General discussion

Locked

DNS Help needed

By jlbpotter ·
I have a Windows 2000 AD domain with DNS installed on my Global Catalog server. My DNS root namespace is mycompany.com. I have added another domain to my forest. It is not a child domain of the existing domain. It is its own domain with its own DNS namespace but again within the same forest. For example the name is myothercompany.com. During the DCPromo of myothercompany.com I installed DNS. It joined the forest with no problem whatsoever. But when I look at the Forward Lookup Zone on myothercompany.com there are no subfolders created. I don't have the folders "_msdcs, _sites,_tcp, _udp. On my first DNS server I am getting NTDS KCC errors stating that it can't replicate the link with my new server because of a DNS lookup failure. Any assistance on this would be greatly appreciated. Thanks in advance.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to DNS Help needed

feed us the exact info in the event log: event id, type, source. then we (or you) can look it up at www.eventid.com. you can search there for free, if you pay very small amount you can see very well juried comments from others who resolved the issue(s).

Collapse -

by sgt_shultz In reply to

from http://support.microsoft.com Q249256 HOWTO: Troubleshoot Intra-Site Replication Failures
(there was lots more good looking stuff)
<snip>
"The DSA Operation Is Unable to Proceed Because of a DNS Lookup Failure" Error
To troubleshoot this error:
Use the Nltest /dsgetdc: /pdc /force /avoidself command to determine if the correct PDC is returned.
If there a connection object and not a replication link reported by the REPLMON or REPADMIN commands, the problem might be related to the KCC.
Run the following commands on the PDC, and then submit the output to Microsoft PSS for more troubleshooting:
nltest /DBFLAG:0x2000FFFF

-and-

nltest /DSGETDC: /GC

Run the nltest /dsgetdc: /gc /force command to determine if you can contact a global catalog server (GC).
Check the "password last changed" parameter on both the PDC and the server(s) with which you experience the problem.
back to the top
Operation Queued or No Replication Links Displayed
No replication links are reported when you run the Repadmin.exe or Replmon.exe utilities. To troubleshoot this issue, Trigger the KCC and look in the Directory Services log for any events that relate to the KCC. This typically points to a failure to communicate with a domain controller.
</snip>

Collapse -

by sgt_shultz In reply to

from same article:
<snip>
Advanced Troubleshooting Techniques
Knowledge Consistency Checker and ISTG
You can create an event log for the Knowledge Consistency Checker that contains more diagnostic information. To do this perform the following steps on the ISTG of the site where duplicate connections appear:
Save the contents of the event log, and then clear the event log.
Set the 1 Knowledge Consistency Checker registry DWORD value to 5 in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Run the Knowledge Consistency Checker by running the repadmin /kcc command.
Reset the 1 Knowledge Consistency Checker registry DWORD value to 0 (zero).
Save the new event log.
To obtain a new baseline measurement:
Make sure that the computer has a site link to the hub. If it does not, create one.
Delete all connection objects that come into the computer.
Run the Knowledge Consistency Checker by running the repadmin /kcc command.
Make sure that it has created the connections you expect by running the repadmin /showconn command.
-continued-

Collapse -

by sgt_shultz In reply to

-continued-
Look in the Directory Service event log for errors. You may see errors (for example, event ID 1265) indicating that a replica cannot be added for naming context X, and error Y. Determine if the error is related to a DNS issue or if it is a connectivity error, and then try to correct the corresponding problem. If the error indicates that a target account name is incorrect or if it is an SPN error, it may be more difficult to resolve.
If the event log reports that the replica was added successfully, check this by running the repadmin /showreps command.
After you adjust site link replication intervals, wait for the configuration change to replicate to other hub servers, and then restart each of the hub servers to clear the replication queue. You can use the repadmin/sync command or the Active Directory Sites and Servers snap-in to force replication of the Configuration naming context so that the updated site links are visible on each of the hub servers before you restart them. Use the Dcdiag.exe utility to assess the replication health of each site. This can be run remotely through a script and the output parsed for the word "fail". You can use the following sample script as an example: <snipped out MS warning here that you are on your own with programming>

REM check replications in site site1

dcdiag /s:dc1 /test:replications /a /n:domain1

dcdiag /s:dc1 /test:replications /a /n:domain2

dcdiag /s:dc1 /test:replications /a /n:domain3

REM check replications in site site2

REM continue Dcdiag statements for domains in site2
</snip>

Collapse -

by jlbpotter In reply to

Poster rated this answer.

Collapse -

by ultrascsi3000 In reply to DNS Help needed

For a windows 2000 forest to function with a configuration where the domains in the forest do not follow a contiguous namespace, you need to provide each domain the ability to locate domain controllers in the other domains. This is especially critical for AD replication, because all the replication records are stored in the forest root domain zone.
In you forest, you need to set up secondary zones.
e.g. forest with 2 domains configured as 2 tree roots
a.com and b.com
the DNS servers for a.com should also contain a secondary zone for b.com
the DNS servers for b.com should contain a secondary zone for a.com

To address the missing _msdcs and the rest, you need to make sure the zone is allowing DDNS, the DHCP client service must be running to register these records.
try cycling netlogon service
make sure the netlogon.dns file exists.
make sure your primary DNS server entry in your NIC is infact pointed to the DNS server authoritative for the zone it needs to register records in.
last ditch effort, delete the zone and recreate it, then go through the above steps again.
If this fails, call Microsoft.

Collapse -

by jlbpotter In reply to

Poster rated this answer.

Collapse -

by jlbpotter In reply to DNS Help needed

OK, I've got everything running except I still don't have the folders "_msdcs, _sites,_tcp, _udp" and I can't do a forward lookup using nslookup on my DC because it isn't allowing Dynamic Updates event though this is enabled. I can do a reverse lookup though. (It does allow dynamic updates). I thank both of you for all of your assistance. I am going to leave the question open for a little longer and then I will increase the points and split them evenly because both of you have helped me a lot. Thanks again.

Collapse -

by jlbpotter In reply to DNS Help needed

Point value changed by question poster.

Collapse -

by jlbpotter In reply to DNS Help needed

My issue was that I was using a single label DNS name. I will split the points between you two. Thank you for all of your help.

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums