DNS toasty (was: [ActiveDir] Trying to run DCPromo and getting error 5171)

[Daniel Chenault]

Title: Message

I'm having a problem somewhat similar to Steve's. For some reason my AD-integrated DNS lost it's AD zones (I have a suspicion why, that's another thread). This is not the first time and in the past I could run netdiag /fix and all would be well with the world. That's no longer working.   AD Name == homedom.dc-resources.net == DNS zone (note: tried with a top-level of dc-resources.net and a child of homedom as well as one zone called homedom.dc-resources.net) It is not disjointed (properties on My Computer, Network Ident., server name == wolfpack.homedom.dc-resources.net, domain == homedome.dc-resources.net) in top level of my domain the SRV records of SOA, NS and A for the server itself exist Allow dynamic updates == yes (unsecured) DNS servers in TCP stack == itself first (have tried with and w/o ISP's DNS listed, no difference) There is no "." zone I am logged on as Ghod (from domain admin to DNS admin, tried three different accounts) Manually created the zones (_msdcs, etc), still no go Went through the checklist at http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp   Since it's only one server I _could_ recreate all the records manually, but dang it, this _should_ be doable without having to resort to that. MSKB dances all around the issue eventually ending up with running netdiag /fix.   Any ideas?   -----Original Message----- From: steve [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:45 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trying to run DCPromo and getting error 5171 Update on my DNS problem and thanks to Rick! The problem was that I had "NO" to allow dynamic updates! Once I change this to "Yes" Everything worked like a champ! I was missing registration of the AD zones in DNS.       Can anybody think of anymore forks in the road I might run into with DNS? I'm setting up AD on 2 Compaq servers, which will share the FSMO roles?           Again, many thanks to Rick for pressing on and getting to the bottom of my issue!     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, June 10, 2003 10:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trying to run DCPromo and getting error 5171   Steve, Diane -   I agree that there is clearly something wrong with the DNS.  But, I'm not so sure that this is the indication.  This can also be caused (most likely) by a missing Reverse Lookup.   This was mentioned once before - have you looked into this yet, Steve?   I'm much more concerned with the missing registration for the GUID.   Steve - we (collectively) have made some suggestions.  Have you followed up on:   Checking the registration of the Active Directory Zones in DNS?  You should see 4:   _msdcs _sites _tcp _udp   Do these exist?  If not, go to the DNS applet and right click your domain fanmats.com.  Make sure that you're set for 'Yes' in Allow Dynamic Updates.  Go to Services, then stop and then start 'Netlogon'.  This will force a registration of DNS zones.   Please follow ALL STEPS on this page.  Some have been outlined here time and again by other people, but the steps need to be followed.   http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp   This is a common problem.  DNS can be a real bear, but AD will NOT WORK without it.  You have to get this right, as you're finding.   And, if you want to bring back BOTH netdiag and dcdiag results (successful or not - many time successful results tell me a lot) please run them as follows:   dcdiag /fix   netdiag /fix   dcdiag /v /f:dcdiag.log   netdiag /debug /l  (this will automatically create a netdiag.log)   Good luck - we'll be waiting to here what you have found.   Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone           From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diane Ayers Sent: Tuesday, June 10, 2003 8:57 PM To: [EMAIL PROTECTED] >Can't find server name for address 172.16.0.30   If NSlookup can't connect to that IP address, something is fubar with the DNS service on 172.16.0.30.  Can you telnet to port 53 (DNS) on that box?  "telnet 172.16.0.30 53"   Diane   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of steve Sent: Tuesday, June 10, 2003 6:33 PM To: [EMAIL PROTECTED] Still having DNS problems!   I was able to run NLTEST and it passed. Went through both SERVERS and verified that it had 172.16.0.30 for DNS setting. "S2.fanmats.com".   NSLOOKUP fails on both servers with errors. Please refer to NSLOOKUP.txt.   DCDDIAG.EXE FAILS. Please refer to DCDDIAG2.txt   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, June 09, 2003 7:40 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Trying to run DCPromo and getting error 5171   Is the second machine pointing to the first server for DNS?     -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: steve [mailto:[EMAIL PROTECTED] Sent: Sunday, June 08, 2003 2:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Trying to run DCPromo and getting error 5171 Environment: 2 new servers   Servers Configuration: Windows 2000 as workgroup. Ran DcPromo on the server1. Verified that DNS was setup correctly, can ping server by name. Not using WINS.   Problem: Can't make second Server a DC.   Error message: When running DcPromo on second server, I receive the same error message. The link below explains my error message.   http://www.microsoft.com/windows2000/dns/tshoot/     Thanks, Steve