DNS Problems on Win2k SP4

[Adam Welch]

I have recently upgraded our servers from Win2k SP3 to SP4. I am now
getting DNS errors in the event logs of the servers and workstations. The
DNS servers are AD Intergrated. I have 2 DCs, both running DNS and using
DHCP to auto update DNS records.
I am getting the following error messages on the DNS servers:
Event ID 4004 - The DNS server was unable to complete directory service
enumeration of zone NAME This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone
without it. Check that the Active Directory is functioning properly and
repeat enumeration of the zone. The event data contains the error.
Event ID 5781 - Dynamic registration or deregistration of one or more
DNS records failed because no DNS servers are available.

I am getting the following error messages on the workstations:
Event ID 11151 - The system failed to register network adapter with
settings:
Adapter Name : {NAME}
Host Name : PC001
Adapter-specific Domain Suffix : DOMAIN01
DNS server list :
192.168.0.2, 192.168.0.4
Sent update to server : None
IP Address(es) :
192.168.0.210

I have looked thru Microsoft's KB and thru some newgroups, but I cannot
seem to find any info about this problem. Has anyone else encountered this
problem? Thanks in advance for your help!

- Adam Welch

 

[Kevin D. Goodknecht [MVP]]

In

I am getting the following error messages on the workstations:
Event ID 11151 - The system failed to register network adapter
with settings:
Adapter Name : {NAME}
Host Name : PC001
Adapter-specific Domain Suffix : DOMAIN01
DNS server list :
192.168.0.2, 192.168.0.4
Sent update to server : None
IP Address(es) :
192.168.0.210

An ipconfig /all would have been more informative, I suspect single label
domain name (domain vs domain.com) starting in Win2kSP4 you have to add
registry entries to allow registration. This is only a bandaid as single
label domains do not follow the normal DNS hierarchy, and some features may
never work, such as GPOs.
There is registry entries you must make on all Win2kSP4, XP and Win2k3 to
allow the single label domain. The only real fix is to build a new domain
with a good DNS name.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684

This is not verified as of yet but the registry entry in thei KB might
resolve GPOs.
251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option: http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

 

[Adam Welch]

Kevin,
Thank you for the quick respsone! I have applied the reg fix from KB#
300684 on a couple of workstations and it appears to have fixed the problem
on the workstations. I have yet to reboot the DCs as per the instructions
to see if that works.
Do you know of a way that I could apply these changes thru GPO to Win2k
Pro? Thanks again for your help!

- Adam Welch

 

[Kevin D. Goodknecht [MVP]]

In

Kevin,
Thank you for the quick respsone! I have applied the reg fix
from KB# 300684 on a couple of workstations and it appears to have
fixed the problem on the workstations. I have yet to reboot the DCs
as per the instructions to see if that works.
Do you know of a way that I could apply these changes thru GPO to
Win2k Pro? Thanks again for your help!

That is one problem, GPOs are applied from the
\\domain01\SYSVOL\domain01\policies DFS share that share is not accessable
because the domain will not resolve. You can try the second Article I posted
to see if the domain will resolve in DNS, as of now I don't know if that
will resolve the inability to resolve the domain name.

Other that that, you can use regedit to export the value to a registry file.
If you do that you can put the file on a floppy disk and double click it to
make the entry.

 

[Don Palmer]

This is great information but I am having the same issue
but I am still having a problem. I have edited the
registry and added the changes and rebooted the 2 DCs
that I have. The problem is that when I go to force
replication in Sites and Services I am getting "RPC
Server not available." I am going to wait to see if the
servers will resolve things on their own after the 15
minute rule. (It has been longer than 15) But I am
curious to know if there is any other information that I
should be looking for.

Thanks for any help,
Donald Palmer, MCSE

 

[Ace Fekay [MVP]]

In

This is great information but I am having the same issue
but I am still having a problem. I have edited the
registry and added the changes and rebooted the 2 DCs
that I have. The problem is that when I go to force
replication in Sites and Services I am getting "RPC
Server not available." I am going to wait to see if the
servers will resolve things on their own after the 15
minute rule. (It has been longer than 15) But I am
curious to know if there is any other information that I
should be looking for.

Thanks for any help,
Donald Palmer, MCSE

When that RPC error comes up, it's usually due to either the SRV records in
DNS do not exist or there's a firewall blocking domain communication. AD
asks DNS 'where is that domain controller please' and gets the answers from
the SRVs).

AD and DNS FAQs
http://support.microsoft.com/?id=291382

So need to ask, do the SRV records exist under the zone name in DNS?

Can the machine you're trying to replicate to or from be able to resolve
each other's FQDNs?

If you use nslookup from one of the machines, can it resolve the SRVs?
nslookup
ls -t SRV domain.com
do they all show up? (need zone transfers to be allowed for this one to
work). Here's more info on how to do that and other tests for this:

Verify DNS RR and SRV with nslookup:
http://www.microsoft.com/technet/tr.../proddocs/sag_DNS_tro_dcLocator_verifySRV.asp


Is there a firewall between them?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory