Netdiag DNS error

[Zeke]

Hi all,

I have 4 DC's, 2 Windows 2000 and 2 Windows 2003. I will
soon be taking the W2k DC's out of service. DNS is on each
of the DC's and they are AD Intergrated zones. Nslookup
and resolution all seem to work correctly, however when I
run Netdiag on the W2003 DC's I get the following:

C:\Program Files\Support Tools>netdiag
......................................
Computer Name: DC1
DNS Host Name: DC1.anydomain.org
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 5,
GenuineIntel
List of installed hotfixes :
KB819696
KB823182
KB823559
KB824105
KB824141
KB824146
KB824151
KB825119
KB828035
KB828741
KB833987
KB834707
KB835732
KB837001
KB839643
KB839645
KB840315
KB840374
KB840987
KB841356
KB841533
KB867460
KB873376
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Broadcom NetXtreme Dual Port Gigabit
Ethernet Adapter - Onboard -
Link B
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : DC1
IP Address . . . . . . . . : 192.168.5.6
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.5.251
Dns Servers. . . . . . . . : 192.168.5.6
192.168.1.10

AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation
Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{EE5D1895-EC1E-4E19-A74C-7AE6C2A236B6}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the
<00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{EE5D1895-EC1E-4E19-A74C-7AE6C2A236B6}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{EE5D1895-EC1E-4E19-A74C-7AE6C2A236B6}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
Secure channel for domain 'anydomain' is
to '\\dca.anydomain.com'.

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more
detailed information

The command completed successfully


The other DNS server, 5.10 is a Windows 2000 server, the
DNS server that the error occurred on is a Windows 2003
server. If I run Netdiag against only the Windows 2003
servers it will fail completely. All DC IP's are static.
Any ideas on why this is happening? Thanks for your help

 

[Ace Fekay [MVP]]

In Zeke <[email protected]> made a post then I commented
below
:: Hi all,
::
:: I have 4 DC's, 2 Windows 2000 and 2 Windows 2003. I will
:: soon be taking the W2k DC's out of service. DNS is on each
:: of the DC's and they are AD Intergrated zones. Nslookup
:: and resolution all seem to work correctly, however when I
:: run Netdiag on the W2003 DC's I get the following:
::
DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

<snip>

Is the DNS service running on the machine?
Any services disabled or stopped?
Any event log errors?


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Guest]

Hi Ace,

DNS is running, no stopped or disabled services. One
error in DNS Event log which occurred 5 days ago and not
since then:

Event ID 4004

The DNS server was unable to complete directory service
enumeration of zone chpd.townofchapelhill.org. This DNS
server is configured to use information obtained from
Active Directory for this zone and is unable to load the
zone without it. Check that the Active Directory is
functioning properly and repeat enumeration of the zone.
The extended error debug information (which may be empty)
is "". The event data contains the error.

 

[Ace Fekay [MVP]]

In (e-mail address removed) <[email protected]>
made a post then I commented below
:: Hi Ace,
::
:: DNS is running, no stopped or disabled services. One
:: error in DNS Event log which occurred 5 days ago and not
:: since then:
::
:: Event ID 4004
::
:: The DNS server was unable to complete directory service
:: enumeration of zone chpd.townofchapelhill.org. This DNS
:: server is configured to use information obtained from
:: Active Directory for this zone and is unable to load the
:: zone without it. Check that the Active Directory is
:: functioning properly and repeat enumeration of the zone.
:: The extended error debug information (which may be empty)
:: is "". The event data contains the error.

4004 errors can be ignored in most cases, as long as the zone is available
once AD's services intialize. That is normally a boot time error when DNS
intializes prior to AD with using AD Integrated zones (because the zone is
stored in AD).

The original question was concerning the Trksrv. That is the DFS service. I
guess you're ok with that?

Ace

 

[Guest]

Trksrv? I am not sure what that is. The original question
was why this error keeps popping up in netdiag:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

If I only use the 192.168.5.6 or 5.7 DNS servers it will
fail netdiag. Note that this netdiag was run from 5.6. Why
can it not verify its own DNS record on itself?

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
commented
Then Kevin replied below:

Trksrv? I am not sure what that is. The original question
was why this error keeps popping up in netdiag:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

If I only use the 192.168.5.6 or 5.7 DNS servers it will
fail netdiag. Note that this netdiag was run from 5.6. Why
can it not verify its own DNS record on itself?

Check that the DNS service is listening on the 192.168.5.6 IP address on the
Interfaces tab of the DNS server properties.

Run nslookup to see if the DNS server is responding to queries.

 

[Guest]

Yes it is and it responds to nslookup and resolves with no
problems. Note there are Windows 2000 and 2003 DNS servers
in this environment, this error is from a 2003 DNS server.
What is causing this?

-----Original Message-----
In (e-mail address removed)

commented
Then Kevin replied below:

Trksrv? I am not sure what that is. The original question
was why this error keeps popping up in netdiag:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.
PASS - All the DNS entries for DC are registered on
DNS server '192.168.5.10
' and other DCs also have some of the names registered.

If I only use the 192.168.5.6 or 5.7 DNS servers it will
fail netdiag. Note that this netdiag was run from 5.6. Why
can it not verify its own DNS record on itself?

Check that the DNS service is listening on the 192.168.5.6 IP address on the
Interfaces tab of the DNS server properties.

Run nslookup to see if the DNS server is responding to queries.





.

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
commented
Then Kevin replied below:

Yes it is and it responds to nslookup and resolves with no
problems. Note there are Windows 2000 and 2003 DNS servers
in this environment, this error is from a 2003 DNS server.
What is causing this?

I don't know, I have yet to acquire the information to tell you what is
causing this.
Have you tried querying DNS for any of the SRV records?

 

[Ace Fekay [MVP]]

In (e-mail address removed) <[email protected]>
made a post then I commented below
:: Trksrv? I am not sure what that is. The original question
:: was why this error keeps popping up in netdiag:
::
:: DNS test . . . . . . . . . . . . . : Passed
:: [WARNING] The DNS entries for this DC cannot be
:: verified right now on DNS <--- This is the error
:: server 192.168.5.6, ERROR_TIMEOUT.
:: PASS - All the DNS entries for DC are registered on
:: DNS server '192.168.5.10
:: ' and other DCs also have some of the names registered.
::
:: If I only use the 192.168.5.6 or 5.7 DNS servers it will
:: fail netdiag. Note that this netdiag was run from 5.6. Why
:: can it not verify its own DNS record on itself?

Oops., I was thinking of another post when I said that. I apologize.

Back to your error:

[WARNING] The DNS entries for this DC cannot be
verified right now on DNS <--- This is the error
server 192.168.5.6, ERROR_TIMEOUT.


Have you physically looked in DNS to see if this entry exists?

Also, since it's timing out, that comes back to my original thought that the
service wasn't running.

Is the DHCP Client service running on 192.168.5.6 ?

Ace

 

[Guest]

Yes I can query for any record successfully. Nslookup
works fine and no errors in the event logs. This W2003 dns
server is in a domain with 2000 dns servers. What I cannot
understand is that it cannot verify its own A record even
though there is an A record for it on the same server.

-----Original Message-----
In (e-mail address removed)

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
commented
Then Kevin replied below:

Yes I can query for any record successfully. Nslookup
works fine and no errors in the event logs. This W2003 dns
server is in a domain with 2000 dns servers. What I cannot
understand is that it cannot verify its own A record even
though there is an A record for it on the same server.

Run these:
nslookup -d2
server <badserverip>
set type=srv
_ldap._tcp.<replacewithyourADdomainname>.
^
Do not forget to add this trailing dot-----------^

Show me the output and is this DCs SRV record listed.
Also post the ipconfig /all from this DC.

 

[Guest]

Let me guys get in this conversation as i have got the same error.
The DNS service, DHCP client service are up and running.

The entry can only be existing as it is a domain controller and a primary
dns in my AD domain.

Any other thoughts ??

Thanks !!

 

[Ace Fekay [MVP]]

In

Let me guys get in this conversation as i have got the same error.
The DNS service, DHCP client service are up and running.

The entry can only be existing as it is a domain controller and a
primary dns in my AD domain.

Any other thoughts ??

Thanks !!

What exactly is the error you are seeing?

Well, as was discussed in this thread, and as is posted in many other
threads, the main points to consider are:

1. You are only using the internal DNS server(s). No ISPs in IP properties
can exist.
2. You do not have a single label name AD DNS domain name.
3. The Primary DNS Suffix is set to the AD DNS domain name.
4. The zone name is the same as in #3 above, and updates are allowed.

That's pretty much the basics. If you feel you're not sure of any of these
points and it's still difficult to diagnose, please post an unedited
ipconfig /all, the netdiag error, and any Event log errors.

Thanks,
Ace

 

[Guest]

I have checked every option you mentionned and it is fine except number two:
2. You do not have a single label name AD DNS domain name: WHAT DO YOU MEAN?

My Netdiag log is at the end of this message


Thanks!
Ebk

In

What exactly is the error you are seeing?

Well, as was discussed in this thread, and as is posted in many other
threads, the main points to consider are:

1. You are only using the internal DNS server(s). No ISPs in IP properties
can exist.
2. You do not have a single label name AD DNS domain name.
3. The Primary DNS Suffix is set to the AD DNS domain name.
4. The zone name is the same as in #3 above, and updates are allowed.

That's pretty much the basics. If you feel you're not sure of any of these
points and it's still difficult to diagnose, please post an unedited
ipconfig /all, the netdiag error, and any Event log errors.

Thanks,
Ace

C:\Documents and Settings\EMEA_pthoms>netdiag

.........................................

Computer Name: GBLDCDCE01
DNS Host Name: gbldcdce01.emea.cbre.net
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 5, GenuineIntel
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB824105
KB824141
KB824146
KB824151
KB825119
KB828035
KB828741
KB830352
KB832894
KB833987
KB834707
KB835732
KB837001
KB837272
KB839643
KB839643-DirectX9
KB839645
KB840315
KB840374
KB840987
KB841356
KB841533
KB867460
KB867801
KB870763
KB873339
KB873376
KB883935
KB885835
KB885836
KB885881
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Broadcom NetXtreme Gigabit Ethernet Adapter - Onboard - Link B

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : gbldcdce01.emea.cbre.net
IP Address . . . . . . . . : 10.15.246.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.15.246.1
Primary WINS Server. . . . : 192.168.1.250
Dns Servers. . . . . . . . : 10.15.246.3
10.15.246.2


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A52E97B9-B8FB-4A10-A756-E6495D1D7F65}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.15.246.3'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.15.246.2'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A52E97B9-B8FB-4A10-A756-E6495D1D7F65}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A52E97B9-B8FB-4A10-A756-E6495D1D7F65}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'EMEA' is to '\\gbldcadc01.emea.cbre.net'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

 

[Guest]

Here are the results:

C:\>nslookup -d2
------------
SendRequest(), len 42
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
6.5.168.192.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (88 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 1, authority records =
0, additional = 0

QUESTIONS:
6.5.168.192.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 6.5.168.192.in-addr.arpa
type = PTR, class = IN, dlen = 34
name = anydomain.domain.org
ttl = 1200 (20 mins)

------------
Default Server: DC1.anydomain.domain.org
Address: 192.168.5.6





C:\>nslookup -d2
------------
SendRequest(), len 42
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
6.5.168.192.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (88 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 1, authority records =
0, additional = 0

QUESTIONS:
6.5.168.192.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 6.5.168.192.in-addr.arpa
type = PTR, class = IN, dlen = 34
name = DC1.anydomain.domain.org
ttl = 1200 (20 mins)

------------
Default Server: DC1.anydomain.domain.org
Address: 192.168.5.6

set type=srv
_ldap.tcp.DC1.anydomain.domain.org

Server: DC1.anydomain.domain.org
Address: 192.168.5.6

------------
SendRequest(), len 79
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:

_ldap.tcp.anydomain.domain.org.anydomain.domain.org, type
= SR
V, class = IN

------------
------------
Got answer (161 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 0, authority records =
1, additional = 0

QUESTIONS:

_ldap.tcp.anydomain.domain.org.anydomain.domain.org, type
= SR
V, class = IN
AUTHORITY RECORDS:
-> anydomain.domain.org
type = SOA, class = IN, dlen = 45
ttl = 3600 (1 hour)
primary name server = DC1.anydomain.domain.org
responsible mail addr =
administrator.anydomain.domain.org
serial = 25937
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 900 (15 mins)

------------
------------
SendRequest(), len 74
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
_ldap.tcp.anydomain.domain.org, type = SRV, class
= IN

------------
------------
Got answer (149 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, recursion
avail.
questions = 1, answers = 0, authority records =
1, additional = 0

QUESTIONS:
_ldap.tcp.anydomain.domain.org, type = SRV, cl
ass = IN
AUTHORITY RECORDS:
-> domain.org
type = SOA, class = IN, dlen = 43
ttl = 3600 (1 hour)
primary name server = dca.domain.org
responsible mail addr = administrator.domain.org
serial = 11766
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 900 (15 mins)

------------
------------
SendRequest(), len 53
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
_ldap.tcp.anydomain.domain.org, type = SRV, class
= IN

------------
------------
Got answer (135 bytes):
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 0, authority records =
1, additional = 0

QUESTIONS:
_ldap.tcp.anydomain.domain.org, type = SRV, class
= IN
AUTHORITY RECORDS:
-> anydomain.domain.org
type = SOA, class = IN, dlen = 45
ttl = 3600 (1 hour)
primary name server = DC1.anydomain.domain.org
responsible mail addr =
administrator.anydomain.domain.org
serial = 25937
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 900 (15 mins)
[/QUOTE]

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
commented
Then Kevin replied below:

*** DC1.anydomain.domain.orgcan't find
_ldap.tcp.anydomain.domain.org.
org: Non-existent domain

Ooops! Wrong query, try _ldap._tcp.dc._msdcs.anydomain.domain.com.

 

[Ace Fekay [MVP]]

In

In (e-mail address removed)


Ooops! Wrong query, try _ldap._tcp.dc._msdcs.anydomain.domain.com.

Or for all the SRV records, try:
ls -t srv anydomain.com

I don't think I saw the ipconfig /all, unless I missed it?


Ace

 

[Ace Fekay [MVP]]

In

I have checked every option you mentionned and it is fine except
number two:
2. You do not have a single label name AD DNS domain name: WHAT DO
YOU MEAN?

<snip>

You don't seem to have a single label name. An example of a single label
name is "domain" versus a proper defined name of "domain.com".

What concerns me is this:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.15.246.3'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '10.15.246.2'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Did you physically check those two DNS servers mentioned in the message for
the DC's record?

Ace

 

[Kevin D. Goodknecht Sr. [MVP]]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
commented
Then Kevin replied below:

In

I have checked every option you mentionned and it is
fine except number two:
2. You do not have a single label name AD DNS domain
name: WHAT DO YOU MEAN?

<snip>

You don't seem to have a single label name. An example of
a single label name is "domain" versus a proper defined
name of "domain.com".

What concerns me is this:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not
registered correctly on DNS se
rver '10.15.246.3'. Please wait for 30 minutes for DNS
server replication. [WARNING] The DNS entries for
this DC are not registered correctly on
DNS se
rver '10.15.246.2'. Please wait for 30 minutes for DNS
server replication. [FATAL] No DNS servers have the
DNS records for this DC registered.


Did you physically check those two DNS servers mentioned
in the message for the DC's record?

It might help if he ran netdiag /fix then post results from a
netdiag /test:dns /v

 

[Guest]

here is the latest:


C:\>nslookup
Default Server: DC1.anydomain.domain.org
Address: 192.168.5.6

_ldap._tcp.dc._msdcs.anydomain.domain.org

Server: DC1.anydomain.domain.org
Address: 192.168.5.6

Name: _ldap._tcp.dc._msdcs.anydomain.domain.org

set type=srv
_ldap._tcp.dc._msdcs.anydomain.domain.org

Server: DC1.anydomain.domain.org
Address: 192.168.5.6

_ldap._tcp.dc._msdcs.anydomain.domain.org SRV service
location:
priority = 0
weight = 100
port = 389
svr hostname = DC2.anydomain.domain.org
_ldap._tcp.dc._msdcs.anydomain.domain.org SRV service
location:
priority = 0
weight = 100
port = 389
svr hostname = DCA.anydomain.domain.org
_ldap._tcp.dc._msdcs.anydomain.domain.org SRV service
location:
priority = 0
weight = 100
port = 389
svr hostname = DC1.anydomain.domain.org
_ldap._tcp.dc._msdcs.anydomain.domain.org SRV service
location:
priority = 0
weight = 100
port = 389
svr hostname = DC2.anydomain.domain.org
DC2.anydomain.domain.org internet address = 192.168.5.4
DC2.anydomain.domain.org internet address = 38.233.154.182
DCA.anydomain.domain.org internet address = 192.168.5.3
DC1.anydomain.domain.org internet address = 192.168.5.6

and ipconfig /all:


C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . :
anydomain.domain.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
anydomain.domain.org
domain.org

Ethernet adapter Broadcom NetXtreme Dual Port Gigabit
Ethernet Adapter - Onboard
- Link B:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-0F-1F-66-CF-6F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.5.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.5.253
DNS Servers . . . . . . . . . . . : 192.168.5.7

C:\>

Thanks