DNS and Active Directory

[Marcd]

Hi

I am getting multiple Netlogon 5774 error messages in the event log(every 15/20mns). The errors are as follows

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 18/10/2001
Time: 16:51:58
User: N/A
Computer: SERVERNAME
Description:
Registration of the DNS record '_kerberos._tcp.Default-First-Site-name._sites.dc._msdcs.servername.domainname.com. 600 IN SRV 0 100 88 subservername.servername.domainname.com.' failed with the following error:
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.


I have tried to resolve it but to no avail. I have seen some of the posts on this forum suggesting that other people have the same problem. My DNS and AD server are the same.

The lookup zone in the DNS forward zone points to subservername.servername.domainname.com when the active directory is servername.domainname.com.

Is it necessary for DNS and AD items to be the same (i.e should my lookup zone be servername.domainname.com.

Most of the error messages try to register with servername.domainname.com.

Many thanks

 

[CoolClark]

Here are some things to check from

http://www.eventid.net

:

This error message may be generated in several circumstances. See Q259277 for a general approach on troubleshooting this. In some cases this may be caused by the security setting on the parent.local server being set to only use secure updates. Changing this to allow "dynamic updates" (instead of only secure) might eliminate the problem.

D.H.: (This) "Error occurs when DNS Server has its database in Active Directory Integrated mode, and is also a Domain Controller and network adapters have been changed in the system. Fix: Delete affected zones and recreate the zones. This will allow the NETLOGON service to successfully re-register the records that were being reported in the 5774 event."
Another newsgroup discussion thread suggested that the event was caused by the fact that the Active Directory Domain Controller running the DNS server did point to itself as a DNS server (instead it used the ISP DNS servers). Changing the DNS server settings to point to itseld fixed the problem.
J.B.: I found that delaying startup of Netlogon service until DNS was started solved this problem. Just add DNS to the DependOnService entry in HKLM-System-CurrentControlSet-Services-Netlogon. This is described among other things in Q193888
D.K.: See the link below to Registry Tweaks for a description of the problem.

 

[ekinike]

Rather than creating a whole new zone you can shutdown the machine thats getting the error. Delete the DNS entries in the forward and reverse lookup zones on your DNS server, and then turn the machine that was having the problem back on. This will only work if you have dynamic updates enabled.

Also, you can use kerbtray.exe to see id the DNS server has issued a Kerberos ticket that is still active on the server. If there is one you should follow my intitial instructions but also try changing the name of the machine with the problem before you shut it down. Of course all of this is assuming your DNS settings are correct to begin with.