Netdiag DNS Warning - cant find primary authoriative DNS server

Discussion in 'DNS Server' started by Greg, Dec 1, 2003.

  1. Greg

    Greg Guest

    Hi All,

    I have 2 2003 DCs, in an upgraded NT4 -> 2003 Domain. I
    am using AD integrated DNS. When I run netdiag I get the
    message below. It says Passes for DNS test, but I see the
    warning that it cant find primary authoriative DNS server.

    There are A, SRV and SOA records in the forward lookup
    zone, plus the ip address in the reverse lookup zone.

    Should I be worried about this?


    DNS test . . . . . . . . . . . . . : Passed
    [WARNING] Cannot find a primary authoritative
    DNS server for the name
    'dc0.company.com.'. [ERROR_TIMEOUT]
    The name 'dc0.company.com.' may not be
    registered in DNS.
    PASS - All the DNS entries for DC are registered on
    DNS server '10.3.1.8' an
    d other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on
    DNS server '10.3.1.9' an
    d other DCs also have some of the names registered.
     
    Greg, Dec 1, 2003
    #1
    1. Advertisements

  2. When you look in the zone properties, Nameserver tab, ensure that the proper
    name and it's IP address resolves correctly.

    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 2, 2003
    #2
    1. Advertisements

  3. Greg

    greg Guest

    Thanks for the reply.

    Both DNS servers DC0 and DC1 are listed in the zone
    properties nameserver tab for company.com

    They both resolve correctly

    any other ideas?
     
    greg, Dec 2, 2003
    #3
  4. Are the zones on both servers AD Integrated?


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
    --
    =================================

     
    Ace Fekay [MVP], Dec 2, 2003
    #4
  5. Greg

    greg Guest

    yes all zones are AD integrated on both Servers. Set for
    secure updates only

     
    greg, Dec 2, 2003
    #5
  6. Greg

    Guest Guest

    Here is the result of netdiag /v

    I am not sure if there is even a problem. I can't find
    anything about this online.

    Can it not find a primary authoratative because it is AD
    integrated? If I had primary and secondary zones would
    this message not appear?

    DC0 is certainly registered with DNS. Not sure why it
    says it can't find it.



    dcdiag.log

    DNS test . . . . . . . . . . . . . : Passed
    Interface {5CB923BC-A833-4F5E-9690-3821B375F6A6}
    DNS Domain:
    DNS Servers:
    IP Address: Expected registration with PDN
    (primary DNS domain name):
    Hostname: dc0.company.com.
    [WARNING] Cannot find a primary authoritative
    DNS server for the name
    'dc0.company.com.'. [ERROR_TIMEOUT]
    The name 'dc0.company.com.' may not be
    registered in DNS.
    Interface {DEC17B38-6D5D-4256-BAC6-B6B439DBCEF7}
    DNS Domain: company.com
    DNS Servers: 10.3.1.8 10.3.1.9
    IP Address: Expected registration with PDN
    (primary DNS domain name):
    Hostname: dc0.company.com.
    Authoritative zone: company.com.
    Primary DNS server: dc0.company.com 10.3.1.8
    Authoritative NS:10.3.1.9 10.3.1.8
    Check the DNS registration for DCs entries on DNS
    server '10.3.1.8'
    The Record is different on DNS server '10.3.1.8'.
    DNS server has more than one entries for this name,
    usually this means there are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '10.3.1.8', no
    need to re-register.>
     
    Guest, Dec 2, 2003
    #6
  7. Greg

    greg Guest

    turns out was getting this because I have 2 NICs, one was
    not being used. By disabling the unused one, the warning
    stopping ...

    check out activedir.org
     
    greg, Dec 2, 2003
    #7
  8. In
    Didn't know you had two NICs.

    Yes, dual homed NICs incorrectly configured will cause numerous issues with
    services such as DNS or AD on it. If you needed the two NICs, there are
    steps to follow that insure errors like this don't occur.

    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 3, 2003
    #8
  9. Greg

    greg Guest

    thanks Ace .. What steps are they? always good to know
    in case I need to use them.
     
    greg, Dec 3, 2003
    #9
  10. In

    Many...
    Both interfaces: Only point to your internal IP for DNS.
    Make sure in binding order that the internal NIC is at the top.
    DNS - only listen to internal IP
    On outer NIC, uncheck register connection in IP properties, DNS tab
    A reg entry (not handy at the moment) to kill GC entries and manually create
    it for the internal IP.
    A reg entry (not handy at the moment) to stop the external NIC from
    registering it's A record.

    I think that's all of them.



    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 5, 2003
    #10
  11. Greg

    Bill Grant Guest

    In addition, note that if you use the server as a remote access server,
    the "virtual" or internal RAS interface also acquires an IP and can cause
    the same sorts of problems with DNS and Netbios names.

    "Ace Fekay [MVP]"
     
    Bill Grant, Dec 5, 2003
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.