eventvwr DNS issue - Please help us!

[Guest]

Hi there,

We are a school who's IT support company have gone under which has left us
in the lurch. I have a sufficient knowledge to sort out most problems but I
dont have much "in the field" experience of DNS. Here is our problem: -

We have a single name domain name which we know causes problems with dynamic
DNS entries, but our event viewer is chocablock with DNS errors which I have
detailed below: -

event id: -6702

DNS server has updated its own host (A) records. In order to ensure that
its DS-integrated peer DNS servers are able to replicate with this server, an
attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error
code.

If this DNS server does not have any DS-integrated peers, then this error
should be ignored.

If this DNS server's Active Directory replication partners do not have the
correct IP address(es) for this server, they will be unable to replicate with
it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS
server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record
corresponding to an address on this server, that the replication partner can
contact. (In other words, if there multiple IP addresses for this DNS
server, add at least one that is on the same network as the Active Directory
DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is
only necessary that the records are fixed up on enough replication partners
so that every server that replicates with this server will receive (through
replication) the new data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.Send support emial to ms newsgroups
DNS regarding

I believe this error originated when our support company installed a new
2003 DC last summer, all roles were changed to the new server with our old
2000 server being made redundant (but still being used as a print and file
server). I have checked the DNS console of the old 2k server and DNS is not
being replicated to it....maybe its trying to replicate but cant??

The new 2003 server has the following DNS config: -
Forward Lookup Zone: -
AD integrated
Rerplication - To all domain controllers in AD *domain*
Updates - non-secure and secure
Zone Transfers - not configured

Reverse Lookup zone (we have 3 zones listed, one for 10.0.x.x subnet, one
for 0, one for 10 and one for 12 {we use a dhcp scope of 10.0.10.x to
10.0.12.254}
The config is: -

Ad integrated
No zone transfers
updates are secure only and replication is to all DCs in *domain*

The other thing is that under forwarders we have a local address for our SME
gateway/mail server which i presume then uses the correct forwarders (we dont
have nay problems with resolving names out on the internet).

Can someone please let me know either how to fix this problem or reassure us
that this wont cause any immediate problems in the future.

The other thing we would like to know (seeing as we're on the smae subject!)
is this; our SME email server/gateway enables us to connect to it from our
homes to read our email. The address to get it it mail.domain.com/webmail.
We aren't able to access this for testing purposes from inside our LAN, do I
have to insert an A record pointing to the FQDN in DNS or is ther something
else Im missing?

Many many thanks in advance if you can help!

 

[Ace Fekay [MVP]]

In

Hi there,

We are a school who's IT support company have gone under which has
left us
in the lurch. I have a sufficient knowledge to sort out most
problems but I dont have much "in the field" experience of DNS. Here
is our problem: -

We have a single name domain name which we know causes problems with
dynamic DNS entries, but our event viewer is chocablock with DNS
errors which I have detailed below: -

event id: -6702

DNS server has updated its own host (A) records. In order to ensure
that
its DS-integrated peer DNS servers are able to replicate with this
server, an attempt was made to update them with the new records
through dynamic update. An error was encountered during this update,
the record data is the error code.

If this DNS server does not have any DS-integrated peers, then this
error should be ignored.

If this DNS server's Active Directory replication partners do not
have the correct IP address(es) for this server, they will be unable
to replicate with it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run
the DNS server.
2) Open DnsManager and connect in turn to each of the replication
partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP
addresses of this server. 5) If there are no A records for this
server, add at least one A record corresponding to an address on this
server, that the replication partner can contact. (In other words,
if there multiple IP addresses for this DNS server, add at least one
that is on the same network as the Active Directory DNS server you
are updating.) 6) Note, that is not necessary to update EVERY
replication partner. It is only necessary that the records are fixed
up on enough replication partners so that every server that
replicates with this server will receive (through replication) the
new data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.Send support emial to ms
newsgroups DNS regarding

I believe this error originated when our support company installed a
new 2003 DC last summer, all roles were changed to the new server
with our old 2000 server being made redundant (but still being used
as a print and file server). I have checked the DNS console of the
old 2k server and DNS is not being replicated to it....maybe its
trying to replicate but cant??

The new 2003 server has the following DNS config: -
Forward Lookup Zone: -
AD integrated
Rerplication - To all domain controllers in AD *domain*
Updates - non-secure and secure
Zone Transfers - not configured

Reverse Lookup zone (we have 3 zones listed, one for 10.0.x.x subnet,
one
for 0, one for 10 and one for 12 {we use a dhcp scope of 10.0.10.x to
10.0.12.254}
The config is: -

Ad integrated
No zone transfers
updates are secure only and replication is to all DCs in *domain*

The other thing is that under forwarders we have a local address for
our SME gateway/mail server which i presume then uses the correct
forwarders (we dont have nay problems with resolving names out on the
internet).

Can someone please let me know either how to fix this problem or
reassure us that this wont cause any immediate problems in the future.

The other thing we would like to know (seeing as we're on the smae
subject!) is this; our SME email server/gateway enables us to connect
to it from our homes to read our email. The address to get it it
mail.domain.com/webmail. We aren't able to access this for testing
purposes from inside our LAN, do I have to insert an A record
pointing to the FQDN in DNS or is ther something else Im missing?

Many many thanks in advance if you can help!

Are there multiple NICs on the DNS server? That can cause 6702's.

Yes, create a host record for 'mail" under your internal zone name providing
it the internal private IP address for internal users to access your OWA.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================