WONT CREATE NS or SRV RECORDS ON DCPROMO

[Guest]

Hi all,

I have the following setup. 2 sites (A,B), 3 DCs, 2 in site A, 1 in site B.
1 DC in site A is running DNS primary zone the other DC in site A is running
DNS secondary zone. In site B the DC is running a DNS primary zone. I would
like to change all these zones to AD integrated. What is the best way to go
about doing this?? The server running the primary zone is forwarding all
request for internet to an outside server(forwarding to a resolver).

One DC in site A is w2k server and the other was a freshly installed machine
(w2k3 server) which I DCPROMO and it did not create NS or SRV records. I can
access ADUC and all those other admin tools but it doesnt seem to be right?
Should it create these records so it could offer services like logon etc??

 

[Cary Shultz [A.D. MVP]]

Screwie,

Normally with Primary and Secondary Zones there can be only one DNS Server
that is Primary for a zone while multiple DNS Servers ( if existent ) can be
Secondary for that Zone. So, if you have one Zone ( yourdomain.com, for
example ) then there can be only one DNS Server that is Primary for it.
Unless I have read your post incorrectly, you have a Primary DNS Server in
SiteA and a Primary DNS Server in Site B. By definition, this can only be
the case if you have two separate Zones. So I am not sure what is going on
here.

If the dcpromo process did not create all of the records ( a common
problem ) - you probably do not have any or all of the four sub-folders,
correct? - then you can do one of two things:

1) install the Support Tools and run netdiag /fix, or
2) open up the command prompt and enter first net stop netlogon, then run
ipconfig /flushdns followed by ipconfig /registerdns and finally run net
start netlogon.

This should do it, normally.

I still am not clear how you have two Primary DNS Servers ( unless you have
two zones and have not mentioned this.... ).

Now, to answer your question, normally all you do is go to each Zone ( both
Forward and Reverse ) in the DNS MMC, right click on 'yourdomain.com',
select Properties and on the General Tab and click on the Change button.

You will want to make sure that you allow dynamic updates - at the minimum.

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

Screwie,

Sorry for the late reply. A couple of things:

1) a single label domain is going to give you nothing but heartache. A
single label domain is when you have 'yourdomain' instead of
'yourdomain.com' or 'yourdomain.local' or whatever. You are going to have
lots of problems. There are some patches but you still will have weirdness
that is just not going to go away. And a lot of things are just not gonna
work very well, if at all!

2) the DNS and DCList failures are because of the single label domain name.

DNS is so extremely important with Active Directory. If your DNS is not
dead-on then there are going to be problems. Just about everything is found
through the DNS records ( SRV records ) and with a single label domain not
everything is 'registered'. And, DNS is a hierarchy. Without the .com or
..local or whatever the hierarchy is lost!

Does the possibility exist that you rebuild this domain? Or, since this is
WIN2003 you might want to consider using the rendom tool. I have not played
with WIN2003 very much at all so I can not speak from experience as to how
'easy' the domain rename might be. I would only guess that it would not be
something that you would want to do early Monday morning before the users
show up, if you know what I mean.

HTH,

Cary

Hi Cary,

When I do netdiag /fix on the newly promoted DC (W2K3 server) this is what i
get. This server has an ip of 10.227.2.1 and the other DC (W2K server) has
the ip 10.227.2.8. Any ideas?? By the way my domain is weber (not weber.net
or weber.com). Could this be a problem.

C:\Program Files\Support Tools>netdiag /fix

.........................................

Computer Name: PTAVESGWDC03
DNS Host Name: ptavesgwdc03.weber
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB824105
KB824141
KB825119
KB828035
KB828741
KB830352
KB835732
KB837001
KB839643
KB839645
KB840315
KB840374
KB867801
Q147222
Q828026


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'NetServer 10/100TX PCI LAN Adapter' may not be
worki
ng.



Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.

Host Name. . . . . . . . . : ptavesgwdc03
Autoconfiguration IP Address : 169.254.227.121
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :


Adapter : WEBER GIGA

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ptavesgwdc03
IP Address . . . . . . . . : 10.227.2.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.227.2.253
Primary WINS Server. . . . : 10.227.2.8
Secondary WINS Server. . . : 10.227.2.1
Dns Servers. . . . . . . . : 10.227.2.8
10.227.2.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Failed
\Device\NetBT_Tcpip_{E72F66A4-AAC9-4F89-8377-6FB9F5661CDF}
[FATAL] At least one of your NetBT names is not registered properly.
You have a potential name conflict.
Please check that the machine name is unique.
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B3C3A36A-96B8-4CAA-B453-D14A6C3C69AD}
NetBT_Tcpip_{E72F66A4-AAC9-4F89-8377-6FB9F5661CDF}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Failed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'ptavesgwdc03.weber.'. [ERROR_TIMEOUT]
The name 'ptavesgwdc03.weber.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'ptavesgwdc03.weber.'. [RCODE_SERVER_FAILURE]
The name 'ptavesgwdc03.weber.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry weber. re-registeration on DNS
server '1
0.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry weber. re-registeration on DNS
server '1
0.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.weber. re-registeration
on DN
S server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.AVEIRO._sites.weber.
re-regis
teration on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.e98dcb52-902b-4482-b9ef-69d68
2c740e1.domains._msdcs.weber. re-registeration on DNS server '10.227.2.8'
failed
.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
e07882b4-286e-4b14-8d31-2e22897235b9._ms
dcs.weber. re-registeration on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.weber.
re-regis
teration on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.AVEIRO._sites.dc._msdcs.w
eber. re-registeration on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.weber.
re-registera
tion on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.AVEIRO._sites.dc._msdcs.weber
. re-registeration on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.weber.
re-registeration o
n DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.AVEIRO._sites.weber.
re-r
egisteration on DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.weber.
re-registeration o
n DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.weber.
re-registeration on
DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.weber.
re-registeration on
DNS server '10.227.2.8' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries
for th
is DC on DNS server '10.227.2.8'.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B3C3A36A-96B8-4CAA-B453-D14A6C3C69AD}
NetBT_Tcpip_{E72F66A4-AAC9-4F89-8377-6FB9F5661CDF}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{E72F66A4-AAC9-4F89-8377-6FB9F5661CDF}
NetBT_Tcpip_{B3C3A36A-96B8-4CAA-B453-D14A6C3C69AD}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_
FOUND]


Trust relationship test. . . . . . : Passed
Secure channel for domain 'WEBER' is to '\\ptavesgwdc01.weber'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ptavesgwex01.weber'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Program Files\Support Tools>

Screwie,

Normally with Primary and Secondary Zones there can be only one DNS Server
that is Primary for a zone while multiple DNS Servers ( if existent ) can be
Secondary for that Zone. So, if you have one Zone ( yourdomain.com, for
example ) then there can be only one DNS Server that is Primary for it.
Unless I have read your post incorrectly, you have a Primary DNS Server in
SiteA and a Primary DNS Server in Site B. By definition, this can only be
the case if you have two separate Zones. So I am not sure what is going on
here.

If the dcpromo process did not create all of the records ( a common
problem ) - you probably do not have any or all of the four sub-folders,
correct? - then you can do one of two things:

1) install the Support Tools and run netdiag /fix, or
2) open up the command prompt and enter first net stop netlogon, then run
ipconfig /flushdns followed by ipconfig /registerdns and finally run net
start netlogon.

This should do it, normally.

I still am not clear how you have two Primary DNS Servers ( unless you have
two zones and have not mentioned this.... ).

Now, to answer your question, normally all you do is go to each Zone ( both
Forward and Reverse ) in the DNS MMC, right click on 'yourdomain.com',
select Properties and on the General Tab and click on the Change button.

You will want to make sure that you allow dynamic updates - at the minimum.

HTH,

Cary

site
B. I
would to
go I
can