Netdiag Errors

Discussion in 'DNS Server' started by Daz, Aug 2, 2005.

  1. Daz

    Daz Guest

    Hi all
    i am currently in the progress of installing Exchange 2003 for our
    Network.
    I have DCPROMO the server and made it a GC but when i ran Netdiag.exe on my
    brand new Dell Power Edge 2800 using teaming (never been on the Network
    before)

    i get the following error any help would be really appreciated.
     
    Daz, Aug 2, 2005
    #1
    1. Advertisements

  2. Daz

    Daz Guest

    DNS test . . . . . . . . . . . . . : Failed
    Interface {376B1778-664C-4960-87A5-1279E95BA372}
    DNS Domain: wpsdom.local
    DNS Servers: 172.16.0.1
    IP Address: Expected registration with PDN (primary DNS
    domain name):
    Hostname: mailexchange.wpsdom.local.
    Authoritative zone: wpsdom.local.
    Primary DNS server: server_2.wpsdom.local 172.16.0.1
    Authoritative NS:172.16.0.2 172.16.0.1 172.16.0.131 172.16.0.4
    172.16.0.20 172.16.0.3
    Check the DNS registration for DCs entries on DNS server '172.16.0.1'
    [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for
    reading.
    [FATAL] No DNS servers have the DNS records for this DC registered.


    Redir and Browser test . . . . . . : Failed
    List of transports currently bound to the Redir
    NetbiosSmb
    NetBT_Tcpip_{376B1778-664C-4960-87A5-1279E95BA372}
    The redir is bound to 1 NetBt transport.

    List of transports currently bound to the browser
    NetBT_Tcpip_{376B1778-664C-4960-87A5-1279E95BA372}
    The browser is bound to 1 NetBt transport.
    [FATAL] Cannot send mailslot message to 'WPSDOM*' via browser.
    [ERROR_INVALID_FUNCTION]


    DC discovery test. . . . . . . . . : Passed
     
    Daz, Aug 2, 2005
    #2
    1. Advertisements

  3. In
    It looks like the server has a problem with the Netogon.dns file. Is the
    file there? Does the system have Full Control?

    It wasn't necessary to make the Exchange server a DC, especially if Exchange
    is going to be that busy.
    Are all of the Authoritative DNS servers DC?
    What errors are you seeing in the Event log, (System & DNS log) You are
    looking for mostly Netlogon errors.




    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 2, 2005
    #3
  4. Daz

    Daz Guest

    Many thanks for you reply Kevin
    I have checked the netlogon.dns file and it is there and system and
    administrators have full control one thing i did notice when i compared the
    file from my server that hosts DNS is it was missing some entries (the one
    with the errors that is) also all the DNS servers are AD intigrated and they
    are DCs (2 of them that is) i have re- run DCPROMO and disjoined my server
    from the domain and re-added it again but switched of GC and the problem is
    still there i am reluctant to even begin Exchange until this issue is sorted
    out all my other servers pass on dcdiag and netdiag but not this one for some
    reason, i am so confused.
    When i run dnslint on my dns servers it passes with know errors.
    i will tell you the diference in my netlogon.dns records Wednesday as i am
    at home at present.
    any other ideas i am really stuck on this as my dns knowledge is limited

    thanks again

     
    Daz, Aug 2, 2005
    #4
  5. In
    System and Admins have Full Control?
    Were the default permissions altered?
    You mean all of these servers:
    172.16.0.2, 172.16.0.1, 172.16.0.131, 172.16.0.4, 172.16.0.20 and 172.16.0.3
    are either DCs with the wpsdom.local zone being AD Integrated on all of
    them? Or are they a mix of DCs with the wpsdom.local zone being AD
    Integrated and a few member servers with a copy of the wpsdom.local as a
    Secondary zone on them?

    The reason I am confused is because you said two of them are DCs, but you
    then stated they are ALL AD Integrated. The AD Integrated option is ONLY
    available on a DC/DNS server.
    You mean you demoted it and then re-promoted it with DCPROMO to add it as a
    DC?

    Honestly, you're better off, and it's highly recommended for Exchange to be
    on a member server due to performance reasons, mainly that a DC disables the
    write-cache function on the drives to insure AD database stability and
    recoverability. This default setting behavior change just kills Exchange
    performance besides being a completely separate app running and eating up
    resources.

    Maybe it will be better off if you just joined the machine to the domain to
    become a member server and then just install Exchange on it. Is there any
    compelling reason this machine needs to be a DC?
    A DC being a GC or not wouldn't really matter with this issue.
    Sometimes with issues like this, DNSLint won't help.
    Can you post some info please?
    1. ipconfig /all from this machine
    2. The DNS domain name of AD (found in ADUC)
    -Thanks

    No problem. You came to the right place. Hopefully one of us can figure it
    out for you.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Aug 3, 2005
    #5
  6. Daz

    Daz Guest

    Thanks for your reply Ace
    ok here we go

    i have 8 server that comprise of
    Domain name = wpsdom.local

    Server_1 = DC GC 172.16.0.2 Windows 2003 SP1

    Server_2 = DC DNS and Wins 172.16.0.1 Windows 2003 SP1

    mailserver (Exchange 5.5) DC GC 172.16.0.131 Windows 2000 SP4

    Printer-Server DC GC 172.16.0.3 Windows 2003 SP1

    William = DC GC 172.16.0.4 Windows 2003 SP1

    SUSERVER = DC GC DNS and Wins 172.16.0.20 Windows 2003 SP1

    Bromcom = Member Server Windows 2000 SP4

    I.T Support = Member Server Windows 2003 SP1

    Mailexchange = DC 172.16.0.25 Windows 2003 x 64

    Windows IP Configuration



    Host Name . . . . . . . . . . . . : mailexchange

    Primary Dns Suffix . . . . . . . : wpsdom.local

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : wpsdom.local

    Ethernet adapter Team #0 - Adapter Fault Tolerance Mode:

    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) Advanced Network Services
    Virtual Adapter

    Physical Address. . . . . . . . . : 00-11-43-EF-82-75

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 172.16.0.25

    Subnet Mask . . . . . . . . . . . : 255.255.0.0

    Default Gateway . . . . . . . . . : 172.16.0.14

    DNS Servers . . . . . . . . . . . : 172.16.0.20

    172.16.0.1

    Primary WINS Server . . . . . . . : 172.16.0.1

    No permissions have been changed with this server. I just built it from
    scratch on Monday last week, let it burn in for a week, then on Monday
    DCPROMO it and left it until yesterday when on ran the utils DCDIAG and
    Netdiag when i saw this Fatal Error with DNS.
    Reason for making it a DC were only for redunduncy as my other servers are
    getting old, but i take onboard what your saying and will try the member
    server option then.

    thanks again

    Darren
     
    Daz, Aug 3, 2005
    #6
  7. In
    As Ace and I stated, running Exchange on a DC is not really recommended if
    you don't have to. If you only had one or two DCs, you wouldn't have much
    choice. But, you have six other DCs and according to the netdiag report all
    are running DNS. It would really have to be a catastrofic situation to lose
    all six of the other DCs at once.

    That doesn't answer what the problem is with the Netlogon.dns file and why
    it cannot be opened for reading. This generally points to a permissions
    issue, I understand that you have not modified the permissions. But I would
    certainly verify the permissions and the propagation of the permissions in
    the ACL.
    Off on a tangent with a story, I worked on a brand new XP machine the other
    day that the system didn't have full control of the temp folder and it was
    getting access denied errors on installations requiring the Windows
    Installer. Well this machine was not a domain member and therefore the
    Security tab was hidden. When I got into safe mode to check the permissions
    the system was not even in the ACL list, let alone did the system have any
    rights.




    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 3, 2005
    #7
  8. Daz

    Daz Guest

    Thanks for the reply Kevin
    When you say all are running DNS do you mean the DNS service as to my
    knowledge only two are running DNS Service SUSERVER and Server_2.
    I have decided to remove the mailexchange server from the domain and make it
    a member server as per your recomendation but since doing this two of my
    servers
    seem to take up to 2 hours to get to the logon screen then another hour to
    login i am sure there is a more major problem at present that will prevent me
    from going any further with this i am tempted to run a system state restore
    and start again as all was well before i started this i seem to have a major
    DNS problem that needs sorting before i go any further.
    Does system state restore all my DNS data as well as WINS?

    any help is more than appreciated now i think my AD is broke and i dont know
    how to fix it.

    many thanks

    Darren
     
    Daz, Aug 3, 2005
    #8
  9. In
    Let's start by looking at someting I saw in the Netdiag:

    Primary DNS server: server_2.wpsdom.local 172.16.0.1

    One problem with this DC is the underscore in the host name, not all DNS
    server support underscores in the host or domain name. Win2k and Win2k3
    allow these but you will see a warning in dcdaig tests.

    Below is the list of NS records found in the wpsdom.local zone, this would
    be all the DNS servers with the zone and is why I believe all your DCs have
    DNS. These are the only DNS servers you are allowed to use in TCP/IP
    properties of any of your DCs or members.
    Authoritative NS:172.16.0.2 172.16.0.1 172.16.0.131 172.16.0.4
    172.16.0.20 172.16.0.3

    If it is taking that long to start up and logon it generally means you don't
    have the correct DNS servers in the list, or the DCs have not properly
    registered all their records. The DNS server addresses above are the only
    DNS addresses you should use on any member or DC. I would use the DNS
    management console to connect to each of these server and verify there is a
    zone for wpsdom.local.
    Also, I would like for you to verify if there is a separate zone for
    _msdcs.wpsdom.local, if there is it is fine, but since one of your DCs is
    running Windows 2000, check the Replication scope on the zone and make sure
    it replicates only to all Domain Controllers in the AD Domain. Usually this
    zone is set to replicate to all DNS servers in the forest, but it won't work
    because the zone won't replicate to the Windows 2000 server.
    Also, if there is a zone named _msdcs.wpsdom.local, open the wpsdom.local
    zone, and check to see that the _msdcs subdomain is a delegation with the NS
    records for the DNS server that actually have the _msdcs.wpsdom.local zone.


    Both of these DNS servers are in the Authoritaive DNS server list, so you
    should verify that these DNS server have all the DNS registrations I have
    referred to above and are working. You may even try to add one of the other
    DNS server from the list to

    Try netdiag /fix and dcdiag /fix




    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 3, 2005
    #9
  10. In
    Two of your servers having problems logging in? Now that is a DNS server or
    lookup issue. Are there any services disabled, such as the DHCP Client
    Service? That is an absolute required service that works with the DNS
    resolver service whether the machine is set for automatically obtain an IP
    or has a static entry.

    Can you run and paste back the results of this command from both of those
    servers please?
    net start

    Thanks.


    Ace
     
    Ace Fekay [MVP], Aug 3, 2005
    #10
  11. In Kevin D. Goodknecht Sr. [MVP] <> made this post, which I
    then commented about below:

    Kevin, this should help you give you the security tab in XP:

    How Do I See the Security tab in XP Home:
    http://www.dougknox.com/xp/tips/xp_home_sectab.htm

    Security Tab to show up for XP Home, W2k and NT4. Called the NT4
    Configuration Manager [ftp link, so may need ftp client]:
    ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/scm/scesp4i.exe

    Ace
     
    Ace Fekay [MVP], Aug 3, 2005
    #11
  12. In
    Since it was someone else's computer I feel it is safer to use Safe Mode, if
    you know what I mean.



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 3, 2005
    #12
  13. In
    I Understand that!

    Ace
     
    Ace Fekay [MVP], Aug 3, 2005
    #13
  14. Daz

    Daz Guest

    Thanks for help on this guys but its got beyond my control. I am spending to
    much time trying to solve this, so i am going to recreate my whole AD servers
    and network again and start from scratch.
    I have 2 weeks to do it so i should be ok.

    Thanks again for help though

    Daz
     
    Daz, Aug 4, 2005
    #14
  15. In
    Good luck Daz! :)

    Ace
     
    Ace Fekay [MVP], Aug 5, 2005
    #15
  16. If you are going to do that, save yourself some time by creating a parallel
    domain, set up trust and migrate your accounts to the new domain. You'll
    have fewer people mad at you because if you don't migrate, the next time
    your users logon they will get a new profile on their machines. You will
    have to visit all the machines then copy their old profile in to the new
    profile. Only one problem, the old domain and the new domain must have
    different AD and NetBIOS names to set up trust.

    If you use ADMT, you can migrate the old profile to the new domain by
    migrating the users SID to the new domain. Profiles are assigned by SID not
    by username.



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 5, 2005
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.