PDC - lost DNS (I think) 1

[lebonique]

I have been pulling my hair out trying to get this sorted.....Our primary server is not replicating between our two others.

I get the following errors:

Event ID: 1000
Source: Userenv
Error: Windows cannot determine the user or computer name. Return value (1326).

Event ID: 1126
Source: NTDS General
Error: Unable to establish connection with global catalog.

Event ID: 13562
Source: NtFrs
Error: Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller (MYDC) for FRS replica set configuration information.

Could not bind to a Domain Controller. Will try again at next polling cycle.

Event ID: 54
Source: W32Time
Error: The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible.

Event ID: 5775
Source: Netlogon
Error: Deregistration of the DNS record '_kpasswd._udp.MYDOM. 600 IN SRV 0 100 464 MYDC.MYDOM.' failed with the following error:
DNS bad key.

I've tried DCDIAG AND NETDAIG (Here's the log for NETDIAG):




Computer Name: MYDC
DNS Host Name: MYDOM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 7 Stepping 2, GenuineIntel
List of installed hotfixes :
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
Q147222
Q295688
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : MYDC.MYDC
IP Address . . . . . . . . : 192.168.1.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.2
203.207.4.7
203.20.74.6
172.16.0.2


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{793FD7AB-E8C2-4F79-9C2F-DA599605B615}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] File \config\netlogon.dns contains invalid DNS entries. [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{793FD7AB-E8C2-4F79-9C2F-DA599605B615}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{793FD7AB-E8C2-4F79-9C2F-DA599605B615}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for krbtgt/MTDOM
[FATAL] Kerberos does not have a ticket for MYDOM$.


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped
The IPSec Policy Agent service is not started.


The command completed successfully


If anyone can point me in the right direction I would be very happy......I think it's to do with My main DC having it's SRV records different (I did not change these). BUt I"ve spent so much time all this weekend trying to fix it that I'm at a loss.

Gotta go home and get 3 hours sleep before I fall over. Would really apprecitate some help.

 

[lebonique]

On Athena when I try to run netdom query fsmo I get:

A device attached to the system is not functioning.

On Thor:
Schema owner Athena
Domain role owner Minotaur
PDC Role Minotaur
RID Pool Manager Athena
Infrastructure Owner Athena


On Minotaur:
Schema owner Athena
Domain role owner Minotaur
PDC Role Minotaur
RID Pool Manager Minotaur
Infrastructure Owner Minotaur


So I was using Thor as my Goodserver, but couldn't sieze the roles.

Thanks for your time on this

 

[markdmac]

I'd try to seize the Schema owner role on Minotaur and keep it as the good server. At that point you would have one server that would have all the roles and hopefully can get the rest working from there. Does minataur have DNS? If not, load it so your AD can still function when you remove AD from the other servers. Also make sure it is a Global Catalog.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[lebonique]

What about the the netdiag test on Minotaur? - It has a fatal error:

[FATAL] Kerberos does not have a ticket for krbtgt/MTDOM
[FATAL] Kerberos does not have a ticket for MYDOM$.

When you use kerbtray it says no credentials, does this not matter?

I'm back in the office at 7.30 am, so I'll try it then....

 

[markdmac]

Minataur was getting kerberos tickets from another server which apparently has failed. You should be able to start the Kerberos service locally on it and have it generate its own ticket.

This has been dragging on for a while so you might want to consider a call to Microsoft PSS if you don't get anywhere soon.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[vbrocks]

Try setting more than 1 server as a global catalog server.
Replicate