| View previous topic :: View next topic
|
| Author |
Message |
Jim
Guest
|
 Posted: Wed Nov 07, 2007 4:44 pm Post subject: One server can't read GPO/bind to domain |
 |
|
|
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and shows
events 1006, 10030 in the application log. It has a static IP configured
with two DNS servers (Windows 2003 DCs) on the same LAN. It is in use as
a file server. It seems to have developed this problem since Exchange
2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but no
reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything else
passes.
Anyone suggest what might be going on???
TIA
|
|
| Back to top |
|
 |
Jorge Silva
Guest
|
| Posted: Wed Nov 07, 2007 8:07 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi
Time out errors and no reply for pings, suggests connectivity problems,
check if you have any FW (Antivirus) that is blocking the traffic
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"Jim" <nospam@any.time> wrote in message
news:eFy%23OXWIIHA.4196@TK2MSFTNGP04.phx.gbl...
| Quote: | Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and shows
events 1006, 10030 in the application log. It has a static IP configured
with two DNS servers (Windows 2003 DCs) on the same LAN. It is in use as
a file server. It seems to have developed this problem since Exchange
2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but no
reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything else
passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Meinolf Weber
Guest
|
| Posted: Wed Nov 07, 2007 8:29 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hello Jim,
Please post the complete error messages and also an ipconfig /all from the
DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
| Quote: | Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Wed Nov 07, 2007 9:06 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3 at
remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group Policy
processing aborted."
"Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider could
not find an available domain controller in domain domain.com. This event
may be caused by network connectivity issues or configured incorrectly
DNS server. This event may also occur if you have not configured
correctly your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
| Quote: | Hello Jim,
Please post the complete error messages and also an ipconfig /all from
the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Guest
Guest
Posts
Location
|
| Posted: Wed Nov 07, 2007 9:06 pm Post subject: Google Ads |
|
|
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Wed Nov 07, 2007 10:11 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred DNS
server as a start.
DNS is used to find DCs in the site or Domain and it looks like the DNS
server you are pointed to knows nothing of the DCs in that Domain.
If DC2 has DNS running on it, which it should since DC1 points to it, have
its preferred DNS point to itself and point DC3 to it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
| Quote: | IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3 at
remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group Policy
processing aborted."
"Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider could not
find an available domain controller in domain domain.com. This event may
be caused by network connectivity issues or configured incorrectly DNS
server. This event may also occur if you have not configured correctly
your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all from
the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Thu Nov 08, 2007 2:46 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Thanks, I tried this but no change. From the event log it appears that
at (irregular) intervals the Exchange AD service is able to see all
three DCs, but then errors again. This server does not have Internet
access either as Windowsupdate agent fails, although IP lookups work as
mentioned earlier. Several other Windows 2003 servers and the DCs have
no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below - "[Broken
delegated domain domain.com.domain.com.]". The domain is listed as
domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
<name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
<name unavailable>)
Error: Root hints list has invalid root hint server:
a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server:
m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com. IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com. IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
| Quote: | Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred DNS
server as a start.
DNS is used to find DCs in the site or Domain and it looks like the DNS
server you are pointed to knows nothing of the DCs in that Domain.
If DC2 has DNS running on it, which it should since DC1 points to it,
have its preferred DNS point to itself and point DC3 to it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3 at
remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group Policy
processing aborted."
"Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider could
not find an available domain controller in domain domain.com. This
event may be caused by network connectivity issues or configured
incorrectly DNS server. This event may also occur if you have not
configured correctly your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all
from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Thu Nov 08, 2007 5:03 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi Jim,
You need to get your DNS config sorted out before any replication or DC
locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS Server.
They are mutually exclusive settings. One or the other. So delete the root
hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a zone for
domain.com.domain.com (???) and _msdcs.domain.com.domain.com and the _msdcs
delegation in domain.com.domain.com does not have name server records (NS)
for all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed to
different DNS servers and these servers not knowing about each other.
As the whole picture of what your environment is not provided here, one can
only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry out the
cleanup suggested above, restart your DCs and do a DCdiag to confirm things
are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
| Quote: | Thanks, I tried this but no change. From the event log it appears that at
(irregular) intervals the Exchange AD service is able to see all three
DCs, but then errors again. This server does not have Internet access
either as Windowsupdate agent fails, although IP lookups work as mentioned
earlier. Several other Windows 2003 servers and the DCs have no errors or
login delay.
Running dcdiag /test:dns on the dc produces the log below - "[Broken
delegated domain domain.com.domain.com.]". The domain is listed as
domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint server:
a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server:
m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com. IP:192.168.33.17
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com. IP:192.168.33.15
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above domain
contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain domain.com.domain.com.
on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain domain.com.domain.com.
on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain domain.com.domain.com.
on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred DNS
server as a start.
DNS is used to find DCs in the site or Domain and it looks like the DNS
server you are pointed to knows nothing of the DCs in that Domain.
If DC2 has DNS running on it, which it should since DC1 points to it,
have its preferred DNS point to itself and point DC3 to it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3 at
remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group Policy
processing aborted."
"Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider could
not find an available domain controller in domain domain.com. This event
may be caused by network connectivity issues or configured incorrectly
DNS server. This event may also occur if you have not configured
correctly your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all from
the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Thu Nov 08, 2007 7:08 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated it
would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
| Quote: | Hi Jim,
You need to get your DNS config sorted out before any replication or DC
locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a zone for
domain.com.domain.com (???) and _msdcs.domain.com.domain.com and the
_msdcs delegation in domain.com.domain.com does not have name server
records (NS) for all the servers that have the
_msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed to
different DNS servers and these servers not knowing about each other.
As the whole picture of what your environment is not provided here, one
can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry out
the cleanup suggested above, restart your DCs and do a DCdiag to confirm
things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears that
at (irregular) intervals the Exchange AD service is able to see all
three DCs, but then errors again. This server does not have Internet
access either as Windowsupdate agent fails, although IP lookups work
as mentioned earlier. Several other Windows 2003 servers and the DCs
have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below - "[Broken
delegated domain domain.com.domain.com.]". The domain is listed as
domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint server:
a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server:
m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com. IP:192.168.33.17
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com. IP:192.168.33.15
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred
DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like the
DNS server you are pointed to knows nothing of the DCs in that Domain.
If DC2 has DNS running on it, which it should since DC1 points to it,
have its preferred DNS point to itself and point DC3 to it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3
at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects. Check
the event log for possible messages previously logged by the policy
engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain domain.com.
This event may be caused by network connectivity issues or
configured incorrectly DNS server. This event may also occur if you
have not configured correctly your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all
from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Thu Nov 08, 2007 7:28 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the delegation
in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
| Quote: | Hi,
Thanks. If I deleted the domain.com zone altogether then recreated it
would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication or DC
locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS Server.
They are mutually exclusive settings. One or the other. So delete the
root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a zone for
domain.com.domain.com (???) and _msdcs.domain.com.domain.com and the
_msdcs delegation in domain.com.domain.com does not have name server
records (NS) for all the servers that have the
_msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed to
different DNS servers and these servers not knowing about each other.
As the whole picture of what your environment is not provided here, one
can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry out
the cleanup suggested above, restart your DCs and do a DCdiag to confirm
things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears that
at (irregular) intervals the Exchange AD service is able to see all
three DCs, but then errors again. This server does not have Internet
access either as Windowsupdate agent fails, although IP lookups work as
mentioned earlier. Several other Windows 2003 servers and the DCs have
no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below - "[Broken
delegated domain domain.com.domain.com.]". The domain is listed as
domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint server:
a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server:
m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com. IP:192.168.33.17
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com. IP:192.168.33.15
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS PASS
n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred DNS
server as a start.
DNS is used to find DCs in the site or Domain and it looks like the DNS
server you are pointed to knows nothing of the DCs in that Domain.
If DC2 has DNS running on it, which it should since DC1 points to it,
have its preferred DNS point to itself and point DC3 to it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3 at
remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group Policy
processing aborted."
"Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider could
not find an available domain controller in domain domain.com. This
event may be caused by network connectivity issues or configured
incorrectly DNS server. This event may also occur if you have not
configured correctly your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all
from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same LAN.
It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but
no reply. I cannot browse Web sites, but all other LAN computers
can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Fri Nov 09, 2007 5:33 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
How would I recreate _msdcs ? If I delete it will it be rebuilt? Thanks.
Austin Osuide wrote:
| Quote: | Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated it
would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication or
DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a zone
for domain.com.domain.com (???) and _msdcs.domain.com.domain.com and
the _msdcs delegation in domain.com.domain.com does not have name
server records (NS) for all the servers that have the
_msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed
to different DNS servers and these servers not knowing about each other.
As the whole picture of what your environment is not provided here,
one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry
out the cleanup suggested above, restart your DCs and do a DCdiag to
confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears
that at (irregular) intervals the Exchange AD service is able to see
all three DCs, but then errors again. This server does not have
Internet access either as Windowsupdate agent fails, although IP
lookups work as mentioned earlier. Several other Windows 2003
servers and the DCs have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain is
listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred
DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like the
DNS server you are pointed to knows nothing of the DCs in that Domain.
If DC2 has DNS running on it, which it should since DC1 points to
it, have its preferred DNS point to itself and point DC3 to it as
well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question.
DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects. Check
the event log for possible messages previously logged by the
policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain
domain.com. This event may be caused by network connectivity
issues or configured incorrectly DNS server. This event may also
occur if you have not configured correctly your multiple Active
Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all
from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of
the
DCs. When I ping an outside address I get the correct IP address
but
no reply. I cannot browse Web sites, but all other LAN computers
can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727,
The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Fri Nov 09, 2007 5:49 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi Jim,
When you have deleted the zone, rt click forward zones and select "new
zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
| Quote: | How would I recreate _msdcs ? If I delete it will it be rebuilt? Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated it
would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication or DC
locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a zone
for domain.com.domain.com (???) and _msdcs.domain.com.domain.com and
the _msdcs delegation in domain.com.domain.com does not have name
server records (NS) for all the servers that have the
_msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed
to different DNS servers and these servers not knowing about each
other.
As the whole picture of what your environment is not provided here, one
can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry out
the cleanup suggested above, restart your DCs and do a DCdiag to
confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears that
at (irregular) intervals the Exchange AD service is able to see all
three DCs, but then errors again. This server does not have Internet
access either as Windowsupdate agent fails, although IP lookups work
as mentioned earlier. Several other Windows 2003 servers and the DCs
have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below - "[Broken
delegated domain domain.com.domain.com.]". The domain is listed as
domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint server:
a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server:
m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com. IP:192.168.33.17
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com. IP:192.168.33.15
[Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS PASS
n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred
DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like the
DNS server you are pointed to knows nothing of the DCs in that
Domain.
If DC2 has DNS running on it, which it should since DC1 points to it,
have its preferred DNS point to itself and point DC3 to it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question. DC3
at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects. Check
the event log for possible messages previously logged by the policy
engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain domain.com.
This event may be caused by network connectivity issues or
configured incorrectly DNS server. This event may also occur if you
have not configured correctly your multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter
for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all
from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and
shows events 1006, 10030 in the application log. It has a static
IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of
the
DCs. When I ping an outside address I get the correct IP address
but
no reply. I cannot browse Web sites, but all other LAN computers
can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727,
The
remote procedure call failed and did not execute.." but everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Fri Nov 09, 2007 9:24 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Deleted and recreated the forward and reverse DNS zones from scratch and
they are populated. dcdiag /test:dns on one DC returns no errors (and is
LOGONSERVER for the slow logon computer). The other (which is the PDC)
is still trying to lookup 127.0.0.1 on the root hint servers although I
have forwarders configured on both.
No changes at all on the slow logon server - NET SHOW \\DC works, PING
DC works, \\domain.com\sysvol\domain.com\Policies is browsable. userenv
1006 and 1030 at logon, RSOP fails.
Could this be some kind of permissions issue?
Austin Osuide wrote:
| Quote: | Hi Jim,
When you have deleted the zone, rt click forward zones and select "new
zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
How would I recreate _msdcs ? If I delete it will it be rebuilt? Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated
it would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication
or DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a
zone for domain.com.domain.com (???) and
_msdcs.domain.com.domain.com and the _msdcs delegation in
domain.com.domain.com does not have name server records (NS) for
all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were
pointed to different DNS servers and these servers not knowing
about each other.
As the whole picture of what your environment is not provided here,
one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry
out the cleanup suggested above, restart your DCs and do a DCdiag
to confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears
that at (irregular) intervals the Exchange AD service is able to
see all three DCs, but then errors again. This server does not
have Internet access either as Windowsupdate agent fails, although
IP lookups work as mentioned earlier. Several other Windows 2003
servers and the DCs have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain is
listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com.
IP:192.168.34.2 [Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del
Dyn RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same
preferred DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like
the DNS server you are pointed to knows nothing of the DCs in
that Domain.
If DC2 has DNS running on it, which it should since DC1 points to
it, have its preferred DNS point to itself and point DC3 to it as
well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question.
DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by
the policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain
domain.com. This event may be caused by network connectivity
issues or configured incorrectly DNS server. This event may also
occur if you have not configured correctly your multiple Active
Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig
/all from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login
and
shows events 1006, 10030 in the application log. It has a
static IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one
of the
DCs. When I ping an outside address I get the correct IP
address but
no reply. I cannot browse Web sites, but all other LAN
computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query
SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error
1727, The
remote procedure call failed and did not execute.." but
everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Sat Nov 10, 2007 3:29 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi Jim,
Unfortunately, Event id 1006 and 1030 with userenv as source could have a
multitude of causes.
1. Are any of these DCs multihomed?
2. Post the dcdiag with failures
3. Do you still have root hints configured on the DNS servers?
4. Run gpotool from the Reskit to verify the integrity of GPs.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23Y1vr8xIIHA.1208@TK2MSFTNGP03.phx.gbl...
| Quote: | Deleted and recreated the forward and reverse DNS zones from scratch and
they are populated. dcdiag /test:dns on one DC returns no errors (and is
LOGONSERVER for the slow logon computer). The other (which is the PDC) is
still trying to lookup 127.0.0.1 on the root hint servers although I have
forwarders configured on both.
No changes at all on the slow logon server - NET SHOW \\DC works, PING DC
works, \\domain.com\sysvol\domain.com\Policies is browsable. userenv 1006
and 1030 at logon, RSOP fails.
Could this be some kind of permissions issue?
Austin Osuide wrote:
Hi Jim,
When you have deleted the zone, rt click forward zones and select "new
zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
How would I recreate _msdcs ? If I delete it will it be rebuilt? Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated it
would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication or
DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a zone
for domain.com.domain.com (???) and _msdcs.domain.com.domain.com and
the _msdcs delegation in domain.com.domain.com does not have name
server records (NS) for all the servers that have the
_msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were pointed
to different DNS servers and these servers not knowing about each
other.
As the whole picture of what your environment is not provided here,
one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry
out the cleanup suggested above, restart your DCs and do a DCdiag to
confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears
that at (irregular) intervals the Exchange AD service is able to see
all three DCs, but then errors again. This server does not have
Internet access either as Windowsupdate agent fails, although IP
lookups work as mentioned earlier. Several other Windows 2003
servers and the DCs have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain is
listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com. IP:192.168.34.2
[Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same preferred
DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like the
DNS server you are pointed to knows nothing of the DCs in that
Domain.
If DC2 has DNS running on it, which it should since DC1 points to
it, have its preferred DNS point to itself and point DC3 to it as
well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question.
DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects. Check
the event log for possible messages previously logged by the
policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain
domain.com. This event may be caused by network connectivity
issues or configured incorrectly DNS server. This event may also
occur if you have not configured correctly your multiple Active
Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig /all
from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login
and
shows events 1006, 10030 in the application log. It has a static
IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one of
the
DCs. When I ping an outside address I get the correct IP address
but
no reply. I cannot browse Web sites, but all other LAN computers
can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a
primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query
SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727,
The
remote procedure call failed and did not execute.." but
everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Sat Nov 10, 2007 6:14 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Thanks for your continuing help with this. Below is the dcdiag /test:dns
from the only DC that has errors. It's better than it was. No
mutltihomed DCs. Root hints are still default on the DNS servers.
Forwarders are active. GPOTool shows 15 policies, all OK.
I did also reset the TCP/IP stack on the problem server, no change.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: site1\dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity
Doing primary tests
Testing server: site1\dc1
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc1.domain.com
Domain: domain.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above
domain controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.222.222
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL PASS PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
| Quote: | Hi Jim,
Unfortunately, Event id 1006 and 1030 with userenv as source could have
a multitude of causes.
1. Are any of these DCs multihomed?
2. Post the dcdiag with failures
3. Do you still have root hints configured on the DNS servers?
4. Run gpotool from the Reskit to verify the integrity of GPs.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23Y1vr8xIIHA.1208@TK2MSFTNGP03.phx.gbl...
Deleted and recreated the forward and reverse DNS zones from scratch
and they are populated. dcdiag /test:dns on one DC returns no errors
(and is LOGONSERVER for the slow logon computer). The other (which is
the PDC) is still trying to lookup 127.0.0.1 on the root hint servers
although I have forwarders configured on both.
No changes at all on the slow logon server - NET SHOW \\DC works, PING
DC works, \\domain.com\sysvol\domain.com\Policies is browsable.
userenv 1006 and 1030 at logon, RSOP fails.
Could this be some kind of permissions issue?
Austin Osuide wrote:
Hi Jim,
When you have deleted the zone, rt click forward zones and select
"new zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
How would I recreate _msdcs ? If I delete it will it be rebuilt?
Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated
it would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication
or DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other.
So delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a
zone for domain.com.domain.com (???) and
_msdcs.domain.com.domain.com and the _msdcs delegation in
domain.com.domain.com does not have name server records (NS) for
all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were
pointed to different DNS servers and these servers not knowing
about each other.
As the whole picture of what your environment is not provided
here, one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working.
Carry out the cleanup suggested above, restart your DCs and do a
DCdiag to confirm things are ok. if something else shows up, lets
know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it
appears that at (irregular) intervals the Exchange AD service is
able to see all three DCs, but then errors again. This server
does not have Internet access either as Windowsupdate agent
fails, although IP lookups work as mentioned earlier. Several
other Windows 2003 servers and the DCs have no errors or login
delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain
is listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com.
IP:192.168.34.2 [Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the
above domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del
Dyn RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same
preferred DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like
the DNS server you are pointed to knows nothing of the DCs in
that Domain.
If DC2 has DNS running on it, which it should since DC1 points
to it, have its preferred DNS point to itself and point DC3 to
it as well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in
question. DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down).
Group Policy processing aborted."
"Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by
the policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory
Provider could not find an available domain controller in
domain domain.com. This event may be caused by network
connectivity issues or configured incorrectly DNS server. This
event may also occur if you have not configured correctly your
multiple Active Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C
NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig
/all from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow
login and
shows events 1006, 10030 in the application log. It has a
static IP
configured with two DNS servers (Windows 2003 DCs) on the
same LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from
one of the
DCs. When I ping an outside address I get the correct IP
address but
no reply. I cannot browse Web sites, but all other LAN
computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a
primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to
query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error
1727, The
remote procedure call failed and did not execute.." but
everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Sat Nov 10, 2007 6:28 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi Jim,
You need to delete the root hints zone.
1. In DNS Manager, expand the DNS Server object. Expand the Forward Lookup
Zones folder.
2. Right-click the "." zone, and then click Delete.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:e5w9f38IIHA.5764@TK2MSFTNGP06.phx.gbl...
| Quote: | Thanks for your continuing help with this. Below is the dcdiag /test:dns
from the only DC that has errors. It's better than it was. No mutltihomed
DCs. Root hints are still default on the DNS servers. Forwarders are
active. GPOTool shows 15 policies, all OK.
I did also reset the TCP/IP stack on the problem server, no change.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: site1\dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity
Doing primary tests
Testing server: site1\dc1
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc1.domain.com
Domain: domain.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.222.222
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL PASS PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
Unfortunately, Event id 1006 and 1030 with userenv as source could have a
multitude of causes.
1. Are any of these DCs multihomed?
2. Post the dcdiag with failures
3. Do you still have root hints configured on the DNS servers?
4. Run gpotool from the Reskit to verify the integrity of GPs.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23Y1vr8xIIHA.1208@TK2MSFTNGP03.phx.gbl...
Deleted and recreated the forward and reverse DNS zones from scratch and
they are populated. dcdiag /test:dns on one DC returns no errors (and is
LOGONSERVER for the slow logon computer). The other (which is the PDC)
is still trying to lookup 127.0.0.1 on the root hint servers although I
have forwarders configured on both.
No changes at all on the slow logon server - NET SHOW \\DC works, PING
DC works, \\domain.com\sysvol\domain.com\Policies is browsable. userenv
1006 and 1030 at logon, RSOP fails.
Could this be some kind of permissions issue?
Austin Osuide wrote:
Hi Jim,
When you have deleted the zone, rt click forward zones and select "new
zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
How would I recreate _msdcs ? If I delete it will it be rebuilt?
Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated
it would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication
or DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a
zone for domain.com.domain.com (???) and
_msdcs.domain.com.domain.com and the _msdcs delegation in
domain.com.domain.com does not have name server records (NS) for
all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were
pointed to different DNS servers and these servers not knowing
about each other.
As the whole picture of what your environment is not provided here,
one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry
out the cleanup suggested above, restart your DCs and do a DCdiag
to confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears
that at (irregular) intervals the Exchange AD service is able to
see all three DCs, but then errors again. This server does not
have Internet access either as Windowsupdate agent fails, although
IP lookups work as mentioned earlier. Several other Windows 2003
servers and the DCs have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain is
listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com.
IP:192.168.34.2 [Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del
Dyn RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same
preferred DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like
the DNS server you are pointed to knows nothing of the DCs in
that Domain.
If DC2 has DNS running on it, which it should since DC1 points to
it, have its preferred DNS point to itself and point DC3 to it as
well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question.
DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by
the policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain
domain.com. This event may be caused by network connectivity
issues or configured incorrectly DNS server. This event may also
occur if you have not configured correctly your multiple Active
Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig
/all from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login
and
shows events 1006, 10030 in the application log. It has a
static IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one
of the
DCs. When I ping an outside address I get the correct IP
address but
no reply. I cannot browse Web sites, but all other LAN
computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a
primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query
SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error
1727, The
remote procedure call failed and did not execute.." but
everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Austin Osuide
Guest
|
| Posted: Sat Nov 10, 2007 6:31 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Jim,
Also see: http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:e5w9f38IIHA.5764@TK2MSFTNGP06.phx.gbl...
| Quote: | Thanks for your continuing help with this. Below is the dcdiag /test:dns
from the only DC that has errors. It's better than it was. No mutltihomed
DCs. Root hints are still default on the DNS servers. Forwarders are
active. GPOTool shows 15 policies, all OK.
I did also reset the TCP/IP stack on the problem server, no change.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: site1\dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity
Doing primary tests
Testing server: site1\dc1
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc1.domain.com
Domain: domain.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.222.222
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL PASS PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
Unfortunately, Event id 1006 and 1030 with userenv as source could have a
multitude of causes.
1. Are any of these DCs multihomed?
2. Post the dcdiag with failures
3. Do you still have root hints configured on the DNS servers?
4. Run gpotool from the Reskit to verify the integrity of GPs.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23Y1vr8xIIHA.1208@TK2MSFTNGP03.phx.gbl...
Deleted and recreated the forward and reverse DNS zones from scratch and
they are populated. dcdiag /test:dns on one DC returns no errors (and is
LOGONSERVER for the slow logon computer). The other (which is the PDC)
is still trying to lookup 127.0.0.1 on the root hint servers although I
have forwarders configured on both.
No changes at all on the slow logon server - NET SHOW \\DC works, PING
DC works, \\domain.com\sysvol\domain.com\Policies is browsable. userenv
1006 and 1030 at logon, RSOP fails.
Could this be some kind of permissions issue?
Austin Osuide wrote:
Hi Jim,
When you have deleted the zone, rt click forward zones and select "new
zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
How would I recreate _msdcs ? If I delete it will it be rebuilt?
Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated
it would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication
or DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a
zone for domain.com.domain.com (???) and
_msdcs.domain.com.domain.com and the _msdcs delegation in
domain.com.domain.com does not have name server records (NS) for
all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were
pointed to different DNS servers and these servers not knowing
about each other.
As the whole picture of what your environment is not provided here,
one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry
out the cleanup suggested above, restart your DCs and do a DCdiag
to confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears
that at (irregular) intervals the Exchange AD service is able to
see all three DCs, but then errors again. This server does not
have Internet access either as Windowsupdate agent fails, although
IP lookups work as mentioned earlier. Several other Windows 2003
servers and the DCs have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain is
listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com.
IP:192.168.34.2 [Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del
Dyn RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same
preferred DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like
the DNS server you are pointed to knows nothing of the DCs in
that Domain.
If DC2 has DNS running on it, which it should since DC1 points to
it, have its preferred DNS point to itself and point DC3 to it as
well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question.
DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by
the policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain
domain.com. This event may be caused by network connectivity
issues or configured incorrectly DNS server. This event may also
occur if you have not configured correctly your multiple Active
Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig
/all from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login
and
shows events 1006, 10030 in the application log. It has a
static IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one
of the
DCs. When I ping an outside address I get the correct IP
address but
no reply. I cannot browse Web sites, but all other LAN
computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a
primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query
SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error
1727, The
remote procedure call failed and did not execute.." but
everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Sat Nov 10, 2007 7:29 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Hi,
Weird thing is there's no "." zone, just the domain and _msdcs zones I
deleted and recreated yesterday.
Austin Osuide wrote:
| Quote: | Hi Jim,
You need to delete the root hints zone.
1. In DNS Manager, expand the DNS Server object. Expand the Forward Lookup
Zones folder.
2. Right-click the "." zone, and then click Delete.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:e5w9f38IIHA.5764@TK2MSFTNGP06.phx.gbl...
Thanks for your continuing help with this. Below is the dcdiag /test:dns
from the only DC that has errors. It's better than it was. No mutltihomed
DCs. Root hints are still default on the DNS servers. Forwarders are
active. GPOTool shows 15 policies, all OK.
I did also reset the TCP/IP stack on the problem server, no change.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: site1\dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity
Doing primary tests
Testing server: site1\dc1
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc1.domain.com
Domain: domain.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.222.222
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL PASS PASS PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
Unfortunately, Event id 1006 and 1030 with userenv as source could have a
multitude of causes.
1. Are any of these DCs multihomed?
2. Post the dcdiag with failures
3. Do you still have root hints configured on the DNS servers?
4. Run gpotool from the Reskit to verify the integrity of GPs.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23Y1vr8xIIHA.1208@TK2MSFTNGP03.phx.gbl...
Deleted and recreated the forward and reverse DNS zones from scratch and
they are populated. dcdiag /test:dns on one DC returns no errors (and is
LOGONSERVER for the slow logon computer). The other (which is the PDC)
is still trying to lookup 127.0.0.1 on the root hint servers although I
have forwarders configured on both.
No changes at all on the slow logon server - NET SHOW \\DC works, PING
DC works, \\domain.com\sysvol\domain.com\Policies is browsable. userenv
1006 and 1030 at logon, RSOP fails.
Could this be some kind of permissions issue?
Austin Osuide wrote:
Hi Jim,
When you have deleted the zone, rt click forward zones and select "new
zone". Call it _msdcs.<DomainName>.
Then in your Domain Forward lookup zone, rt click and select "new
delegation". Call the new delegation "_msdcs".
Regards,
Austin
PS
Remember to make them AD integrated zones.
"Jim" <nospam@any.time> wrote in message
news:%233Lrm7vIIHA.2268@TK2MSFTNGP02.phx.gbl...
How would I recreate _msdcs ? If I delete it will it be rebuilt?
Thanks.
Austin Osuide wrote:
Hi Jim,
Recreating the zone would not damage AD.
You can also recreate the _msdcs.domain.com zone and create the
delegation in domain.com.
DCs should reregister their records when bounced.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23GoabMkIIHA.4476@TK2MSFTNGP06.phx.gbl...
Hi,
Thanks. If I deleted the domain.com zone altogether then recreated
it would that damage AD? I guess I would flush DNS on the DCs then
registerdns again.
Austin Osuide wrote:
Hi Jim,
You need to get your DNS config sorted out before any replication
or DC locator issues are resolved.
You seem to have root hints and forwarders configured on this DNS
Server. They are mutually exclusive settings. One or the other. So
delete the root hints. And the root zone.
Also, the "Broken delegated domain error occurs when you have a
zone for domain.com.domain.com (???) and
_msdcs.domain.com.domain.com and the _msdcs delegation in
domain.com.domain.com does not have name server records (NS) for
all the servers that have the _msdcs.domain.com.domain.com zone.
This situation is clearly possible with the way your DCs were
pointed to different DNS servers and these servers not knowing
about each other.
As the whole picture of what your environment is not provided here,
one can only try to guide based on the info you have provided.
First step I would suggest is to get name resolution working. Carry
out the cleanup suggested above, restart your DCs and do a DCdiag
to confirm things are ok. if something else shows up, lets know.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:%23snZJ6hIIHA.3940@TK2MSFTNGP05.phx.gbl...
Thanks, I tried this but no change. From the event log it appears
that at (irregular) intervals the Exchange AD service is able to
see all three DCs, but then errors again. This server does not
have Internet access either as Windowsupdate agent fails, although
IP lookups work as mentioned earlier. Several other Windows 2003
servers and the DCs have no errors or login delay.
Running dcdiag /test:dns on the dc produces the log below -
"[Broken delegated domain domain.com.domain.com.]". The domain is
listed as domain.com.domain.com. Any idea how I can fix this?
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder:
208.67.220.220 (
name unavailable>)
Error: Forwarders list has invalid forwarder:
208.67.222.222 (
name unavailable>)
Error: Root hints list has invalid root hint
server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint
server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint
server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint
server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint
server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint
server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint
server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint
server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint
server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint
server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint
server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint
server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: dc2.domain.com.
IP:192.168.33.17 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc1.domain.com.
IP:192.168.33.15 [Brok
en delegated domain domain.com.domain.com.]
Error: DNS server: dc3.domain.com.
IP:192.168.34.2 [Broken
delegated domain domain.com.domain.com.]
Summary of test results for DNS servers used by the above
domain contro
llers:
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.222.222
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 208.67.220.220
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.168.34.2 (dc3.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.34.2
DNS server: 192.168.33.17 (dc2.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.17
DNS server: 192.168.33.15 (dc1.domain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
domain.com.domain.com. on t
he DNS server 192.168.33.15
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query
for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del
Dyn RReg Ext
________________________________________________________________
Domain: domain.com
dc1 PASS PASS FAIL FAIL PASS
PASS n/a
......................... domain.com failed test DNS
Austin Osuide wrote:
Hi Jim,
DC1 has preferred DNS x.x.33.15
DC2 has preferred DNS x.x.33.17
DC3 has preferred DNS x.x.34.2
You should to point your DCs in the same site to the same
preferred DNS server as a start.
DNS is used to find DCs in the site or Domain and it looks like
the DNS server you are pointed to knows nothing of the DCs in
that Domain.
If DC2 has DNS running on it, which it should since DC1 points to
it, have its preferred DNS point to itself and point DC3 to it as
well.
Restart the net logon service on all DCs and retry your login.
Regards,
Austin
"Jim" <nospam@any.time> wrote in message
news:O5nSypYIIHA.5980@TK2MSFTNGP04.phx.gbl...
IPCONFIG /ALL for three DCs and the server below. Thanks
DC1 and DC2 on LAN. DC1 under VMWARE on the server in question.
DC3 at remote site.
Errors when logging on to the server are:
"Windows cannot bind to DOMAIN.COM domain. (Server Down). Group
Policy processing aborted."
"Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by
the policy engine that describes the reason for this."
Error from Exchange in log:
"Process mmc.exe (PID=2816). Exchange Active Directory Provider
could not find an available domain controller in domain
domain.com. This event may be caused by network connectivity
issues or configured incorrectly DNS server. This event may also
occur if you have not configured correctly your multiple Active
Directory sites."
DC1 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-B8-C3-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.15
DC2 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-33-CB-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
DC3 IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-A0-38-DF-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.34.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.34.1
DNS Servers . . . . . . . . . . . : 192.168.34.2
SERVER IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : problemserver
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.205.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-BB-54-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.2
DNS Servers . . . . . . . . . . . : 192.168.33.17
192.168.33.15
Meinolf Weber wrote:
Hello Jim,
Please post the complete error messages and also an ipconfig
/all from the DC/DNS servers and the Exchange server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login
and
shows events 1006, 10030 in the application log. It has a
static IP
configured with two DNS servers (Windows 2003 DCs) on the same
LAN. It
is in use as a file server. It seems to have developed this
problem
since Exchange 2007 was installed on it.
When I ping domain.com from the server I get a reply from one
of the
DCs. When I ping an outside address I get the correct IP
address but
no reply. I cannot browse Web sites, but all other LAN
computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a
primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query
SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error
1727, The
remote procedure call failed and did not execute.." but
everything
else passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jim
Guest
|
| Posted: Mon Nov 12, 2007 2:24 pm Post subject: Re: One server can't read GPO/bind to domain |
|
|
Seems that this was caused by Exchange 2007. Since uninstalling it
(which is a major challenge in itself) two days ago the server has had
no AD problems and has Internet access again. Pity since I really need
Exchange on that server...
Jim wrote:
| Quote: | Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and shows
events 1006, 10030 in the application log. It has a static IP configured
with two DNS servers (Windows 2003 DCs) on the same LAN. It is in use as
a file server. It seems to have developed this problem since Exchange
2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but no
reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything else
passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
Jorge Silva
Guest
|
| Posted: Wed Nov 14, 2007 11:23 am Post subject: Re: One server can't read GPO/bind to domain |
|
|
Exchange shouldn't interf. in the DNs resolution mechanism...
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"Jim" <nospam@any.time> wrote in message
news:%23ShqlAUJIHA.3672@TK2MSFTNGP02.phx.gbl...
| Quote: | Seems that this was caused by Exchange 2007. Since uninstalling it (which
is a major challenge in itself) two days ago the server has had no AD
problems and has Internet access again. Pity since I really need Exchange
on that server...
Jim wrote:
Hi,
I have a Windows 2003 R2 x64 server that has a very slow login and shows
events 1006, 10030 in the application log. It has a static IP configured
with two DNS servers (Windows 2003 DCs) on the same LAN. It is in use as
a file server. It seems to have developed this problem since Exchange
2007 was installed on it.
When I ping domain.com from the server I get a reply from one of the
DCs. When I ping an outside address I get the correct IP address but no
reply. I cannot browse Web sites, but all other LAN computers can.
Firewall on server is disabled.
NETDIAG passes DNS test but says [WARNING] Cannot find a primary
authoritative DNS server for the name 'server.domain.com'.
[ERROR_TIMEOUT]. Only other error is [WARNING] Failed to query SPN
registration on DC.
DCDIAG /S:DC1 returns "DsBindWithSpnEx() failed with error 1727, The
remote procedure call failed and did not execute.." but everything else
passes.
Anyone suggest what might be going on???
TIA
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Topic Links: syslog
Powered by phpBB © 2001, 2005 phpBB Group
|
Windows-Expert.com Forum Index
•
FAQ
•
Search
