Netdiag errors, again, [FATAL] Invalid DNS entries

[jellis]

Below is a repost. If you read the contents you'll see
that I posted a question. Got a reply. Performed the
steps recommended. Didn't work. Replyed to the reply
requesting additional assistance. Got no answer. Below
is the thread in its entirety.

This problem is getting old and the client is getting
pissed. Help is needed.

Thanks

-------------------------------------------------------
Thanks for your advice. Unfortunately it didn't resolve
the problem.

I reviewed the articles recommended. Made a few
adjustments (Enabled Append primary and connection
specific DNS suffixes, Append parent suffixes of the
primary DNS suffix) restarted DNS server, ran Netdiag,
same result.

Below is the output from Netdiag:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS host name 'zack_dc1.Zack.Loc' valid
only on Windows 2000 DNS Servers. [DNS_ERROR_NON_RFC_NAME]
[FATAL] File \config\netlogon.dns contains invalid
DNS entries. [FATAL] No DNS servers have the DNS
records for this DC registered.

The messages are confusing in that the DNS server running
on the domain controller "zack_dc1" clearly has records
for "zack_dc1".

Below are the contents of netlogon.dns:
Zack.Loc. 600 IN A 10.0.0.1
_ldap._tcp.Zack.Loc. 600 IN SRV 0 100 389
zack_dc1.Zack.Loc.
_ldap._tcp.pdc._msdcs.Zack.Loc. 600 IN SRV 0 100 389
zack_dc1.Zack.Loc.
_ldap._tcp.gc._msdcs.Zack.Loc. 600 IN SRV 0 100 3268
zack_dc1.Zack.Loc.
_ldap._tcp.ed08d988-70d4-4afc-ad1d-
09f511156f13.domains._msdcs.Zack.Loc. 600 IN SRV 0 100 389
zack_dc1.Zack.Loc.
gc._msdcs.Zack.Loc. 600 IN A 10.0.0.1
8d67ce39-ae68-4409-a863-5342f6c4f31b._msdcs.Zack.Loc. 600
IN CNAME zack_dc1.Zack.Loc.
_kerberos._tcp.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 88
zack_dc1.Zack.Loc.
_ldap._tcp.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 389
zack_dc1.Zack.Loc.
_kerberos._tcp.Zack.Loc. 600 IN SRV 0 100 88
zack_dc1.Zack.Loc.
_gc._tcp.Zack.Loc. 600 IN SRV 0 100 3268 zack_dc1.Zack.Loc.
_kerberos._udp.Zack.Loc. 600 IN SRV 0 100 88
zack_dc1.Zack.Loc.
_kpasswd._tcp.Zack.Loc. 600 IN SRV 0 100 464
zack_dc1.Zack.Loc.
_kpasswd._udp.Zack.Loc. 600 IN SRV 0 100 464
zack_dc1.Zack.Loc.
_ldap._tcp.Default-First-Site-Name._sites.Zack.Loc. 600 IN
SRV 0 100 389 zack_dc1.Zack.Loc.
_ldap._tcp.Default-First-Site-
Name._sites.gc._msdcs.Zack.Loc. 600 IN SRV 0 100 3268
zack_dc1.Zack.Loc.
_kerberos._tcp.Default-First-Site-
Name._sites.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 88
zack_dc1.Zack.Loc.
_ldap._tcp.Default-First-Site-
Name._sites.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 389
zack_dc1.Zack.Loc.
_kerberos._tcp.Default-First-Site-Name._sites.Zack.Loc.
600 IN SRV 0 100 88 zack_dc1.Zack.Loc.
_gc._tcp.Default-First-Site-Name._sites.Zack.Loc. 600 IN
SRV 0 100 3268 zack_dc1.Zack.Loc.
; _ldap._tcp.Zack.Loc. 600 IN SRV 0 100 389 attack-
2.Zack.Loc.
; _ldap._tcp.Default-First-Site-Name._sites.Zack.Loc. 600
IN SRV 0 100 389 attack-2.Zack.Loc.
; _ldap._tcp.pdc._msdcs.Zack.Loc. 600 IN SRV 0 100 389
attack-2.Zack.Loc.
; _ldap._tcp.gc._msdcs.Zack.Loc. 600 IN SRV 0 100 3268
attack-2.Zack.Loc.
; _ldap._tcp.Default-First-Site-
Name._sites.gc._msdcs.Zack.Loc. 600 IN SRV 0 100 3268
attack-2.Zack.Loc.
; _ldap._tcp.ed08d988-70d4-4afc-ad1d-
09f511156f13.domains._msdcs.Zack.Loc. 600 IN SRV 0 100 389
attack-2.Zack.Loc.
; d2a87099-b823-418f-aee2-f93929d04014._msdcs.Zack.Loc.
600 IN CNAME attack-2.Zack.Loc.
; _kerberos._tcp.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 88
attack-2.Zack.Loc.
; _kerberos._tcp.Default-First-Site-
Name._sites.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 88 attack-
2.Zack.Loc.
; _ldap._tcp.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 389
attack-2.Zack.Loc.
; _ldap._tcp.Default-First-Site-
Name._sites.dc._msdcs.Zack.Loc. 600 IN SRV 0 100 389
attack-2.Zack.Loc.
; _kerberos._tcp.Zack.Loc. 600 IN SRV 0 100 88 attack-
2.Zack.Loc.
; _kerberos._tcp.Default-First-Site-Name._sites.Zack.Loc.
600 IN SRV 0 100 88 attack-2.Zack.Loc.
; _gc._tcp.Zack.Loc. 600 IN SRV 0 100 3268 attack-
2.Zack.Loc.
; _gc._tcp.Default-First-Site-Name._sites.Zack.Loc. 600 IN
SRV 0 100 3268 attack-2.Zack.Loc.
; _kerberos._udp.Zack.Loc. 600 IN SRV 0 100 88 attack-
2.Zack.Loc.
; _kpasswd._tcp.Zack.Loc. 600 IN SRV 0 100 464 attack-
2.Zack.Loc.
; _kpasswd._udp.Zack.Loc. 600 IN SRV 0 100 464 attack-
2.Zack.Loc.

Your continued support will of course be appreciated.

-----Original Message-----
Thanks. I'll give it a shot.

-----Original Message-----
See:
Setting Up the Domain Name System for Active Directory

http://support.microsoft.com/default.aspx?scid=kb;en- us;237675


How to: Configure DNS for Internet Access In Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en- us;300202





hth

DDS W 2k MVP MCSE

Having a problem knowing what to do with the errors below,
from NETDIAG

[FATAL] File \config\netlogon.dns contains invalid DNS
entries.
[FATAL] No DNS servers have the DNS records for this DC
registered.

I get these errors when running NETDIAG on the DNS server
for the domain, which is one of two DCs for the domain.

I have removed and resinstalled DNS already.

Any help will be greatly appreciated.

.

.

..

 

[Ace Fekay [MVP]]

In

Below is a repost. If you read the contents you'll see
that I posted a question. Got a reply. Performed the
steps recommended. Didn't work. Replyed to the reply
requesting additional assistance. Got no answer. Below
is the thread in its entirety.

This problem is getting old and the client is getting
pissed. Help is needed.

Thanks

-------------------------------------------------------
Thanks for your advice. Unfortunately it didn't resolve
the problem.

I reviewed the articles recommended. Made a few
adjustments (Enabled Append primary and connection
specific DNS suffixes, Append parent suffixes of the
primary DNS suffix) restarted DNS server, ran Netdiag,
same result.

Below is the output from Netdiag:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS host name 'zack_dc1.Zack.Loc' valid
only on Windows 2000 DNS Servers. [DNS_ERROR_NON_RFC_NAME]
[FATAL] File \config\netlogon.dns contains invalid
DNS entries. [FATAL] No DNS servers have the DNS
records for this DC registered.

Apparently the underscore is causing the NON-RFC name error. I believe I saw
this post earlier and Kevin replied back to you on it, I see Danny replied
also. Did you ALSO post this elsewhere (such as the AD group) but you
multiposted it and not cross posted it? If you did, crossposting is advised.

But don't remember what the recommendations were other than properly
renaming the machine without an underscore so the NON_RFC Error will go
away, if that's the only error you have.

Are there any Event log errors?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[jellis]

I apologize for my apparent inability to use a fairly
straightforward support service. I wasn't searching
correctly for replies to my earlier post.

I made the change that Kevin requested regarding the
underscore in the server name (DNS Management Console,
allow All names). I restart the DNS server as well as the
netlogon service. Ran Netdiag, still getting the same
errors.

The Event Viewer is reporting the error below regarding
DNS. I didn't think it was significant in that there is
only one DNS server in the domain;
----------------Event viewer Error start -------------
Event ID 6702
DNS Server has updated its own host (A) records. In order
to insure that its DS-integrated peer DNS servers are able
to replicate with this server, an attempt was made to
update them with the new records through dynamic update.
An error was encountered during this update, the record
data is the error code.

If this DNS server does not have any DS-integrated peers,
then this error
should be ignored.

If this DNS server's ActiveDirectory replication partners
do not have the correct IP address(es) for this server,
they will be unable to replicate with it.

To insure proper replication:
1) Find this server's ActiveDirectory replication partners
that run the DNS server.
2) Open DnsManager and connect in turn to each of the
replication partners.
3) On each server, check the host (A record) registration
for THIS server.
4) Delete any A records that do NOT correspond to IP
addresses of this server.
5) If there are no A records for this server, add at least
one A record corresponding to an address on this server,
that the replication partner can contact. (In other
words, if there multiple IP addresses for this DNS server,
add at least one that is on the same network as the
ActiveDirectory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication
partner. It is only necessary that the records are fixed
up on enough replication partners so that every server
that replicates with this server will receive (through
replication) the new data.
-------------Event viewer error end ----------------

-----Original Message-----
In jellis <[email protected]> made a post then I commented
below

Below is a repost. If you read the contents you'll see
that I posted a question. Got a reply. Performed the
steps recommended. Didn't work. Replyed to the reply
requesting additional assistance. Got no answer. Below
is the thread in its entirety.

This problem is getting old and the client is getting
pissed. Help is needed.

Thanks

-------------------------------------------------------
Thanks for your advice. Unfortunately it didn't resolve
the problem.

I reviewed the articles recommended. Made a few
adjustments (Enabled Append primary and connection
specific DNS suffixes, Append parent suffixes of the
primary DNS suffix) restarted DNS server, ran Netdiag,
same result.

Below is the output from Netdiag:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS host name 'zack_dc1.Zack.Loc' valid
only on Windows 2000 DNS Servers. [DNS_ERROR_NON_RFC_NAME]
[FATAL] File \config\netlogon.dns contains invalid
DNS entries. [FATAL] No DNS servers have the DNS
records for this DC registered.

Apparently the underscore is causing the NON-RFC name error. I believe I saw
this post earlier and Kevin replied back to you on it, I see Danny replied
also. Did you ALSO post this elsewhere (such as the AD group) but you
multiposted it and not cross posted it? If you did, crossposting is advised.

But don't remember what the recommendations were other than properly
renaming the machine without an underscore so the NON_RFC Error will go
away, if that's the only error you have.

Are there any Event log errors?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================


.

 

[Ace Fekay [MVP]]

In

I apologize for my apparent inability to use a fairly
straightforward support service. I wasn't searching
correctly for replies to my earlier post.

I made the change that Kevin requested regarding the
underscore in the server name (DNS Management Console,
allow All names). I restart the DNS server as well as the
netlogon service. Ran Netdiag, still getting the same
errors.

The Event Viewer is reporting the error below regarding
DNS. I didn't think it was significant in that there is
only one DNS server in the domain;
----------------Event viewer Error start -------------
Event ID 6702
DNS Server has updated its own host (A) records. In order
to insure that its DS-integrated peer DNS servers are able
to replicate with this server, an attempt was made to
update them with the new records through dynamic update.
An error was encountered during this update, the record
data is the error code.

<snip>

Nah, no need to apologize. INstead of using the web based interface, which
is difficult to navigate, I suggest to use Outlook Express as your
newsreader. Just create a new news account and specify news.microsoft.com as
the news server. Then scroll thru the newsgroups and add this one to your
subscribed list. Then look for your post by name and date and then check the
'watch' column. It will be easy to follow afterwards since new entries and
responses will turn bold red.

Anyway...
I've seen this error with multihomed machines mainly.

What is your configuration? Can you post an unedited ipconfig /all please?

Do you have a forwarder configured? If not, please do so. You can use
4.2.2.2 reliably.

Are there mutliple NICs in this machine? If so, DNS properties, Interface
tab, tell it to only listen to the internal interface (set by IP).



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Below is a repost. If you read the contents you'll see
that I posted a question. Got a reply. Performed the
steps recommended. Didn't work. Replyed to the reply
requesting additional assistance. Got no answer. Below
is the thread in its entirety.

This problem is getting old and the client is getting
pissed. Help is needed.

Thanks

-------------------------------------------------------
Thanks for your advice. Unfortunately it didn't resolve
the problem.

I reviewed the articles recommended. Made a few
adjustments (Enabled Append primary and connection
specific DNS suffixes, Append parent suffixes of the
primary DNS suffix) restarted DNS server, ran Netdiag,
same result.

Below is the output from Netdiag:
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS host name 'zack_dc1.Zack.Loc' valid
only on Windows 2000 DNS Servers. [DNS_ERROR_NON_RFC_NAME]
[FATAL] File \config\netlogon.dns contains invalid
DNS entries. [FATAL] No DNS servers have the DNS
records for this DC registered.

The messages are confusing in that the DNS server running
on the domain controller "zack_dc1" clearly has records
for "zack_dc1".

It is just as the message says, it is a non RFC name that is only valid only
on Windows 2000 servers.

Go to the system32\config\ directory and delete the Netlogon.dns and
netlogon.dnb files. Then run ipconfig /flushdns, ipconfig /registerdns and
restart the netlogon service. Run netdiag /fix and netdiag /test:dns /v

 

[jellis]

Thanks so much for your help and patience on this.
Following your advice, I checked the interfaces setting
for the DNS server. There were two interfaces selected,
it was set for "all". I removed the interface for the RAS
server, restarted DNS, and NETDIAG reported passed.

Thanks again

 

[Ace Fekay [MVP]]

In

Thanks so much for your help and patience on this.
Following your advice, I checked the interfaces setting
for the DNS server. There were two interfaces selected,
it was set for "all". I removed the interface for the RAS
server, restarted DNS, and NETDIAG reported passed.

Thanks again

My pleasure. That's good to hear!

Ace