none
DC/DNS ISSUE: Got error while checking LDAP and RPC connectivity

    Question

  • Hi

     

    I have Windows Server 2008 R2 Enterprise Configured as DC server. I with three physical/virtual NIC's that each have a different IP/subnet.

     

    I get this error in event viewer and sometimes my clients cannot logon to the Domain (saying the domain cannot be contacted)

    The dcdiag and the nslookup results are below too,

     

    Sometime before I restarted the DC and it hung in the Apply Computer/User setting for hours making me to restore the system to a backup of 30 DAYS OLD to load

    ANY HELP would be GREATLY appreciated

    Regards

     

     

    Log Name:  System
    Source:  NETLOGON
    Date:   06/09/2011 08:11:29 ق.ظ
    Event ID:  5781
    Task Category: None
    Level:   Warning
    Keywords:  Classic
    User:   N/A
    Computer:  dcserver.Zarsima.local
    Description:
    Dynamic registration or deletion of one or more DNS records associated with DNS domain 'Zarsima.local.' failed. These records are used by other computers
     to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an
    application partition). Possible causes of failure include: - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers - Specified preferred and alternate DNS servers are not running - DNS server(s) primary for the records to be registered is not running - Preferred or alternate DNS servers are configured with wrong root hints - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration USER ACTION Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from
    the command prompt on the domain controller or by restarting Net Logon service on the domain controller. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="NETLOGON" /> <EventID Qualifiers="0">5781</EventID> <Level>3</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-06-09T04:41:29.000000000Z" /> <EventRecordID>41106</EventRecordID> <Channel>System</Channel> <Computer>dcserver.Zarsima.local</Computer> <Security /> </System> <EventData> <Data>Zarsima.local.</Data> <Binary>2A230000</Binary> </EventData> </Event>

     

     

     

     

    Directory Server Diagnosis
    
    Performing initial setup:
     Trying to find home server...
     Home Server = dcserver
     * Identified AD Forest.
     Done gathering initial info.
    
    Doing initial required tests
    
     Testing server: Default-First-Site-Name\DCSERVER
      Starting test: Connectivity
       The host b805c39f-ccd4-4cf5-a22e-5ba93ed2a948._msdcs.MYDOMAIN.local
       could not be resolved to an IP address. Check the DNS server, DHCP,
       server name, etc.
       Got error while checking LDAP and RPC connectivity. Please check your
       firewall settings.
       ......................... DCSERVER failed test Connectivity
    
    Doing primary tests
    
     Testing server: Default-First-Site-Name\DCSERVER
      Skipping all tests, because server DCSERVER is not responding to
      directory service requests.
    
    
     Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
       ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
       ......................... ForestDnsZones passed test
       CrossRefValidation
    
     Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
       ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
       ......................... DomainDnsZones passed test
       CrossRefValidation
    
     Running partition tests on : Schema
      Starting test: CheckSDRefDom
       ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
       ......................... Schema passed test CrossRefValidation
    
     Running partition tests on : Configuration
      Starting test: CheckSDRefDom
       ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
       ......................... Configuration passed test CrossRefValidation
    
     Running partition tests on : MYDOMAIN
      Starting test: CheckSDRefDom
       ......................... MYDOMAIN passed test CheckSDRefDom
      Starting test: CrossRefValidation
       ......................... MYDOMAIN passed test CrossRefValidation
    
     Running enterprise tests on : MYDOMAIN.local
      Starting test: LocatorCheck
       ......................... MYDOMAIN.local passed test LocatorCheck
      Starting test: Intersite
       ......................... MYDOMAIN.local passed test Intersite
    
    C:\Users\Administrator>nslookup dcserver
    Server: UnKnown
    Address: 10.2.0.10
    
    Name: dcserver.MYDOMAIN.local
    Address: 10.2.0.10

     


    • Edited by magj Thursday, June 09, 2011 5:15 AM Line wrap issue
    Thursday, June 09, 2011 4:17 AM

Answers

  • Hello,

    do not use a DC for routing networks, this result in multiple problems as you see. Use instead a router o switches that are able to provide VLANS to separate networks.

    Unchecking only will not remove all existing DNS entries, remove all not wanted DNS records of the NICs that are now set to not register.

    Why do you need this crappy configuration? Please elaborate the network in detail.

     


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, June 09, 2011 6:27 AM
  • It should resolve the issue because problem is more related to DNS & multihomed DC. You should also remove the previously registered records from DNS & allow it to replicate to other DC's. You can see the issue is listed with multiple Live NIC registers in DNS in MS article & its problem, its better to follow MS practices.

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Thursday, June 09, 2011 6:32 AM

All replies

  • Hi,

    Please post the output of ipconfig /all from the affected computers in question. Also it is not recommended to use a multihomed domain controller as it will cause numerous issues.

    Troubleshooting Netlogon Event 5774, 5775, and 5781
    http://support.microsoft.com/kb/259277

    Multihomed DCs with DNS, RRAS, and/or PPPoE adapters
    https://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    Brent
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, June 09, 2011 4:35 AM
  • Multihomed(Multiple NIC with Live IP) DC is not recommended from Microsoft as it creates issue with replication, DNS name resolution etc. The issue you are seeing is because of multihomed DC. DC should not be used for hosting or installing any other application due to security reasons. Either disable all the NIC on the dc except one used for DC or follow the Ace advice.

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a1583d7f-fa59-4497-89de-666d683e53a0/

    Ace Fekay got suggestions on multihomed DC

    https://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    Teaming with load balancing is also not recommended for DC.

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.


    Thursday, June 09, 2011 4:39 AM
  • Hi

     

    I have Unchecked all of the other NIC's "Register this connection's address in the DNS" Option , will it resolve the problem?

     

    Thanks

    Regards

     

    Here it is :

     

    C:\Users\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : dcserver
       Primary Dns Suffix  . . . . . . . : MYDOMAIN.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : MYDOMAIN.local

    Ethernet adapter Endian:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : D-Link DGE-530T Gigabit Ethernet Adapter
    (rev.B) #2
       Physical Address. . . . . . . . . : 00-26-5A-79-CE-BB
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5427:7b3e:39b2:4f27%27(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.7.11(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 536880730
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AC-80-F7-20-CF-30-48-E7-C6

       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter DC-Lan:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 20-CF-30-48-E7-C6
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.2.0.10(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . : 10.2.0.8
       DNS Servers . . . . . . . . . . . : 10.2.0.10
                                           10.2.0.8
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VMware Network Adapter VMnet1:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
    1
       Physical Address. . . . . . . . . : 00-50-56-C0-00-01
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::1538:973d:df3e:aedf%30(Preferred)
       Autoconfiguration IPv4 Address. . : 169.254.174.223(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 503337046
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AC-80-F7-20-CF-30-48-E7-C6

       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{CDFDF558-CA32-4BD7-860A-976B105F66BD}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{D9E7B961-A4AC-47FB-AFA3-9BB7BAAEEADF}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{B424E553-3F64-4D57-9938-A495951CB667}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Thursday, June 09, 2011 5:41 AM
  • Hello,

    do not use a DC for routing networks, this result in multiple problems as you see. Use instead a router o switches that are able to provide VLANS to separate networks.

    Unchecking only will not remove all existing DNS entries, remove all not wanted DNS records of the NICs that are now set to not register.

    Why do you need this crappy configuration? Please elaborate the network in detail.

     


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, June 09, 2011 6:27 AM
  • It should resolve the issue because problem is more related to DNS & multihomed DC. You should also remove the previously registered records from DNS & allow it to replicate to other DC's. You can see the issue is listed with multiple Live NIC registers in DNS in MS article & its problem, its better to follow MS practices.

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Thursday, June 09, 2011 6:32 AM
  • There is only one DC in the network and it's not used for routing purposes, other NIC's are for Virtual machines installed
    Sunday, June 19, 2011 11:30 AM
  • Hello,

    still the multi-homing result in problems with network access as you described.

    And uif you use not AD aware backups, snapshots/images/file copies you also run into trouble. Additional if the restored DC is then older then 30 days machines must reset the machine password to the domain as by default after 30 days this is changed automatically.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, June 19, 2011 12:00 PM