none
Windows 2008 R2 - DNS Problem

    Question

  • Hi,

    I need help with a DNS issue in Windows 2008 R2
    GReport: "Group Policy Infrastructure failed due to the error listed below."

    The Event Viewer shows the following errors:

    Source: GroupPolicy 
    EventID: 1053
    Level: Error
    Info: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: 
    a) Name Resolution failure on the current domain controller. 
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).


    Source: LSA (LsaSrv)
    EventID: 40960
    Level: Warning
    Info: The description for Event ID 40960 from source LsaSrv cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event: 

    DNS/nxssrvdc001.nexussa.cl
    Kerberos
    "There are currently no logon servers available to service the logon request.
     (0xc000005e)"

    the message resource is present but the message is not found in the string/message table


    Source: NETLOGON
    EventID: 5719
    Level: Error
    Info: This computer was not able to set up a secure session with a domain controller in domain NEXUS_NT_1 due to the following: 
    There are currently no logon servers available to service the logon request. 
    This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

    ADDITIONAL INFO 
    If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.


    Source: DnsApi
    EventID: 111666
    Level: Warning
    Info: The system failed to register host (A or AAAA) resource records (RRs) for network adapter
    with settings:

       Adapter Name : {5A74E56A-09B2-470B-9E42-44391E20437B}
       Host Name : NXSSRVIISCSD02
       Primary Domain Suffix : nexussa.cl
       DNS server list :
          200.10.XXX.XXX, 200.10.XXX.XXX
       Sent update to server : 200.10.XXX.XXX:53
       IP Address(es) :
         2002:c80a:860::c80a:860, 2002:c8c8:c8c2::c8c8:c8c2

     The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.

     You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

    Please help for resolved this issue.
    Thanks


    Tuesday, July 17, 2012 2:49 PM

Answers

  • What is the message you see when you run nslookup from cmd ?

    Is power saving enabled on the NIC's?

    Check for latest NIC driver as well.


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Tuesday, July 17, 2012 8:25 PM

All replies

  • Please refer following articles, might help you..

    EventID: 40960-40961

    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/005f219d-1da0-48ad-8f5f-bc80d92cde92

    Event ID 5719 is logged when you start a computer

    http://support.microsoft.com/kb/938449

    Active Directory: Event ID 5719 Source Netlogon (dsforum2wiki)

    http://social.technet.microsoft.com/wiki/contents/articles/2466.active-directory-event-id-5719-source-netlogon-dsforum2wiki.aspx

    Event ID 11166 — DNS Client Registration

    http://technet.microsoft.com/en-us/library/cc735785(v=ws.10)

    Event ID 1053 — Group Policy Preprocessing (Security)

    http://technet.microsoft.com/en-us/library/cc727337(v=ws.10).aspx


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Tuesday, July 17, 2012 2:55 PM
  • As there are multiple errors, I would suggest you to fix each one of them one by one to narrow down to the root cause.

    There is no such thumb rule to say that, the suggestion works for sure i.e. 100% guaranteed ! A solution which might work for me, might not work for  others due to several other environmental or application constraints.

    If the server in question is critical host for you, then I would suggest you to create a support request with Microsoft and you would be assured a definite solution.


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....



    Tuesday, July 17, 2012 3:46 PM
  • GPUPDATE /Force results:

    Updating Policy...

    User Policy update has completed successfully.
    Computer policy could not be updated successfully. The following errors were enc
    ountered:

    The processing of Group Policy failed. Windows attempted to retrieve new Group P
    olicy settings for this user or computer. Look in the details tab for error code
     and description. Windows will automatically retry this operation at the next re
    fresh cycle. Computers joined to the domain must have proper name resolution and
     network connectivity to a domain controller for discovery of new Group Policy o
    bjects and settings. An event will be logged when Group Policy is successful.

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
    rom the command line to access information about Group Policy results.

    The Event Viewer shows the following errors:

    Source: GroupPolicy 
    EventID: 1053 /// Error Code: 1355
    Level: Error
    Info: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: 
    a) Name Resolution failure on the current domain controller. 
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).


    Source: LSA (LsaSrv)
    EventID: 40960
    Level: Warning
    Info: The description for Event ID 40960 from source LsaSrv cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event: 

    DNS/nxssrvdc001.nexussa.cl
    Kerberos
    "There are currently no logon servers available to service the logon request.
     (0xc000005e)"

    the message resource is present but the message is not found in the string/message table


    Source: NETLOGON
    EventID: 5719
    Level: Error
    Info: This computer was not able to set up a secure session with a domain controller in domain NEXUS_NT_1 due to the following: 
    There are currently no logon servers available to service the logon request. 
    This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

    ADDITIONAL INFO 
    If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.


    Source: DnsApi
    EventID: 111666
    Level: Warning
    Info: The system failed to register host (A or AAAA) resource records (RRs) for network adapter
    with settings:

       Adapter Name : {5A74E56A-09B2-470B-9E42-44391E20437B}
       Host Name : NXSSRVIISCSD02
       Primary Domain Suffix : nexussa.cl
       DNS server list :
          200.10.XXX.XXX, 200.10.XXX.XXX
       Sent update to server : 200.10.XXX.XXX:53
       IP Address(es) :
         2002:c80a:860::c80a:860, 2002:c8c8:c8c2::c8c8:c8c2

     The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.

     You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

    Please help for resolved this issue.
    Thanks



    Tuesday, July 17, 2012 5:24 PM
  • Hi,

    Its a DNS name resolution issue. Make sure that client is configured to point the correct DNS server and the domain controller can be contacted using its FQDN.

    Please post the unedited ipconfig /all from both the machines to proceed further.


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!


    • Edited by iamrafic Tuesday, July 17, 2012 5:38 PM
    Tuesday, July 17, 2012 5:33 PM
  • Cross post !

    Windows 2008 R2 - DNS Problem

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/39f94ca0-f163-41e6-a157-be7b6afe8f04

    In your earlier thread, you have mentioned following

    The problem came when they added a new card in server.
    The nic princial "Team 01" is 2.0 Gbps
    Additionally there is another nic: "xxx" which is 100 Mbps

    When I add the new card, began to appear the error messages. The affected server is in production and the impact should be minimal, so I must be 100% which is the solution to make.

    It appears that, the server in question is a DC and you have multihomed it. Multihoming DCs are not recommended. Why ? here is an excerpt from this thread

     Technically speaking, multihomed domain controller is supported. However it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed.  

    Here I listed the following known issues of multihomed domain controller for your reference:

     

    -      Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged.

     

    Symptoms of multihomed browsers

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

     

    Troubleshooting browser Event ID 8021 and 8032 on master browsers

    http://support.microsoft.com/kb/135404

     

     

    -      Influence on the name resolve.

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063

     

    Delay in NetBIOS connections from a multi-homed computer

    http://support.microsoft.com/kb/166159


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Tuesday, July 17, 2012 6:47 PM
  • Cross post !

    Windows 2008 R2 - DNS Problem

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/39f94ca0-f163-41e6-a157-be7b6afe8f04

    In your earlier thread, you have mentioned following

    The problem came when they added a new card in server.
    The nic princial "Team 01" is 2.0 Gbps
    Additionally there is another nic: "xxx" which is 100 Mbps

    When I add the new card, began to appear the error messages. The affected server is in production and the impact should be minimal, so I must be 100% which is the solution to make.

    It appears that, the server in question is a DC and you have multihomed it. Multihoming DCs are not recommended. Why ? here is an excerpt from this thread

     Technically speaking, multihomed domain controller is supported. However it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed.  

    Here I listed the following known issues of multihomed domain controller for your reference:

     

    -      Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged.

     

    Symptoms of multihomed browsers

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

     

    Troubleshooting browser Event ID 8021 and 8032 on master browsers

    http://support.microsoft.com/kb/135404

     

     

    -      Influence on the name resolve.

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063

     

    Delay in NetBIOS connections from a multi-homed computer

    http://support.microsoft.com/kb/166159


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    yeah, is the same post.
    But the server it is not a DC and the errors in the event viewer began the add new card ethernet.


    The server is a IIS aplication and the second card it used for external clients
    so the second card is not configured DNS

    Thanks for you help!!


    Tuesday, July 17, 2012 7:06 PM
  • Cross post !

    Windows 2008 R2 - DNS Problem

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/39f94ca0-f163-41e6-a157-be7b6afe8f04

    In your earlier thread, you have mentioned following

    The problem came when they added a new card in server.
    The nic princial "Team 01" is 2.0 Gbps
    Additionally there is another nic: "xxx" which is 100 Mbps

    When I add the new card, began to appear the error messages. The affected server is in production and the impact should be minimal, so I must be 100% which is the solution to make.

    It appears that, the server in question is a DC and you have multihomed it. Multihoming DCs are not recommended. Why ? here is an excerpt from this thread

     Technically speaking, multihomed domain controller is supported. However it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed.  

    Here I listed the following known issues of multihomed domain controller for your reference:

     

    -      Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged.

     

    Symptoms of multihomed browsers

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

     

    Troubleshooting browser Event ID 8021 and 8032 on master browsers

    http://support.microsoft.com/kb/135404

     

     

    -      Influence on the name resolve.

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063

     

    Delay in NetBIOS connections from a multi-homed computer

    http://support.microsoft.com/kb/166159


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    yeah, is the same post.
    But the server it is not a DC and the errors in the event viewer began the add new card ethernet.


    The server is a IIS aplication and the second card it used for external clients
    so the second card is not configured DNS

    Thanks for you help!!


    Oops ! I overlooked server host name CSD02 and misread that as DC02. Really sorry for the confusion !

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Tuesday, July 17, 2012 7:20 PM
  • What is the message you see when you run nslookup from cmd ?

    Is power saving enabled on the NIC's?

    Check for latest NIC driver as well.


    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Tuesday, July 17, 2012 8:25 PM
  • Can you also post ipconfig /all from DCs ?

    Don't be a prick ! Be reasonable and provide your feedback. Say something whether the suggestion was helpful or not, mark a reply as answer or click on to vote helpful if any suggestion really helps you, don't leave that choice to moderators, let the credit go to a contributor who has invested his precious time on your questions. Please be informed that, moderators are also humans and they also make mistakes ;-) Last but not the least, Unmark as answer if any post doesn't answer your question/s !!!

    Tuesday, July 17, 2012 8:56 PM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Tuesday, July 24, 2012 3:49 AM