DNS Lookup failure

[ANUP]

HI All,

We have windows 2000 server with service pack 4 environment, at
different locations. On all the servers we have configured a schedule
task for DC replication.

Currently we have observed that when ever the task run, in DC
replication log file we find error related to DNS. Following is the
error
Attempting replication of DC=XXX,DC=XXX,DC=com between YYYY and
DC1IEADDC001...
Mon Sep 14 2009 10:08:03 ERROR : ----- DsReplicaSync failed with
status 8524 (0x214c):
Mon Sep 14 2009 10:08:04 ERROR : ----- The DSA operation is unable
to proceed because of a DNS lookup failure.
Mon Sep 14 2009 10:08:04 WARNING : Retrying partition replication...

After copying the boot.dns file from backup, and restarting the DNS
service. The DNS server is up and running.we have successful
replication.

Let me know if you need more information

Can you please help me with this

[Ace Fekay [MCT]]

"ANUP" <[email protected]> wrote in message
news:6bf832b2-c166-460a-a3f6-8113318335a4@p36g2000vbn.googlegroups.com...
> HI All,
>
> We have windows 2000 server with service pack 4 environment, at
> different locations. On all the servers we have configured a schedule
> task for DC replication.
>
> Currently we have observed that when ever the task run, in DC
> replication log file we find error related to DNS. Following is the
> error
> Attempting replication of DC=XXX,DC=XXX,DC=com between YYYY and
> DC1IEADDC001...
> Mon Sep 14 2009 10:08:03 ERROR : ----- DsReplicaSync failed with
> status 8524 (0x214c):
> Mon Sep 14 2009 10:08:04 ERROR : ----- The DSA operation is unable
> to proceed because of a DNS lookup failure.
> Mon Sep 14 2009 10:08:04 WARNING : Retrying partition replication...
>
> After copying the boot.dns file from backup, and restarting the DNS
> service. The DNS server is up and running.we have successful
> replication.
>
> Let me know if you need more information
>
> Can you please help me with this


In the error, it should tell you which record it is trying to lookup and
failing on. Do you find that record in DNS?

Make sure all DCs only have the internal DNS specified in their IP
properties.

If any DCs are multihomed (more than one NIC and/or IP address) and/or RRAS
installed, it can cause this problem, too.

Curious, why have you set a manual scheduled task for replication? AD does
this funtion fine without any manual intervention, unless of course you may
have hundreds of DCs that you would like to manually control, but then we
would do that using Sites and Services where you would set the replication
schedule as well as the frequency of replication while the scheduled time is
active.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

[Anup]

On 15 Sep, 17:19, "Ace Fekay [MCT]" <[email protected]>
wrote:
> "ANUP" <[email protected]> wrote in message
>
> news:6bf832b2-c166-460a-a3f6-8113318335a4@p36g2000vbn.googlegroups.com...
>
>
>
>
>
> > HI All,
>
> > We have windows 2000 server with service pack 4 environment, at
> > different locations. On all the servers we have configured a schedule
> > task for DC replication.
>
> > Currently we have observed that when ever the task run, in DC
> > replication log file we find error related to DNS. Following is the
> > error
> > Attempting replication of DC=XXX,DC=XXX,DC=com between YYYY and
> > DC1IEADDC001...
> > Mon Sep 14 2009 10:08:03 ERROR : ----- DsReplicaSync failed with
> > status 8524 (0x214c):
> > Mon Sep 14 2009 10:08:04 ERROR : ----- The DSA operation is unable
> > to proceed because of a DNS lookup failure.
> > Mon Sep 14 2009 10:08:04 WARNING : Retrying partition replication....
>
> > After copying the boot.dns file from backup, and restarting the DNS
> > service. The DNS server is up and running.we have successful
> > replication.
>
> > Let me know if you need more information
>
> > Can you please help me with this
>
> In the error, it should tell you which record it is trying to lookup and
> failing on. Do you find that record in DNS?
>
> Make sure all DCs only have the internal DNS specified in their IP
> properties.
>
> If any DCs are multihomed (more than one NIC and/or IP address) and/or RRAS
> installed, it can cause this problem, too.
>
> Curious, why have you set a manual scheduled task for replication? AD does
> this funtion fine without any manual intervention, unless of course you may
> have hundreds of DCs that you would like to manually control, but then we
> would do that using Sites and Services where you would set the replication
> schedule as well as the frequency of replication while the scheduled timeis
> active.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit among
> responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please checkhttp://support.microsoft.comfor regional support phone numbers.- Hide quoted text -
>
> - Show quoted text -

Thanks Ace,

Yes u r right we have 150+ windows 2000 servers, all the servers have
2 lan card, one for Internal network and other for VPN. We have
created the schedule task as the DC replication happen over the VPN.

If you checked the DNS, then you would find 2 forwarders, but when DC
replication is in progress one can find 3 forwarded (i.e one with VPN
IP).

The DC replication log doesnt contain such information. But after
viewing the batch file. i found that it is trying to access the DNS
server located at HO. and not able to insert the forwarders in DNS.

Let me know if you need more information

[Ace Fekay [MCT]]

> On 15 Sep, 17:19, "Ace Fekay [MCT]" <[email protected]>
> wrote:
>> "ANUP" <[email protected]> wrote in message
>>
>> news:6bf832b2-c166-460a-a3f6-8113318335a4@p36g2000vbn.googlegroups.com...
>>
>>
>>
>>
>>
>>> HI All,
>>
>>> We have windows 2000 server with service pack 4 environment, at
>>> different locations. On all the servers we have configured a schedule
>>> task for DC replication.
>>
>>> Currently we have observed that when ever the task run, in DC
>>> replication log file we find error related to DNS. Following is the
>>> error
>>> Attempting replication of DC=XXX,DC=XXX,DC=com between YYYY and
>>> DC1IEADDC001...
>>> Mon Sep 14 2009 10:08:03 ERROR : ----- DsReplicaSync failed with
>>> status 8524 (0x214c):
>>> Mon Sep 14 2009 10:08:04 ERROR : ----- The DSA operation is unable
>>> to proceed because of a DNS lookup failure.
>>> Mon Sep 14 2009 10:08:04 WARNING : Retrying partition replication...
>>> After copying the boot.dns file from backup, and restarting the DNS
>>> service. The DNS server is up and running.we have successful
>>> replication.
>>
>>> Let me know if you need more information
>>> Can you please help me with this
>>
>> In the error, it should tell you which record it is trying to lookup and
>> failing on. Do you find that record in DNS?
>>
>> Make sure all DCs only have the internal DNS specified in their IP
>> properties.
>>
>> If any DCs are multihomed (more than one NIC and/or IP address) and/or RRAS
>> installed, it can cause this problem, too.
>>
>> Curious, why have you set a manual scheduled task for replication? AD does
>> this funtion fine without any manual intervention, unless of course you may
>> have hundreds of DCs that you would like to manually control, but then we
>> would do that using Sites and Services where you would set the replication
>> schedule as well as the frequency of replication while the scheduled time is
>> active.
>>
>> --
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum for collaboration benefit among
>> responding engineers, and to help others benefit from your resolution.
>>
>> Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
>> Microsoft Certified Trainer
>>
>> For urgent issues, please contact Microsoft PSS directly. Please
>> checkhttp://support.microsoft.comfor regional support phone numbers.- Hide
>> quoted text -
>>
>> - Show quoted text -
>
> Thanks Ace,
>
> Yes u r right we have 150+ windows 2000 servers, all the servers have
> 2 lan card, one for Internal network and other for VPN. We have
> created the schedule task as the DC replication happen over the VPN.
>
> If you checked the DNS, then you would find 2 forwarders, but when DC
> replication is in progress one can find 3 forwarded (i.e one with VPN
> IP).
>
> The DC replication log doesnt contain such information. But after
> viewing the batch file. i found that it is trying to access the DNS
> server located at HO. and not able to insert the forwarders in DNS.
>
> Let me know if you need more information

Hello Anup,

Actually "Forwarders" are set in DNS server properties, Forwarding tab,
not under the zone name.

Are you actually talking about a Host record in DNS under your domain
zone name?

You have 150+ domain controllers, all multihomed? That is interesting.
First I've heard of such a setup. I would actually suggest to allow
your firewall/router at each location to perform VPN and not on the
DCs, but that would be a huge task to change everything. Multihoming
can cause issue with the hostnames registered in DNS as well as with
SRV records, causing other problems, including what you're seeing.

Are the DCs trying to communicate with the HQ DC not able to do so? Is
it trying to access the DC for DNS lookups or to replicate with? If
just for DNS lookups, one easy way around that is to specify the DNS
address on all DCs to be itself as the first entry in its IP
properties.

Ace

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.