Odd DNS Problem: Ping + Browse network OK but no web or sharing

[ajmd73]

I'm not even sure what information to post...

System is WIN2000 server, active directory, DC, roaming profiles.
Persistent VPN to offsite location just installed. Everything seemed
to be working fine. (Minor caveat with offsite VPN network permission
denied when attempting to connect to computers in remote network...)

Downloaded MS security update wed. night (Something about XML...)
After reboot, NO DNS.

I can PING any location inter or intranet using IP address - including
ISP and public DNS servers (which are forwarded to) .
NSLOOKUP resolves names on intranet but fails on INTERnet. (ex.
cnn.com, yahoo.com, etc)
Client login spotty.
DC can browse network, but can't connect to any computers/shares.
(Oddly, except for one of the backup servers, which it connects to w/o
problems.)
NETDIAG reports no problems.

DHCP no problem.
Clients can PING server + gateway + eachother + internet, but can't
connect.
Same for browsing "network Neighborhood"

Routers: Linksys, BEFW11S4 (leftover hardware, but handles wireless) +
INTEL 520 switch.

Not sure what other info to post, but really scratching my head over
this - any help appreciated!! (Desperately!)

Thanks

AJ

 

[Michael Johnston [MSFT]]

Make sure that the DNS server does not have a forward lookup zone named "." root. If so, delete this zone and you should have
Internet name resolution.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.

 

[AJ]

Thanks for the reply Mike - The server was never set up as a root
server though, so there's no "." folder in the forward zone - only in
the cached lookups. (All the entries there are blank though - I assume
that's normal for now?) Meanwhile the problem remains and I'm still
banging my head against the wall. As before:

I can ping any locations, but nslookup fails.

(I can do lookups on the INTRAnet, provided the address being looked
up was assigned by DHCP = ie. it's going through WINS...)

I can see the other computers on the network in "My Network Places"
but I can't connect to any of them. Client computers can't even browse
the network.

NETDIAG passes without problems.

DCDIAG gets a variety of "DNS lookup failed" type messages as
expected.
Also kccevent and systemlog test fail...

Does anyone have an idea??

AJ

 

[Kevin D. Goodknecht [MVP]]

In

Thanks for the reply Mike - The server was never set up as a root
server though, so there's no "." folder in the forward zone - only in
the cached lookups. (All the entries there are blank though - I assume
that's normal for now?) Meanwhile the problem remains and I'm still
banging my head against the wall. As before:

I can ping any locations, but nslookup fails.

nslookup fails what?
Are the Root Hints resolved?

(I can do lookups on the INTRAnet, provided the address being looked
up was assigned by DHCP = ie. it's going through WINS...)

I can see the other computers on the network in "My Network Places"
but I can't connect to any of them. Client computers can't even browse
the network.

Network Nieghborhood does not use DNS, it uses NetBIOS.
Can you connect to them by FQDN? (i.e. \\computer.domain.com\)

NETDIAG passes without problems.

DCDIAG gets a variety of "DNS lookup failed" type messages as
expected.
Also kccevent and systemlog test fail...

Does anyone have an idea??

Your netdiag and DCDIAG statements are contradicting. If DCDIAG shows a DNS
lookup failure netdiag will show DNS registration errors.

Post the DCDIAG Errors and run netdiag /test:dns /v and post the results.
Also post ipconfig /all

 

[AJ]

Hi Kevin,

Thanks for the help!
Here is the info you asked me to post...

nslookup fails what?
Are the Root Hints resolved?

Present:yes. Pingable:yes. Resolved?

Network Nieghborhood does not use DNS, it uses NetBIOS.
Can you connect to them by FQDN? (i.e. \\computer.domain.com\)

No. I get pathway invalid errors.

Your netdiag and DCDIAG statements are contradicting. If DCDIAG shows a DNS
lookup failure netdiag will show DNS registration errors.

Post the DCDIAG Errors and run netdiag /test:dns /v and post the results.
Also post ipconfig /all

NETDIAG /test:dns as follows -

C:\Program Files\Support Tools>netdiag /test:dns /v

Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DNS
The DNS registration for bigdaddy2.rmds.home is correct on all DNS ser
vers
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.5'
..

Tests complete.


Computer Name: BIGDADDY2
DNS Host Name: bigdaddy2.rmds.home
DNS Domain Name: rmds.home
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
Hotfixes :
Installed? Name
Yes KB329115
Yes KB819696
Yes KB823182
Yes KB823559
Yes KB823980
Yes KB824105
Yes KB824141
Yes KB824146
Yes KB825119
Yes KB826232
Yes KB828035
Yes KB828749
Yes Q147222
Yes Q816093
Yes Q828026
No ServicePackUninstall


Netcard queries test . . . . . . . : Passed

Information of Netcard drivers:

---------------------------------------------------------------------------
Description: Intel(R) PRO/1000 MT Network Connection
Device: \DEVICE\{0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}

Media State: Connected

Device State: Connected
Connect Time: 18:33:56
Media Speed: 100 Mbps

Packets Sent: 46685
Bytes Sent (Optional): 0

Packets Received: 84077
Directed Pkts Recd (Optional): 84077
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0

---------------------------------------------------------------------------
[PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

Adapter : Local Area Connection
Adapter ID . . . . . . . . : {0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}

Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : RMDS
Dns domain name. . . . . . . . : rmds.home
Dns forest name. . . . . . . . : rmds.home
Domain Guid. . . . . . . . . . : {7AA82986-08A2-42FF-B1E5-6FA5EC0675DC}
Domain Sid . . . . . . . . . . : S-1-5-21-436374069-1767777339-839522115
Logon User . . . . . . . . . . : administrator
Logon Domain . . . . . . . . . : RMDS


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}
1 NetBt transport currently configured.


DNS test . . . . . . . . . . . . . : Passed
Interface {0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}
DNS Domain: rmds.home
DNS Servers: 192.168.1.5
IP Address: 192.168.1.5
Expected registration with PDN (primary DNS domain name):
Hostname: bigdaddy2.rmds.home.
Authoritative zone: rmds.home.
Primary DNS server: bigdaddy2.rmds.home 192.168.1.5
Authoritative NS:192.168.1.5
Verify DNS registration:
Name: bigdaddy2.rmds.home
Expected IP: 192.168.1.5
Server 192.168.1.5: NO_ERROR
The DNS registration for bigdaddy2.rmds.home is correct on all DNS servers
Check the DNS registration for DCs entries on DNS server '192.168.1.5'
The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

The Record is correct on DNS server '192.168.1.5'.

PASS - All the DNS entries for DC are registered on DNS server '192.168.1.5'
..


The command completed successfully

C:\Program Files\Support Tools>




DCDIAG as follows -

C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\BIGDADDY2
Starting test: Connectivity
......................... BIGDADDY2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\BIGDADDY2
Starting test: Replications
[Replications Check,BIGDADDY2] A recent replication attempt failed:
From BDC to BIGDADDY2
Naming Context: CN=Schema,CN=Configuration,DC=rmds,DC=home
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2003-11-25 11:51.56.
The last success occurred at 2003-11-24 14:53.41.
25 failures have occurred since the last success.
The guid-based DNS name b7cd949a-7257-4361-8756-07c5efdee4e1._msdcs.
rmds.home
is not registered on one or more DNS servers.
[BDC] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,BIGDADDY2] A recent replication attempt failed:
From DELLSERVER to BIGDADDY2
Naming Context: CN=Schema,CN=Configuration,DC=rmds,DC=home
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2003-11-25 11:51.56.
The last success occurred at 2003-11-20 10:47.55.
135 failures have occurred since the last success.
The guid-based DNS name c15d8e37-e3ca-4dbc-8b6e-a392437f29c7._msdcs.
rmds.home
is not registered on one or more DNS servers.
[DELLSERVER] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,BIGDADDY2] A recent replication attempt failed:
From DELLSERVER to BIGDADDY2
Naming Context: CN=Configuration,DC=rmds,DC=home
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2003-11-25 11:51.56.
The last success occurred at 2003-11-21 17:27.41.
99 failures have occurred since the last success.
The guid-based DNS name c15d8e37-e3ca-4dbc-8b6e-a392437f29c7._msdcs.
rmds.home
is not registered on one or more DNS servers.
[Replications Check,BIGDADDY2] recent replication attempt failed:
From BDC to BIGDADDY2
Naming Context: CN=Configuration,DC=rmds,DC=home
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2003-11-25 11:51.56.
The last success occurred at 2003-11-24 16:38.45.
24 failures have occurred since the last success.
The guid-based DNS name b7cd949a-7257-4361-8756-07c5efdee4e1._msdcs.
rmds.home
is not registered on one or more DNS servers.
[Replications Check,BIGDADDY2] A recent replication attempt failed:
From DELLSERVER to BIGDADDY2
Naming Context: DC=rmds,DC=home
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2003-11-25 11:51.56.
The last success occurred at 2003-11-20 10:55.42.
135 failures have occurred since the last success.
The guid-based DNS name c15d8e37-e3ca-4dbc-8b6e-a392437f29c7._msdcs.
rmds.home
is not registered on one or more DNS servers.
[Replications Check,BIGDADDY2] A recent replication attempt failed:
From BDC to BIGDADDY2
Naming Context: DC=rmds,DC=home
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2003-11-25 11:51.56.
The last success occurred at 2003-11-24 16:48.14.
24 failures have occurred since the last success.
The guid-based DNS name b7cd949a-7257-4361-8756-07c5efdee4e1._msdcs.
rmds.home
is not registered on one or more DNS servers.
......................... BIGDADDY2 passed test Replications
Starting test: NCSecDesc
......................... BIGDADDY2 passed test NCSecDesc
Starting test: NetLogons
......................... BIGDADDY2 passed test NetLogons
Starting test: Advertising
......................... BIGDADDY2 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... BIGDADDY2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... BIGDADDY2 passed test RidManager
Starting test: MachineAccount
......................... BIGDADDY2 passed test MachineAccount
Starting test: Services
......................... BIGDADDY2 passed test Services
Starting test: ObjectsReplicated
......................... BIGDADDY2 passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... BIGDADDY2 passed test frssysvol
Starting test: kccevent
......................... BIGDADDY2 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x8000003E
Time Generated: 11/25/2003 11:39:31
(Event String could not be retrieved)
......................... BIGDADDY2 failed test systemlog

Running enterprise tests on : rmds.home
Starting test: Intersite
......................... rmds.home passed test Intersite
Starting test: FsmoCheck
......................... rmds.home passed test FsmoCheck

C:\Program Files\Support Tools>



IPCONFIG as follows -

C:\Program Files\Support Tools>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : bigdaddy2
Primary DNS Suffix . . . . . . . : rmds.home
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rmds.home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : rmds.home
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-08-74-AA-E8-3D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.5
Primary WINS Server . . . . . . . : 192.168.1.5

C:\Program Files\Support Tools>



NETDIAG as follows -

C:\Program Files\Support Tools>netdiag

........................................

Computer Name: BIGDADDY2
DNS Host Name: bigdaddy2.rmds.home
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
List of installed hotfixes :
KB329115
KB819696
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
Q147222
Q816093
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : bigdaddy2.rmds.home
IP Address . . . . . . . . : 192.168.1.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Primary WINS Server. . . . : 192.168.1.5
Dns Servers. . . . . . . . : 192.168.1.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.5'
..


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'BDC.rmds.home'.
[WARNING] Failed to query SPN registration on DC 'DELLSERVER.rmds.home'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
Directory IPSec Policy Active: 'Secure Server (Require Security)'


The command completed successfully

C:\Program Files\Support Tools>


HELP!?

Thanks again!

AJ

 

[Kevin D. Goodknecht [MVP]]

In AJ <[email protected]> posted a question
Then Kevin replied below:
Thanks for the post I see you have three DCs, do you have only one with DNS?
You Zone has only one NS record it needs an NS record for each DC with DNS.

Interface {0A89A5D0-BEB1-484C-9FE4-CC285703BDDB}
DNS Domain: rmds.home
DNS Servers: 192.168.1.5
IP Address: 192.168.1.5
Expected registration with PDN (primary DNS domain name):
Hostname: bigdaddy2.rmds.home.
Authoritative zone: rmds.home.
Primary DNS server: bigdaddy2.rmds.home 192.168.1.5
Authoritative NS:192.168.1.5
Verify DNS registration:
Name: bigdaddy2.rmds.home
Expected IP: 192.168.1.5
Server 192.168.1.5: NO_ERROR

You see below that replication is failing because These two DCs have not
registered these records What are they using for DNS?

The guid-based DNS name
b7cd949a-7257-4361-8756-07c5efdee4e1._msdcs. rmds.home
is not registered on one or more DNS servers.
[BDC] DsBind() failed with error 1722,

135 failures have occurred since the last success.
The guid-based DNS name
c15d8e37-e3ca-4dbc-8b6e-a392437f29c7._msdcs. rmds.home
is not registered on one or more DNS servers.
[DELLSERVER] DsBind() failed with error 1722,




LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'BDC.rmds.home'.
[WARNING] Failed to query SPN registration on DC
'DELLSERVER.rmds.home'.

The problem does not seem to be with bigdaddy, but with your other two DCs.
If they have DNS installed they do not have NS records on this DNS so what
is the deal?