Active Directory is not working, because DNS is wrongly configured

20/12/2006, 15h21

Hi,
have a w2k3 domaincontroller with wrongly configured DNS
there are two Forward Lookup Zones

_msdcs.mfintra.com is this Zone are all SRV Entries

the 2nd Zone is mfintra.com in thier is a subfolder names _msdcs this is
gray, and empty. a nslookup query resolves no correct answer.
Who can i repair the DNS and Active Directory, so that the AD correct works.

20/12/2006, 16h26

flabs wrote:
> Hi,
> have a w2k3 domaincontroller with wrongly configured DNS
> there are two Forward Lookup Zones
>
> _msdcs.mfintra.com is this Zone are all SRV Entries
>
> the 2nd Zone is mfintra.com in thier is a subfolder names _msdcs this
> is gray, and empty. a nslookup query resolves no correct answer.
> Who can i repair the DNS and Active Directory, so that the AD correct
> works.

This is how Win2k3 works, except that the gray _msdcs sub domain should have
NS records for each DNS server that has the _msdcs.mfintra.com zone. If the
NS records are not present you can add them by selecting the _msdcs folder
in the left pane of the DNS management console, then right mouse click on
the right hand pane and choose properties.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

20/12/2006, 17h54

I pressed on "refrech" in the forward lookup container and now the Zone
_msdcs.mfintra.com disappeared hmm :-? The subfolder "_msdcs" in the Zone
mfintra.com is still empty, how can i restore _msdcs entries in the zone
mfintra.com?

thanks, for your

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> flabs wrote:
> > Hi,
> > have a w2k3 domaincontroller with wrongly configured DNS
> > there are two Forward Lookup Zones
> >
> > _msdcs.mfintra.com is this Zone are all SRV Entries
> >
> > the 2nd Zone is mfintra.com in thier is a subfolder names _msdcs this
> > is gray, and empty. a nslookup query resolves no correct answer.
> > Who can i repair the DNS and Active Directory, so that the AD correct
> > works.
>
> This is how Win2k3 works, except that the gray _msdcs sub domain should have
> NS records for each DNS server that has the _msdcs.mfintra.com zone. If the
> NS records are not present you can add them by selecting the _msdcs folder
> in the left pane of the DNS management console, then right mouse click on
> the right hand pane and choose properties.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

20/12/2006, 19h42

flabs wrote:
> I pressed on "refrech" in the forward lookup container and now the
> Zone _msdcs.mfintra.com disappeared hmm :-?

Need a little more info, is there any Win2k DCs in this domain?

Did you make any zone changes on other DCs?

If not re-create the _msdcs.mfintra.com zone, allow dynamic updates and run
this in a command prompt.
ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start
netlogon

The subfolder "_msdcs" in
> the Zone mfintra.com is still empty, how can i restore _msdcs entries
> in the zone mfintra.com?

If the NS records are not recreated in the gray _msdcs delegation add them
just like I said in my previous post.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

21/12/2006, 13h22

Hi,
i have some new infos for you.

mfintra.com is a standalone forest with one domain names mfintra.com
the w2k3 sp1 DC FERENGI.mfintra.com is the only Server in the complete
Forest, there are no memberservers.

Here are some diagnostic results:

IPConfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : FERENGI
Primary Dns Suffix . . . . . . . : mfintra.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mfintra.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-0A-DA-50
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.221
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.225
DNS Servers . . . . . . . . . . . : 10.10.10.221

Netdom query fsmo

Schema owner FERENGI.mfintra.com

Domain role owner FERENGI.mfintra.com

PDC role FERENGI.mfintra.com

RID pool manager FERENGI.mfintra.com

Infrastructure owner FERENGI.mfintra.com

netdiag

DNS test . . . . . . . . . . . . . : Failed
Interface {FA607FC7-44BC-4A58-B3EA-AEA3EB5E416E}
DNS Domain:
DNS Servers: 10.10.10.221
IP Address: Expected registration with PDN (primary DNS
domain name):
Hostname: FERENGI.mfintra.com.
Authoritative zone: mfintra.com.
Primary DNS server: FERENGI.mfintra.com 10.10.10.221
Authoritative NS:10.10.10.221
Check the DNS registration for DCs entries on DNS server '10.10.10.221'
The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

Query for DC DNS entry _ldap._tcp.pdc._msdcs.mfintra.com. on DNS server
10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry _ldap._tcp.gc._msdcs.mfintra.com. on DNS server
10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mfintra.com. on DNS
server 10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry
_ldap._tcp.4e1c2695-4fa0-48ed-ab3c-05615c6d6ae6.domains._msdcs.mfintra.com.
on DNS server 10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry
5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com. on DNS server
10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry _kerberos._tcp.dc._msdcs.mfintra.com. on DNS server
10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. on DNS
server 10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry _ldap._tcp.dc._msdcs.mfintra.com. on DNS server
10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
Query for DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. on DNS
server 10.10.10.221 failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is correct on DNS server '10.10.10.221'.

The Record is different on DNS server '10.10.10.221'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.10.10.221', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = mfintra.com.
DNS DATA =
A 10.10.10.221

The record on DNS server 10.10.10.221 is:
DNS NAME = mfintra.com
DNS DATA =
A 10.10.10.221
A 192.168.0.35
+------------------------------------------------------+

Query for DC DNS entry gc._msdcs.mfintra.com. on DNS server 10.10.10.221
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
The Record is different on DNS server '10.10.10.221'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.10.10.221', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = DomainDnsZones.mfintra.com.
DNS DATA =
A 10.10.10.221

The record on DNS server 10.10.10.221 is:
DNS NAME = DomainDnsZones.mfintra.com
DNS DATA =
A 10.10.10.222
A 10.10.10.221
A 192.168.0.35
+------------------------------------------------------+

The Record is different on DNS server '10.10.10.221'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.10.10.221', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = ForestDnsZones.mfintra.com.
DNS DATA =
A 10.10.10.221

The record on DNS server 10.10.10.221 is:
DNS NAME = ForestDnsZones.mfintra.com
DNS DATA =
A 10.10.10.221
A 10.10.10.222
A 192.168.0.35
+------------------------------------------------------+

[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '10.10.10.221'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of transports currently bound to the Redir
NetbiosSmb
NetBT_Tcpip_{FA607FC7-44BC-4A58-B3EA-AEA3EB5E416E}
The redir is bound to 1 NetBt transport.

List of transports currently bound to the browser
NetBT_Tcpip_{FA607FC7-44BC-4A58-B3EA-AEA3EB5E416E}
The browser is bound to 1 NetBt transport.
Mailslot test for MFINTRA* passed.

DC discovery test. . . . . . . . . : Passed

Find DC in domain 'MFINTRA':
Found this DC in domain 'MFINTRA':
DC. . . . . . . . . . . : \\FERENGI.mfintra.com
Address . . . . . . . . : \\10.10.10.221
Domain Guid . . . . . . : {4E1C2695-4FA0-48ED-AB3C-05615C6D6AE6}
Domain Name . . . . . . : mfintra.com
Forest Name . . . . . . : mfintra.com
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV
WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

Find PDC emulator in domain 'MFINTRA':
Found this PDC emulator in domain 'MFINTRA':
DC. . . . . . . . . . . : \\FERENGI.mfintra.com
Address . . . . . . . . : \\10.10.10.221
Domain Guid . . . . . . : {4E1C2695-4FA0-48ED-AB3C-05615C6D6AE6}
Domain Name . . . . . . : mfintra.com
Forest Name . . . . . . : mfintra.com
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV
WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

Find Active Directory DC in domain 'MFINTRA':
Found this Active Directory DC in domain 'MFINTRA':
DC. . . . . . . . . . . : \\FERENGI.mfintra.com
Address . . . . . . . . : \\10.10.10.221
Domain Guid . . . . . . : {4E1C2695-4FA0-48ED-AB3C-05615C6D6AE6}
Domain Name . . . . . . : mfintra.com
Forest Name . . . . . . : mfintra.com
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV
WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

DC list test . . . . . . . . . . . : Passed
List of DCs in Domain 'MFINTRA':
FERENGI.mfintra.com

dcdiag result

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine FERENGI, is a DC.
* Connecting to directory service on server FERENGI.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\FERENGI
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com) couldn't be

resolved, the server name (FERENGI.mfintra.com) resolved to the IP

address (10.10.10.221) and was pingable. Check that the IP address
is

registered correctly with the DNS server.
......................... FERENGI failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\FERENGI
Skipping all tests, because server FERENGI is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : mfintra
Starting test: CrossRefValidation
......................... mfintra passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mfintra passed test CheckSDRefDom

Running enterprise tests on : mfintra.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... mfintra.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\FERENGI.mfintra.com
Locator Flags: 0xe00003fd
PDC Name: \\FERENGI.mfintra.com
Locator Flags: 0xe00003fd
Time Server Name: \\FERENGI.mfintra.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\FERENGI.mfintra.com
Locator Flags: 0xe00003fd
KDC Name: \\FERENGI.mfintra.com
Locator Flags: 0xe00003fd
......................... mfintra.com passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS

Implementing the command "ipconfig /flushdns & ipconfig /registerdns & net
stop netlogon & net start" needed also no success.

Please tell, if you need more information
Thanks for your

Regards
Florian Labs

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> flabs wrote:
> > I pressed on "refrech" in the forward lookup container and now the
> > Zone _msdcs.mfintra.com disappeared hmm :-?
>
> Need a little more info, is there any Win2k DCs in this domain?
>
> Did you make any zone changes on other DCs?
>
> If not re-create the _msdcs.mfintra.com zone, allow dynamic updates and run
> this in a command prompt.
> ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start
> netlogon
>
> The subfolder "_msdcs" in
> > the Zone mfintra.com is still empty, how can i restore _msdcs entries
> > in the zone mfintra.com?
>
> If the NS records are not recreated in the gray _msdcs delegation add them
> just like I said in my previous post.
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

22/12/2006, 12h05

In news:CDD66BE0-5FF3-471B-8B0B-D3FE2942C891@microsoft.com,
flabs <flabs@discussions.microsoft.com> stated, which I commented on below:
> Hi,
> i have some new infos for you.
>
> mfintra.com is a standalone forest with one domain names mfintra.com
> the w2k3 sp1 DC FERENGI.mfintra.com is the only Server in the complete
> Forest, there are no memberservers.
>
<snipped>

It seems like there are more than one entry for the DC. What are these
addresses? Was there an additional DC at one time? Was there multiple NICs
at one time on this DC or is RRAS installed?

A 10.10.10.222
A 10.10.10.221
A 192.168.0.35

Also, it almost seems there may be a dupe zone in the AD database, proably
based on the replication scope mis-set at one time. But you'll need to look
in ADSI Edit to double check that.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

23/12/2006, 04h56

flabs wrote:
> Hi,
> i have some new infos for you.
>
> mfintra.com is a standalone forest with one domain names mfintra.com
> the w2k3 sp1 DC FERENGI.mfintra.com is the only Server in the complete
> Forest, there are no memberservers.
>

Did you create the _msdcs.mfintra.com forward lookup zone and run the
command as I advised?

From these errors it looks like it is still missing.

> Query for DC DNS entry _ldap._tcp.pdc._msdcs.mfintra.com. on DNS
> server
> 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry _ldap._tcp.gc._msdcs.mfintra.com. on DNS server
> 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mfintra.com. on
> DNS server 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry
> _ldap._tcp.4e1c2695-4fa0-48ed-ab3c-05615c6d6ae6.domains._msdcs.mfintra.com.
> on DNS server 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry
> 5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com. on DNS server
> 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry _kerberos._tcp.dc._msdcs.mfintra.com. on DNS
> server
> 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com.
> on DNS server 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry _ldap._tcp.dc._msdcs.mfintra.com. on DNS server
> 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
> Query for DC DNS entry
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. on
> DNS server 10.10.10.221 failed.
> DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

20/12/2006, 15h21	#1
flabs Messages: n/a Hébergeur:	Active Directory is not working, because DNS is wrongly configured Hi, have a w2k3 domaincontroller with wrongly configured DNS there are two Forward Lookup Zones _msdcs.mfintra.com is this Zone are all SRV Entries the 2nd Zone is mfintra.com in thier is a subfolder names _msdcs this is gray, and empty. a nslookup query resolves no correct answer. Who can i repair the DNS and Active Directory, so that the AD correct works.

20/12/2006, 16h26	#2
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Active Directory is not working, because DNS is wrongly configured flabs wrote: > Hi, > have a w2k3 domaincontroller with wrongly configured DNS > there are two Forward Lookup Zones > > _msdcs.mfintra.com is this Zone are all SRV Entries > > the 2nd Zone is mfintra.com in thier is a subfolder names _msdcs this > is gray, and empty. a nslookup query resolves no correct answer. > Who can i repair the DNS and Active Directory, so that the AD correct > works. This is how Win2k3 works, except that the gray _msdcs sub domain should have NS records for each DNS server that has the _msdcs.mfintra.com zone. If the NS records are not present you can add them by selecting the _msdcs folder in the left pane of the DNS management console, then right mouse click on the right hand pane and choose properties. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

20/12/2006, 17h54	#3
flabs Messages: n/a Hébergeur:	Re: Active Directory is not working, because DNS is wrongly config I pressed on "refrech" in the forward lookup container and now the Zone _msdcs.mfintra.com disappeared hmm :-? The subfolder "_msdcs" in the Zone mfintra.com is still empty, how can i restore _msdcs entries in the zone mfintra.com? thanks, for your "Kevin D. Goodknecht Sr. [MVP]" wrote: > flabs wrote: > > Hi, > > have a w2k3 domaincontroller with wrongly configured DNS > > there are two Forward Lookup Zones > > > > _msdcs.mfintra.com is this Zone are all SRV Entries > > > > the 2nd Zone is mfintra.com in thier is a subfolder names _msdcs this > > is gray, and empty. a nslookup query resolves no correct answer. > > Who can i repair the DNS and Active Directory, so that the AD correct > > works. > > This is how Win2k3 works, except that the gray _msdcs sub domain should have > NS records for each DNS server that has the _msdcs.mfintra.com zone. If the > NS records are not present you can add them by selecting the _msdcs folder > in the left pane of the DNS management console, then right mouse click on > the right hand pane and choose properties. > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > > >

20/12/2006, 19h42	#4
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Active Directory is not working, because DNS is wrongly config flabs wrote: > I pressed on "refrech" in the forward lookup container and now the > Zone _msdcs.mfintra.com disappeared hmm :-? Need a little more info, is there any Win2k DCs in this domain? Did you make any zone changes on other DCs? If not re-create the _msdcs.mfintra.com zone, allow dynamic updates and run this in a command prompt. ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start netlogon The subfolder "_msdcs" in > the Zone mfintra.com is still empty, how can i restore _msdcs entries > in the zone mfintra.com? If the NS records are not recreated in the gray _msdcs delegation add them just like I said in my previous post. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

21/12/2006, 13h22	#5
flabs Messages: n/a Hébergeur:	Re: Active Directory is not working, because DNS is wrongly config Hi, i have some new infos for you. mfintra.com is a standalone forest with one domain names mfintra.com the w2k3 sp1 DC FERENGI.mfintra.com is the only Server in the complete Forest, there are no memberservers. Here are some diagnostic results: IPConfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : FERENGI Primary Dns Suffix . . . . . . . : mfintra.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mfintra.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-14-22-0A-DA-50 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.10.10.221 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.10.10.225 DNS Servers . . . . . . . . . . . : 10.10.10.221 Netdom query fsmo Schema owner FERENGI.mfintra.com Domain role owner FERENGI.mfintra.com PDC role FERENGI.mfintra.com RID pool manager FERENGI.mfintra.com Infrastructure owner FERENGI.mfintra.com netdiag DNS test . . . . . . . . . . . . . : Failed Interface {FA607FC7-44BC-4A58-B3EA-AEA3EB5E416E} DNS Domain: DNS Servers: 10.10.10.221 IP Address: Expected registration with PDN (primary DNS domain name): Hostname: FERENGI.mfintra.com. Authoritative zone: mfintra.com. Primary DNS server: FERENGI.mfintra.com 10.10.10.221 Authoritative NS:10.10.10.221 Check the DNS registration for DCs entries on DNS server '10.10.10.221' The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. Query for DC DNS entry _ldap._tcp.pdc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _ldap._tcp.gc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _ldap._tcp.4e1c2695-4fa0-48ed-ab3c-05615c6d6ae6.domains._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry 5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _kerberos._tcp.dc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _ldap._tcp.dc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is correct on DNS server '10.10.10.221'. The Record is different on DNS server '10.10.10.221'. DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain. Your DC entry is one of them on DNS server '10.10.10.221', no need to re-register. +------------------------------------------------------+ The record on your DC is: DNS NAME = mfintra.com. DNS DATA = A 10.10.10.221 The record on DNS server 10.10.10.221 is: DNS NAME = mfintra.com DNS DATA = A 10.10.10.221 A 192.168.0.35 +------------------------------------------------------+ Query for DC DNS entry gc._msdcs.mfintra.com. on DNS server 10.10.10.221 failed. DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE The Record is different on DNS server '10.10.10.221'. DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain. Your DC entry is one of them on DNS server '10.10.10.221', no need to re-register. +------------------------------------------------------+ The record on your DC is: DNS NAME = DomainDnsZones.mfintra.com. DNS DATA = A 10.10.10.221 The record on DNS server 10.10.10.221 is: DNS NAME = DomainDnsZones.mfintra.com DNS DATA = A 10.10.10.222 A 10.10.10.221 A 192.168.0.35 +------------------------------------------------------+ The Record is different on DNS server '10.10.10.221'. DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain. Your DC entry is one of them on DNS server '10.10.10.221', no need to re-register. +------------------------------------------------------+ The record on your DC is: DNS NAME = ForestDnsZones.mfintra.com. DNS DATA = A 10.10.10.221 The record on DNS server 10.10.10.221 is: DNS NAME = ForestDnsZones.mfintra.com DNS DATA = A 10.10.10.221 A 10.10.10.222 A 192.168.0.35 +------------------------------------------------------+ [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.10.10.221'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of transports currently bound to the Redir NetbiosSmb NetBT_Tcpip_{FA607FC7-44BC-4A58-B3EA-AEA3EB5E416E} The redir is bound to 1 NetBt transport. List of transports currently bound to the browser NetBT_Tcpip_{FA607FC7-44BC-4A58-B3EA-AEA3EB5E416E} The browser is bound to 1 NetBt transport. Mailslot test for MFINTRA* passed. DC discovery test. . . . . . . . . : Passed Find DC in domain 'MFINTRA': Found this DC in domain 'MFINTRA': DC. . . . . . . . . . . : \\FERENGI.mfintra.com Address . . . . . . . . : \\10.10.10.221 Domain Guid . . . . . . : {4E1C2695-4FA0-48ED-AB3C-05615C6D6AE6} Domain Name . . . . . . : mfintra.com Forest Name . . . . . . : mfintra.com DC Site Name. . . . . . : Default-First-Site-Name Our Site Name . . . . . : Default-First-Site-Name Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8 Find PDC emulator in domain 'MFINTRA': Found this PDC emulator in domain 'MFINTRA': DC. . . . . . . . . . . : \\FERENGI.mfintra.com Address . . . . . . . . : \\10.10.10.221 Domain Guid . . . . . . : {4E1C2695-4FA0-48ED-AB3C-05615C6D6AE6} Domain Name . . . . . . : mfintra.com Forest Name . . . . . . : mfintra.com DC Site Name. . . . . . : Default-First-Site-Name Our Site Name . . . . . : Default-First-Site-Name Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8 Find Active Directory DC in domain 'MFINTRA': Found this Active Directory DC in domain 'MFINTRA': DC. . . . . . . . . . . : \\FERENGI.mfintra.com Address . . . . . . . . : \\10.10.10.221 Domain Guid . . . . . . : {4E1C2695-4FA0-48ED-AB3C-05615C6D6AE6} Domain Name . . . . . . : mfintra.com Forest Name . . . . . . : mfintra.com DC Site Name. . . . . . : Default-First-Site-Name Our Site Name . . . . . : Default-First-Site-Name Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8 DC list test . . . . . . . . . . . : Passed List of DCs in Domain 'MFINTRA': FERENGI.mfintra.com dcdiag result Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine FERENGI, is a DC. * Connecting to directory service on server FERENGI. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 1 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\FERENGI Starting test: Connectivity * Active Directory LDAP Services Check The host 5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com) couldn't be resolved, the server name (FERENGI.mfintra.com) resolved to the IP address (10.10.10.221) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... FERENGI failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\FERENGI Skipping all tests, because server FERENGI is not responding to directory service requests Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mfintra Starting test: CrossRefValidation ......................... mfintra passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mfintra passed test CheckSDRefDom Running enterprise tests on : mfintra.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... mfintra.com passed test Intersite Starting test: FsmoCheck GC Name: \\FERENGI.mfintra.com Locator Flags: 0xe00003fd PDC Name: \\FERENGI.mfintra.com Locator Flags: 0xe00003fd Time Server Name: \\FERENGI.mfintra.com Locator Flags: 0xe00003fd Preferred Time Server Name: \\FERENGI.mfintra.com Locator Flags: 0xe00003fd KDC Name: \\FERENGI.mfintra.com Locator Flags: 0xe00003fd ......................... mfintra.com passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS Implementing the command "ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start" needed also no success. Please tell, if you need more information Thanks for your Regards Florian Labs "Kevin D. Goodknecht Sr. [MVP]" wrote: > flabs wrote: > > I pressed on "refrech" in the forward lookup container and now the > > Zone _msdcs.mfintra.com disappeared hmm :-? > > Need a little more info, is there any Win2k DCs in this domain? > > Did you make any zone changes on other DCs? > > If not re-create the _msdcs.mfintra.com zone, allow dynamic updates and run > this in a command prompt. > ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start > netlogon > > The subfolder "_msdcs" in > > the Zone mfintra.com is still empty, how can i restore _msdcs entries > > in the zone mfintra.com? > > If the NS records are not recreated in the gray _msdcs delegation add them > just like I said in my previous post. > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > > >

22/12/2006, 12h05	#6
Ace Fekay [MVP] Messages: n/a Hébergeur:	Re: Active Directory is not working, because DNS is wrongly config In news:CDD66BE0-5FF3-471B-8B0B-D3FE2942C891@microsoft.com, flabs <flabs@discussions.microsoft.com> stated, which I commented on below: > Hi, > i have some new infos for you. > > mfintra.com is a standalone forest with one domain names mfintra.com > the w2k3 sp1 DC FERENGI.mfintra.com is the only Server in the complete > Forest, there are no memberservers. > <snipped> It seems like there are more than one entry for the DC. What are these addresses? Was there an additional DC at one time? Was there multiple NICs at one time on this DC or is RRAS installed? A 10.10.10.222 A 10.10.10.221 A 192.168.0.35 Also, it almost seems there may be a dupe zone in the AD database, proably based on the replication scope mis-set at one time. But you'll need to look in ADSI Edit to double check that. -- Ace Innovative IT Concepts, Inc (IITCI) Willow Grove, PA This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer Having difficulty reading or finding responses to your post? Instead of the website you're using, I suggest to use OEx (Outlook Express or any other newsreader), and configure a news account, pointing to news.microsoft.com. This is a direct link to the Microsoft Public Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you to easily find, track threads, cross-post, sort by date, poster's name, watched threads or subject. It's easy: How to Configure OEx for Internet News http://support.microsoft.com/?id=171164 Infinite Diversities in Infinite Combinations Assimilation Imminent. Resistance is Futile "Very funny Scotty. Now, beam down my clothes." The only constant in life is change...

23/12/2006, 04h56	#7
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Active Directory is not working, because DNS is wrongly config flabs wrote: > Hi, > i have some new infos for you. > > mfintra.com is a standalone forest with one domain names mfintra.com > the w2k3 sp1 DC FERENGI.mfintra.com is the only Server in the complete > Forest, there are no memberservers. > Did you create the _msdcs.mfintra.com forward lookup zone and run the command as I advised? From these errors it looks like it is still missing. > Query for DC DNS entry _ldap._tcp.pdc._msdcs.mfintra.com. on DNS > server > 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry _ldap._tcp.gc._msdcs.mfintra.com. on DNS server > 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mfintra.com. on > DNS server 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry > _ldap._tcp.4e1c2695-4fa0-48ed-ab3c-05615c6d6ae6.domains._msdcs.mfintra.com. > on DNS server 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry > 5376f4eb-0cf3-4b55-bcc6-0cb854ba7717._msdcs.mfintra.com. on DNS server > 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry _kerberos._tcp.dc._msdcs.mfintra.com. on DNS > server > 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. > on DNS server 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry _ldap._tcp.dc._msdcs.mfintra.com. on DNS server > 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE > Query for DC DNS entry > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mfintra.com. on > DNS server 10.10.10.221 failed. > DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email