DNS Issue in Windows Server 2003

March 9, 2011 at 01:55:13
Specs: Windows 2003
Hi,
I have an issue which I am not sure on how to solve? My users pick up their batch files from the \\<server-name>\netlogon from my domain controller which maps their network drives. Currently my users have difficulty in getting their network drives mapped whenever they are connected to this particular Domain controller. In my environment we have 4 domain controllers. The domain controller which I am currently having an issue is my PDC. I guess it may lie in the DNS but I cannot confirm. I have tried deleting this server’s A record and reinserting it but does not resolve the issue. None of my domain controllers have this issue. I have even restarted the server 5 times but to no effect. I only have a single domain, single forest with no child domains and trusts as such. I have also checked in the DNS that there is no 2 servers with the same IP address or hostname. Please advise on how I can solve this issue. Thanks.

1) Whenever I try to insert this into any of my clients(\\<server-name>\netlogon), it does not work.
I get the following error:
Logon Failure: The target account name is incorrect

Whenever I insert \\<IP-address>\netlogon, it works.

2) If I were to do the following from my client:
\\<server-name>\netlogon
System error 5 has occurred.
Access is denied.

\\<IP-address>\netlogon
Domain Controller (PDC only)

Share name Type Used as Comment

--------------------------------------------------------------
app Disk
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
The command completed successfully.



See More: DNS Issue in Windows Server 2003

Report •

#1
March 9, 2011 at 02:06:31
Googling the error message brings up a lot of hits. I've read a few of them and the consensus seems to be that this is down to some replication problem between your DCs. Here is one example. You might like to do the googling yourslef and review the results to see if the answer is to be found there.

(BTW, you refer to your "PDC". In a Windows 2003 network there is no PDC; all servers are (essentially) peers.)


Report •

#2
March 9, 2011 at 06:50:08
Do a nslookup servername and post the results.

Also a ipconfig /all from the server and a workstation for review would be good.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#3
March 9, 2011 at 07:13:24
Yes, we need to see what NSLOOKUP resolves like Wanderer asked but can you also send us the...

ping -a <ip address of the DC with issues>

to see if it is resolving the right CN name and DC for the server?


Report •

Related Solutions

#4
March 10, 2011 at 20:45:37
DC Without issues (ipconfig /all):

C:\Documents and Settings\dev>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : BL2
Primary Dns Suffix . . . . . . . : mount-alvernia.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mount-alvernia.org

Ethernet adapter Local Area Connection 5:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 18-A9-05-72-43-60
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.1.1.162
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 128.1.15.1
DNS Servers . . . . . . . . . . . : 128.1.1.162
128.1.1.161
128.1.1.20
Primary WINS Server . . . . . . . : 202.79.64.21
Secondary WINS Server . . . . . . : 202.79.64.26


DC with Issue: (ipconfig /all)

C:\Documents and Settings\admin>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : mount-alvernia.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mount-alvernia.org

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7781 Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-11-85-5C-BA-65
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.1.1.20
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 128.1.1.42
DNS Servers . . . . . . . . . . . : 128.1.1.20
128.1.1.161
128.1.1.13
128.1.1.162
Primary WINS Server . . . . . . . : 202.79.64.21
Secondary WINS Server . . . . . . : 202.79.64.26

Client: (ipconfig /all)

C:\Documents and Settings\dev>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : MIS_SS_08_39
Primary Dns Suffix . . . . . . . : mount-alvernia.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mount-alvernia.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network C
onnection
Physical Address. . . . . . . . . : 00-1C-C0-23-30-1F
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.15.89
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.15.1
DNS Servers . . . . . . . . . . . : 128.1.1.161
128.1.1.20


Nslookup via client

C:\Documents and Settings\dev>nslookup dc1
*** Can't find server name for address 128.1.1.161: Non-existent domain
*** Can't find server name for address 128.1.1.20: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 128.1.1.161

Name: dc1.mount-alvernia.org
Address: 128.1.1.20


Nslookup via Troubled DC

C:\Documents and Settings\admin>nslookup dc1
*** Can't find server name for address 128.1.1.20: Non-existent domain
Server: UnKnown
Address: 128.1.1.20

Name: dc1.mount-alvernia.org
Address: 128.1.1.20

Hi all just something extra that I tried and found this:

DC with no issues:(dcdiag /q /f:c:\dcdiag.txt)


Results:

[Replications Check,BL2] A recent replication attempt failed:
From DC1 to BL2
Naming Context: DC=ForestDnsZones,DC=mount-alvernia,DC=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2011-03-11 11:49:22.
The last success occurred at 2011-03-02 16:54:11.
219 failures have occurred since the last success.
[DC1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,BL2] A recent replication attempt failed:
From DC1 to BL2
Naming Context: DC=DomainDnsZones,DC=mount-alvernia,DC=org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-03-11 12:11:18.
The last success occurred at 2011-03-02 20:12:51.
275 failures have occurred since the last success.
[Replications Check,BL2] A recent replication attempt failed:
From DC1 to BL2
Naming Context: CN=Schema,CN=Configuration,DC=mount-alvernia,DC=org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-03-11 11:49:22.
The last success occurred at 2011-03-02 16:54:11.
215 failures have occurred since the last success.
[Replications Check,BL2] A recent replication attempt failed:
From DC1 to BL2
Naming Context: CN=Configuration,DC=mount-alvernia,DC=org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-03-11 11:49:22.
The last success occurred at 2011-03-02 16:54:11.
215 failures have occurred since the last success.
[Replications Check,BL2] A recent replication attempt failed:
From DC1 to BL2
Naming Context: DC=mount-alvernia,DC=org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-03-11 12:07:43.
The last success occurred at 2011-03-02 17:47:33.
288 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
BL2: Current time is 2011-03-11 12:28:06.
DC=ForestDnsZones,DC=mount-alvernia,DC=org
Last replication recieved from DC1 at 2011-03-02 16:57:37.
DC=DomainDnsZones,DC=mount-alvernia,DC=org
Last replication recieved from DC1 at 2011-03-02 20:12:19.
CN=Schema,CN=Configuration,DC=mount-alvernia,DC=org
Last replication recieved from DC1 at 2011-03-02 16:57:37.
CN=Configuration,DC=mount-alvernia,DC=org
Last replication recieved from DC1 at 2011-03-02 16:57:37.
DC=mount-alvernia,DC=org
Last replication recieved from DC1 at 2011-03-02 17:47:01.
Warning: DC1 is the Schema Owner, but is not responding to DS RPC Bind.
[DC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... BL2 failed test KnowsOfRoleHolders
......................... BL2 failed test RidManager
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BL2 failed test frsevent
An Error Event occured. EventID: 0x40000004
Time Generated: 03/11/2011 12:05:11
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 03/11/2011 12:05:47
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 03/11/2011 12:28:06
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 03/11/2011 12:28:06
Event String: The kerberos client received a
......................... BL2 failed test systemlog


DC with issues:(dcdiag /q /f:c:\dcdiag.txt)


Results:

REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BL1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BL2
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BL1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BL2
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... DC1 failed test frsevent
An Error Event occured. EventID: 0xC0001B72
Time Generated: 03/11/2011 12:11:53
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 03/11/2011 12:26:48
Event String: The kerberos client received a

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

An Error Event occured. EventID: 0x0000168F
Time Generated: 03/11/2011 12:26:48
Event String: The dynamic deletion of the DNS record

......................... DC1 failed test systemlog


Client (ping -a dc1)


C:\Documents and Settings\dev>ping -a dc1

Pinging dc1.mount-alvernia.org [128.1.1.20] with 32 bytes of data:

Reply from 128.1.1.20: bytes=32 time<1ms TTL=127
Reply from 128.1.1.20: bytes=32 time<1ms TTL=127
Reply from 128.1.1.20: bytes=32 time<1ms TTL=127
Reply from 128.1.1.20: bytes=32 time<1ms TTL=127

Ping statistics for 128.1.1.20:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms


Report •

#5
March 11, 2011 at 07:32:31
I think your problem might be here...

*** Can't find server name for address 128.1.1.20: Non-existent domain
Server: UnKnown
Address: 128.1.1.20

Name: dc1.mount-alvernia.org
Address: 128.1.1.20

The server should not be unknown. Try going into your DNS server and run NSLOOKUP to get into the command utility of nslookup. Then run the following command...

server dc1.mount-alvernia.org

Assuming that is your DNS server. This will specify who the Name Server is but it should have been working because you at least have an IP for the Name Server.

I don't think this is what is causing your scripts not to run however but if you are running any thing like SQL Server or Exchange this will solve intermittent issues with them because they like to use FQDN.

What happens when you manually do...

\\<server-name>\netlogon\yourscript.bat

and try it with the IP just to rule out DNS issues...

\\128.1.1.20\netlogon\yourscript.bat

and tell us what the results are.

P.S. I think this is key to your issue...

2) If I were to do the following from my client:
\\<server-name>\netlogon
System error 5 has occurred.
Access is denied.

Have you checked the ACLs on on the Netlogon share. It could be the user does not have rights.

You could also be having Kerberose issues. Double check the computers clock with the authentication servers clock. If they are off by more than 5 minutes then this could be your problem. Check this out to get more help...

http://support.microsoft.com/kb/555644


Report •

#6
March 15, 2011 at 03:00:27

I think your problem might be here...

*** Can't find server name for address 128.1.1.20: Non-existent domain
Server: UnKnown
Address: 128.1.1.20

Name: dc1.mount-alvernia.org
Address: 128.1.1.20

The server should not be unknown. Try going into your DNS server and run NSLOOKUP to get into the command utility of nslookup. Then run the following command...

server dc1.mount-alvernia.org


Answer

C:\Documents and Settings\dev>nslookup
*** Can't find server name for address 128.1.1.20: Non-existent domain
Default Server: UnKnown
Address: 128.1.1.20

> server dc1.mount-alvernia.org
Default Server: dc1.mount-alvernia.org
Address: 128.1.1.20

Assuming that is your DNS server. This will specify who the Name Server is but it should have been working because you at least have an IP for the Name Server.

I don't think this is what is causing your scripts not to run however but if you are running any thing like SQL Server or Exchange this will solve intermittent issues with them because they like to use FQDN.

Answer

I do not run any SQL Server or Exchange.

What happens when you manually do...

\\<server-name>\netlogon\yourscript.bat

and try it with the IP just to rule out DNS issues...

\\128.1.1.20\netlogon\yourscript.bat

and tell us what the results are.


Answer

\\<server-name>\netlogon\yourscript.bat & \\128.1.1.20\netlogon\yourscript.bat--> When I came back to work today I was able to run both of these scripts.


P.S. I think this is key to your issue...

2) If I were to do the following from my client:
\\<server-name>\netlogon
System error 5 has occurred.
Access is denied.

Have you checked the ACLs on on the Netlogon share. It could be the user does not have rights.

You could also be having Kerberose issues. Double check the computers clock with the authentication servers clock. If they are off by more than 5 minutes then this could be your problem. Check this out to get more help...

http://support.microsoft.com/kb/555644


Answer

All my pcs are synched to this particular domain controller(with the issue) for time through ntp. I have checked the permissions. The problem domain controller has the same permissions as its adjacent domain controllers. Anyways I have checked that there seems to be a issue with the replication. The event id 13508 came up long ago. 5 days ago an event id 13509 showed up, which signaled the replication went through. But the same issue, event id :13508, recurred again. Is there anyway to resolve this issue?

Event id:13508
Source: NtFrs
Type: Warning
Computer:DC1
The File Replication Service is having trouble enabling replication from DC2 to DC1 for c:\windows\sysvol\domain using the DNS name DC2.mount-alvernia.org. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name DC2.mount-alvernia.org from this computer.
[2] FRS is not running on DC2.mount-alvernia.org.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at


Report •

#7
March 15, 2011 at 09:09:48
"[1] FRS can not correctly resolve the DNS name DC2.mount-alvernia.org from this computer.
[2] FRS is not running on DC2.mount-alvernia.org.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. "

Event though 2003 server makes no distinction between PDC and BDC like 2000 but it does have to replicate the Active Directory between the DCs. I would look into this because it could answer why it works on some computers and not others. I think you can force replication of active directory by going to "Active Directory Sites and Services" on one of the DCs then drill down to one of your Servers NTDS Settings and in the right window Right-Click on one of the NTDS objects and Select Replicate Now. Tell us what message you get.

One good thing is after you are done doing all of this stuff your network will be healthier. :) Got to keep a positive outlook right.


Report •

#8
March 15, 2011 at 14:45:26
Host Name . . . . . . . . . . . . : BL2
IP Address. . . . . . . . . . . . : 128.1.1.162
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 128.1.15.1 <--- can't be right gateway. Should be in the 128.1.x.x network

Interesting you have the wrong gateway yet this is the "working" DC

Host Name . . . . . . . . . . . . : DC1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.1.1.20
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 128.1.1.42 <---correct gateway

DNS is set to primary/secondary or AD intergrated?

You mention removing and readding a A record but no mention of a PTR record.
You are running a reverse lookup zone correct?

You have three dns servers. If you go to each one are all three name servers listed on each one with Name Server (NS) listings?
NS entries also in reverse lookup zone?

It would also be nice if you posted the ipconfig /al from the server at .161

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#9
March 15, 2011 at 22:49:15
Hi Ace_Omega,
I have been trying to force replication for a while there is a issue whenever I replicate from any good working Domain Controller to DC1, I get the following issue:


The following error occurred during the attempt to synchronize naming context mount-alvernia.org from Domain Controller DC1 to target controller BL2:

Target Principal name is incorrect.

The operation will not continue

Whenever I force replication from DC1(DC with issue) to another domain controller or force replication from any domain controller to any other domain controller, I get the following:

Active Directory has replicated the connections.


Report •

#10
March 15, 2011 at 23:06:41
Hi Wanderer,
all our gateways are actually configured as 128.1.15.1 and I have changed the DC1(DC with issue) gateway from 128.1.1.42 to 128.1.15.1 as how my other DCs are.


DNS is set to primary/secondary or AD intergrated?

DNS is AD integerated.


You mention removing and readding a A record but no mention of a PTR record.
You are running a reverse lookup zone correct?

I dont actually have a Reverse Lookup zone. The configuration of AD- integerated DNS was as default. What I meant was I deleted the Host A record for DC1 under Forward Lookup Zones --> mount-alvernia.org

You have three dns servers. If you go to each one are all three name servers listed on each one with Name Server (NS) listings?
NS entries also in reverse lookup zone?

All the 3 servers are in the NS listings of each of the 3 servers.


128.1.1.161
C:\Documents and Settings\dev>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : BL1
Primary Dns Suffix . . . . . . . : mount-alvernia.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mount-alvernia.org

Ethernet adapter Local Area Connection 5:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 18-A9-05-72-64-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.1.1.161
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 128.1.15.1
DNS Servers . . . . . . . . . . . : 128.1.1.161
128.1.1.20

128.1.1.162


C:\Documents and Settings\dev>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : BL2
Primary Dns Suffix . . . . . . . : mount-alvernia.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mount-alvernia.org

Ethernet adapter Local Area Connection 5:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 18-A9-05-72-43-60
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.1.1.162
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 128.1.15.1
DNS Servers . . . . . . . . . . . : 128.1.1.162
128.1.1.161
128.1.1.20
Primary WINS Server . . . . . . . : 202.79.64.21
Secondary WINS Server . . . . . . : 202.79.64.26


Report •

#11
March 16, 2011 at 13:22:06
The following error occurred during the attempt to synchronize naming context mount-alvernia.org from Domain Controller DC1 to target controller BL2:

Target Principal name is incorrect.

I had the same problem on my network a little while back. I think Wanderer may be on to something though. I was not looking at the gateway on for your BL1 server and he is right something does not look right about it. Can you ping the gateway on the BL1 server and let us know what the results are?

If you are having problems with your Principle Names in your AD then it should show up in your Event logs. Go look under your System logs and see if there is an error referring to this. If so copy and paste it in the forum. I think it shows up as a KDC error.


Report •

Ask Question