Netdiag /debug DNS failer

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I get this message when I run netdiag /debug. Could anyone help with what the
problem is. I am not sure what to change. 10.0.0.9 is the address of the
server as well as the dns server.

The Record is different on DNS server '10.0.0.9'.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = localdomain.com.
DNS DATA =
A 10.0.0.9

The record on DNS server 10.0.0.9 is:
DNS NAME = localdomain.com
DNS DATA =
CNAME server.localdomain.com
+------------------------------------------------------
** Check DC DNS NAME FINAL RESULT ** **
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '10.0.0.9'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:26EC6FDA-7045-4980-9138-F19392785019@microsoft.com,
KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> I get this message when I run netdiag /debug. Could anyone help with
> what the problem is. I am not sure what to change. 10.0.0.9 is the
> address of the server as well as the dns server.
>
> The Record is different on DNS server '10.0.0.9'.
>
> +------------------------------------------------------+
> The record on your DC is:
> DNS NAME = localdomain.com.
> DNS DATA =
> A 10.0.0.9
>
> The record on DNS server 10.0.0.9 is:
> DNS NAME = localdomain.com
> DNS DATA =
> CNAME server.localdomain.com
> +------------------------------------------------------
> ** Check DC DNS NAME FINAL RESULT ** **
> [WARNING] The DNS entries for this DC are not registered correctly
> on
> DNS server '10.0.0.9'. Please wait for 30 minutes for DNS server
> replication. [FATAL] No DNS servers have the DNS records for this
> DC registered.

Its saying that the A record for the DC don't exist in DNS. Did you confirm
that?

Also, I see it says that the DC record is a CNAME called
server.localdomain.com. That can be an issue. Are you using CNAMES with your
DC? If so, may I ask why?

Additionally, do the SRV records exist under your localdomain.com zone?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Ace Fekay [MVP]" wrote:

> In news:26EC6FDA-7045-4980-9138-F19392785019@microsoft.com,
> KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> > I get this message when I run netdiag /debug. Could anyone help with
> > what the problem is. I am not sure what to change. 10.0.0.9 is the
> > address of the server as well as the dns server.
> >
> > The Record is different on DNS server '10.0.0.9'.
> >
> > +------------------------------------------------------+
> > The record on your DC is:
> > DNS NAME = localdomain.com.
> > DNS DATA =
> > A 10.0.0.9
> >
> > The record on DNS server 10.0.0.9 is:
> > DNS NAME = localdomain.com
> > DNS DATA =
> > CNAME server.localdomain.com
> > +------------------------------------------------------
> > ** Check DC DNS NAME FINAL RESULT ** **
> > [WARNING] The DNS entries for this DC are not registered correctly
> > on
> > DNS server '10.0.0.9'. Please wait for 30 minutes for DNS server
> > replication. [FATAL] No DNS servers have the DNS records for this
> > DC registered.
>
> Its saying that the A record for the DC don't exist in DNS. Did you confirm
> that?
>
> Also, I see it says that the DC record is a CNAME called
> server.localdomain.com. That can be an issue. Are you using CNAMES with your
> DC? If so, may I ask why?
>
> Additionally, do the SRV records exist under your localdomain.com zone?
>
> --
> Regards,
> Ace
>
>I inherited this setup so I dont know why the CNAME is in there. The server (dc)and dns server are one and the same. I have an A record for the server.
SERVER A 10.0.0.9
Do I need another record of some kind to point to the dc or fully qualified
domain
name?

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"KRJ" wrote:

>
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:26EC6FDA-7045-4980-9138-F19392785019@microsoft.com,
> > KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> > > I get this message when I run netdiag /debug. Could anyone help with
> > > what the problem is. I am not sure what to change. 10.0.0.9 is the
> > > address of the server as well as the dns server.
> > >
> > > The Record is different on DNS server '10.0.0.9'.
> > >
> > > +------------------------------------------------------+
> > > The record on your DC is:
> > > DNS NAME = localdomain.com.
> > > DNS DATA =
> > > A 10.0.0.9
> > >
> > > The record on DNS server 10.0.0.9 is:
> > > DNS NAME = localdomain.com
> > > DNS DATA =
> > > CNAME server.localdomain.com
> > > +------------------------------------------------------
> > > ** Check DC DNS NAME FINAL RESULT ** **
> > > [WARNING] The DNS entries for this DC are not registered correctly
> > > on
> > > DNS server '10.0.0.9'. Please wait for 30 minutes for DNS server
> > > replication. [FATAL] No DNS servers have the DNS records for this
> > > DC registered.
> >
> > Its saying that the A record for the DC don't exist in DNS. Did you confirm
> > that?
> >
> > Also, I see it says that the DC record is a CNAME called
> > server.localdomain.com. That can be an issue. Are you using CNAMES with your
> > DC? If so, may I ask why?
> >
> > Additionally, do the SRV records exist under your localdomain.com zone?
> >
> > --
> > Regards,
> > Ace
> >
> >I inherited this setup so I dont know why the CNAME is in there. The server (dc)and dns server are one and the same. I have an A record for the server.
> SERVER A 10.0.0.9
> Do I need another record of some kind to point to the dc or fully qualified
> domain name?
>
> Also dns resolves names fine, everything works as far as dns goes. The problem
is I am going to add a 2003 dc to the network and cannot run the prep.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"KRJ" wrote:

>
>
> "KRJ" wrote:
>
> >
> >
> > "Ace Fekay [MVP]" wrote:
> >
> > > In news:26EC6FDA-7045-4980-9138-F19392785019@microsoft.com,
> > > KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> > > > I get this message when I run netdiag /debug. Could anyone help with
> > > > what the problem is. I am not sure what to change. 10.0.0.9 is the
> > > > address of the server as well as the dns server.
> > > >
> > > > The Record is different on DNS server '10.0.0.9'.
> > > >
> > > > +------------------------------------------------------+
> > > > The record on your DC is:
> > > > DNS NAME = localdomain.com.
> > > > DNS DATA =
> > > > A 10.0.0.9
> > > >
> > > > The record on DNS server 10.0.0.9 is:
> > > > DNS NAME = localdomain.com
> > > > DNS DATA =
> > > > CNAME server.localdomain.com
> > > > +------------------------------------------------------
> > > > ** Check DC DNS NAME FINAL RESULT ** **
> > > > [WARNING] The DNS entries for this DC are not registered correctly
> > > > on
> > > > DNS server '10.0.0.9'. Please wait for 30 minutes for DNS server
> > > > replication. [FATAL] No DNS servers have the DNS records for this
> > > > DC registered.
> > >
> > > Its saying that the A record for the DC don't exist in DNS. Did you confirm
> > > that?
> > >
> > > Also, I see it says that the DC record is a CNAME called
> > > server.localdomain.com. That can be an issue. Are you using CNAMES with your
> > > DC? If so, may I ask why?
> > >
> > > Additionally, do the SRV records exist under your localdomain.com zone?
> > >
> > > --
> > > Regards,
> > > Ace
> > >
> > >I inherited this setup so I dont know why the CNAME is in there. The server (dc)and dns server are one and the same. I have an A record for the server.
> > SERVER A 10.0.0.9
> > Do I need another record of some kind to point to the dc or fully qualified
> > domain name?
> >
> > Also dns resolves names fine, everything works as far as dns goes. The problem
> is I am going to add a 2003 dc to the network and cannot run the prep.

Here is what I get when I check the soa:
U:\>nslookup
Default Server: server.localdomain.com
Address: 10.0.0.9

> set type=SOA
> localdomain.com
Server: server.localdomain.com
Address: 10.0.0.9

localdomain.com canonical name = server.localdomain.com
>We use an internal domain name that cannot go public but it is not single-labeled

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:5E5FCB2F-113C-4767-B67D-8BF3A9DB5CD7@microsoft.com,
KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> Here is what I get when I check the soa:
> U:\>nslookup
> Default Server: server.localdomain.com
> Address: 10.0.0.9
>
>> set type=SOA
>> localdomain.com
> Server: server.localdomain.com
> Address: 10.0.0.9
>
> localdomain.com canonical name = server.localdomain.com
>> We use an internal domain name that cannot go public but it is not
>> single-labeled

Sorry it took so long to get back to you. The CNAME shouldn't be there. I
would like to see what your zone looks like and try to determine why it was
created. But I think the CNAME is the issue.

As far as not being able to do an adprep, or anything else of that sort with
AD, AD is looking for the SRV records under your zone. They are those 4
folders with their names beginning with underscores. Do they exist? Are you
only using your DNS internally? Updates set to allow?

Can you post an ipconfig /all and the AD DNS name please? Thanks

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Ace Fekay [MVP]" wrote:

> In news:5E5FCB2F-113C-4767-B67D-8BF3A9DB5CD7@microsoft.com,
> KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> > Here is what I get when I check the soa:
> > U:\>nslookup
> > Default Server: server.localdomain.com
> > Address: 10.0.0.9
> >
> >> set type=SOA
> >> localdomain.com
> > Server: server.localdomain.com
> > Address: 10.0.0.9
> >
> > localdomain.com canonical name = server.localdomain.com
> >> We use an internal domain name that cannot go public but it is not
> >> single-labeled
>
> Sorry it took so long to get back to you. The CNAME shouldn't be there. I
> would like to see what your zone looks like and try to determine why it was
> created. But I think the CNAME is the issue.
>
> As far as not being able to do an adprep, or anything else of that sort with
> AD, AD is looking for the SRV records under your zone. They are those 4
> folders with their names beginning with underscores. Do they exist? Are you
> only using your DNS internally? Updates set to allow?
>
> Can you post an ipconfig /all and the AD DNS name please? Thanks
>
> Ace
>
> All my SRV records are there _msdes,_sites,_tcp,_udp. We use dns internally set up with forwarders to our T1 providers dns for external. Dns is set up to allow updates. Here is the ipconfig.

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : SERVER
Primary DNS Suffix . . . . . . . : tcemc.gray
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tcemc.gray

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
Adapter (10/100)
Physical Address. . . . . . . . . : 00-B0-D0-E1-A4-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.5
DNS Servers . . . . . . . . . . . : 10.0.0.9

>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:CCDA4F56-7F2A-4CA3-A38C-9C6AF926D4D7@microsoft.com,
KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
>> All my SRV records are there _msdes,_sites,_tcp,_udp. We use dns
>> internally set up with forwarders to our T1 providers dns for
>> external. Dns is set up to allow updates. Here is the ipconfig.
>
> C:\>ipconfig /all
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : SERVER
> Primary DNS Suffix . . . . . . . : tcemc.gray
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : tcemc.gray
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel 8255x-based PCI
> Ethernet Adapter (10/100)
> Physical Address. . . . . . . . . : 00-B0-D0-E1-A4-01
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.0.0.9
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.0.0.5
> DNS Servers . . . . . . . . . . . : 10.0.0.9

Thanks for posting that. As long as tcemc.gray is your AD name, then we're
good to go. Delete that CNAME and re-run the netdiag and see how it goes.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Ace Fekay [MVP]" wrote:

> In news:CCDA4F56-7F2A-4CA3-A38C-9C6AF926D4D7@microsoft.com,
> KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> >> All my SRV records are there _msdes,_sites,_tcp,_udp. We use dns
> >> internally set up with forwarders to our T1 providers dns for
> >> external. Dns is set up to allow updates. Here is the ipconfig.
> >
> > C:\>ipconfig /all
> >
> > Windows 2000 IP Configuration
> >
> > Host Name . . . . . . . . . . . . : SERVER
> > Primary DNS Suffix . . . . . . . : tcemc.gray
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : tcemc.gray
> >
> > Ethernet adapter Local Area Connection:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel 8255x-based PCI
> > Ethernet Adapter (10/100)
> > Physical Address. . . . . . . . . : 00-B0-D0-E1-A4-01
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 10.0.0.9
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 10.0.0.5
> > DNS Servers . . . . . . . . . . . : 10.0.0.9
>
> Thanks for posting that. As long as tcemc.gray is your AD name, then we're
> good to go. Delete that CNAME and re-run the netdiag and see how it goes.
>
> Ace
>
> Ace I will be out of my office until monday(9-25). So bear with me until then and I will delete the CNAME and let you know. Thanks KRJ
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"KRJ" wrote:

>
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:CCDA4F56-7F2A-4CA3-A38C-9C6AF926D4D7@microsoft.com,
> > KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> > >> All my SRV records are there _msdes,_sites,_tcp,_udp. We use dns
> > >> internally set up with forwarders to our T1 providers dns for
> > >> external. Dns is set up to allow updates. Here is the ipconfig.
> > >
> > > C:\>ipconfig /all
> > >
> > > Windows 2000 IP Configuration
> > >
> > > Host Name . . . . . . . . . . . . : SERVER
> > > Primary DNS Suffix . . . . . . . : tcemc.gray
> > > Node Type . . . . . . . . . . . . : Hybrid
> > > IP Routing Enabled. . . . . . . . : No
> > > WINS Proxy Enabled. . . . . . . . : No
> > > DNS Suffix Search List. . . . . . : tcemc.gray
> > >
> > > Ethernet adapter Local Area Connection:
> > >
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Intel 8255x-based PCI
> > > Ethernet Adapter (10/100)
> > > Physical Address. . . . . . . . . : 00-B0-D0-E1-A4-01
> > > DHCP Enabled. . . . . . . . . . . : No
> > > IP Address. . . . . . . . . . . . : 10.0.0.9
> > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > Default Gateway . . . . . . . . . : 10.0.0.5
> > > DNS Servers . . . . . . . . . . . : 10.0.0.9
> >
> > Thanks for posting that. As long as tcemc.gray is your AD name, then we're
> > good to go. Delete that CNAME and re-run the netdiag and see how it goes.
> >
> > Ace
> >
> > Ace I will be out of my office until monday(9-25). So bear with me until then and I will delete the CNAME and let you know. Thanks KRJ
> > Ace I got to thinking, we have 2 forward lookup zones one is for our local domain and the other for our email which as far as I can tell points to the local domain. We have Exchange 2000 on this server. I wonder if that zone references that CNAME Record for internal email(employees). I am not at work but I believe the times I look at the email headers it showed server.tcemc.gray instead of our public domain address.Let me know what you think.I will continue to check every day.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:77A7C508-F18D-488B-8A9C-E21EA7721C45@microsoft.com,
KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> Ace I got to thinking, we have 2 forward lookup zones one is for
> our local domain and the other for our email which as far as I can
> tell points to the local domain. We have Exchange 2000 on this
> server. I wonder if that zone references that CNAME Record for
> internal email(employees). I am not at work but I believe the times
> I look at the email headers it showed server.tcemc.gray instead of
> our public domain address.Let me know what you think.I will
> continue to check every day.

One zone is for your email? Are you hosting DNS for your external domain
name? If not, that zone is not needed. All you need is your internal AD
zone.

The SRV records will actually show a CNAME for the domain under the _msdcs
zone, but that's the only place a CNAME should exist. If you are hosting DNS
for your external name, then I would recommend to put it on a totally
isolated server. There is no reason for internal machines to be using this
zone, AD, Exchange or not. The proper way for AD (and Exchange to function
since it relies on AD), is to only use the internal DNS that hosts the AD
zone, and then configure a forwarder for efficient external name resolution.

Also to add, if hosting DNS for your external zone, if you use a CNAME with
an MX records, that WILL cause mail delivery problems. Besides, internally,
no MX record is required. That just tells other SMTP servers on the Internet
who is the mail server for your domain. Not needed internally.

I guess I'm going to need more specifics about your topology, why the other
zone, an ipconfig /all from this mail server, and anything else you can add,
etc, to help diagnose this.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Ace Fekay [MVP]" wrote:

> In news:77A7C508-F18D-488B-8A9C-E21EA7721C45@microsoft.com,
> KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
> > Ace I got to thinking, we have 2 forward lookup zones one is for
> > our local domain and the other for our email which as far as I can
> > tell points to the local domain. We have Exchange 2000 on this
> > server. I wonder if that zone references that CNAME Record for
> > internal email(employees). I am not at work but I believe the times
> > I look at the email headers it showed server.tcemc.gray instead of
> > our public domain address.Let me know what you think.I will
> > continue to check every day.
>
> One zone is for your email? Are you hosting DNS for your external domain
> name? If not, that zone is not needed. All you need is your internal AD
> zone.
>
> The SRV records will actually show a CNAME for the domain under the _msdcs
> zone, but that's the only place a CNAME should exist. If you are hosting DNS
> for your external name, then I would recommend to put it on a totally
> isolated server. There is no reason for internal machines to be using this
> zone, AD, Exchange or not. The proper way for AD (and Exchange to function
> since it relies on AD), is to only use the internal DNS that hosts the AD
> zone, and then configure a forwarder for efficient external name resolution.
>
> Also to add, if hosting DNS for your external zone, if you use a CNAME with
> an MX records, that WILL cause mail delivery problems. Besides, internally,
> no MX record is required. That just tells other SMTP servers on the Internet
> who is the mail server for your domain. Not needed internally.
>
> I guess I'm going to need more specifics about your topology, why the other
> zone, an ipconfig /all from this mail server, and anything else you can add,
> etc, to help diagnose this.
>
> Ace
>
> Ace, as I said earlier I inherited this setup. I need to send you a copy of the zones but I hate to put it out on the internet. The server is used for everything file sharing, email etc. Thats one of the reasons I am getting another server to get the email isolated(too much on one server). As you can tell I am not an expert on dns so I am not sure what the zone with our public domain name is doing. Again everything works, dns, email. No one houses our external dns we just have a company that does our web server that has our MX record that points to our public IP. Tell me what you need and I will try to get it to you.
Thanks
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:B8BAA157-5346-4619-901A-CCB295C505E1@microsoft.com,
KRJ <KRJ@discussions.microsoft.com> made a post then I commented below
>> Ace, as I said earlier I inherited this setup. I need to send you a
>> copy of the zones but I hate to put it out on the internet. The
>> server is used for everything file sharing, email etc. Thats one of
>> the reasons I am getting another server to get the email
>> isolated(too much on one server). As you can tell I am not an expert
>> on dns so I am not sure what the zone with our public domain name is
>> doing. Again everything works, dns, email. No one houses our
>> external dns we just have a company that does our web server that
>> has our MX record that points to our public IP. Tell me what you
>> need and I will try to get it to you. Thanks

Maybe remote into this thing for you?

If you can send me:

1. An ipconfig /all
2. The actual zone name in DNS that AD is using, and if updates are allowed
3. The other zone name in DNS. With your actual domain name, I can do
nslookup the nameservers to see if it points to your DNS server. I would
need the domain name and what your DNS server or WAN IP is.

My email address is basically what you see in the headers, except replace my
actual first and last name without any spaces AT hotmail.

Ace