Re: Windows 2003 DNS and AD problems

"Angel Blue01" <> wrote in message news:bbe07069-5f06-4405-b55d-...
> I'm having some serious DNS and AD problems in Win2003 that seem to be
> linked: users cannot access shared on the server, Group Policy doesn't
> seem to be replicating, I cannot add machines to the domain and all
> machines including the domain controller take a very long time to
> boot.
>
> I have large numbers of Events 1126 (Description: Active Directory was
> unable to establish a connection with the global catalog. Error value:
> 1355 The specified domain either does not exist or could not be
> contacted.
> ), 1655 (Description: Active Directory attempted to communicate with
> the following global catalog and the attempts were unsuccessful.
> Global catalog: \\SMMPSERVER.smmp.lan The operation in progress might
> be unable to continue. Active Directory will use the domain controller
> locator to try to find an available global catalog server. Error
> value: 5 Access is denied.) and 1869 (
> Description:Active Directory has located a global catalog in the
> following site. Global catalog: \\SMMPSERVER.smmp.lan Site: Default-
> First-Site-Name) in the Directory Service log and Event 4000
> (Description:The DNS server was unable to open Active Directory. This
> DNS server is configured to obtain and use information from the
> directory for this zone and is unable to load the zone without it.
> Check that the Active Directory is functioning properly and reload the
> zone.) and 4013 (Description: The DNS server was unable to open the
> Active Directory. This DNS server is configured to use directory
> service information and can not operate without access to the
> directory. The DNS server will wait for the directory to start. If the
> DNS server is started but the appropriate event has not been logged,
> then the DNS server is still waiting for the directory to start.) in
> the DNS Server log.
>
> There is one box serving Active Directory, DNS and file server roles
> for a number of workstations.
>
> The Forward Lookup Zones and Reverse Lookup Zones in the DNS
> Management Console were blank, I created a new forward lookup zone
> called _msdcs.smmp.lan to try to resolve the problem.
>
> I've run netdiag /fix and dcdiag /fix to try to fix the problems.
>
> Here's the results of netdiag /fix
>
<snipped>

Follow Danny's suggestion. Also, please post:

1. An ipconfig /all
2. The name of the AD DNS domain name as it shows up in ADUC.
3. Are updates set to Allow or Secure Only?
4. Run a dcdiag /fix, as well, and post the results.
5. Is the DHCP Client service disabled? An other services disabled?

Thanks,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

> On Mar 31, 12:38*am, "Ace Fekay [MVP-DS, MCT]"
> <ace...@mvps.RemoveThisPart.org> wrote:
>> Follow Danny's suggestion. Also, please post:
>>
>> 1. An ipconfig /all
>> 2. The name of the AD DNS domain name as it shows up in ADUC.
>> 3. Are updates set to Allow or Secure Only?
>> 4. Run a dcdiag /fix, as well, and post the results.
>> 5. Is the DHCP Client service disabled? An other services disabled?
>>
>> Thanks,
>
> Quite inexplicably the problem seems to have gone away! There have
> been no more events 4000 or 4014 in the DNS Server log since March 31;
> no events 1869, 1655 or 1126 since March 30!
>
> Here's my latest netdiag:
>
>
> ....................................
>
> Computer Name: SMMPSERVER
> DNS Host Name: SMMPSERVER.smmp.lan
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 15 Model 43 Stepping 1, AuthenticAMD
> List of installed hotfixes :
> KB895181
> KB909520
> KB911564
> KB921503
> KB923561
> KB925398_WMP64
> KB925876
> KB925902
> KB926122
> KB927891
> KB928090-IE7
> KB929123
> KB929969
> KB930178
> KB931768-IE7
> KB931784
> KB931836
> KB932168
> KB933360
> KB933566-IE7
> KB933729
> KB933854
> KB935839
> KB935840
> KB936021
> KB936782
> KB937143-IE7
> KB938127-IE7
> KB938464
> KB939653-IE7
> KB941202
> KB941568
> KB941569
> KB941644
> KB941693
> KB942615-IE7
> KB942763
> KB942830
> KB942831
> KB943055
> KB943460
> KB943485
> KB943729
> KB944533-IE7
> KB944653
> KB945553
> KB946026
> KB947864-IE7
> KB948496
> KB948590
> KB948881
> KB950759-IE7
> KB950760
> KB950762
> KB950974
> KB951066
> KB951072-v2
> KB951698
> KB951748
> KB952004
> KB952069
> KB952954
> KB953298
> KB953838-IE7
> KB953839
> KB954155
> KB954211
> KB954550-v5
> KB954600
> KB955069
> KB955759
> KB955839
> KB956390-IE7
> KB956391
> KB956572
> KB956744
> KB956802
> KB956803
> KB956841
> KB956844
> KB957095
> KB957097
> KB958215-IE7
> KB958644
> KB958687
> KB958690
> KB958869
> KB959426
> KB960225
> KB960714-IE7
> KB960715
> KB960803
> KB960859
> KB961063
> KB961118
> KB961260-IE7
> KB961371
> KB961371-v2
> KB961373
> KB961501
> KB967715
> KB967723
> KB968389
> KB968537
> KB968816
> KB969059
> KB969897-IE8
> KB969898
> KB969947
> KB970238
> KB970430
> KB970483
> KB970653-v3
> KB971032
> KB971180-IE8
> KB971468
> KB971486
> KB971513
> KB971557
> KB971633
> KB971657
> KB971737
> KB971961-IE8
> KB972260-IE8
> KB972270
> KB973037
> KB973346
> KB973354
> KB973507
> KB973525
> KB973540
> KB973687
> KB973815
> KB973825
> KB973869
> KB973904
> KB974112
> KB974318
> KB974392
> KB974455-IE8
> KB974571
> KB975025
> KB975364-IE8
> KB975467
> KB975560
> KB975713
> KB976098-v2
> KB976325-IE8
> KB976662-IE8
> KB976749-IE8
> KB977165
> KB977290
> KB977914
> KB978037
> KB978207-IE8
> KB978251
> KB978262
> KB978706
> KB979306
> KB980182-IE8
> Q147222
>
>
> Netcard queries test . . . . . . . : Passed
>
>
>
> Per interface results:
>
> Adapter : Local Area Connection
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : SMMPSERVER
> IP Address . . . . . . . . : 192.168.0.12
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.0.1
> Dns Servers. . . . . . . . : 127.0.0.1
>
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> 'Messenger Service', <20> 'WINS' names is missing.
> No remote names have been found.
>
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this interface.
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{3D12CE7B-6629-4B64-A1B7-598CC3175413}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
>
>
> IP loopback ping test. . . . . . . : Passed
>
>
> Default gateway test . . . . . . . : Passed
>
>
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00>
> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
> defined.
>
>
> Winsock test . . . . . . . . . . . : Passed
>
>
> DNS test . . . . . . . . . . . . . : Passed
> PASS - All the DNS entries for DC are registered on DNS server
> '127.0.0.1' and other DCs also have some of the names registered.
>
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{3D12CE7B-6629-4B64-A1B7-598CC3175413}
> The redir is bound to 1 NetBt transport.
>
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{3D12CE7B-6629-4B64-A1B7-598CC3175413}
> The browser is bound to 1 NetBt transport.
>
>
> DC discovery test. . . . . . . . . : Passed
>
>
> DC list test . . . . . . . . . . . : Passed
>
>
> Trust relationship test. . . . . . : Skipped
>
>
> Kerberos test. . . . . . . . . . . : Passed
>
>
> LDAP test. . . . . . . . . . . . . : Passed
>
>
> Bindings test. . . . . . . . . . . : Passed
>
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
>
>
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
>
> The command completed successfully


That is good to hear it was resolved. I assume there are no errors in
the event logs?

Don't forget, as Danny mentioned, you would want to change the DNS
address to the actual IP of the machine, and not use the loopback
address.

Ace

> On Apr 2, 4:39*pm, Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>> That is good to hear it was resolved. I assume there are no errors in
>> the event logs?
>>
>> Don't forget, as Danny mentioned, you would want to change the DNS
>> address to the actual IP of the machine, and not use the loopback
>> address.
>>
>> Ace
>
> Nope, noe of the errors that were appearing earlier are now occuring.
>
> However the Application log does have Event 1054 when applying Group
> Policy via gpupdate /force but I'm not sure if it has anything to do
> with the earlier DNS issues

Are you using the administrator account to logon and seeing that error,
or some other account part of the Domain Admin group?

Take a look at this:
http://eventid.net/display.asp?event...serenv&phase=1

You haven't responded about the DNS address.

Ace

> On Apr 4, 12:19*am, Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>> Are you using the administrator account to logon and seeing that error,
>> or some other account part of the Domain Admin group?
>>
>> Take a look at
>> this:http://eventid.net/display.asp?event...3&source=Usere...
>>
>> You haven't responded about the DNS address.
>>
>> Ace
>
> I'm using another account that's part of the Domain Admin group.
>
> I changed the DC's DNS address to 192.168.0.12 (it is the only server
> on the network and thus fills both AD and DNS roles), but nothing has
> changed, I'm still getting event 1054 in the Application log; at least
> workstations are still able to connect to the server and the Internet.
>
> Hmm, this server has an AMD Athlon-64 X2 4200+ processor, I'll try
> updating the driver next...

Maybe the AMD update may help, but I don't know. I've only worked with
Intel hardware.

Go through all the SRV records and make sure no old IP or record
exists.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.