none
The DNS server 192.168.1.4 on Local Area Connection 2 did not successfully resolve the name _ldap._tcp.gc._msdcs.rahlamesaxen.com.

    Question

  • I have been working on this for over a week now and I have tried to do this alone without asking. But I've hit a speed bump. I've narrowed the Scan Role to 6 errors. This is for Windows Server 2008 R2 and I've searching hundreds of posts but none fixed my problem. When I run the can I get;

    The DNS server 192.168.x.x on Local Area Connection 2 did not successfully resolve the name _ldap._tcp.gc._msdcs.rahlamesaxen.com.
    The DNS server 192.168.x.x on Local Area Connection 2 did not successfully resolve the name of the address (A) record for this computer.
    The DNS server 192.168.x.x on Local Area Connection 2 did not successfully resolve the name _kerberos._tcp.rahlamesaxen.com.
    The DNS server 192.168.x.x on Local Area Connection 2 did not successfully resolve the name _ldap._tcp.rahlamesaxen.com.
    The DNS server 192.168.x.x on Local Area Connection 2 did not successfully resolve the name _ldap._tcp.pdc._msdcs.rahlamesaxen.com.

    The last error is that I do not have a loop back address but when I add the 127.0.0.1 or the 0.0.0.1, I get another 5 DNS errors as aforementioned


    My forest rahlamesaxen.com  and when I run a dcdiag /test:dns my results are

     

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator.RAHVDMC.004>dcdiag /test:dns

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = RAHvDmC
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\RAHVDMC
          Starting test: Connectivity
             The host 6adcb51d-f929-4b48-9ca7-712e335dd2f9._msdcs.rahlamesaxen.com
             could not be resolved to an IP address. Check the DNS server, DHCP,
             server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your
             firewall settings.
             ......................... RAHVDMC failed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\RAHVDMC

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... RAHVDMC passed test DNS

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : rahlamesaxen

       Running enterprise tests on : rahlamesaxen.com
          Starting test: DNS
             Test results for domain controllers:

                DC: RAHvDmC
                Domain: rahlamesaxen.com


                   TEST: Basic (Basc)
                      Error: No LDAP connectivity
                      Warning: adapter [00000012] Citrix PV Ethernet Adapter has
                      invalid DNS server: 192.168.1.4 (rahlamesaxen.com.)
                      Error: all DNS servers are invalid
                      No host records (A or AAAA) were found for this DC

                   TEST: Dynamic update (Dyn)
                      Warning: Failed to add the test record dcdiag-test-record in z
    one rahlamesaxen.com

                TEST: Records registration (RReg)
                   Error: Record registrations cannot be found for all the network
                   adapters

             Summary of test results for DNS servers used by the above domain
             controllers:

                DNS server: 192.168.1.4 (rahlamesaxen.com.)
                   1 test failure on this DNS server
                   Name resolution is not functional. _ldap._tcp.rahlamesaxen.com. f
    ailed on the DNS server 192.168.1.4

             Summary of DNS test results:

                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: rahlamesaxen.com
                   RAHvDmC                      PASS FAIL PASS PASS WARN FAIL n/a

             ......................... rahlamesaxen.com failed test DNS






    This is my ipconfig /all

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator.RAHVDMC.004>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : RAHvDmC
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Citrix PV Ethernet Adapter
       Physical Address. . . . . . . . . : 9A-A2-E2-6B-18-FE
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.254
       DNS Servers . . . . . . . . . . . : 192.168.1.4
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{A000758F-C236-4E0A-ACA3-03C02C2A1B38}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes



    So that's it. Can anyone help?
    Wednesday, June 01, 2011 12:25 PM

Answers

  • Hello,

    RAHvDmC is already domain member i assume and also is DC? Is that the only DC/DNS server in the domain?

    I am missing the Primary DNS suffix in the ipconfig, or did you remove it in the output? If not then please check the system properties, advanced system  settings, Computer Name tab, change button, more button and then DNS suffix and NetBios Computer Name.

    Do you have the _msdcs.rahlamesaxen.com and rahlamesaxen.com forward lookup zones listed in the DNS management console?

    Is the DHCP client service started and set to automatic, required for correct DNS registration?

     


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by FARTXaler Wednesday, June 01, 2011 3:52 PM
    Wednesday, June 01, 2011 12:37 PM
  • Based on the ipconfig seeing the following, and the ipconfig, (thanks for posting this info), I agree with Meinolf that the missing Primary DNS Suffix for rahlamesaxen.com is more than likely the culprit preventing it from registering in DNS.

    When registering, a machine (DC or non-DC) will look for the Primary DNS Suffix then send the registration request to be registered under that suffix to the DNS address listed in the NIC's properties. If the suffix is missing, using the wrong DNS, DHCP client service is stopped (and a few other reasons), registration will not occur.

    Follow his suggestion to set the name in System Properties, make sure the DHCP client service is set to auto, and restart the machine. Then post back your results, please.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by FARTXaler Wednesday, June 01, 2011 3:52 PM
    Wednesday, June 01, 2011 1:37 PM

All replies

  • Hello,

    RAHvDmC is already domain member i assume and also is DC? Is that the only DC/DNS server in the domain?

    I am missing the Primary DNS suffix in the ipconfig, or did you remove it in the output? If not then please check the system properties, advanced system  settings, Computer Name tab, change button, more button and then DNS suffix and NetBios Computer Name.

    Do you have the _msdcs.rahlamesaxen.com and rahlamesaxen.com forward lookup zones listed in the DNS management console?

    Is the DHCP client service started and set to automatic, required for correct DNS registration?

     


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by FARTXaler Wednesday, June 01, 2011 3:52 PM
    Wednesday, June 01, 2011 12:37 PM
  • Based on the ipconfig seeing the following, and the ipconfig, (thanks for posting this info), I agree with Meinolf that the missing Primary DNS Suffix for rahlamesaxen.com is more than likely the culprit preventing it from registering in DNS.

    When registering, a machine (DC or non-DC) will look for the Primary DNS Suffix then send the registration request to be registered under that suffix to the DNS address listed in the NIC's properties. If the suffix is missing, using the wrong DNS, DHCP client service is stopped (and a few other reasons), registration will not occur.

    Follow his suggestion to set the name in System Properties, make sure the DHCP client service is set to auto, and restart the machine. Then post back your results, please.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by FARTXaler Wednesday, June 01, 2011 3:52 PM
    Wednesday, June 01, 2011 1:37 PM
  • Yes to question 1
    I didn't set a Primary suffix, thank you both for pointing that out. Currently restarting.
    I do have them listed and set to my computer's IP address

    *EDIT* DHCP Client is set on Auto, and the tip about the dns suffix fixed 4 errors


    These are my last errors

    Title:
    DNS: The DNS server 192.168.1.4 on Local Area Connection 2 must resolve the name of this computer

    Severity:
    Error

    Date:
    6/1/2011 7:14:33 AM

    Category:
    Configuration

    Issue:
    The DNS server 192.168.1.4 on Local Area Connection 2 did not successfully resolve the name of the address (A) record for this computer.

    Impact:
    Other domain controllers might not be able to resolve this computer's name. The computer might not be able to connect to network resources.

    Resolution:
    Click Start, click Network, click Network and Sharing Center, and then click Change adapter settings to configure DNS servers that are able to resolve names for your enterprise.

    More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=130024





    Title:
    DNS: DNS servers on Local Area Connection 2 should include the loopback address, but not as the first entry.

    Severity:
    Error

    Date:
    6/1/2011 7:18:27 AM

    Category:
    Configuration

    Issue:
    The network adapter Local Area Connection 2 does not list the loopback IP address as a DNS server, or it is configured as the first entry.

    Impact:
    If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

    Resolution:
    Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.

    More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188760
    • Edited by FARTXaler Wednesday, June 01, 2011 2:19 PM Fixed question
    Wednesday, June 01, 2011 2:01 PM
  • Good to hear. Re-run the dcdiag with the /v /fix switches. Also, are there any event log errors after you've restarted it?

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, June 01, 2011 2:18 PM

  •       Starting test: SystemLog
             * The System Event log test
             A warning event occurred.  EventID: 0x8000001D
                Time Generated: 06/01/2011   06:59:15
                Event String:
                The Key Distribution Center (KDC) cannot find a suitable certificate
     to use for smart card logons, or the KDC certificate could not be verified. Sma
    rt card logon may not function correctly if this problem is not resolved. To cor
    rect this problem, either verify the existing KDC certificate using certutil.exe
     or enroll for a new KDC certificate.
             An error event occurred.  EventID: 0xC00038D6
                Time Generated: 06/01/2011   06:59:41
                Event String:
                The DFS Namespace service could not initialize cross forest trust in
    formation on this domain controller, but it will periodically retry the operatio
    n. The return code is in the record data.
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 06/01/2011   06:59:40
                Event String:
                Name resolution for the name _ldap._tcp.Default-First-Site-Name._sit
    es.dc._msdcs.rahlamesaxen.com timed out after none of the configured DNS servers
     responded.
             A warning event occurred.  EventID: 0x0000000C
                Time Generated: 06/01/2011   06:59:41
                Event String:
                Time Provider NtpClient: This machine is configured to use the domai
    n hierarchy to determine its time source, but it is the AD PDC emulator for the
    domain at the root of the forest, so there is no machine above it in the domain
    hierarchy to use as a time source. It is recommended that you either configure a
     reliable time service in the root domain, or manually configure the AD PDC to s
    ynchronize with an external time source. Otherwise, this machine will function a
    s the authoritative time source in the domain hierarchy. If an external time sou
    rce is not configured or used for this computer, you may choose to disable the N
    tpClient.
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 06/01/2011   07:00:07
                Event String:
                Name resolution for the name rahlamesaxen.com timed out after none o
    f the configured DNS servers responded.
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 06/01/2011   07:00:07
                Event String:
                Name resolution for the name rahlamesaxen.com timed out after none o
    f the configured DNS servers responded.
             A warning event occurred.  EventID: 0x000727AA
                Time Generated: 06/01/2011   07:01:52
                Event String:
                The WinRM service failed to create the following SPNs: WSMAN/RAHvDmC
    .home.rahlamesaxen.com; WSMAN/RAHvDmC.

                 Additional Data
                 The error received was 87: %%87.

                 User Action
                 The SPNs can be created by an administrator using setspn.exe utilit
    y.
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 06/01/2011   07:05:07
                Event String:
                Name resolution for the name _msdcs.rahlamesaxen.com timed out after
     none of the configured DNS servers responded.
             ......................... RAHVDMC failed test SystemLog
      

    Those are the only fails I recieved when running dcdiag /v /fix
    Wednesday, June 01, 2011 2:31 PM
  • Hmm, lots of little errors.

    Is there an antivirus or some sort of security app installed? If you disable it or uninstall it, do some of these errors disappear?

     

    Time errors:

    To understand the time service, read the following:

    Configuring the Windows Time Service for Windows Server
    https://msmvps.com/blogs/acefekay/archive/tags/Windows+time+hierarchy/default.aspx

    or simply follow the Mr FixIt in this link:

    How to configure an authoritative time server in Windows Server
    http://support.microsoft.com/kb/816042

     

    DNS resolution errors:

    Run nslookup. Type in the following to see if they resolve and post your results, please.

    • rahlamesaxen.com
    • RAHvDmC.rahlamesaxen.com
    • _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rahlamesaxen.com

     

    Any services stopped?

    Please run and post the results of a net start

     

    Event log errors

    Please post any event ID errors (EventID# and Source Names).

     

    Thanks,
    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, June 01, 2011 8:15 PM