locked
W2003 - DNS - Fail to create a reverse zone RRS feed

  • Pergunta

  • Hi all,

    I´m trying to create a reverse zone and get the following error:

    The zone cannot be created.

    There was a server failure.

     

    How to debug/fix it?

    * I have 3 DC´s on the same site and all show the same error message!

    * support tools (netfiag) works fine without error...

    segunda-feira, 8 de novembro de 2010 22:11

Respostas

  • Renato

     

    check out this link as I has a solution to the replication problem which gave EVENT ID 1232

    http://support.microsoft.com/kb/830746

    As for the AutoEnrollment error you can disable autoenrollment unless you have a Public Key Infrastructure installed in your domain unless you are using certificates in your domain

    As for DNS, have you changed any network cards?   

    you can restart the DNS service, make sure te IP addresses listed are correct and that you have the correct record types,,,,, are those IP shown represent DNS servers??

    I don't think the processor architecture(x86 and x64) will have an influence at this point.

     

    check this information out and tell me what you can come up with.

    Best Regards, Nassim

     

    • Marcado como Resposta Richard Juhasz sexta-feira, 12 de novembro de 2010 18:02
    quarta-feira, 10 de novembro de 2010 21:25

Todas as Respostas

  • Hello,

     Is your domain funcional level 2003?

     


    MVP - Daniel Santos Blog: www.engdanielsantos.wordpress.com Twitter: @danielsantos_ti
    segunda-feira, 8 de novembro de 2010 22:57
  • Renato

    Although this is a Potuguese only forum I'll try to give you a hand, the mods will move this thread later if they wish.

    Have you already created the forward lookup zones?

    Is/Are your zones integrated into Active Directory?

    Do you have any records automatically created in DNS?

    have you checked in eventviewer ? Take a look there and post again the error ID number plus the description for the error.

     

    With that information in hand we can start pinpointing the cause of the error.

    Awaiting your reponse, Nassim

    terça-feira, 9 de novembro de 2010 03:06
  • Current Domain Functional Level: Windows Server 2003
    quarta-feira, 10 de novembro de 2010 02:53
  • I never create forward lookup zone, these server has only one (domainxyz.local) wich is integrated into AD.

    Network pcs can register itself in DNS without problems

    EventViewer\DNS = nothing else than EventID 2 and EventId3 - wich means stop/start service

     

    Curious thing in EventViewer\Directory Service
    ##############################

    Event Type: Warning
    Event Source: NTDS Replication
    Event Category: DS RPC Client
    Event ID: 1232
    Date:  8/11/2010
    Time:  04:47:08
    User:  NT AUTHORITY\ANONYMOUS LOGON
    Computer: MAILSERVER
    Description:
    Active Directory attempted to perform a remote procedure call (RPC) to the following server.  The call timed out and was cancelled.
     
    Server:
    b1c68ba9-036b-4868-a99e-45080da0c17a._msdcs.acocach.local
    Call Timeout (Mins):
    5
    Thread ID:
    2f8
     
    Additional Data
    Internal ID:
    0

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

     

    >>> Does anyone idea???

    quarta-feira, 10 de novembro de 2010 03:00
  • I created the REGKEY cited in this article for increase RPC timeout
    http://support.microsoft.com/kb/830746/en-us
    quarta-feira, 10 de novembro de 2010 03:07
  • I found on the other 2 DC´s the eventId 13 regarding AutoEnrollment, I did (right now) changes on AD groups membership as the article:
    http://nitman.com/2009/12/08/autoenrollment-event-id-13-automatic-certificate-enrollment-for-local-system-failed-to-enroll-for-one-domain-controller-certificate-0x80070005-access-is-denied/
    quarta-feira, 10 de novembro de 2010 03:32
  • After running 'netdiag.exe /v > c:\netdiag.log', it shows the following:

    #############################################

     

     

    DNS test . . . . . . . . . . . . . : Failed
          Interface {F1B70EFD-B023-4207-A58F-DC9BF2361D06}
            DNS Domain:
            DNS Servers: 192.168.0.12 192.168.0.2 192.168.0.13
            IP Address:         Expected registration with PDN (primary DNS domain name):
              Hostname: mailserver.acocach.local.
              Authoritative zone: acocach.local.
              Primary DNS server: mailserver.acocach.local 192.168.0.12
              Authoritative NS:192.168.100.8 192.168.0.13 192.168.2.1 192.168.0.2 192.168.0.2 192.168.6.1 192.168.1.2 192.168.0.12
    Check the DNS registration for DCs entries on DNS server '192.168.0.12'
        [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
    Check the DNS registration for DCs entries on DNS server '192.168.0.2'
        [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
    Check the DNS registration for DCs entries on DNS server '192.168.0.13'
        [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
        [FATAL] No DNS servers have the DNS records for this DC registered.

     

     

    >>>> The file exists in the specified path and the DNS is AD integrated.

    >>>> I already check C:\WINDOWS\SYSTEM32\CONFIG folder permissions, comparing with another DC (another custommer).

    >>>> That DC wich hols all FSMO´s is W2k3-64x, running Support Tools (32x), there is a problem??? I´m not sure (http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/2f942a86-4372-4805-a4ec-46ae5bbafb00/)

    • Editado Renato Jr quarta-feira, 10 de novembro de 2010 05:28 complete information tests
    quarta-feira, 10 de novembro de 2010 05:16
  • Yeah, now I think that the problem is related with 32x Vs 64x tools...
    http://www.servernewsgroups.net/activedirectory/t3639-netdiag-errors-win2003-x64.aspx

     

    * I will try to install Support Tools from CD and repeat tests!

    quarta-feira, 10 de novembro de 2010 05:33
  • Renato

     

    check out this link as I has a solution to the replication problem which gave EVENT ID 1232

    http://support.microsoft.com/kb/830746

    As for the AutoEnrollment error you can disable autoenrollment unless you have a Public Key Infrastructure installed in your domain unless you are using certificates in your domain

    As for DNS, have you changed any network cards?   

    you can restart the DNS service, make sure te IP addresses listed are correct and that you have the correct record types,,,,, are those IP shown represent DNS servers??

    I don't think the processor architecture(x86 and x64) will have an influence at this point.

     

    check this information out and tell me what you can come up with.

    Best Regards, Nassim

     

    • Marcado como Resposta Richard Juhasz sexta-feira, 12 de novembro de 2010 18:02
    quarta-feira, 10 de novembro de 2010 21:25