server trying to communicate with ISP DNS server using DCOM

Discussion in 'Windows Server' started by Spin, Dec 2, 2005.

  1. Spin

    Spin Guest

    Experts,

    Running Windows Server 2003 SP1. Running about 10 small public web sites on
    it. This is a single-server pointing to itself for DNS and running Active
    Directory. The AD zone is standard primary with "Secure and Non-secure"
    updates set to 'Yes'. All other zones have dynamic updates turned "off".
    In DNS, under Forwarders, are two IP addresses for my ISP's DNS server. The
    event ID error below indicates my server cannot communicate with my ISP
    server. I can understand that problems sometimes happens, as my ISP is
    hosting my secondary zones for the 10 small public web sites. But why is
    the server trying to communicate with it using DCOM? I would assume it
    would only try to communicate with it using standard tcp over port 53 (zone
    transfer). To me that's just plain weird.

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10009
    Date: 12/2/2005
    Time: 8:35:30 AM
    User: N/A
    Computer: EBIZ-GATE
    Description:
    DCOM was unable to communicate with the computer <ISP DNS> using any of the
    configured protocols.
     
    Spin, Dec 2, 2005
    #1
    1. Advertisements

  2. Spin

    Spin Guest

    The error popped up again. Does any guru have any thought on this? Even a
    guess? :)
     
    Spin, Dec 5, 2005
    #2
    1. Advertisements

  3. In
    Well first thing, I wouldn't use a DC as a webserver.

    I assume that the zone is configured with the Nameserver of your ISP's in
    the nameserver tab?

    Can't think of much else unless it's due to SP1 or some other thing
    installed. And Spin, I assumed you've already seen this:
    http://www.eventid.net/display.asp?eventid=10009&eventno=579&source=DCOM&phase=1


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    If this post is viewed at a non-Microsoft community website, and you were to
    respond to it through that community's website, I may not see your reply
    unless that website posts replies back to the original Microsoft forum.
    Therefore, please direct all replies ONLY to the Microsoft public newsgroup
    this thread originated in so all can benefit or ensure the web community
    posts it back to the original forum.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Windows Server Directory Services
    Microsoft Certified Trainer
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Dec 5, 2005
    #3
  4. Spin

    Spin Guest

    I have been over every square inch of this server. My dcdiag results keep
    telling me I am using two of my SP's DNS servers but I cannot see that I am
    anywhere. The Preferred and Alternate DNS servers for this server points to
    itself under network properties. Ace can you still help me?
     
    Spin, Dec 7, 2005
    #4
  5. In
    I would like to help you out, but first, did you check that eventid.net link
    I gave you? Did you physically go into dcomcnfg to see if it was listed? Is
    Exchange on this machine? If so, is the ISP's in the STMP properties,
    delivery tab, advanced? Is there another NIC or interface that is hidden
    with that configured?

    Honestly it will be difficult because I don't know your machine's complete
    config other than you are running websites on a DC. Maybe it's an webapp in
    one of your many websites, since apparently you are doing e-biz stuff on it.
    That is one reason NOT to run websites on a DC, but I think you already know
    that and know what to do.

    Please take a closer more scrutinizing look at that link and comb thru your
    machine for me please.

    Ace
     
    Ace Fekay [MVP], Dec 8, 2005
    #5
  6. Spin

    Spin Guest

    I'm sorry Ace, I've been so turned around the last couple of days (being
    that the holidays are coming up and all) that I have failed to find where in
    the links you sent me it describes how to go into dcomcnfg (and what to look
    for in dcomcnfg) to see if it was listed.
     
    Spin, Dec 8, 2005
    #6
  7. This is likely because your ISP is authoritative over a zone it is trying to
    register in that your local DNS does not have. This is usually a reverse
    lookup zone, but could be a forward zone of a connection specific DNS
    suffix.
    An ipconfig /all usually verifies this.


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Dec 8, 2005
    #7
  8. Spin

    Spin Guest

    Kevin I think you are spot on. I had a stub zone (forward lookup) to my ISP
    but I have since deleted it and rebooted the server. I do have a reverse
    zone delegated to me by my ISP. How do I remediate my situation?
     
    Spin, Dec 8, 2005
    #8
  9. Spin

    Spin Guest

    I should say, given this new info Kevin how do I resolve it?
     
    Spin, Dec 8, 2005
    #9
  10. Spin

    Spin Guest

    How do I tell my server NOT to register in the reverse zone delegated to me
    by my ISP?
     
    Spin, Dec 9, 2005
    #10
  11. 246804 - How to enable or disable dynamic DNS registrations in Windows 2000
    and in Windows Server 2003:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;246804&Product=winsvr2003




    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Dec 12, 2005
    #11
  12. Spin

    Spin Guest

    Hi Ace,

    I went over the link you sent. Where in DCOMcnfg do I look to see "if the
    server is listed" as you stated in your port? The problem remains. It has
    got to be something in DCOMcnfg but DCOMcnfg is a complicated program. :)

    My problem most closely matches this input by Wayne Prinsloo:

    "Wayne Prinsloo (Last update 10/11/2005):
    I found this event after installing Windows 2003 SP1 and updates. My
    websites were getting an "access denied" error message when opening a remote
    activated DCOM component in the web browser. Eventualy, I found that the
    premissions on the server object were changed in DCOMcnfg. I changed it back
    to Local and Remote Execution and Activation and the problem was solved."

    I have no idea what he means by "I found that the premissions on the server
    object were changed in DCOMcnfg". How did he determine that? How do I
    determine that?
     
    Spin, Dec 18, 2005
    #12
  13. In
    Spin, there is a specific article for this to show you how, but that last
    article I had is no longer available. But you can goto Admin tools,
    Component configuration, drill down thru Component Services, My Computer,
    rt-click, properties, COM Security, check your permissions in there.

    Ace
     
    Ace Fekay [MVP], Dec 19, 2005
    #13
  14. Spin

    Spin Guest

    Kevin, do you think I should enable dynamic updates in the reverse lookup
    zone delegated to me by my ISP?
     
    Spin, Jan 14, 2006
    #14
  15. No, but if you have a public IP on any NIC of a DDNS client, you should
    probably disable PTR registration.




    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jan 14, 2006
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.