DNS Issues Preventing ADPREP /Forestprep From Working

Discussion in 'DNS Server' started by Douglas H. Quebbeman, Sep 14, 2004.

  1. Hello all,

    I've been reading through past traffic here and on other groups
    and mailing lists, with a lot of heat centered around simliar problems,
    but none close enough to be the fix I need.

    We have a mixed-mode Windows 2000 enterprise; a main office and two
    satellite offices, each on its own subnet and domain. The domain names
    of each site are "bogus" in that they are not registered with the InterNIC.
    Each site's domain has its own server which is a DC. The server here in the
    main office is also running MSDE to support an accounting app and Exchange 5.5.

    The hard drive is failing on one of the remote servers, and TPTB decided it
    was time to buy them a new server rather than fix the existing one, so we
    bought a Dell PowerEdge 1600 that will be running Windows 2003 Server Standard
    Edition.

    In trying to prepare the Active Directory forest with ADPREP, I discovered
    that Active Directory, and seemingly DNS, have been failing to replicate
    between the offices since about April, which if memory fails me was about the
    time we upgraded the servers to Win2k SP4.

    Our bogus domain names are 'tegjeff.com', 'tegshv.com', and 'tegevv.com',
    so I considered the single-label domain problem, but it doesn't seem to
    apply.

    The first anomaly I see in the NETDIAG output is one I've seen so much
    discussion about:

    DNS test . . . . . . . . . . . . . : Passed
    [WARNING] Cannot find a primary authoritative DNS server for the name
    'jeffserver.tegjeff.com.'. [RCODE_SERVER_FAILURE]
    The name 'jeffserver.tegjeff.com.' may not be registered in DNS.

    I use RRAS to connect the two outbound servers to our main office in a WAN
    and have working trusts established. Users aren't having any problems.

    I had a 'Duplicate Name' problem that would occur as the remotes log in,
    but something I changed has made that go away; the duplicate name was the
    name of our home office server, and you'd see it in conflict with nbtstat -n
    but as I say that is seemingly fixed.

    I guess I should stop spewing... let me dump the output from netdiag /fix
    and from dcdiag /fix, in the hope that this will provide some info that
    someone can use in directing me towards the light...

    Thanks in advance for any and all help,
    -doug quebbeman
    senile systems administrator
    the estopinal group


    ...........................................

    Computer Name: JEFFSERVER
    DNS Host Name: jeffserver.tegjeff.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
    List of installed hotfixes :
    KB329115
    KB820888
    KB822831
    KB823182
    KB823559
    KB823980
    KB824105
    KB824141
    KB824146
    KB825119
    KB826232
    KB828028
    KB828035
    KB828741
    KB828749
    KB829558
    KB830352
    KB835732
    KB837001
    KB839643
    KB839645
    KB840315
    KB841872
    KB841873
    KB842526
    Q147222
    Q295688
    Q816093
    Q828026


    Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.



    Per interface results:

    Adapter : Local Area Connection 2

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver.tegjeff.com
    IP Address . . . . . . . . : 192.168.1.100
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.1.107
    Primary WINS Server. . . . : 192.168.1.100
    Dns Servers. . . . . . . . : 192.168.1.100


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Passed

    NetBT name test. . . . . . : Passed

    WINS service test. . . . . : Passed

    Adapter : {0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver
    IP Address . . . . . . . . : 192.168.1.240
    Subnet Mask. . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . :
    Dns Servers. . . . . . . . : 127.0.0.1


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    No remote names have been found.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.

    Adapter : {C12801D2-A677-4C9A-AC21-A2EF8637C5F4}

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver
    IP Address . . . . . . . . : 192.168.3.250
    Subnet Mask. . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . :
    Dns Servers. . . . . . . . : 192.168.3.100


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    No remote names have been found.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.

    Adapter : {A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver
    IP Address . . . . . . . . : 192.168.2.250
    Subnet Mask. . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . :
    Dns Servers. . . . . . . . : 192.168.2.100


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    No remote names have been found.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{EF2FCC1E-A048-4FED-A166-F62F40F41562}
    NetBT_Tcpip_{0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}
    NetBT_Tcpip_{C12801D2-A677-4C9A-AC21-A2EF8637C5F4}
    NetBT_Tcpip_{A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}
    4 NetBt transports currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
    [WARNING] Cannot find a primary authoritative DNS server for the name
    'jeffserver.tegjeff.com.'. [RCODE_SERVER_FAILURE]
    The name 'jeffserver.tegjeff.com.' may not be registered in DNS.
    [WARNING] Cannot find a primary authoritative DNS server for the name
    'jeffserver.tegjeff.com.'. [RCODE_SERVER_FAILURE]
    The name 'jeffserver.tegjeff.com.' may not be registered in DNS.
    [WARNING]: The DNS registration for 'jeffserver.tegjeff.com' is correct only on some DNS
    servers.
    Please wait 15 min for replication and run the test again.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.100'.


    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{EF2FCC1E-A048-4FED-A166-F62F40F41562}
    NetBT_Tcpip_{0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}
    NetBT_Tcpip_{C12801D2-A677-4C9A-AC21-A2EF8637C5F4}
    NetBT_Tcpip_{A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}
    The redir is bound to 4 NetBt transports.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{EF2FCC1E-A048-4FED-A166-F62F40F41562}
    NetBT_Tcpip_{0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}
    NetBT_Tcpip_{A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}
    NetBT_Tcpip_{C12801D2-A677-4C9A-AC21-A2EF8637C5F4}
    The browser is bound to 4 NetBt transports.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Failed
    Entry Name: EvvRouter
    Cannot get the phone book entries for EvvRouter. [26F]
    Entry Name: Shv_Router
    Cannot get the phone book entries for Shv_Router. [26F]


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


    The command completed successfully

    *********************************************


    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Jeffersonville\JEFFSERVER
    Starting test: Connectivity
    ......................... JEFFSERVER passed test Connectivity

    Doing primary tests

    Testing server: Jeffersonville\JEFFSERVER
    Starting test: Replications
    [Replications Check,JEFFSERVER] A recent replication attempt failed:
    From SHREVESERVER to JEFFSERVER
    Naming Context: CN=Schema,CN=Configuration,DC=TEGJEFF,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2004-09-14 12:55.30.
    The last success occurred at 2004-04-30 06:57.57.
    2190 failures have occurred since the last success.
    The guid-based DNS name e90e38ad-ad3b-41ba-b713-bdb08722b399._msdcs.TEGJEFF.com
    is not registered on one or more DNS servers.
    [Replications Check,JEFFSERVER] A recent replication attempt failed:
    From EVVSERVER to JEFFSERVER
    Naming Context: CN=Schema,CN=Configuration,DC=TEGJEFF,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2004-09-14 13:54.23.
    The last success occurred at 2003-10-16 20:58.20.
    15960 failures have occurred since the last success.
    The guid-based DNS name d19e0173-1d3e-4964-a003-3cbfaae9b898._msdcs.TEGJEFF.com
    is not registered on one or more DNS servers.
    [Replications Check,JEFFSERVER] A recent replication attempt failed:
    From SHREVESERVER to JEFFSERVER
    Naming Context: CN=Configuration,DC=TEGJEFF,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2004-09-14 12:55.06.
    The last success occurred at 2004-04-30 06:57.44.
    2190 failures have occurred since the last success.
    The guid-based DNS name e90e38ad-ad3b-41ba-b713-bdb08722b399._msdcs.TEGJEFF.com
    is not registered on one or more DNS servers.
    [Replications Check,JEFFSERVER] A recent replication attempt failed:
    From EVVSERVER to JEFFSERVER
    Naming Context: CN=Configuration,DC=TEGJEFF,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2004-09-14 13:54.23.
    The last success occurred at 2003-10-16 20:58.19.
    15960 failures have occurred since the last success.
    The guid-based DNS name d19e0173-1d3e-4964-a003-3cbfaae9b898._msdcs.TEGJEFF.com
    is not registered on one or more DNS servers.
    [Replications Check,JEFFSERVER] A recent replication attempt failed:
    From SHREVESERVER to JEFFSERVER
    Naming Context: DC=TEGSHV,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2004-09-14 12:56.06.
    The last success occurred at 2004-04-30 06:57.57.
    2190 failures have occurred since the last success.
    The guid-based DNS name e90e38ad-ad3b-41ba-b713-bdb08722b399._msdcs.TEGJEFF.com
    is not registered on one or more DNS servers.
    ......................... JEFFSERVER passed test Replications
    Starting test: NCSecDesc
    ......................... JEFFSERVER passed test NCSecDesc
    Starting test: NetLogons
    ......................... JEFFSERVER passed test NetLogons
    Starting test: Advertising
    ......................... JEFFSERVER passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... JEFFSERVER passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... JEFFSERVER passed test RidManager
    Starting test: MachineAccount
    ......................... JEFFSERVER passed test MachineAccount
    Starting test: Services
    ......................... JEFFSERVER passed test Services
    Starting test: ObjectsReplicated
    ......................... JEFFSERVER passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... JEFFSERVER passed test frssysvol
    Starting test: kccevent
    An Warning Event occured. EventID: 0x8000061E
    Time Generated: 09/14/2004 14:29:17
    Event String: All servers in site
    An Error Event occured. EventID: 0xC000051F
    Time Generated: 09/14/2004 14:29:17
    Event String: The Directory Service consistency checker has
    An Warning Event occured. EventID: 0x8000061E
    Time Generated: 09/14/2004 14:29:17
    Event String: All servers in site
    An Warning Event occured. EventID: 0x8000061E
    Time Generated: 09/14/2004 14:29:17
    Event String: All servers in site
    An Error Event occured. EventID: 0xC000051F
    Time Generated: 09/14/2004 14:29:17
    Event String: The Directory Service consistency checker has
    ......................... JEFFSERVER failed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0x40011006
    Time Generated: 09/14/2004 13:56:36
    Event String: The connection was aborted by the remote WINS.
    An Error Event occured. EventID: 0x40011006
    Time Generated: 09/14/2004 13:56:36
    Event String: The connection was aborted by the remote WINS.
    An Error Event occured. EventID: 0x40011006
    Time Generated: 09/14/2004 14:26:36
    Event String: The connection was aborted by the remote WINS.
    An Error Event occured. EventID: 0x40011006
    Time Generated: 09/14/2004 14:26:36
    Event String: The connection was aborted by the remote WINS.
    ......................... JEFFSERVER failed test systemlog

    Running enterprise tests on : TEGJEFF.com
    Starting test: Intersite
    ......................... TEGJEFF.com passed test Intersite
    Starting test: FsmoCheck
    ......................... TEGJEFF.com passed test FsmoCheck
     
    Douglas H. Quebbeman, Sep 14, 2004
    #1
    1. Advertisements

  2. Oh, below is the output from IPCONFIG /ALL. Please note that
    "Local Area Connection 2" is a second NIC added due to some
    never-solved hardware issued with the mobo's builtin NIC. I
    un-bound everything from the disabled 1st NIC...



    Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : jeffserver
    Primary DNS Suffix . . . . . . . : tegjeff.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : tegjeff.com

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . : tegjeff.com
    Description . . . . . . . . . . . : Intel(R) PRO/100+ PCI Adapter
    Physical Address. . . . . . . . . : 00-A0-C9-CE-AF-0E
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.100
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.107
    DNS Servers . . . . . . . . . . . : 192.168.1.100
    Primary WINS Server . . . . . . . : 192.168.1.100

    PPP adapter RAS Server (Dial In) Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.240
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 127.0.0.1

    PPP adapter {C12801D2-A677-4C9A-AC21-A2EF8637C5F4}:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.3.250
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.3.100

    PPP adapter {A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.2.250
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.2.100

    -dq
     
    Douglas H. Quebbeman, Sep 14, 2004
    #2
    1. Advertisements

  3. Let's see, what else can I add...

    * we're behind a firewall, with inbound mappings for VPN
    and a few well-known services

    Wow, brain went dry fast that time...

    -dq
     
    Douglas H. Quebbeman, Sep 14, 2004
    #3
  4. In
    zones for the other two domains?
    Do you have a secondary zone for the other two domains on each domain's DNS
    server?
    If you don't I suggest you start by having a zone for each domain on all DNS
    servers. Once you upgrade to Win2k3 you can use conditional Forwarding, stub
    zones or Forest wide replication. For now add a secondary zone for each
    domain on the other two DNS servers.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Sep 14, 2004
    #4
  5. In
    In addtion to Kevin's post, I wuold like to add, that a mutlihomed
    DC/DNS/RRAS server is problematic. This server has 4 IP addresses. I assume
    this is a DC ?


    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
     
    Ace Fekay [MVP], Sep 15, 2004
    #5
  6. Ace, I'm copying this question into my reply to Kevin's answer...

    -dq
     
    Douglas H. Quebbeman, Sep 15, 2004
    #6
  7. ^^^^^^^^^^^^^
    Kevin asked if this DNS has zones for the other two domains?

    No, it only knows about its own domain...
    ^^^^^^^^^^^^^
    Kevin also asked if the Evansville DNS has zones for the other two domains?

    No, it also only knows about its own domain...
    ^^^^^^^^^^^^^
    Kevin also asked if the Shreveport DNS has zones for the other two domains?

    Heh, Shreveport also only knows about its own domain...
    Nope... didn't know I'd need one... though I ca see how it might be useful.
    Ok.... but it can't be AD-integrated... that's not a problem?

    Second question: I added the zone, but it didn't update from the master
    TEGJEFF.COM primary zone here in Jeffersonville. So I checked the SHV logs and
    they say I haven't enabled zone transfers to that DNS server. So I check
    the JEFF DNS MMC and yes I have enabled zone transfers, and set it so that
    transfers can occur only to 192.168.2.100 and 192.168.3.100 from 192.168.1.100.

    On the properties for the TEGJEFF.COM primary zone, under Zone Transfers, I
    have them enabled ONLY TO THE FOLLOWING SERVERS and those two IP addresses.
    I see that I *could* check "Only to servers listed on the Name Servers tab"
    but doing so might be a problem; on the Name Servers tab, I've included
    (wrongly???) as well as the two remote DNS servers, the DNS servers of our
    ISP. I hope I'm not confusing the issue here, it seems it should work with
    the servers' IPs specified.

    As a sanity check, I just changed the localprimary to allow zone transfers
    to any server, and now the secondary is getting updates.

    Meanwhile, Ace asked:
    I have seen references to this, thinking (hoping) it meant multihomed
    using actual hardware NICs was a problem. Yes, it's a domain controller.

    There's a MSKB note about some registry settings needed for a server that's
    providing both RRAS and DNS.

    Regarding Kevin's Win2k3 reference... these servers will not be upgraded.
    We run Exchange 5.5 with some orphaned crap in it that I do not want to
    see propagated into AD. So I'm going to hoist 40+ mailboxes out into
    a personal folder file for each user and move them from Exchange 5.5 to
    Exchange 2k3 once we buy a new server for this office at the end of the
    year. The current Shreveport server is going to be replaced with the Win2k3
    server just purchased. The decomissioned PE2400 will be a parts feeder for
    the Evansville server and will continue running Windows 2000.

    Additionally, the Windows 2000 server here in Jeffersonville will continue
    in operation sans running Exchange but still running Windows 2000 Server.

    At least that's the current plan.

    I could move DNS to the Win2k3 server at the end of the year and leave RRAS
    on the old one, but I really can't wait that long to solve the original problem,
    which is getting the Jeffersonville server's Active Directory forest prepared
    so that I can put the Windows 2003 server on the network and get it to be a DC.

    The output from netdiag is cleaner but I still have problems, most notably

    DNS test . . . . . . . . . . . . . : Failed
    [FATAL]: The DNS registration for 'jeffserver.tegjeff.com' is incorrect on all DNS servers.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.100'.


    I'll spew the entire netdiag below. What other info can I supply that
    might shed some light?

    Thanks Kevin & Ace, I hope you get a chance to look at this during EDT hours...

    -dq


    ...........................................

    Computer Name: JEFFSERVER
    DNS Host Name: jeffserver.tegjeff.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
    List of installed hotfixes :
    KB329115
    KB820888
    KB822831
    KB823182
    KB823559
    KB823980
    KB824105
    KB824141
    KB824146
    KB825119
    KB826232
    KB828028
    KB828035
    KB828741
    KB828749
    KB829558
    KB830352
    KB835732
    KB837001
    KB839643
    KB839645
    KB840315
    KB841872
    KB841873
    KB842526
    Q147222
    Q295688
    Q816093
    Q828026


    Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.



    Per interface results:

    Adapter : Local Area Connection 2

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver.tegjeff.com
    IP Address . . . . . . . . : 192.168.1.100
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.1.107
    Primary WINS Server. . . . : 192.168.1.100
    Dns Servers. . . . . . . . : 192.168.1.100


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Passed

    NetBT name test. . . . . . : Passed

    WINS service test. . . . . : Passed

    Adapter : {0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver
    IP Address . . . . . . . . : 192.168.1.240
    Subnet Mask. . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . :
    Dns Servers. . . . . . . . : 127.0.0.1


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
    is missing.
    No remote names have been found.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.

    Adapter : {C12801D2-A677-4C9A-AC21-A2EF8637C5F4}

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver
    IP Address . . . . . . . . : 192.168.3.250
    Subnet Mask. . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . :
    Dns Servers. . . . . . . . : 192.168.3.100


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
    is missing.
    No remote names have been found.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.

    Adapter : {A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : jeffserver
    IP Address . . . . . . . . : 192.168.2.250
    Subnet Mask. . . . . . . . : 255.255.255.255
    Default Gateway. . . . . . :
    Dns Servers. . . . . . . . : 192.168.2.100


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{EF2FCC1E-A048-4FED-A166-F62F40F41562}
    NetBT_Tcpip_{0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}
    NetBT_Tcpip_{C12801D2-A677-4C9A-AC21-A2EF8637C5F4}
    NetBT_Tcpip_{A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}
    4 NetBt transports currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Failed
    [FATAL]: The DNS registration for 'jeffserver.tegjeff.com' is incorrect on all DNS servers.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.100'.


    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{EF2FCC1E-A048-4FED-A166-F62F40F41562}
    NetBT_Tcpip_{0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}
    NetBT_Tcpip_{C12801D2-A677-4C9A-AC21-A2EF8637C5F4}
    NetBT_Tcpip_{A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}
    The redir is bound to 4 NetBt transports.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{EF2FCC1E-A048-4FED-A166-F62F40F41562}
    NetBT_Tcpip_{0B9E90CB-BFD0-49B7-8989-FF4FAA07D221}
    NetBT_Tcpip_{C12801D2-A677-4C9A-AC21-A2EF8637C5F4}
    NetBT_Tcpip_{A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}
    The browser is bound to 4 NetBt transports.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Failed
    Entry Name: EvvRouter
    Cannot get the phone book entries for EvvRouter. [26F]


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


    The command completed successfully
     
    Douglas H. Quebbeman, Sep 15, 2004
    #7
  8. BTW-

    The netdiag output shows that JEFFSERVER's hostname on the ethernet interface
    us in FQDN form, but on the two RRAS interfaces, it's not, it's just 'jeffserver'.

    Is this another problem?

    -dq
     
    Douglas H. Quebbeman, Sep 15, 2004
    #8
  9. Ok, things seem much better, I have a wrning for the DNS problem
    now instead of a fatal error. Tried the Adprep again, still failed
    with a "BUSY" error that was logged to ldif.err... elsewhere on the
    net, someone with a simliar problem was admonished to run repadmin /showreps,
    and here is the output from that:

    Jeffersonville\JEFFSERVER
    DSA Options : IS_GC
    objectGuid : aeb5ba3a-9fc0-4f10-ab33-d4842fb8a2c6
    invocationID: 23d01027-ddaf-4e70-92a2-bd8a4481bae8

    ==== INBOUND NEIGHBORS ======================================

    CN=Schema,CN=Configuration,DC=TEGJEFF,DC=com
    Shreveport\SHREVESERVER via RPC
    objectGuid: e90e38ad-ad3b-41ba-b713-bdb08722b399
    Last attempt @ 2004-09-15 09:54.10 was successful.
    Evansville\EVVSERVER via RPC
    objectGuid: d19e0173-1d3e-4964-a003-3cbfaae9b898
    Last attempt @ 2004-09-15 09:54.10 was successful.

    CN=Configuration,DC=TEGJEFF,DC=com
    Shreveport\SHREVESERVER via RPC
    objectGuid: e90e38ad-ad3b-41ba-b713-bdb08722b399
    Last attempt @ 2004-09-15 09:54.09 was successful.
    Evansville\EVVSERVER via RPC
    objectGuid: d19e0173-1d3e-4964-a003-3cbfaae9b898
    Last attempt @ 2004-09-15 09:54.10 failed, result 8418:
    The replication operation failed because of a schema mismatch between the servers involved.
    Last success @ 2004-09-15 08:54.09.
    0 consecutive failure(s).

    DC=TEGSHV,DC=com
    Shreveport\SHREVESERVER via RPC
    objectGuid: e90e38ad-ad3b-41ba-b713-bdb08722b399
    Last attempt @ 2004-09-15 09:54.11 was successful.

    ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============


    So I have a schema mismatch...

    When I runt he AD replication Monitor, and add jeffserver to the
    monitored servers list, it shows lines for knowing about only two
    of my three domain controllers, Jeff's TEGJEFF.COM and the Shreveport
    server's TEGSHV.COM.

    I do feel I'm getting closer...

    -dq
     
    Douglas H. Quebbeman, Sep 15, 2004
    #9
  10. In
    Schema mismatch? Are you running adprep, especially with the forestprep
    switch, on the Schema master?


    Ace
     
    Ace Fekay [MVP], Sep 15, 2004
    #10
  11. In
    <snip>

    Part of the issue, is that a DC cannot be part of more than one site. AD is
    site aware. A definiition of a 'site' is that a site can have no subnet
    (default installation) or one or more subnets (after manually defining them
    correctly). A machine cannot be a member of more than one site, unless you
    specify all these subnets objects are in the same site.

    If there are multiple IPs for a record in DNS, it can come down to the fact
    that a machine may have difficulty 'finding' itself in your network topology
    with an IP that it does not have a route to, because, keep in mind, that
    multiple entries for the same name and having different cooresponding IP
    addresses, Round Robin kick in place. Hence, this is ONLY part of the issues
    with multihoming a DC.

    If at all possible, do you have a machine that will handle RAS for you that
    you can multihome and get that extra card, PPP connections, and IPs off the
    DC? If not, you can alter the functionality in the reg to make it work for
    you. Here's some more info:

    Q292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
    Controller with Routing and Remote Access and DNS Installed and Demand Dial:
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q292822&


    Ace
     
    Ace Fekay [MVP], Sep 15, 2004
    #11
  12. In
    I am assuming we are dealing one forest with three domains?
    If you look through your dcdiag you'll see you had replication failures for
    almost a year. I think this is due to the multiple subnets and incorrect DNS
    configuration on this DC, which I assume is the schema master.
    also, Since each DC only has a zone for its own domain they cannot resolve
    the other DCs in their DNS. Hence, why you need a secondary zone for the
    Forest root on all DCs.

    Also in your ipconfig take a look at this:
    Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : jeffserver
    Primary DNS Suffix . . . . . . . : tegjeff.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : tegjeff.com

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . : tegjeff.com
    Description . . . . . . . . . . . : Intel(R) PRO/100+ PCI Adapter
    Physical Address. . . . . . . . . : 00-A0-C9-CE-AF-0E
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.100
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.107
    DNS Servers . . . . . . . . . . . : 192.168.1.100
    Primary WINS Server . . . . . . . : 192.168.1.100

    PPP adapter RAS Server (Dial In) Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.240
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 127.0.0.1

    PPP adapter {C12801D2-A677-4C9A-AC21-A2EF8637C5F4}:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.3.250
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.3.100<--Change to 192.168.1.100

    PPP adapter {A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.2.250
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.2.100<--change to 192.168.1.100



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Sep 15, 2004
    #12
  13. Yes indeedy...
     
    Douglas H. Quebbeman, Sep 15, 2004
    #13
  14. Yes; when I originally set up the WAN, we hosted the links over V.90
    dialup connections to the Internet. In those days, I ran Exchange 5.5
    on each server using IMC as the site connector. I had asked management
    for 12 weeks upon delivery of the first Windows 2000 Server for this
    office so that I could learn about Active Directory and all the other
    changes Win2k brought.... four weeks in I was told I had two weeks left
    so Knowledge and Mastery were going to have to wait...
    The jeffserver is meant to be the schema master, yes. I was aware that
    DNS wasn't quite right, but generally, users weren't noticing any effects,
    and my other hobbies^H^H^H^H^H^H^Hduties kept me too busy to fix it.
    I've done that now, as well as finally getting around to creating reverse-
    lookup zones.
    ^^^ ^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    Fixed... done!
    ^^^ ^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    Fixed... done!

    Ok, this has helped greatly, the netdiag output looks even cleaner,
    especially the DNS test:

    DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.100'.
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.

    Dang! That localhost ref is for the dial-in adapter... I saw a reference to
    this in a posting where you were helping someone else, Kevin... I looked
    around for the proper way to change the properties for the dial-in interface,
    I would think it would be somewhere in the RRAS MMC plug-in, but I could not
    find it. I used REGEDIT to change it to 192.168.1.100, and that fixed it, until
    I restarted RRAS (to put in effect the other DNS change you pointed out above).

    Anyone know how to change the properties of the simple dial-in RAS adapter?

    Also, I'm curious... the WAN is up, but netdiag says

    WAN configuration test . . . . . . : Skipped
    No active remote access connections.

    Not sure this is related to my problem or not. Oh, I have WINS issues too...

    Let's see how the dcdiag output looks. Ok, pretty clean too, except for
    this problem with replication to Evansville:

    An Warning Event occured. EventID: 0x800034FA
    Time Generated: 09/15/2004 11:56:36
    Event String: Following is the summary of warnings and errors
    encountered by File Replication Service while
    polling the Domain Controller
    jeffserver.tegjeff.com for FRS replica set
    configuration information.


    The nTDSConnection object
    cn=jeffserver,cn=ntds settings,
    cn=evvserver,cn=servers,cn=evansville,
    cn=sites,cn=configuration,dc=tegjeff,dc=com
    is conflicting with
    cn=jeffserver\cnf:15254a3a-7b76-4326-b01d-601bd26489e5,
    cn=ntds settings,cn=evvserver,cn=servers,cn=evansville,
    cn=sites,cn=configuration,dc=tegjeff,dc=com.
    Using cn=jeffserver,cn=ntds settings,
    cn=evvserver,cn=servers,cn=evansville,
    cn=sites,cn=configuration,dc=tegjeff,dc=com

    I went into AD Sites & Services, and found two connection objects...

    Not sure which was right... the ones linking Jeffserver & Shreveserver
    have names that are GUIDs, but one of the Evansville connection objects
    was one I manually created this morning and was named jeffserver, while
    the other one was named jeffserver followed by a control character or a
    character value > 128, then CNF:15254a3a-7b76-4326-b01d-601bd26489e5.

    I've deleted them both...

    What is the proper way for me to create the connection object
    that links jeffersonville and evansville? I don't recall creating
    the ones that link jeffersonville and shreveport, might the system
    have created them automagically?

    BTW Kevin, both you and Ace have been very helpful... I have the
    resource kit, but w/r/t this problem, I could not find an edge to
    grab hold of, everything I'd read just led me in circles... so thanks
    for help rendered so far & anticipated too!

    Regards,
    -doug q
     
    Douglas H. Quebbeman, Sep 15, 2004
    #14
  15. The issue would be that steelhead (RRAS) runs only under the server product,
    and not under the workstation product. Yes, I have surplus machines, but no
    surplus copies of Windows 2000 Server. And no budget. We're one of those "how
    much money did we not spend on supplies this year that we can at the end of
    the year use for capital expenditures and write it off as if it were supplies"
    organizations...

    But I'll check out that tech note for sure... thanks!

    -dq
     
    Douglas H. Quebbeman, Sep 15, 2004
    #15
  16. In
    I believe changing the dialup entry, and I guess you created this as a
    DemandDial interface in RAS? I can't remember, but I believe if you go to
    its properties, either in RAS or in Network & Dialup Connections, you can
    change it in there? Check to make sure, since I don't have a server to
    create one and check in front of me.

    As for the connection objects in Sites and Service, the KCC creates them.
    You can rt0click on the NTDS settings, and choose 'Check Topology" and the
    KCC should re-create them for you. If you want to create them manually, you
    can just rt-click on the NTDS settings, New, Connection, and stipulate the
    other server. Keep in mind, these connection objects are the replication
    connections and they are "Pull" connections, which means the one server you
    created this on pointing to another, will pull replication from its partner.
    To make it both ways, you have to create one from the other server to you.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
     
    Ace Fekay [MVP], Sep 16, 2004
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.