Results 1 to 7 of 7

Thread: Always need to re-register DC DNS entry!

  1. #1
    itman Guest

    Always need to re-register DC DNS entry!

    For the past months I have found that our domain controllers "lose" their DNS
    registrations with each other regularly. It has not had a sever impact as
    clients have no issues communicating with DCs or DNS servers. Running a
    dcdiag will always result in full successes, however, a netdiag /q will
    result in the following (on most, if not all domain controllers in the
    enterprise):

    C:\>netdiag /q
    ..........................................

    Computer Name: DC1
    DNS Host Name: DC1.company.com
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
    KB911564
    KB921503
    KB924667-v2
    KB925398_WMP64
    KB925902
    KB926122
    KB927891
    KB929123
    KB930178
    KB931768
    KB931784
    KB932168
    KB933566
    KB933729
    KB933854
    KB935839
    KB935840
    KB935966
    KB936021
    KB936357
    KB936782
    KB937143
    KB938127
    KB939653
    KB941202
    KB941568
    KB941644
    KB941672
    KB942615
    KB943460
    KB943485
    Q147222



    Per interface results:

    Adapter : Local Area Connection

    Host Name. . . . . . . . . : DC1
    IP Address . . . . . . . . : 192.168.0.252
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.0.249
    Primary WINS Server. . . . : 192.168.0.252
    Secondary WINS Server. . . : 192.168.1.251
    Dns Servers. . . . . . . . : 192.168.0.252




    Global results:


    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on
    DNS server '192.168.0.252'
    .. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    IP Security test . . . . . . . . . : Skipped


    The command completed successfully


    The problem is resolved after issuing "netdiag /fix". Any ideas why this
    happens every couple of days? Is it related to DNS scavenging? Our domain
    controllers and DNS servers will have static entries in DNS so I can't see
    DNS scavenging affecting this.

    Any help appreciated.

  2. #2
    Meinolf Weber Guest

    Re: Always need to re-register DC DNS entry!

    Hello itman,

    If i see your ipconfig the secondary WINS is from a different subnet which
    you can not reach from your subnet. Why this configuration?

    Also you talk about DOMAIN CONTROLLERS, so is DC1 the only DNS server and
    how are the others located and setup?

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

    > For the past months I have found that our domain controllers "lose"
    > their DNS registrations with each other regularly. It has not had a
    > sever impact as clients have no issues communicating with DCs or DNS
    > servers. Running a dcdiag will always result in full successes,
    > however, a netdiag /q will result in the following (on most, if not
    > all domain controllers in the enterprise):
    >
    > C:\>netdiag /q
    > .........................................
    > Computer Name: DC1
    > DNS Host Name: DC1.company.com
    > System info : Windows 2000 Server (Build 3790)
    > Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    > List of installed hotfixes :
    > KB911564
    > KB921503
    > KB924667-v2
    > KB925398_WMP64
    > KB925902
    > KB926122
    > KB927891
    > KB929123
    > KB930178
    > KB931768
    > KB931784
    > KB932168
    > KB933566
    > KB933729
    > KB933854
    > KB935839
    > KB935840
    > KB935966
    > KB936021
    > KB936357
    > KB936782
    > KB937143
    > KB938127
    > KB939653
    > KB941202
    > KB941568
    > KB941644
    > KB941672
    > KB942615
    > KB943460
    > KB943485
    > Q147222
    > Per interface results:
    >
    > Adapter : Local Area Connection
    >
    > Host Name. . . . . . . . . : DC1
    > IP Address . . . . . . . . : 192.168.0.252
    > Subnet Mask. . . . . . . . : 255.255.255.0
    > Default Gateway. . . . . . : 192.168.0.249
    > Primary WINS Server. . . . : 192.168.0.252
    > Secondary WINS Server. . . : 192.168.1.251
    > Dns Servers. . . . . . . . : 192.168.0.252
    > Global results:
    >
    > DNS test . . . . . . . . . . . . . : Failed
    > [WARNING] The DNS entries for this DC are not registered correctly
    > on
    > DNS server '192.168.0.252'
    > . Please wait for 30 minutes for DNS server replication.
    > [FATAL] No DNS servers have the DNS records for this DC
    > registered.
    > IP Security test . . . . . . . . . : Skipped
    >
    > The command completed successfully
    >
    > The problem is resolved after issuing "netdiag /fix". Any ideas why
    > this happens every couple of days? Is it related to DNS scavenging?
    > Our domain controllers and DNS servers will have static entries in DNS
    > so I can't see DNS scavenging affecting this.
    >
    > Any help appreciated.
    >




  3. #3
    itman Guest

    Re: Always need to re-register DC DNS entry!

    This is my scenario:

    ..4 x offices in different cities.
    ..each office has its own subnet which is an AD site.
    ..each office has one domain controller which also functions as a WINS and
    DNS server.
    ..the server in the "head office" is set up as the secondary DNS and WINS
    server for every client and server.
    ..the domain controller in the "head office" has a secondary DNS and WINS
    server as a server in another site.

    Also, 9/10 client computers are mobile computers and will log in to any site
    on any day. Therefore, the DHCP leases are short (less than 24 hours) and DNS
    scavenging is set to run every day to ensure that DNS records are accurate.

    If you think any part of this setup is a problem, please advise. All help,
    comments and suggestions are appreciated.



    -------------------------

    "Meinolf Weber" wrote:

    > Hello itman,
    >
    > If i see your ipconfig the secondary WINS is from a different subnet which
    > you can not reach from your subnet. Why this configuration?
    >
    > Also you talk about DOMAIN CONTROLLERS, so is DC1 the only DNS server and
    > how are the others located and setup?
    >
    > Best regards
    >
    > Meinolf Weber
    > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    > no rights.
    > ** Please do NOT email, only reply to Newsgroups
    > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    > > For the past months I have found that our domain controllers "lose"
    > > their DNS registrations with each other regularly. It has not had a
    > > sever impact as clients have no issues communicating with DCs or DNS
    > > servers. Running a dcdiag will always result in full successes,
    > > however, a netdiag /q will result in the following (on most, if not
    > > all domain controllers in the enterprise):
    > >
    > > C:\>netdiag /q
    > > .........................................
    > > Computer Name: DC1
    > > DNS Host Name: DC1.company.com
    > > System info : Windows 2000 Server (Build 3790)
    > > Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    > > List of installed hotfixes :
    > > KB911564
    > > KB921503
    > > KB924667-v2
    > > KB925398_WMP64
    > > KB925902
    > > KB926122
    > > KB927891
    > > KB929123
    > > KB930178
    > > KB931768
    > > KB931784
    > > KB932168
    > > KB933566
    > > KB933729
    > > KB933854
    > > KB935839
    > > KB935840
    > > KB935966
    > > KB936021
    > > KB936357
    > > KB936782
    > > KB937143
    > > KB938127
    > > KB939653
    > > KB941202
    > > KB941568
    > > KB941644
    > > KB941672
    > > KB942615
    > > KB943460
    > > KB943485
    > > Q147222
    > > Per interface results:
    > >
    > > Adapter : Local Area Connection
    > >
    > > Host Name. . . . . . . . . : DC1
    > > IP Address . . . . . . . . : 192.168.0.252
    > > Subnet Mask. . . . . . . . : 255.255.255.0
    > > Default Gateway. . . . . . : 192.168.0.249
    > > Primary WINS Server. . . . : 192.168.0.252
    > > Secondary WINS Server. . . : 192.168.1.251
    > > Dns Servers. . . . . . . . : 192.168.0.252
    > > Global results:
    > >
    > > DNS test . . . . . . . . . . . . . : Failed
    > > [WARNING] The DNS entries for this DC are not registered correctly
    > > on
    > > DNS server '192.168.0.252'
    > > . Please wait for 30 minutes for DNS server replication.
    > > [FATAL] No DNS servers have the DNS records for this DC
    > > registered.
    > > IP Security test . . . . . . . . . : Skipped
    > >
    > > The command completed successfully
    > >
    > > The problem is resolved after issuing "netdiag /fix". Any ideas why
    > > this happens every couple of days? Is it related to DNS scavenging?
    > > Our domain controllers and DNS servers will have static entries in DNS
    > > so I can't see DNS scavenging affecting this.
    > >
    > > Any help appreciated.
    > >

    >
    >
    >


  4. #4
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Always need to re-register DC DNS entry!

    Read inline please.

    In news:[email protected],
    itman <[email protected]> typed:
    > This is my scenario:
    >
    > .4 x offices in different cities.
    > .each office has its own subnet which is an AD site.
    > .each office has one domain controller which also functions as a WINS
    > and
    > DNS server.
    > .the server in the "head office" is set up as the secondary DNS and
    > WINS server for every client and server.
    > .the domain controller in the "head office" has a secondary DNS and
    > WINS server as a server in another site.
    >
    > Also, 9/10 client computers are mobile computers and will log in to
    > any site on any day. Therefore, the DHCP leases are short (less than
    > 24 hours) and DNS scavenging is set to run every day to ensure that
    > DNS records are accurate.
    >
    > If you think any part of this setup is a problem, please advise. All
    > help, comments and suggestions are appreciated.



    IF the DC at the main site is a WINS server itself, do not use a Secondary
    WINS address. WINS servers have different rules from DNS servers, WINS
    servers must point only to themselves for WINS, this prevents another WINS
    server from taking ownership of its records.
    DNS servers can point to themselves, and another DNS server that holds its
    zone. this is especially true for ADI zones, it makes sure each DC has its
    records registered in all DNS servers. In Win2k DCs, this prevents a DNS
    server from becoming an island, where it may cause DNS replication to break
    and its records are only registered in itself.

    Your issue, seems to be that one or more DNS servers have scavenging enabled
    at to short of a time period on the zone.




    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



  5. #5
    itman Guest

    Re: Always need to re-register DC DNS entry!

    Thank you for your comments. Could you elaborate further on "too short of a
    time" with reference to DNS scavenging? Is there a minimum time to set for
    scavenging before it goes "wrong"? It is important for us to get this right.
    Since implementing scavenging (on one DNS server) we have had a much better
    success rate at managing client machines as the DNS/IP records are kept
    up-to-date. Without scavenging and with client computers moving from one site
    to another (one subnet to another) within the same day makes client computer
    administration very difficult. I still cannot see how or why scavenging
    should affect domain controllers in this way. All DCs have static DNS entries
    and should not be affected by scavenging, right?


    "Kevin D. Goodknecht Sr. [MVP]" wrote:

    > Read inline please.
    >
    > In news:[email protected],
    > itman <[email protected]> typed:
    > > This is my scenario:
    > >
    > > .4 x offices in different cities.
    > > .each office has its own subnet which is an AD site.
    > > .each office has one domain controller which also functions as a WINS
    > > and
    > > DNS server.
    > > .the server in the "head office" is set up as the secondary DNS and
    > > WINS server for every client and server.
    > > .the domain controller in the "head office" has a secondary DNS and
    > > WINS server as a server in another site.
    > >
    > > Also, 9/10 client computers are mobile computers and will log in to
    > > any site on any day. Therefore, the DHCP leases are short (less than
    > > 24 hours) and DNS scavenging is set to run every day to ensure that
    > > DNS records are accurate.
    > >
    > > If you think any part of this setup is a problem, please advise. All
    > > help, comments and suggestions are appreciated.

    >
    >
    > IF the DC at the main site is a WINS server itself, do not use a Secondary
    > WINS address. WINS servers have different rules from DNS servers, WINS
    > servers must point only to themselves for WINS, this prevents another WINS
    > server from taking ownership of its records.
    > DNS servers can point to themselves, and another DNS server that holds its
    > zone. this is especially true for ADI zones, it makes sure each DC has its
    > records registered in all DNS servers. In Win2k DCs, this prevents a DNS
    > server from becoming an island, where it may cause DNS replication to break
    > and its records are only registered in itself.
    >
    > Your issue, seems to be that one or more DNS servers have scavenging enabled
    > at to short of a time period on the zone.
    >
    >
    >
    >
    > --
    > Best regards,
    > Kevin D. Goodknecht Sr. [MVP]
    > Hope This Helps
    >
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > http://support.wftx.us/
    > http://message.wftx.us/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
    >


  6. #6
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Always need to re-register DC DNS entry!

    Read inline please.

    In news:[email protected],
    itman <[email protected]> typed:
    > Thank you for your comments. Could you elaborate further on "too
    > short of a time" with reference to DNS scavenging?


    Scavenging time must be longer than registration refresh interval.

    The registry value below can be found in this KB:
    How to configure DNS dynamic updates in Windows Server 2003
    http://support.microsoft.com/kb/816592/en-us

    By default, Windows XP and Windows Server 2003 reregister their A and PTR
    resource records every 24 hours regardless of the computer's role. To change
    this time, add the DefaultRegistrationRefreshInterval registry entry under
    the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

    All netlogon records are registered every hour.

    > Is there a minimum
    > time to set for scavenging before it goes "wrong"?


    You would not want to set scavenging to less than the DHCP lease time, or
    the DNS registration time.

    > It is important
    > for us to get this right. Since implementing scavenging (on one DNS
    > server) we have had a much better success rate at managing client
    > machines as the DNS/IP records are kept up-to-date. Without
    > scavenging and with client computers moving from one site to another
    > (one subnet to another) within the same day makes client computer
    > administration very difficult. I still cannot see how or why
    > scavenging should affect domain controllers in this way. All DCs have
    > static DNS entries and should not be affected by scavenging, right?


    The IP addresses should be static, but the DHCP client service is
    responsible for all TCPIP DNS registrations, so that service must be running
    at all times, even on clients with static addresses. If you manually create
    the records, make sure you did not set the record to be deleted when it
    becomes stale. Also, on DNS servers, the IP address record with the server's
    name is set by the listener address on the interfaces tab in the DNS
    management console.



    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



  7. #7
    itman Guest

    Re: Always need to re-register DC DNS entry!

    Thanks for this. I had not realised that static IP clients and servers
    registered their resource records every 24 hours. The DHCP leases and
    scavenging settings were amended to allow for at least 24 hours to pass to
    ensure that resource record registration was not disturbed. The issue seems
    to have stopped occurring which suggests that the issue WAS with DNS
    scavenging settings!


    "Kevin D. Goodknecht Sr. [MVP]" wrote:

    > Read inline please.
    >
    > In news:[email protected],
    > itman <[email protected]> typed:
    > > Thank you for your comments. Could you elaborate further on "too
    > > short of a time" with reference to DNS scavenging?

    >
    > Scavenging time must be longer than registration refresh interval.
    >
    > The registry value below can be found in this KB:
    > How to configure DNS dynamic updates in Windows Server 2003
    > http://support.microsoft.com/kb/816592/en-us
    >
    > By default, Windows XP and Windows Server 2003 reregister their A and PTR
    > resource records every 24 hours regardless of the computer's role. To change
    > this time, add the DefaultRegistrationRefreshInterval registry entry under
    > the following registry subkey:
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
    >
    > All netlogon records are registered every hour.
    >
    > > Is there a minimum
    > > time to set for scavenging before it goes "wrong"?

    >
    > You would not want to set scavenging to less than the DHCP lease time, or
    > the DNS registration time.
    >
    > > It is important
    > > for us to get this right. Since implementing scavenging (on one DNS
    > > server) we have had a much better success rate at managing client
    > > machines as the DNS/IP records are kept up-to-date. Without
    > > scavenging and with client computers moving from one site to another
    > > (one subnet to another) within the same day makes client computer
    > > administration very difficult. I still cannot see how or why
    > > scavenging should affect domain controllers in this way. All DCs have
    > > static DNS entries and should not be affected by scavenging, right?

    >
    > The IP addresses should be static, but the DHCP client service is
    > responsible for all TCPIP DNS registrations, so that service must be running
    > at all times, even on clients with static addresses. If you manually create
    > the records, make sure you did not set the record to be deleted when it
    > becomes stale. Also, on DNS servers, the IP address record with the server's
    > name is set by the listener address on the interfaces tab in the DNS
    > management console.
    >
    >
    >
    > --
    > Best regards,
    > Kevin D. Goodknecht Sr. [MVP]
    > Hope This Helps
    >
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > http://support.wftx.us/
    > http://message.wftx.us/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
    >


Similar Threads

  1. How to register Macbook
    By Vrushabh in forum Portable Devices
    Replies: 3
    Last Post: 24-07-2010, 01:21 PM
  2. How to register ASP.Net with iis
    By Zombi in forum Software Development
    Replies: 3
    Last Post: 08-08-2009, 11:42 AM
  3. How to register a component in vb?
    By REEMAD in forum Software Development
    Replies: 3
    Last Post: 28-02-2009, 09:01 PM
  4. How to register AVG Free 8.0?
    By Wil|loW in forum AntiVirus Software
    Replies: 1
    Last Post: 05-05-2008, 05:55 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,751,729,495.31836 seconds with 16 queries