DNS server machine has no DNS domain name

[picen]

Hi,
I have installed Active Directory with DNS, but I have got
in Event Viewer this message: "The DNS server machine
currently has no DNS domain name" (example: "host" rather
than "host.microsoft.com"), moreover DNS doesn't present
SRV records.
Can anybody help me?
TIA.
Bye.

 

[Kevin D. Goodknecht]

In

Hi,
I have installed Active Directory with DNS, but I have got
in Event Viewer this message: "The DNS server machine
currently has no DNS domain name" (example: "host" rather
than "host.microsoft.com"), moreover DNS doesn't present
SRV records.
Can anybody help me?
TIA.
Bye.

Can you post an ipcofig /all, please?
Also, is this the DC?

 

[Michael Johnston [MSFT]]

The server is missing its primary DNS suffix. If the server is a member server or a stand alone server, right click on My Computer and choose properties. Click
on the Network Identification tab and click properties. Then click the More button. In the Primary DNS suffix for this computer section, add the DNS suffix. If this
machine is the member of an Active Directory, then the DNS suffix should be the AD domain name.

If this machine is a DC, open regedit. Go to HKLM\SYSTEM\CCS\Service\TCPIP\Parameters. In this key check for a value called "Domain". If it's there, it'll
probably be blank. Open this value and add the AD domain name as the data. Next, check for the "NV Domain" key. Again, this value may be blank. Open it
and add the AD domain name as the data. Reboot the server. If these keys do not exist, then create the keys as string values.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Guest]

I am having this same issue and have the all the settings mentioned by Mr. Johnston in the Registry. Are there any other ideas to correct this issue? Or does the Domain/NV Domain name listed in the two keys mentioned need a trailing "."

 

[Ace Fekay [MVP]]

In

I am having this same issue and have the all the settings mentioned
by Mr. Johnston in the Registry. Are there any other ideas to
correct this issue? Or does the Domain/NV Domain name listed in the
two keys mentioned need a trailing "."

Are you also saying your Primary DNS Suffix is missing or incorrect?
Can you post an unedited ipconfig /all of your server please?

There's also a script that will accomplish this. It takes your AD DNS domain
name and populates this data in the correct spot. Hopefully your domain name
is not a single label name. If you have SP4, that can be an issue, but
there's a fix for that too.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

I'll post what I can of the ipconfig /all without opening
up all the security:

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : LQQKSSERVER
Primary DNS Suffix . . . . . . . : lqqks.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lqqks.local

Ethernet adapter Internet Connection:



Connection-specific DNS Suffix . :
xxx.xx.comcast.net
Description . . . . . . . . . . . : Linksys
LNE100TX(v5) Fast Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-0C-41-24-xx-
xx

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 69.139.152.xxx

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 69.139.152.1

DHCP Server . . . . . . . . . . . : 172.30.12.34

DNS Servers . . . . . . . . . . . : 68.54.80.5
68.54.80.6
Lease Obtained. . . . . . . . . . : Monday,
October 20, 2003 12:10:44 AM

Lease Expires . . . . . . . . . . : Sunday,
October 26, 2003 11:10:44 PM


Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : lqqks.local.
Description . . . . . . . . . . . : Intel(R) 82559
Fast Ethernet LAN on Motherboard
Physical Address. . . . . . . . . : 00-D0-B7-57-xx-
xx

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1

I'll add anything else that will help through email. All
systems are able to access the Internet through this
server. The only issues seem to be that connection to the
Global Catalog can not be established and therefore I can
not install AD based server apps.

I am getting the DNS warning EventID 414 and Directory
Service error EventID 1411 stating that Directory Service
failed to construct a mutual authentication SPN for the
server. The call is denied.... Followed by a DS warning
EventID 1655 and DS error EventID 1126

 

[Kevin D. Goodknecht]

In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:

I'll post what I can of the ipconfig /all without opening
up all the security:

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : LQQKSSERVER
Primary DNS Suffix . . . . . . . : lqqks.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lqqks.local

Ethernet adapter Internet Connection:



Connection-specific DNS Suffix . :
xxx.xx.comcast.net
Description . . . . . . . . . . . : Linksys
LNE100TX(v5) Fast Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-0C-41-24-xx-
xx

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 69.139.152.xxx

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 69.139.152.1

DHCP Server . . . . . . . . . . . : 172.30.12.34

DNS Servers . . . . . . . . . . . : 68.54.80.5
68.54.80.6
Lease Obtained. . . . . . . . . . : Monday,
October 20, 2003 12:10:44 AM

Lease Expires . . . . . . . . . . : Sunday,
October 26, 2003 11:10:44 PM


Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : lqqks.local.
Description . . . . . . . . . . . : Intel(R) 82559
Fast Ethernet LAN on Motherboard
Physical Address. . . . . . . . . : 00-D0-B7-57-xx-
xx

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1

I'll add anything else that will help through email. All
systems are able to access the Internet through this
server. The only issues seem to be that connection to the
Global Catalog can not be established and therefore I can
not install AD based server apps.

I think you will find this is mostly a binding problem and that your
external interface is at the top of the binding order. But, using your ISP's
DNS and DNS suffix on the external interface is having a part of your
problem

In Control panel open Network and Dial up connections, then go to the
Advanced Menu, select Advanced Settings, move the internal interface to the
top of the list and make sure File sharing and Client for MS Networks is NOT
bound to the external interface

IMO you need to remove your ISP's DNS servers and Suffix from your public
NIC and use the machine's private IP for DNS on all adapters on all
machines. I realize this adapter is using DHCP but you still need to define
your internal DNS as its DNS server.
..

In the DNS server's property sheet on the interfaces tab you want your DNS
listener IP of the private interface.

 

[LordLQQK]

Ok...I think I covered all the bases you mentioned (except
the Connection-specific DNS suffix for the external,
Comcast states that is needed for DHCP but I would be
willing to change that as well). Below is an updated
ipconfig. Unfortunately I am still getting the same set
of errors. Any other ideas?

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : LQQKSSERVER
Primary DNS Suffix . . . . . . . : lqqks.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lqqks.local

owngsm01.md.comcast.net

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : lqqks.local.
Description . . . . . . . . . . . : Intel(R) 82559
Fast Ethernet LAN on Motherboard
Physical Address. . . . . . . . . : 00-D0-B7-57-xx-
xx

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1


Ethernet adapter Internet Connection:



Connection-specific DNS Suffix . :
owngsm01.md.comcast.net
Description . . . . . . . . . . . : Linksys
LNE100TX(v5) Fast Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-0C-41-24-xx-
xx

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 69.139.xxx.xxx

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 69.139.152.1

DHCP Server . . . . . . . . . . . : 172.30.12.34

DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Tuesday,
October 21, 2003 11:38:26 PM

Lease Expires . . . . . . . . . . : Tuesday,
October 28, 2003 10:38:26 PM

 

[Ace Fekay [MVP]]

In

Ok...I think I covered all the bases you mentioned (except
the Connection-specific DNS suffix for the external,
Comcast states that is needed for DHCP but I would be
willing to change that as well). Below is an updated
ipconfig. Unfortunately I am still getting the same set
of errors. Any other ideas?

You're still getting the error that says:
"The DNS server machine currently has no DNS domain name" ?

In DNS, I would suggest to tell it to only listen to the internal IP address
(DNS properties, interface tab).
On the external NIC, I would suggest to disable NetBIOS, uncheck MS Client
and uncheck File and Print Services.

Run netdiag /fix and see if the error goes away.

If there are any other errors, or the one I asked about is incorrect, please
post the actual Event ID error number so we can further assist.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

I have run NETDIAG /fix and it fails the DNS test stating
that it "Can not find a primary authoritative DNS server
for the name 'LQQKSSERVER.lqqks.local.'.
[RCODE_SERVER_FAILURE]
The name 'LQQKSSERVER.lqqks.local.' may not be registered
in DNS.".... and then a long list of "failed to fix".

The list of errors are:

In DNS Server (whenever the DNS Service is (re)started:
EventID 414: "The DNS server machine currently has no DNS
domain name. Its DNS name is a single label hostname with
no domain (example: "host" rather
than "host.microsoft.com")..."

In Directory Services (every hour):
EventID 1411: "The Directory Service failed to construct
a mutual authentication Service Principal Name (SPN) for
server LQQKSSERVER. The call is denied. The error was:
A Service Principal Name (SPN) could not be constructed
because the provided hostname is not in the necessary
format."
EventID 1655: "The attempt to communicate with global
catalog \\LQQKSSERVER failed with the following status:
A Service Principal Name (SPN) could not be constructed
because the provided hostname is not in the necessary
format..."
EventID 1126: "Unable to establish connection with global
catalog."

Also the _LDAP, _TCP, _* (whatever) are not listed under
the DNS -> LQQKSSERVER -> Foward Lookup Zone ->
lqqks.local although I think this is a symptom and not a
cause. NETDIAG tries to correct this but since it is
failing the DNS test, it is possibly not able to.

Please let me know your thoughts and if you need any
additional info I can email logs, screen shots, > .txt
files, etc...

 

[Kevin D. Goodknecht]

In

I have run NETDIAG /fix and it fails the DNS test stating
that it "Can not find a primary authoritative DNS server
for the name 'LQQKSSERVER.lqqks.local.'.
[RCODE_SERVER_FAILURE]
The name 'LQQKSSERVER.lqqks.local.' may not be registered
in DNS.".... and then a long list of "failed to fix".

The list of errors are:

In DNS Server (whenever the DNS Service is (re)started:
EventID 414: "The DNS server machine currently has no DNS
domain name. Its DNS name is a single label hostname with
no domain (example: "host" rather
than "host.microsoft.com")..."

In Directory Services (every hour):
EventID 1411: "The Directory Service failed to construct
a mutual authentication Service Principal Name (SPN) for
server LQQKSSERVER. The call is denied. The error was:
A Service Principal Name (SPN) could not be constructed
because the provided hostname is not in the necessary
format."
EventID 1655: "The attempt to communicate with global
catalog \\LQQKSSERVER failed with the following status:
A Service Principal Name (SPN) could not be constructed
because the provided hostname is not in the necessary
format..."
EventID 1126: "Unable to establish connection with global
catalog."

Also the _LDAP, _TCP, _* (whatever) are not listed under
the DNS -> LQQKSSERVER -> Foward Lookup Zone ->
lqqks.local although I think this is a symptom and not a
cause. NETDIAG tries to correct this but since it is
failing the DNS test, it is possibly not able to.

Please let me know your thoughts and if you need any
additional info I can email logs, screen shots, > .txt
files, etc...

The more I look at this, the more I think there is a binding problem.
Did you move the internal Interface to the top of the Connections list?
You're not using ICS are you?
What is the domain name in ADU&C?

 

[Ace Fekay [MVP]]

The more I look at this, the more I think there is a binding problem.

Did you move the internal Interface to the top of the Connections list?
You're not using ICS are you?
What is the domain name in ADU&C?

This must be something really simple that is evading us. Maybe it's the
binding order? Not really sure, because he had changed it, as the looks from
the last ipconfig. If installed, maybe ICS's DNS proxy service conflicting?

But one thing I didn't ask, is what you just asked Kevin, is what is the
actual AD DNS domain name and does it match the Primary DNS Suffix and does
it match the zone name in DNS. They are the basic rules for registration.
Those 3 things need to match exactly and have updates enabled on the zone.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Been out for a bit due to a cold but:

The AD Domain name is "LQQKS". When I entered in the
Domain name "lqqks.local" it truncated to "LQQKS".

In DNS the zome name is "lqqks.local".

I am using Internet Connection Sharing but am planning on
going to NAT in the future, once I get this issue resolved.

The Internal NIC is at the top of the tree (Connections
list). And as far as I have seen everything is named the
same. When I go into My Computer -> Properties -> Network
ID it states the Domain name as lqqk.local with Properties
grayed out of course because it is a DC.

 

[Ace Fekay [MVP]]

If Lqqks is your AD DNS DOmain name as it shows up in your ADUC console,
then that's the whole problem.

The netlogon service will never be able to register the AD's domain info of
"LQQKS" into the zone called "LQQKS.local" because they are mismatched.
That's called a disjointed namespace.

Rules are simple for registration:

1. AD DNS Domain name must match the Primary DNS Suffix as well as the zone
name in DNS which has updates enabled to at least "YES" in it's properties.
The netlogon service enumerates the data out of the AD database, then it
attempts to register that info into DNS, but it looks for the Primary DNS
Suffix to be of the same name. If it's not, then it's called a disjointed
namespace. I have a script that can force the Primary DNS SUffix to match
the AD name.

2. If the AD DNS Domain name is just "lqqks", andthen we have what we call a
single label domain name, which will cause problems. See this article for
more info on how to force AD and DNS to accept the registration. But the
zone you'll need to create must be called "lqqks":
http://support.microsoft.com/?id=300684




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht]

In

Been out for a bit due to a cold but:

The AD Domain name is "LQQKS". When I entered in the
Domain name "lqqks.local" it truncated to "LQQKS".

In DNS the zome name is "lqqks.local".

I am using Internet Connection Sharing but am planning on
going to NAT in the future, once I get this issue resolved.

The Internal NIC is at the top of the tree (Connections
list). And as far as I have seen everything is named the
same. When I go into My Computer -> Properties -> Network
ID it states the Domain name as lqqk.local with Properties
grayed out of course because it is a DC.

In addition to what Ace stated you CANNOT use ICS with DNS or DHCP, you must
disable it and configure NAT in RRAS.

I will verify what Ace stated, if your domain is lqqks in ADU&C you cannot
change it you will have to change the primary DNS suffix to match it and
create a zone with that name and the registry fix that allow single label
domain names.

You alternative is to demote it and promote it again with the correct name,
even then, you cannot demote it so long as the disjointed name space exists
so you are still going to have to correct the primary DNS suffix.

 

[Ace Fekay [MVP]]

Forgot all about ICS being in the picture, I was so concerned with answering
the single label issue!
Cheers!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Ok....sorry guys the fun isn't over. :-(

In ADUC the name listed is "lqqks.local" so that isn't the
problem. Although does it make a difference if when the
zone is created between "lqqks.local." and "lqqks.local"
(note trailing period)? I have been entering it with the
trailing period, although the period isn't there in the
zone name as it is listed in DNS Manager.

I have installed and configured NAT in RAS. It is working
well. But it didn't cure the problem.

I have tried deleting the AD integrated zone and
recreating it. I have tried running "netdiag /fix" and
that hasn't helped either. Still getting the same errors.

Ace I believed mentioned a script to run...if you email it
I'll see if that could help. Other than that...any other
ideas?

 

[Kevin D. Goodknecht]

In

Ok....sorry guys the fun isn't over. :-(

In ADUC the name listed is "lqqks.local" so that isn't the
problem. Although does it make a difference if when the
zone is created between "lqqks.local." and "lqqks.local"
(note trailing period)? I have been entering it with the
trailing period, although the period isn't there in the
zone name as it is listed in DNS Manager.

I have installed and configured NAT in RAS. It is working
well. But it didn't cure the problem.

I have tried deleting the AD integrated zone and
recreating it. I have tried running "netdiag /fix" and
that hasn't helped either. Still getting the same errors.

Ace I believed mentioned a script to run...if you email it
I'll see if that could help. Other than that...any other
ideas?

I had to go back through the thread to see what all you've done I'm not sure
of the registry changes you made but there is a script for changing the
primary DNS suffix that has worked many times. If you will email me to
verify your email address I can help you with the script.

 

[Ace Fekay [MVP]]

Kevin, got the script covered for Lordlqqk?

I don't think the period is the issue, but we normally do not put the period
in there and DNS takes care of that automatically.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:

Kevin, got the script covered for Lordlqqk?

I don't think the period is the issue, but we normally do not put the
period in there and DNS takes care of that automatically.

I just don't want to email it to an unverified Email, I sure hope he
remembers to take out the nospam.