netdiag errors

[Guest]

I have two DC's on the same domain. They are both setup as primary AD
integrated. They both work great independently as dns servers, the problem is
that when I run netdiag /d:domain I get a dns error stating that the dns
entries for this dc are not registered correctly on either of the two DC's.
I've tried all combinations of deleting and refreshing the dns on both
servers, I've run netdiag /fix and it says it regestered it but it continues
to error on me. If I run netdiag /d:domain on the server that holds all the
fsmo roles, it does not error out.

Has anyone seen this ? Do I have to demote my DC and rebuild it with a
different name ? Are there any other utilities that will tell me what's wrong
with the name ?

The reason I need this fixed is to make the DC the errors on me a second GC
server for exchange. I set it as a GC and wait but it never gives me the 1119
entry in the event log.

Please give me any help you can .....thanks !

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have two DC's on the same domain. They are both setup
as primary AD integrated. They both work great
independently as dns servers, the problem is that when I
run netdiag /d:domain I get a dns error stating that the
dns entries for this dc are not registered correctly on
either of the two DC's. I've tried all combinations of
deleting and refreshing the dns on both servers, I've run
netdiag /fix and it says it regestered it but it
continues to error on me. If I run netdiag /d:domain on
the server that holds all the fsmo roles, it does not
error out.

Has anyone seen this ? Do I have to demote my DC and
rebuild it with a different name ? Are there any other
utilities that will tell me what's wrong with the name ?

The reason I need this fixed is to make the DC the errors
on me a second GC server for exchange. I set it as a GC
and wait but it never gives me the 1119 entry in the
event log.

Please give me any help you can .....thanks !

post the results of a netdiag /test:dns /v from both DCs.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\ccsadmin>netdiag /test:dns /v

Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DNS
[WARNING] The DNS host name 'ccs_bdc.ccs.munis.com' valid
only on Windows 2000 D
NS Servers. [DNS_ERROR_NON_RFC_NAME]<-----
[WARNING] The DNS entries for this DC are not
registered correctly on DNS se

SRV 0 100 389 ccs_server.ccs.munis.com
SRV 0 100 389 ccs_bdc.ccs.munis.com

The problem here is that both of your DCs have underscores in their host
name. Underscores are not a legal DNS character unless it is at the
beginning of the name.
You will have to modify your DNS servers to accept these underscores by
right clicking on the DNS server in the DNS managment console and select
properties. Select the Advanced tab, in the Name Checking section select
"All names" from the drop down list, then rerun netdiag /fix from both DCs.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I saw your posting on google groups and I set that field
to all names. I did a net stop \ ipconfig flushdns \
ipconfig registerdns \ net start netlogon on both
machines and I still get the error on one machine but not
the other. When I run a dcdiag /test:registerindns
/dnsdomain: I get a failed also.
Is there something else I'm missing ?

Did you change the setting on both DNS servers?

I will need to see an _unedited_ ipconfig /all from both DCs.

 

[Guest]

THis is the output for dcdiag /test:registerindns

Documents and Settings\ccsadmin>dcdiag /test:registerindns /dnsdomain:ccs
Starting test: RegisterInDNS
This computer's Computer Name is set to the pre-Windows NetBIOS name.
The
Computer Name is the first label portion of the full DNS name of this
computer. Depending on the implementation and configuration of the DNS
servers used in your infrastructure, this DNS name might not be added to
the DNS database because the computer name contains the underscore
character. Verify that the DNS server allows host DNS names (A records
owner names) to contain the underscore character, or rename the computer
so that it can be registered in DNS. To do so, right-click My Computer,
click Properties, click the Network Identification tab, and then click
Properties and modify the Computer Name.

Note: Default configuration of the Windows 2000 DNS server allows host
names to contain the underscore character.

This domain controller cannot register domain controller Locator DNS
records because it cannot locate a DNS server authoritative for the zone
ccs. This is because:

1. One or more DNS servers involved in the name resolution of the ccs
name are not responding or contain incorrect delegation of the DNS
zones;
or

2. The DNS server that this computer is configured with contains
incorrect root hints.

The list of such DNS servers might include the DNS servers that this
computer is configured to use for name resolution and the DNS servers
authoritative for the following zones: ccs

Contact your networknetwork/DNS administrator to fix the problem. You
can
also manually add the records specified in the
systemroot\system32\config\netlogon.dns file.

DcDiag cannot reach a conclusive result because it cannot interpret the
following message that was returned: 9501.

......................... ccs_server failed test Reg

 

[Kevin D. Goodknecht Sr. [MVP]]

In

THis is the output for dcdiag /test:registerindns

As I said in my previous reply, I will need to see an unedited ipconfig /all

 

[Kevin D. Goodknecht Sr. [MVP]]

In

THis one errors on me

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\ccsadmin>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ccs_bdc
Primary Dns Suffix . . . . . . . : ccs.munis.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ccs.munis.com
munis.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL
10/100 PCI TX NIC (3C90
5B-TX)
Physical Address. . . . . . . . . : 00-50-DA-B9-E3-17
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.130.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.130.1
DNS Servers . . . . . . . . . . . : 192.168.130.3
192.168.140.2
Primary WINS Server . . . . . . . : 192.168.140.2

C:\Documents and Settings\ccsadmin>


Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\ccsadmin>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ccs_server
Primary Dns Suffix . . . . . . . : ccs.munis.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ccs.munis.com
munis.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL
10/100 PCI TX NIC (3C90
5B-TX)
Physical Address. . . . . . . . . : 00-10-5A-22-F4-70
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.140.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.140.1
DNS Servers . . . . . . . . . . . : 192.168.140.2
Primary WINS Server . . . . . . . : 192.168.140.2

Other than the underscores the ipconfig looks OK.

Run netdig /fix

Use this command for DCDIAG you are using the Netbios name, you must use the
DNS name.
dcdiag /test:registerindns /dnsdomain:ccs.munis.com

 

[Ace Fekay [MVP]]

In

THis is the output for dcdiag /test:registerindns

Documents and Settings\ccsadmin>dcdiag /test:registerindns
/dnsdomain:ccs Starting test: RegisterInDNS
This computer's Computer Name is set to the pre-Windows NetBIOS
name. The
Computer Name is the first label portion of the full DNS name
of this computer. Depending on the implementation and
configuration of the DNS servers used in your infrastructure,
this DNS name might not be added to the DNS database because
the computer name contains the underscore character. Verify
that the DNS server allows host DNS names (A records owner
names) to contain the underscore character, or rename the
computer so that it can be registered in DNS. To do so,
right-click My Computer, click Properties, click the Network
Identification tab, and then click Properties and modify the Computer
Name.

Note: Default configuration of the Windows 2000 DNS server
allows host names to contain the underscore character.

This domain controller cannot register domain controller
Locator DNS records because it cannot locate a DNS server
authoritative for the zone ccs. This is because:

<snip>

I saw your post in the AD group as well. I'll try to help out here and
cross-post this to the AD group too, so if anyone else replies over there,
they can see our responses.

What I see in the output above, it's trying to find a zone called "CCS".
Just to confirm your DNS setup and arrangement, can you provide a dnscm
/enumzones from both DNS servers please? That tool is found in the support
tools. Probably help to take a look at the zone and the SOA on the zone.

Thanks

Also, are there any firewalls between these subnets? Is the router a Windows
box offering NAT with 3 interfaces, one for the outside world, and the two
subnets you have or they connected via a VPN?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Ace Fekay [MVP]]

In

I demoted one of my DC's and then ran dcpromo to recreate it. I
changed the name to backupdc. This change finally allowed me to make
that server a GC server and I saw the 1119 entry. You were right
about ccs vs. ccs.munis.com. When I ran that dcdaig
/test:registerindns /dnsdomain:ccs.munis.com it passed on both
machines. I am howerver still getting the same error on the DC
backupdc when I run netdiag /d:ccs.munis.com
Here is the dnscm you asked for...and no, I don't have a firewall but
I do have a cisco cat4000 layer3 switch inbetween the subnets.

This is for the DC backupdc
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\ccsadmin>dnscmd /enumzones
Enumerated zone list:

Zone count = 6

Zone name Type Storage Properties

. Cache AD-Legacy
110.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
120.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
130.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
140.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
ccs.munis.com Primary AD-Legacy Update

Command completed successfully.

C:\Documents and Settings\ccsadmin>

This on is for the DC ccs_server

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\ccsadmin>dnscmd /enumzones
Enumerated zone list:

Zone count = 6

Zone name Type Storage Properties

. Cache AD-Legacy
110.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
120.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
130.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
140.168.192.in-addr.arpa Primary AD-Legacy Secure Rev
ccs.munis.com Primary AD-Legacy Update

Command completed successfully.

Thanks for posting that. I just wanted to make sure what your zone name was
and it's exact spelling. I believe the error is just because you have zone
name ccs.munis.com is a (the way I'm reading the /enumzones output since it
says AD-Legacy) AD Integrated zone and the way it behaves, is that the SOA
jumps back and forth depending on which one last got updated.

But as far as registration and AD communication, the reason I asked about
firewalls, etc, or even your switch config, is that there can be something
blocking AD communication. Are there any errors in the Event Logs?

Ace