×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

The DSA operation is unable to proceed because of a DNS lookup failure

The DSA operation is unable to proceed because of a DNS lookup failure

The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
Since we moved the dc/domain to its remote office, I get The DSA operation is unable to proceed because of a DNS lookup failure on the Corp Office DC's. The sites are connected through vpn. I tried a secondary dns zone on both ends, that transfers fine, but isn't fixing the problem.

CN=Schema,CN=Configuration,DC=homanitusa,DC=com
  DR\DR2 via RPC
    objectGuid: 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09
    Last attempt @ 2004-07-29 05:33.27 failed, result 8524:
The DSA operation is unable to proceed because of a DNS lookup failure

Not sure what to do next seeing there a ton of msft notes, but i haven't pin pointed one I like so far that seems to answer my question. One said delete the object in DNS, I aleast did that. Restart dns and netlogon, but no fix.

RE: The DSA operation is unable to proceed because of a DNS lookup failure

I don't know that exact answer to this problem...but

When you "moved the dc/domain to its remote office," did you create a new Site in Active Directory?  

Is your primary DNS server Active Directory Integrated?  If so, you don't need to create a secondary DNS zone, you should have just installed the DNS service.  (DNS records are automatically replicated to all DC's if you are using AD Integrated.)

Also, did you enable the remote sites DC as a global catalog server?  It should be seeing how this is the only DC in a new physical site.

Maybe use the command tool NSLOOKUP to test whether DNS is working properly.  

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out www.NJCOMPUTERNETWORKS.com (Sales@njcomputernetworks.com)

RE: The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
Yes I created a site called DR. Which is disaster recovery site. Nope I didn't make a GC, but will now that you mentioned it, it slipped my fried brain There is only two members in the DR site domain.  My primary dns serves are AD Integrated. I have two here at Corp domain. When the DR site was here before it moved, I had a AD Intgrated zone for it. WHen moved that didn't seem work and I got Netlogon errors as well. I did make a 2ndary zone here for DR.com and a 2ndary for homanitusa.com there.

Would deleteign the site, then recreating it solve things, not sure.


Matt
MCP(3 more to go)

RE: The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
I got things close to straightend out, but on my NTDS settigns in Sites and services and deleted my connections and recreated them. Then AD did the auto generated connections. On my bridgehead server dc3, it has two connections going to dr2 from site dr. Which one should stay.

connectioned named DR from server DR2 from site DR

or the auto generated one?

Also I went to Trusts and did a verify and all went well after it resync'd the passwords between the sites. So dns has to be working somehow with the 2ndary zones.


RE: The DSA operation is unable to proceed because of a DNS lookup failure

No I don't think going into Sites and services and then deleting the site will fix anything.

When you get Netlogon errors (and if the Netlogon share does not start), you have DC problems.  It sounds like after you moved the server to the new site, that Netlogon service and share did not start.

This probably means that your DC were not replicating over the WAN link.  I would put everything back the way it was before adding the secondary DNS zone and what not.  This shouldn't be needed.  AD integrated Zone means that the DNS database is replicated within AD.  Alls you would need to do is ADD the DNS service and point clients to thier local DNS server.

I would suspect that maybe traffic is being blocked when going across your WAN link.  If the DC's can't communicate properly with one another, you will continue to have problems.

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out www.NJCOMPUTERNETWORKS.com (Sales@njcomputernetworks.com)

RE: The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
I am replicating, because I removed the stale NTDS connection. I checked under _msdcs and the dr2 dc is there now with a new alias 2e13 etc.. It looks to be replicating now I got rid of some bad dns entries. I will check netlogon and ntFrs. I think i have things sorted out. I hope! I didn't remove the Site just redid the site links. That also replicated to the remote dc.

thanks for the help

RE: The DSA operation is unable to proceed because of a DNS lookup failure

Glad to see that your getting things up and running...

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out www.NJCOMPUTERNETWORKS.com (Sales@njcomputernetworks.com)

RE: The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
Well at 12:13 i got this error, but i think i can fix this. Or it's already fixed after smoothing things out.

Event Type:    Error
Event Source:    NETLOGON
Event Category:    None
Event ID:    5774
Date:        7/29/2004
Time:        12:13:57 PM
User:        N/A
Computer:    DR2
Description:
Registration of the DNS record '2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.homanitusa.com. 600 IN CNAME dr2.DR.com.' failed with the following error:
DNS RR set that ought to exist, does not exist.  
Data:
0000: 30 23 00 00               0#..    

RE: The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
I think the problem is DNS. Here is my dcdiag, though it shows success in replicating, but alot of errors. Also the message, "*Warning: Remote bridgehead DR\DR2 is not eligible as a bridgehead due to too many failures.", how would you make eligible again?
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: HomanitUSA\HUSADOMAIN
      Starting test: Connectivity
         ......................... HUSADOMAIN passed test Connectivity

   Testing server: HomanitUSA\HUSAEXCHANGE
      Starting test: Connectivity
         ......................... HUSAEXCHANGE passed test Connectivity

   Testing server: HomanitUSA\DC3
      Starting test: Connectivity
         ......................... DC3 passed test Connectivity

Doing primary tests

   Testing server: HomanitUSA\HUSADOMAIN
      Starting test: Replications
         ......................... HUSADOMAIN passed test Replications
      Starting test: NCSecDesc
         ......................... HUSADOMAIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... HUSADOMAIN passed test NetLogons
      Starting test: Advertising
         ......................... HUSADOMAIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... HUSADOMAIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... HUSADOMAIN passed test RidManager
      Starting test: MachineAccount
         ......................... HUSADOMAIN passed test MachineAccount
      Starting test: Services
            Could not open IISADMIN Service on [HUSADOMAIN]:failed with 1060: Th
e specified service does not exist as an installed service.
            Could not open SMTPSVC Service on [HUSADOMAIN]:failed with 1060: The
 specified service does not exist as an installed service.
         ......................... HUSADOMAIN failed test Services
      Starting test: ObjectsReplicated
         ......................... HUSADOMAIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... HUSADOMAIN passed test frssysvol
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 08/02/2004   15:05:47
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 08/02/2004   15:05:47
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8000061E
            Time Generated: 08/02/2004   15:05:47
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000051F
            Time Generated: 08/02/2004   15:05:47
            (Event String could not be retrieved)
         ......................... HUSADOMAIN failed test kccevent
      Starting test: systemlog
         ......................... HUSADOMAIN passed test systemlog

   Testing server: HomanitUSA\HUSAEXCHANGE
      Starting test: Replications
         ......................... HUSAEXCHANGE passed test Replications
      Starting test: NCSecDesc
         ......................... HUSAEXCHANGE passed test NCSecDesc
      Starting test: NetLogons
         ......................... HUSAEXCHANGE passed test NetLogons
      Starting test: Advertising
         ......................... HUSAEXCHANGE passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... HUSAEXCHANGE passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... HUSAEXCHANGE passed test RidManager
      Starting test: MachineAccount
         ......................... HUSAEXCHANGE passed test MachineAccount
      Starting test: Services
         ......................... HUSAEXCHANGE passed test Services
      Starting test: ObjectsReplicated
         ......................... HUSAEXCHANGE passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         ......................... HUSAEXCHANGE passed test frssysvol
      Starting test: kccevent
         ......................... HUSAEXCHANGE passed test kccevent
      Starting test: systemlog
         ......................... HUSAEXCHANGE passed test systemlog

   Testing server: HomanitUSA\DC3
      Starting test: Replications
         [Replications Check,DC3] A recent replication attempt failed:
            From DR2 to DC3
            Naming Context: CN=Schema,CN=Configuration,DC=homanitusa,DC=com
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2004-08-02 15:04.51.
            The last success occurred at 2004-08-02 10:34.54.
            36 failures have occurred since the last success.
            The guid-based DNS name 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.
homanitusa.com
            is not registered on one or more DNS servers.
         [Replications Check,DC3] A recent replication attempt failed:
            From DR2 to DC3
            Naming Context: CN=Configuration,DC=homanitusa,DC=com
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.
            The failure occurred at 2004-08-02 15:04.51.
            The last success occurred at 2004-08-02 10:34.53.
            36 failures have occurred since the last success.
            The guid-based DNS name 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.
homanitusa.com
            is not registered on one or more DNS servers.
         [Replications Check,DC3] A recent replication attempt failed:
            From DR2 to DC3
            Naming Context: DC=DR,DC=com
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.
            The failure occurred at 2004-08-02 15:04.51.
            The last success occurred at 2004-08-02 10:34.54.
            36 failures have occurred since the last success.
            The guid-based DNS name 2e13cd9b-74ab-4f0e-b3dc-87f3b7309f09._msdcs.
homanitusa.com
            is not registered on one or more DNS servers.
         ......................... DC3 passed test Replications
      Starting test: NCSecDesc
         ......................... DC3 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC3 passed test NetLogons
      Starting test: Advertising
         ......................... DC3 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC3 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC3 passed test RidManager
      Starting test: MachineAccount
         ......................... DC3 passed test MachineAccount
      Starting test: Services
         ......................... DC3 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC3 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC3 passed test frssysvol
      Starting test: kccevent
         ......................... DC3 passed test kccevent
      Starting test: systemlog
         ......................... DC3 passed test systemlog

   Running enterprise tests on : homanitusa.com
      Starting test: Intersite
         Doing intersite inbound replication test on site HomanitUSA:
            *Warning: Remote bridgehead DR\DR2 is not eligible as a bridgehead due to too many failures.  Replication may be disrupted into the
            local site HomanitUSA.
         ......................... homanitusa.com passed test Intersite
      Starting test: FsmoCheck
         ......................... homanitusa.com passed test FsmoCheck

RE: The DSA operation is unable to proceed because of a DNS lookup failure

(OP)
Oddly enough, I can connect to DR.com through AD Users and Computers from here at Corp Site. Also Create a user in Dr.com, then log on as that user here in the Corp site. Puzzling.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close