SBS 2011 DNS killing my domain?

Ask a question

Thursday, December 06, 2012 3:52 PM

0

Ok, so the background.

7 month old install of SBS 2011 standard in a 50+ user environment. SBS is DC, DHCP, DNS, Exchange (which is still not being used). We have another Linux server acting as a file server.

Recently I tried to setup a FreeNAS server for backups of my SBS, but when its plugged in, I start to get funny things happening. People losing connection to SBS, random internet slowness/disconnects.

More recently I decided that FreeNAS might not be the best idea, and went with Ubuntu Server 12.4(for NAS purposes) I think.

During this entire time, our building suffers from a connection to a poor power grid that loses power almost weekly, so my server has been hard reset more than a couple times. I have a battery backup for it now, but it seems to take the server 20+ minutes to shutdown some days, and my UPS lasts about 12.

Now

My DNS server isnt working. It says it is started if I try to restart the service, but if I try to access the server through the server manager or administrative tools I get
"The server ____ could not be contacted.
The error was:
Access was denied."

I have no DNS, and if I've read correctly, that is why I also do not have a working AD. I ran the BPA and I get errors of

DNS client not configured
Windows SBS is not the Domain Naming Master
Windows SBS is not the Infrastructure Master
Windows SBS is not the Primary Domain Controller
Windows SBS is not the Relative ID Master
Windows SBS is not the Schema Master
The internat network adapter is not configured to register IP in DNS (but it really is)

Along with a whole slew of warnings.

I have tried to seize each of these roles, which said seizure is not necessary, transportation was successful , but nothing truely changed.

The Ubuntu server(for NAS purposes) has now been disconnected for 2 days, I'm still having these issues, and I think I've tried everything I can think of, and most of what I've found on the net this week. I do know that the FreeNAS server had something to do with DNS issues a month ago, as our accountant couldnt stay connected to the QuickBooks file for more than a few minutes, and the moment I unplugged the FreeNAS server that issue stopped completely.
- Reply
- Quote

All Replies

Thursday, December 06, 2012 4:13 PM

1

So the most important question that goes by rule is before FreeNAS was added to this domain does this server has any regular backups before mayhem happened?

Reason for asking backup here is the error you get in BPA's are shouting "multiple things are messed up". Access denied on starting dns server service is trying to sing a song " start loving procmon , start using procmon" if it's really a file or registry level permissions issue.

Much more can be said or suggested but start looking in procmon and eventlogs ( System and DS logs specifically) first which will give you and us more clear picture.
- Reply
- Quote
Thursday, December 06, 2012 4:34 PM

0
Only backups were of files themselves. I was bringing the FreeNAS server up to be a complete backup for the SBS box.

My entire event log is full of errors now as things arent able to startup.

These are from the last hour in System Logs

Error 12/6/2012 10:27:12 AM Service Control Manager 7031 None
Information 12/6/2012 10:26:54 AM Service Control Manager 7036 None
Error 12/6/2012 10:26:53 AM Service Control Manager 7031 None
Error 12/6/2012 10:26:45 AM Service Control Manager 7031 None
Error 12/6/2012 10:26:39 AM GroupPolicy 1055 None
Error 12/6/2012 10:26:02 AM Service Control Manager 7031 None
Error 12/6/2012 10:26:02 AM Service Control Manager 7024 None
Information 12/6/2012 10:26:02 AM Service Control Manager 7036 None
Information 12/6/2012 10:25:52 AM Service Control Manager 7036 None
Information 12/6/2012 10:24:50 AM Service Control Manager 7036 None
Error 12/6/2012 10:24:25 AM Service Control Manager 7031 None
Error 12/6/2012 10:24:25 AM Service Control Manager 7024 None
Information 12/6/2012 10:24:25 AM Service Control Manager 7036 None
Information 12/6/2012 10:22:46 AM Service Control Manager 7036 None
Error 12/6/2012 10:22:45 AM Service Control Manager 7031 None
Error 12/6/2012 10:22:45 AM Service Control Manager 7024 None
Information 12/6/2012 10:22:45 AM Service Control Manager 7036 None
Error 12/6/2012 10:22:43 AM Service Control Manager 7031 None
Error 12/6/2012 10:22:06 AM Service Control Manager 7031 None
Information 12/6/2012 10:21:44 AM Service Control Manager 7036 None
Error 12/6/2012 10:21:31 AM GroupPolicy 1055 None
Information 12/6/2012 10:21:06 AM Service Control Manager 7036 None
Warning 12/6/2012 10:21:03 AM DNS Client Events 1014 None
Error 12/6/2012 10:20:59 AM Service Control Manager 7031 None
Error 12/6/2012 10:20:59 AM Service Control Manager 7024 None
Information 12/6/2012 10:20:59 AM Service Control Manager 7036 None
Information 12/6/2012 10:20:42 AM Service Control Manager 7036 None
Error 12/6/2012 10:20:34 AM Service Control Manager 7031 None
Information 12/6/2012 10:20:24 AM FilterManager 6 None
Information 12/6/2012 10:19:38 AM Service Control Manager 7036 None
Error 12/6/2012 10:19:16 AM Service Control Manager 7031 None
Error 12/6/2012 10:19:16 AM Service Control Manager 7024 None
Information 12/6/2012 10:19:16 AM Service Control Manager 7036 None

Error 12/6/2012 10:18:33 AM Service Control Manager 7031 None
Information 12/6/2012 10:17:34 AM Service Control Manager 7036 None
Error 12/6/2012 10:17:33 AM Service Control Manager 7031 None
Error 12/6/2012 10:17:33 AM Service Control Manager 7024 None
Information 12/6/2012 10:17:33 AM Service Control Manager 7036 None
Error 12/6/2012 10:17:01 AM Service Control Manager 7031 None
Information 12/6/2012 10:16:34 AM Service Control Manager 7036 None
Error 12/6/2012 10:16:23 AM GroupPolicy 1055 None
Error 12/6/2012 10:15:47 AM Service Control Manager 7031 None
Error 12/6/2012 10:15:47 AM Service Control Manager 7024 None
Information 12/6/2012 10:15:47 AM Service Control Manager 7036 None

And here is the last few hours of Directory Service Logs

Error 12/6/2012 9:54:56 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 9:54:56 AM ActiveDirectory_DomainService 1655 Global Catalog
Information 12/6/2012 9:54:55 AM ActiveDirectory_DomainService 1869 Global Catalog
Error 12/6/2012 8:54:55 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 8:54:55 AM ActiveDirectory_DomainService 1655 Global Catalog
Information 12/6/2012 8:54:55 AM ActiveDirectory_DomainService 1869 Global Catalog
Error 12/6/2012 7:54:55 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 7:54:55 AM ActiveDirectory_DomainService 1655 Global Catalog
Information 12/6/2012 7:54:54 AM ActiveDirectory_DomainService 1869 Global Catalog
Error 12/6/2012 6:54:54 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 6:54:54 AM ActiveDirectory_DomainService 1655 Global Catalog
Information 12/6/2012 6:54:54 AM ActiveDirectory_DomainService 1869 Global Catalog
Error 12/6/2012 5:54:54 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 5:54:54 AM ActiveDirectory_DomainService 1655 Global Catalog
Information 12/6/2012 5:54:54 AM ActiveDirectory_DomainService 1869 Global Catalog
Information 12/6/2012 4:54:56 AM NTDS ISAM 701 Online Defragmentation
Error 12/6/2012 4:54:54 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 4:54:54 AM ActiveDirectory_DomainService 1655 Global Catalog
Information 12/6/2012 4:54:53 AM ActiveDirectory_DomainService 1869 Global Catalog
Information 12/6/2012 4:54:51 AM NTDS ISAM 700 Online Defragmentation
Error 12/6/2012 3:54:53 AM ActiveDirectory_DomainService 1126 Global Catalog
Warning 12/6/2012 3:54:53 AM ActiveDirectory_DomainService 1655 Global Catalog
- Edited by Adam Bird Thursday, December 06, 2012 4:36 PM for the sake of sanity
- Reply
- Quote
Thursday, December 06, 2012 4:38 PM

0
And in my DNS LOG I have thousands of

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Date:          12/6/2012 10:28:43 AM
Event ID:      4000
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ServerName.inspirations.local
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
    <EventID Qualifiers="49152">4000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-12-06T16:28:43.000000000Z" />
    <EventRecordID>2721</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DNS Server</Channel>
    <Computer>Servername.inspirations.local</Computer>
    <Security />
</System>
<EventData Name="DNS_EVENT_DS_OPEN_FAILED">
    <Binary>2D230000</Binary>
</EventData>
</Event>
- Edited by Adam Bird Thursday, December 06, 2012 4:40 PM security
- Reply
- Quote
Thursday, December 06, 2012 5:23 PM

0

And I will have to figure out how to use procmon. I DLd it and ran it and after 7million processes I realized it was capturing, not pulling up cached events. What exactly should I be looking for there? Only things that arent successful?
- Reply
- Quote
Thursday, December 06, 2012 8:17 PM

0

And a DCDIAG reveals thisMicrosoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ServerName
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ServerName

      Starting test: Connectivity
         The host
         aa945944-b186-45ad-8ad5-33972db45c50._msdcs.inspirations.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... ServerName failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ServerName
      Skipping all tests, because server ServerName is not responding to
      directory service requests.

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : inspirations
      Starting test: CheckSDRefDom
         ......................... inspirations passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... inspirations passed test CrossRefValidation

   Running enterprise tests on : inspirations.local
      Starting test: LocatorCheck
         ......................... inspirations.local passed test LocatorCheck
      Starting test: Intersite
         ......................... inspirations.local passed test Intersite

C:\Windows\system32>
- Reply
- Quote
Thursday, December 06, 2012 10:11 PM

1

Sounds like FreeNAS has become the DHCP server and is giving out the wrong DNS addresses. Can you confirm that IPCONFIG /ALL on a client shows the DNS as being the SBS box, and also confirm that the SBS box has itself as the DNS server?

Jim
- Reply
- Quote
Thursday, December 06, 2012 11:50 PM

1

Ok. Since you seized the roles back to SBS reset the secure channel following http://technet.microsoft.com/en-us/library/cc788073%28WS.10%29.aspx

command would be like

netdom resetpwd /server:SERVERNAME /userd:DOMAINNAME \administrator /passwordd:

reboot the server once the command is successfully completed.

Test the dns zones by loading dnsmgmt.msc.
- Reply
- Quote
Friday, December 07, 2012 3:41 PM

0

Ok, let me make sure that Im doing this correctly

Netdom resetpwd /server:SERVERNAME /userd:MYDOMAIN\MYADMINLOGIN /passwordd:MYPASSWORD

Doing that with the correct information is giving me a

Logon Failure: The Target account in incorrect.
The command failed to complete successfully.

I also tried it with

Netdom resetpwd /server:SERVERNAME /userd:MYDOMAIN\administrator /passwordd:

and here I get

Logon Failure: Account currently disabled
- Reply
- Quote
Friday, December 07, 2012 4:10 PM

0

Ok, just to double check to make sure Im doing this right it would be

NETDOM RESETPWD /Server:SERVERNAME /UserD:MYDOMAINNAME\MYLOGON /PasswordD:MYPASSWORD

When I do that I get a

Logon Failure: The Target account name is incorrect

and if I do

NETDOM RESETPWD /Server:SERVERNAME /UserD:MYDOMAINNAME\administrator /PasswordD:

I get

LOGON FAILURE: Account currently disabled
- Reply
- Quote
Friday, December 07, 2012 4:50 PM

1
My bad . my English is weak.

command would be like

netdom resetpwd /server:SERVERNAME /userd:DOMAINNAME \administrator /passwordd:

This essentially means you have to use the network admin account with which you are logged in to the server. Administrator account is disabled by default so the command would be like

netdom resetpwd /server:SERVERNAME /userd:DOMAINNAME \USER ACCOUNT WHICH HAS FULL PRIVILIDGES TO DOMAIN /passwordd:

press enter

after enter type the password which would be invisible ( make sure it is typed correctly)

command should say completed successfully.

Reboot
- Edited by MohitkapoorMicrosoft Community Contributor Friday, December 07, 2012 5:07 PM
- Reply
- Quote
Friday, December 07, 2012 5:39 PM

0

Typing that I get...

The machine account password for the local machine could not be reset.
The specified server cannot perform the requested operation.
The command failed to complete successfully.
- Reply
- Quote
Friday, December 07, 2012 5:53 PM

1

Is Windows firewall turned on this server? There is a huge mess going around if DC cannot authenticate and reset its password on its own.Have you looked into services which are set to automatic and not started even after a reboot?
- Reply
- Quote
Friday, December 07, 2012 5:54 PM

0

@Jim, Currently the SBS box is the only DNS server that I'm seeing. Most of my PCs are not currently using DHCP, with addresses assigned, but I had been using DHCP before that. Could this be caused by an addressing conflict?
When I look at my DHCP leases I do see multiple IP addresses what looks like DHCP'd to the SBS 2011 box.

like..

Client IP Address              Name                                   Type
192.168.3.11                    SERVERNAME                         DHCP
192.168.3.12                    SERVERNAME                         DHCP
192.168.3.15
               .16
               .18

Probably a total of 10 times. We do have NEC IP phones, so maybe that has something to do with it..?
- Reply
- Quote
Friday, December 07, 2012 6:06 PM

0

The firewall has been on in the domain, as it has been successfully for the last 7 months. As for services, should all of them in the list be started all th etime?
- Reply
- Quote
Friday, December 07, 2012 11:10 PM

1

Have you rebooted the server after issue occured? can you post back the command you are typing to reset the secure channel keeping domain name as *****
- Reply
- Quote
Friday, December 07, 2012 11:18 PM

0

The exact reset command was

netdom resetpwd /server:NAMEOFMYSERVER /userd:MY.DOMAIN\MYADMINACCT /passwordd:

And it tells me that It it a

Logon Failure: Unknown user name or bad password

And if I use

netdom resetpwd /server:NAMEOFMYSERVER /userd:MY.DOMAIN\MYADMINACCT /passwordd:MYACTUALPASSWORD

I get...

Logon Failure: The target account name is incorrect.
- Reply
- Quote
Saturday, December 08, 2012 12:08 AM

1
This is why it is failing
Starting test: Connectivity
         The host
         aa945944-b186-45ad-8ad5-33972db45c50._msdcs.inspirations.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... ServerName failed test Connectivity
Doing primary tests

   Testing server: Default-First-Site-Name\ServerName
      Skipping all tests, because server ServerName is not responding to
      directory service requests.

If you run portqry it fail to bind to port 135 . What AV are you running on this server? Have you rebooted?

And this is the reason dns is not working on this server as it cannot bind to rpc service.
- Edited by MohitkapoorMicrosoft Community Contributor Saturday, December 08, 2012 12:12 AM
- Reply
- Quote
Saturday, December 08, 2012 12:24 AM

0

I have rebooted multiple times with no changes. We are currently running Panda Endpoint Protection as our AV, which has been on the server for at least the last 5 months.

I just recently turned off the windows firewall to see if that would affect it, but I haven't noticed any change. Ill have to check if there has been some change to the Panda firewall that I didnt know about, but I havent changed anything there in a month or two
- Reply
- Quote
Saturday, December 08, 2012 12:44 AM

0

Windows firewall is not supposed to be disabled on 2008 and later systems. Uninstall panda from the system. Ensure there is no Internet key under HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\ location . Reboot.
- Reply
- Quote
Saturday, December 08, 2012 1:01 AM

0

Ok, I am uninstalling Panda.

I went to

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\
which contained 4 other folders named
ClientProtocols
Extensions
RPCProxy
SecurityService

as well as a
(Default)   Reg_SZ
DCOM Protocols    REG_MULTI_SZ
UuitSequenceNumber      REG_DWORD

I dont see an Internet key, if that is what it is named.
- Reply
- Quote

SBS 2011 DNS killing my domain?

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?