Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clients cannot find GC Server

Status
Not open for further replies.
tryssenaar

tryssenaar

MIS
Jul 18, 2003
17
0
0
US
I am having a wierd problem with DNS on my network. I have an AD integrated DNS setup on 2 Windows 2003 DCs. All clients are pointing to those DNS servers which use forwarders and the root servers to resolve internet addresses. No clients have troubles joining the domain and otherwise DNS works properly.

I have a global catalog server setup which isn't on the same server as the Infrastructure Master Role for the domain. Whenever I try to add a user or group to the domain on any other server/computer than the GC, I get a message that the global catalog cannot be contacted.

Following is the error I get when netdiag is run:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERVER.DOMAIN.'. [RCODE_SERVER_FAILURE]
The name 'SERVER.DOMAIN.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.100.9'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.100.6'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

As far as I can tell, all the records for the DCs (according to %systemroot%\systems32\config\netlogon.dns file) are in DNS. If I run "netdiag /fix" on either DC they can't update said records to the server.

I'm thinking there must be a security setting in DNS which is the problem. Domain Admins, Administrators (group), etc. all have write access, but there is also one orphaned SID (account unknown) with write access as well. Could that account gotten deleted from my domain which my servers use to update DNS, or am I way off??

Thanks in advance for any help,
Ryan
 
Sort by date Sort by votes
Have you checked your event logs? Just curious as to what they might show.

Glen A. Johnson
"Fall seven times, stand up eight."
Proverb

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
Here's something from the DNS Event Viewer that I get on and off:

"DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.
(Error Code = 0000: 0000232a - words)

If this DNS server does not have any DS-integrated peers, then this error
should be ignored.

If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data."

All the A records for both DNS servers are in there properly though. Just another indication that the servers are unable to modify DNS, but I can manually.
 
Upvote 0 Downvote
hi, i've got a similar message after installing some hot fixes, did you find a fix for it??

regards

scott

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

herestone
  • Locked
  • Question
Core Switch DHCP Server Management 1
Replies
2
Views
3K
herestone
herestone
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
2K
Richard Carter
Richard Carter
NateRD1982
  • Locked
  • Question
Moving Router DHCP to server based DHCP
Replies
3
Views
183
NateRD1982
NateRD1982
Kirby-TjB
  • Locked
  • Question
Extensive Login Script using KixTart, but will not run in Server 2012
Replies
0
Views
74
Kirby-TjB
Kirby-TjB
omonoiatis9
  • Locked
  • Question
Local DNS resolving works, but external nameservers cannot resolve
Replies
2
Views
66
omonoiatis9
omonoiatis9

Part and Inventory Search

Sponsor

Back
Top