none
Require Support for DNS bad key issue logged on Windows Server DC RRS feed

  • Question

  • Events has the following ERROR entry as below.

    The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.atco.com. 600 IN SRV 0 100 389 AtcoServer.atco.com.' failed on the following DNS server:

    DNS server IP address: 192.210.10.122
    Returned Response Code (RCODE): 5
    Returned Status Code: 9017

    Ran the DCdiag command to test DNS and the results are shown below.

    C:\Users\Administrator>dcdiag /test:dns

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = AtcoServer
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\ATCOSERVER
          Starting test: Connectivity
             The host 6be51052-0bb4-48f7-84ef-024a21265b30._msdcs.atco.com could
             not be resolved to an IP address. Check the DNS server, DHCP, server
             name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your
             firewall settings.
             ......................... ATCOSERVER failed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\ATCOSERVER

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... ATCOSERVER passed test DNS

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : atco

       Running enterprise tests on : atco.com
          Starting test: DNS
             Test results for domain controllers:

                DC: AtcoServer.atco.com
                Domain: atco.com


                   TEST: Basic (Basc)
                      Error: No LDAP connectivity
                      Warning: adapter
                      [00000012] Broadcom NetXtreme Gigabit Ethernet has invalid
                      DNS server: 213.42.20.20 (<name unavailable>)
                      Warning: adapter
                      [00000012] Broadcom NetXtreme Gigabit Ethernet has invalid
                      DNS server: 214.42.20.20 (<name unavailable>)
                      Error: all DNS servers are invalid
                      No host records (A or AAAA) were found for this DC

                   TEST: Dynamic update (Dyn)
                      Warning: Failed to add the test record dcdiag-test-record in z
    one atco.com

                TEST: Records registration (RReg)
                   Error: Record registrations cannot be found for all the network
                   adapters

             Summary of test results for DNS servers used by the above domain
             controllers:

                DNS server: 213.42.20.20 (<name unavailable>)
                   2 test failure on this DNS server
                   Name resolution is not functional. _ldap._tcp.atco.com. failed on
     the DNS server 213.42.20.20

                DNS server: 214.42.20.20 (<name unavailable>)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
    S server 214.42.20.20               Name resolution is not functional. _ldap._tc
    p.atco.com. failed on the DNS server 214.42.20.20

             Summary of DNS test results:

                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: atco.com
                   AtcoServer                   PASS FAIL PASS PASS WARN FAIL n/a

             ......................... atco.com failed test DNS

    Tuesday, November 6, 2018 8:15 AM

All replies

  • Hi,

    You should configure the DNS address of DC as itself and don't add another DNS address.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 7, 2018 7:29 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Saturday, November 10, 2018 11:57 PM
    Moderator
  • Hi Travis,

    How do I configure the DNS adddress of DC as itself. Can you advice.

    Thanks

    Irfan

    Sunday, November 11, 2018 4:59 AM
  • Hi,

    Is there a AD-integrated DNS on DC?

    Just set DNS IP address as itself.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Sunday, November 11, 2018 6:49 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 21, 2018 8:57 AM
    Moderator