The DSA operation is unable to proceed because of a DNS lookup failure

[mdbuddy]

Since we moved the dc/domain to its remote office, I get The DSA operation is unable to proceed because of a DNS lookup failure on the Corp Office DC's. The sites are connected through vpn. I tried a secondary dns zone on both ends, that transfers fine, but isn't fixing the problem.

CN=Schema,CN=Configuration,DC=homanitusa,DC=com
DR\DR2 via RPC
objectGuid: 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09
Last attempt @ 2004-07-29 05:33.27 failed, result 8524:
The DSA operation is unable to proceed because of a DNS lookup failure

Not sure what to do next seeing there a ton of msft notes, but i haven't pin pointed one I like so far that seems to answer my question. One said delete the object in DNS, I aleast did that. Restart dns and netlogon, but no fix.

 

[Jpoandl]

I don't know that exact answer to this problem...but

When you "moved the dc/domain to its remote office," did you create a new Site in Active Directory?

Is your primary DNS server Active Directory Integrated? If so, you don't need to create a secondary DNS zone, you should have just installed the DNS service. (DNS records are automatically replicated to all DC's if you are using AD Integrated.)

Also, did you enable the remote sites DC as a global catalog server? It should be seeing how this is the only DC in a new physical site.

Maybe use the command tool NSLOOKUP to test whether DNS is working properly.



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[mdbuddy]

Yes I created a site called DR. Which is disaster recovery site. Nope I didn't make a GC, but will now that you mentioned it, it slipped my fried brain There is only two members in the DR site domain. My primary dns serves are AD Integrated. I have two here at Corp domain. When the DR site was here before it moved, I had a AD Intgrated zone for it. WHen moved that didn't seem work and I got Netlogon errors as well. I did make a 2ndary zone here for DR.com and a 2ndary for homanitusa.com there.

Would deleteign the site, then recreating it solve things, not sure.


Matt
MCP(3 more to go)

 

[mdbuddy]

I got things close to straightend out, but on my NTDS settigns in Sites and services and deleted my connections and recreated them. Then AD did the auto generated connections. On my bridgehead server dc3, it has two connections going to dr2 from site dr. Which one should stay.

connectioned named DR from server DR2 from site DR

or the auto generated one?

Also I went to Trusts and did a verify and all went well after it resync'd the passwords between the sites. So dns has to be working somehow with the 2ndary zones.

 

[Jpoandl]

No I don't think going into Sites and services and then deleting the site will fix anything.

When you get Netlogon errors (and if the Netlogon share does not start), you have DC problems. It sounds like after you moved the server to the new site, that Netlogon service and share did not start.

This probably means that your DC were not replicating over the WAN link. I would put everything back the way it was before adding the secondary DNS zone and what not. This shouldn't be needed. AD integrated Zone means that the DNS database is replicated within AD. Alls you would need to do is ADD the DNS service and point clients to thier local DNS server.

I would suspect that maybe traffic is being blocked when going across your WAN link. If the DC's can't communicate properly with one another, you will continue to have problems.

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[mdbuddy]

I am replicating, because I removed the stale NTDS connection. I checked under _msdcs and the dr2 dc is there now with a new alias 2e13 etc.. It looks to be replicating now I got rid of some bad dns entries. I will check netlogon and ntFrs. I think i have things sorted out. I hope! I didn't remove the Site just redid the site links. That also replicated to the remote dc.

thanks for the help

 

[Jpoandl]

Glad to see that your getting things up and running...

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[mdbuddy]

Well at 12:13 i got this error, but i think i can fix this. Or it's already fixed after smoothing things out.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 7/29/2004
Time: 12:13:57 PM
User: N/A
Computer: DR2
Description:
Registration of the DNS record '2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.homanitusa.com. 600 IN CNAME dr2.DR.com.' failed with the following error:
DNS RR set that ought to exist, does not exist.
Data:
0000: 30 23 00 00 0#..

 

[Jpoandl]

Here's an MS Troubleshooting article about this:

http://support.microsoft.com/defaul...port/kb/articles/Q259/2/77.ASP&NoWebContent=1

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[mdbuddy]

I think the problem is DNS. Here is my dcdiag, though it shows success in replicating, but alot of errors. Also the message, "*Warning: Remote bridgehead DR\DR2 is not eligible as a bridgehead due to too many failures.", how would you make eligible again?
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: HomanitUSA\HUSADOMAIN
Starting test: Connectivity
......................... HUSADOMAIN passed test Connectivity

Testing server: HomanitUSA\HUSAEXCHANGE
Starting test: Connectivity
......................... HUSAEXCHANGE passed test Connectivity

Testing server: HomanitUSA\DC3
Starting test: Connectivity
......................... DC3 passed test Connectivity

Doing primary tests

Testing server: HomanitUSA\HUSADOMAIN
Starting test: Replications
......................... HUSADOMAIN passed test Replications
Starting test: NCSecDesc
......................... HUSADOMAIN passed test NCSecDesc
Starting test: NetLogons
......................... HUSADOMAIN passed test NetLogons
Starting test: Advertising
......................... HUSADOMAIN passed test Advertising
Starting test: KnowsOfRoleHolders
......................... HUSADOMAIN passed test KnowsOfRoleHolders
Starting test: RidManager
......................... HUSADOMAIN passed test RidManager
Starting test: MachineAccount
......................... HUSADOMAIN passed test MachineAccount
Starting test: Services
Could not open IISADMIN Service on [HUSADOMAIN]:failed with 1060: Th
e specified service does not exist as an installed service.
Could not open SMTPSVC Service on [HUSADOMAIN]:failed with 1060: The
specified service does not exist as an installed service.
......................... HUSADOMAIN failed test Services
Starting test: ObjectsReplicated
......................... HUSADOMAIN passed test ObjectsReplicated
Starting test: frssysvol
......................... HUSADOMAIN passed test frssysvol
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 08/02/2004 15:05:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000051F
Time Generated: 08/02/2004 15:05:47
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8000061E
Time Generated: 08/02/2004 15:05:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000051F
Time Generated: 08/02/2004 15:05:47
(Event String could not be retrieved)
......................... HUSADOMAIN failed test kccevent
Starting test: systemlog
......................... HUSADOMAIN passed test systemlog

Testing server: HomanitUSA\HUSAEXCHANGE
Starting test: Replications
......................... HUSAEXCHANGE passed test Replications
Starting test: NCSecDesc
......................... HUSAEXCHANGE passed test NCSecDesc
Starting test: NetLogons
......................... HUSAEXCHANGE passed test NetLogons
Starting test: Advertising
......................... HUSAEXCHANGE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... HUSAEXCHANGE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... HUSAEXCHANGE passed test RidManager
Starting test: MachineAccount
......................... HUSAEXCHANGE passed test MachineAccount
Starting test: Services
......................... HUSAEXCHANGE passed test Services
Starting test: ObjectsReplicated
......................... HUSAEXCHANGE passed test ObjectsReplicated
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
......................... HUSAEXCHANGE passed test frssysvol
Starting test: kccevent
......................... HUSAEXCHANGE passed test kccevent
Starting test: systemlog
......................... HUSAEXCHANGE passed test systemlog

Testing server: HomanitUSA\DC3
Starting test: Replications
[Replications Check,DC3] A recent replication attempt failed:
From DR2 to DC3
Naming Context: CN=Schema,CN=Configuration,DC=homanitusa,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-08-02 15:04.51.
The last success occurred at 2004-08-02 10:34.54.
36 failures have occurred since the last success.
The guid-based DNS name 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.
homanitusa.com
is not registered on one or more DNS servers.
[Replications Check,DC3] A recent replication attempt failed:
From DR2 to DC3
Naming Context: CN=Configuration,DC=homanitusa,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2004-08-02 15:04.51.
The last success occurred at 2004-08-02 10:34.53.
36 failures have occurred since the last success.
The guid-based DNS name 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.
homanitusa.com
is not registered on one or more DNS servers.
[Replications Check,DC3] A recent replication attempt failed:
From DR2 to DC3
Naming Context: DC=DR,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2004-08-02 15:04.51.
The last success occurred at 2004-08-02 10:34.54.
36 failures have occurred since the last success.
The guid-based DNS name 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.
homanitusa.com
is not registered on one or more DNS servers.
......................... DC3 passed test Replications
Starting test: NCSecDesc
......................... DC3 passed test NCSecDesc
Starting test: NetLogons
......................... DC3 passed test NetLogons
Starting test: Advertising
......................... DC3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC3 passed test RidManager
Starting test: MachineAccount
......................... DC3 passed test MachineAccount
Starting test: Services
......................... DC3 passed test Services
Starting test: ObjectsReplicated
......................... DC3 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC3 passed test frssysvol
Starting test: kccevent
......................... DC3 passed test kccevent
Starting test: systemlog
......................... DC3 passed test systemlog

Running enterprise tests on : homanitusa.com
Starting test: Intersite
Doing intersite inbound replication test on site HomanitUSA:
*Warning: Remote bridgehead DR\DR2 is not eligible as a bridgehead due to too many failures. Replication may be disrupted into the
local site HomanitUSA.
......................... homanitusa.com passed test Intersite
Starting test: FsmoCheck
......................... homanitusa.com passed test FsmoCheck

 

[mdbuddy]

Oddly enough, I can connect to DR.com through AD Users and Computers from here at Corp Site. Also Create a user in Dr.com, then log on as that user here in the Corp site. Puzzling.