Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS issues with Active Directory

Status
Not open for further replies.
hayesp

hayesp

Technical User
Jul 11, 2002
59
IE
Hi,
I'm having some ad issues. When trying a directory search I get the following message "the specified directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect". I also get an error when querying group membership in ad users and computers and creating new users: "A global catalog cannot be located to retrieve the icons for the member list. Some icons may not be shown". This happens from all workstations that point at both the dns servers in the local domain but if i enter dns servers from an external trusted domain I have no problems. I have run replmon and ldp to check global catalogs. I have run port query and it comes back successfully listening as per attachment. I also don't have an issue with either on a domain controller but can't give support staff full rdp access to do searches / add members to a group.
Thanks,
Paul
 
Sort by date Sort by votes
Do you have any error messages / events in the Event viewer? (on the servers and clients)? Any event IDs?


Victor K (Microsoft Consulting Services)
MCSA/MCSE:Security & Messaging;CNE;CCSE+;CIWSP;CIWSA;Network+;Security+;CCNA;nCSE;CISSP
 
Upvote 0 Downvote
Nothing on the client but on the server I'm getting Directory service errors but only DNS warnings, yet if I use an external dns server, I can get around the problem:

I've had firewall logs checked to ensure nothing is being blocked

Directory Service - event id: 1311
The Directory Service consistency checker has determined that either (a) there is not enough physical connectivity published via the Active Directory Sites and Services Manager to create a spanning tree connecting all the sites containing the Partition CN=Configuration,DC=rootdomain,DC=ba, or (b) replication cannot be performed with one or more critical servers in order for changes to propagate across all sites (most often due to the servers being unreachable).

For (a), please use the Active Directory Sites and Services Manager to do one of the following:
1. Publish sufficient site connectivity information such that the system can infer a route by which this Partition can reach this site. This option is preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the Partition CN=Configuration,DC=rootdomain,DC=ba in this site from a Domain Controller that contains the same Partition in another site.

For (b), please see previous events logged by the NTDS KCC source that identify the servers that could not be contacted.

DNS event id: 5504

The DNS server encountered an invalid domain name in a packet from 10.230.10.224. The packet is rejected.

I've checked DNS monitoring and all is testing properly.

Thanks,
Paul

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
5K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
6K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
6K
tbright
tbright
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
5K
Nick Ellson
Nick Ellson
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
5K
Richard Carter
Richard Carter

Part and Inventory Search

Sponsor

Back
Top