | > information) that the frequency is based upon the Period setting in
| the
| > | > W32Time parameter registry setting on that manually configured
server.
| > | > These settings are all located in
| > | >
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.
| > | >
| > | > Here's the normal time synchronization process for clients/servers
in
| a
| > | > Windows 2000 domain:
| > | > 224799 Basic Operation of the Windows Time Service
| > | > http://support.microsoft.com/?id=224799
| > | >
| > | > For detailed information on Windows time in Windows 2000, checkout
the
| > | > following white paper:
| > | >
| > |
| >
|
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser
| > | > v.asp
| > | >
| > | > David Pharr, (e-mail address removed)
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | rights.
| > | >
| > | > --------------------
| > | > | From: "Chris Hall" <[email protected]>
| > | > | References: <[email protected]>
| > | > <#[email protected]>
| > | > <[email protected]>
| > | > | Subject: Re: DNS Error--Anyone?
| > | > | Date: Tue, 13 Apr 2004 12:37:40 -0400
| > | > | Lines: 140
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | > | Message-ID: <[email protected]>
| > | > | Newsgroups: microsoft.public.win2000.active_directory
| > | > | NNTP-Posting-Host: 208.61.216.3
| > | > | Path:
| > | >
| > |
| >
|
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
| > | > phx.gbl
| > | > | Xref: cpmsftngxa10.phx.gbl
| > | microsoft.public.win2000.active_directory:76461
| > | > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > | > |
| > | > | Hi David,
| > | > |
| > | > | I didn't see a "." zone in the dns console....if it existed,
| wouldn't
| > it
| > | > | show up in the Forward zones?
| > | > |
| > | > | No problems pinging, accessing resources...over the weekend and
this
| > | > | morning, the event logs looked pretty clean. How often do
| > | clients/servers
| > | > | try to sychronize time from the time source? I do have one of my
| > servers
| > | > set
| > | > | to get time from an NTP server.
| > | > |
| > | > | | > | > | > Hi Chris,
| > | > | >
| > | > | > Sorry, been away for a few days. I looked at your initial logs
| and
| > | they
| > | > | > looked fine - ad replication, frs, permissions on your default
| > domain
| > | > | > controller policy, fsmo roles, dcdiag and netdiag all look fine.
| > | > | >
| > | > | > I took a quick look at your second set of logs and they look
| pretty
| > | > good,
| > | > | > too. FRS is working fine - if FRS cycles through 13508 and
13509
| > | you're
| > | > | > ok. You are having a problem if you continually get 13508 with
no
| > | good
| > | > | > messages (13509 and 13516). The versions for the group policies
| on
| > | both
| > | > | > DCs matches according to the gpotool results so it looks like
the
| > | > contents
| > | > | > are synchronized.
| > | > | >
| > | > | > The DNS 4004 error looks like the AD isn't fully up and running
| when
| > | it
| > | > | > tries to load the ad-integrated zone. It looks like it is
trying
| > to
| > | > load
| > | > | > 4 zones - your domain zone, two reverse lookup zones and another
| > one.
| > | > You
| > | > | > don't have a dot (.) zone, do you? If so, delete it - this
| machine
| > is
| > | > not
| > | > | > the root of the Internet so that dot (.) zone shouldn't be
there.
| > | > | >
| > | > | > I would venture to guess that the records are present on both
DCs
| > and
| > | > that
| > | > | > you have no problem accessing resources or pinging machines by
| fqdn,
| > | ip
| > | > | > address or netbios names - is that correct? It may be a timing
| > issue
| > | > but
| > | > | > I'll have to check into this and get back to you when I'm more
| > alert.
| > | A
| > | > | > quick workaround would be to change it from ad-integrated to
| > standard
| > | > | > primary.
| > | > | >
| > | > | > I'll get back to you this weekend with an update.
| > | > | >
| > | > | > David Pharr, (e-mail address removed)
| > | > | >
| > | > | > This posting is provided "AS IS" with no warranties, and confers
| no
| > | > | rights.
| > | > | > --------------------
| > | > | > | From: "Chris Hall" <[email protected]>
| > | > | > | References: <[email protected]>
| > | > | > | Subject: Re: DNS Error--Anyone?
| > | > | > | Date: Tue, 6 Apr 2004 16:18:34 -0400
| > | > | > | Lines: 55
| > | > | > | X-Priority: 3
| > | > | > | X-MSMail-Priority: Normal
| > | > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | > | > | Message-ID: <#[email protected]>
| > | > | > | Newsgroups: microsoft.public.win2000.active_directory
| > | > | > | NNTP-Posting-Host: 208.61.216.3
| > | > | > | Path:
| > | > | >
| > | > |
| > | >
| > |
| >
|
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
| > | > | > 8.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | > | > | Xref: cpmsftngxa06.phx.gbl
| > | > | microsoft.public.win2000.active_directory:72393
| > | > | > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > | > | > |
| > | > | > |
| message
| > | > | > | | > | > | > | > I've setup a couple of test machines to try to work through
| > | > | installation
| > | > | > | > problems before installing on production servers....
| > | > | > | >
| > | > | > | > My original issue began on 3/29/04. I decided that it would
be
| > | best
| > | > to
| > | > | > | just
| > | > | > | > reinstall the servers and sought advice in the thread
| > "Installing
| > | > | Active
| > | > | > | > Directory and DNS 3/29/04"
| > | > | > | >
| > | > | > | > I've installed the first test server and promoted to a DC
| > without
| > | a
| > | > | > | problem
| > | > | > | > (verified AD install, etc..per suggestions in the above
| > mentioned
| > | > | > thread).
| > | > | > | I
| > | > | > | > installed the second server, setup static IP address, joined
| the
| > | > | domain,
| > | > | > | > made sure TCP/IP & DNS was all working and was getting ready
| to
| > | > | install
| > | > | > | DNS
| > | > | > | > on the second server per KB Articles 238369, when I noticed
| odd
| > | > errors
| > | > | > on
| > | > | > | > the first server. The errors I'm getting are Event ID: 4011
| > | errors:
| > | > | > | >
| > | > | > | >
| > | > | > | > The DNS server was unable to add or write an update of
| > domain
| > | > name
| > | > | > | _ldap
| > | > | > | > in zone name.com to the Active Directory. Check that the
| Active
| > | > | > | > Directory is functioning properly and add or update this
| domain
| > | name
| > | > | > using
| > | > | > | > the DNS console. The event data contains the error.
| > | > | > | >
| > | > | > | > The DNS server was unable to add or write an update of
| > domain
| > | > name
| > | > | > _gc
| > | > | > | > in zone name.com to the Active Directory. Check that the
| Active
| > | > | > | > Directory is functioning properly and add or update this
| domain
| > | name
| > | > | > using
| > | > | > | > the DNS console. The event data contains the error.
| > | > | > | >
| > | > | > | > The DNS server was unable to add or write an update of
| > domain
| > | > name
| > | > | > gc
| > | > | > | in
| > | > | > | > zone name.com to the Active Directory. Check that the Active
| > | > | > | > Directory is functioning properly and add or update this
| domain
| > | name
| > | > | > using
| > | > | > | > the DNS console. The event data contains the error.
| > | > | > | >
| > | > | > | > This is the only server in this test network, so I can't
move
| > the
| > | GC
| > | > | to
| > | > | > | > another server. I don't want to promote the other server if
| > DNS/AD
| > | > | isn't
| > | > | > | > functioning properly--I could since this is only a test
| network,
| > | but
| > | > | I'm
| > | > | > | > trying to run through things before I install this in a
| > production
| > | > | > | > environment.
| > | > | > | >
| > | > | > | > I've been told if we don't get this working, we'll be
| installing
| > | > | NetWare
| > | > | > | on
| > | > | > | > both servers.
| > | > | > | >
| > | > | > | > Any suggestions?
| > | > | > | >
| > | > | > | >
| > | > | > | >
| > | > | > |
| > | > | > |
| > | > | > |
| > | > | >
| > | > | >
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Events 1202 SceCli (every 5 mins) and 4004 DNS (twice after each restart) 2
Slow Workstation Logon - Active Directory 2
AD DNS records? Never seen them :( 14
DNS Directory Partition Problem 1
Post AD2K-->AD2K8 Migration issues 4
Netbios names with IP 6
Yardým Edin Lütfen! DNS - NetDiag - Active Directory Users and Computers - HELP ME!! TURKEY!! 8
Replication Problem 2

Top