DNS Nightmare - Can't create forward zone
in [Active Directory]
|
From: Bertram on 4 May 2006 08:03 Update: I've just tried reinstalling DNS, and I'm still having the same problem. When I try to create the zone, I am told the active directory partition doesn't exist. I have tried recreating this partition, but am told I do not have the requisite permissions. Argh!
From: Jorge Silva on 4 May 2006 09:05 Hi Which account are you using to create the Dns Part are you using the Administrator Account (Member Off Enterprise admins and member of Domain admins, etc..? Check: 1. Reboot the server and press F8. Choose Directory Services Restore Mode from the Menu. 2. Check the physical location of the Winnt\NTDS\ folder. 3. Check the permissions on the \Winnt\NTDS folder. The default permissions are (confirm this): Administrators - Full Control System - Full Control 4. Open a command prompt and run NTDSUTIL to verify the paths for the NTDS.dit file. These should match the physical structure from Step 2 To check the file paths type the following commands: NTDSUTIL <enter> Files <enter> Info <enter> The output should look similar to: Drive Information: C:\ NTFS (Fixed Drive) free (2.9 Gb) total (3.9 Gb) D:\ NTFS (Fixed Drive) free (3.6 Gb) total (3.9 Gb) DS Path Information: Database : C:\WINNT\NTDS\ntds.dit - 10.1 Mb Backup dir: C:\WINNT\NTDS\dsadata.bak Working dir: C:\WINNT\NTDS Log dir : C:\WINNT\NTDS - 30.0 Mb total res2.log - 10.0 Mb res1.log - 10.0 Mb edb.log - 10.0 Mb 5. Reboot the server to Normal Mode. -- I hop that helps Good Luck Jorge Silva MCSA Systems Administrator "Bertram" <BertramWilberforceWooster(a)gmail.com> wrote in message news:1146744215.218167.32290(a)v46g2000cwv.googlegroups.com... > Update: I've just tried reinstalling DNS, and I'm still having the same > problem. When I try to create the zone, I am told the active directory > partition doesn't exist. I have tried recreating this partition, but am > told I do not have the requisite permissions. > > Argh! >
From: Bertram on 4 May 2006 11:42 Hi Jorge, I have followed your instructions, and can confirm the following: c:\windows\ntds exists, and Administrator has Full Control over it and it's contents, as does System. Output from ntdsutil seems to match yours: Drive Information: C:\ NTFS (Fixed Drive ) free(242.3 Gb) total(271.3 Gb) DS Path Information: Database : C:\WINDOWS\NTDS\ntds.dit - 14.1 Mb Backup dir : C:\WINDOWS\NTDS\dsadata.bak Working dir: C:\WINDOWS\NTDS Log dir : C:\WINDOWS\NTDS - 50.0 Mb total res2.log - 10.0 Mb res1.log - 10.0 Mb edb00003.log - 10.0 Mb edb00002.log - 10.0 Mb edb.log - 10.0 Mb Server is now back to normal mode, but giving the same problem. Are there any further steps you can recommend, in addition to the impressive amount of help you've given me so far? Thanks, Berty
From: Jorge de Almeida Pinto [MVP] on 4 May 2006 12:16 what are event IDs with errors? do a DCDIAG /V /C /D -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ----------------------------------------------------------------------------- * This posting is provided "AS IS" with no warranties and confers no rights! * Always test before implementing! ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- "Bertram" <BertramWilberforceWooster(a)gmail.com> wrote in message news:1146757342.635491.180470(a)v46g2000cwv.googlegroups.com... > Hi Jorge, > > I have followed your instructions, and can confirm the following: > > c:\windows\ntds exists, and Administrator has Full Control over it and > it's contents, as does System. > > Output from ntdsutil seems to match yours: > > Drive Information: > > C:\ NTFS (Fixed Drive ) free(242.3 Gb) total(271.3 Gb) > > DS Path Information: > > Database : C:\WINDOWS\NTDS\ntds.dit - 14.1 Mb > Backup dir : C:\WINDOWS\NTDS\dsadata.bak > Working dir: C:\WINDOWS\NTDS > Log dir : C:\WINDOWS\NTDS - 50.0 Mb total > res2.log - 10.0 Mb > res1.log - 10.0 Mb > edb00003.log - 10.0 Mb > edb00002.log - 10.0 Mb > edb.log - 10.0 Mb > > Server is now back to normal mode, but giving the same problem. Are > there any further steps you can recommend, in addition to the > impressive amount of help you've given me so far? > > Thanks, > > Berty >
From: Bertram on 5 May 2006 04:34
OK, I'm not sure what's pertinent and what's not, so I thought I'd post the entire output for your perusal: =========================== Command Line: "dcdiag.exe /v /c /d" Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine ag-dbsvr, is a DC. * Connecting to directory service on server ag-dbsvr. ag-dbsvr.currentTime = 20060505081315.0Z ag-dbsvr.highestCommittedUSN = 301466 ag-dbsvr.isSynchronized = 1 ag-dbsvr.isGlobalCatalogReady = 1 * Collecting site info. * Identifying all servers. AG-DBSVR.currentTime = 20060505081315.0Z AG-DBSVR.highestCommittedUSN = 301466 AG-DBSVR.isSynchronized = 1 AG-DBSVR.isGlobalCatalogReady = 1 * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. ===============================================Printing out pDsInfo GLOBAL: ulNumServers=2 pszRootDomain=mydomain.net pszNC= pszRootDomainFQDN=DC=mydomain,DC=net pszConfigNc=CN=Configuration,DC=mydomain,DC=net pszPartitionsDn=CN=Partitions,CN=Configuration,DC=mydomain,DC=net iSiteOptions=0 dwTombstoneLifeTimeDays=60 dwForestBehaviorVersion=0 HomeServer=1, AG-DBSVR SERVER: pServer[0].pszName=TEMPSVR pServer[0].pszGuidDNSName=7ae70e6f-3be2-45c3-a013-04661ca67912._msdcs.mydomain.net pServer[0].pszDNSName=tempsvr.mydomain.net pServer[0].pszDn=CN=NTDS Settings,CN=TEMPSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net pServer[0].pszComputerAccountDn=(null) pServer[0].uuidObjectGuid=7ae70e6f-3be2-45c3-a013-04661ca67912 pServer[0].uuidInvocationId=7ae70e6f-3be2-45c3-a013-04661ca67912 pServer[0].iSite=0 (Default-First-Site-Name) pServer[0].iOptions=1 pServer[0].ftLocalAcquireTime=00000000 00000000 pServer[0].ftRemoteConnectTime=00000000 00000000 pServer[0].ppszMasterNCs: ppszMasterNCs[0]=CN=Schema,CN=Configuration,DC=mydomain,DC=net ppszMasterNCs[1]=CN=Configuration,DC=mydomain,DC=net ppszMasterNCs[2]=DC=mydomain,DC=net SERVER: pServer[1].pszName=AG-DBSVR pServer[1].pszGuidDNSName=1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net pServer[1].pszDNSName=ag-dbsvr.mydomain.net pServer[1].pszDn=CN=NTDS Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net pServer[1].pszComputerAccountDn=CN=AG-DBSVR,OU=Domain Controllers,DC=mydomain,DC=net pServer[1].uuidObjectGuid=1750286d-b0a6-4633-a9d0-63967c9a5fcb pServer[1].uuidInvocationId=45155c5d-16a3-4ddf-952c-325ec78e6707 pServer[1].iSite=0 (Default-First-Site-Name) pServer[1].iOptions=1 pServer[1].ftLocalAcquireTime=c29a5540 01c6701b pServer[1].ftRemoteConnectTime=c220df80 01c6701b pServer[1].ppszMasterNCs: ppszMasterNCs[0]=CN=Schema,CN=Configuration,DC=mydomain,DC=net ppszMasterNCs[1]=CN=Configuration,DC=mydomain,DC=net ppszMasterNCs[2]=DC=mydomain,DC=net SITES: pSites[0].pszName=Default-First-Site-Name pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net pSites[0].pszISTG=CN=NTDS Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net pSites[0].iSiteOption=0 pSites[0].cServers=2 NC: pNCs[0].pszName=Schema pNCs[0].pszDn=CN=Schema,CN=Configuration,DC=mydomain,DC=net pNCs[0].aCrInfo[0].dwFlags=0x00000201 pNCs[0].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=mydomain,DC=net pNCs[0].aCrInfo[0].pszDnsRoot=mydomain.net pNCs[0].aCrInfo[0].iSourceServer=1 pNCs[0].aCrInfo[0].pszSourceServer=(null) pNCs[0].aCrInfo[0].ulSystemFlags=0x00000001 pNCs[0].aCrInfo[0].bEnabled=TRUE pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[0].aCrInfo[0].pszNetBiosName=(null) pNCs[0].aCrInfo[0].cReplicas=-1 pNCs[0].aCrInfo[0].aszReplicas= NC: pNCs[1].pszName=Configuration pNCs[1].pszDn=CN=Configuration,DC=mydomain,DC=net pNCs[1].aCrInfo[0].dwFlags=0x00000201 pNCs[1].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=mydomain,DC=net pNCs[1].aCrInfo[0].pszDnsRoot=mydomain.net pNCs[1].aCrInfo[0].iSourceServer=1 pNCs[1].aCrInfo[0].pszSourceServer=(null) pNCs[1].aCrInfo[0].ulSystemFlags=0x00000001 pNCs[1].aCrInfo[0].bEnabled=TRUE pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[1].aCrInfo[0].pszNetBiosName=(null) pNCs[1].aCrInfo[0].cReplicas=-1 pNCs[1].aCrInfo[0].aszReplicas= NC: pNCs[2].pszName=mydomain pNCs[2].pszDn=DC=mydomain,DC=net pNCs[2].aCrInfo[0].dwFlags=0x00000201 pNCs[2].aCrInfo[0].pszDn=CN=IBUSINESS,CN=Partitions,CN=Configuration,DC=mydomain,DC=net pNCs[2].aCrInfo[0].pszDnsRoot=mydomain.net pNCs[2].aCrInfo[0].iSourceServer=1 pNCs[2].aCrInfo[0].pszSourceServer=(null) pNCs[2].aCrInfo[0].ulSystemFlags=0x00000003 pNCs[2].aCrInfo[0].bEnabled=TRUE pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[2].aCrInfo[0].pszNetBiosName=(null) pNCs[2].aCrInfo[0].cReplicas=-1 pNCs[2].aCrInfo[0].aszReplicas= 3 NC TARGETS: Schema, Configuration, mydomain, 1 TARGETS: AG-DBSVR, =============================================Done Printing pDsInfo Doing initial required tests Testing server: Default-First-Site-Name\AG-DBSVR Starting test: Connectivity * Active Directory LDAP Services Check The host 1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net) couldn't be resolved, the server name (ag-dbsvr.mydomain.net) resolved to the IP address (100.200.52.145) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... AG-DBSVR failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\AG-DBSVR Skipping all tests, because server AG-DBSVR is not responding to directory service requests DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mydomain Starting test: CrossRefValidation ......................... mydomain passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mydomain passed test CheckSDRefDom Running enterprise tests on : mydomain.net Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... mydomain.net passed test Intersite Starting test: FsmoCheck GC Name: \\ag-dbsvr.mydomain.net Locator Flags: 0xe00003fc Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. Time Server Name: \\ag-dbsvr.mydomain.net Locator Flags: 0xe00003fc Preferred Time Server Name: \\ag-dbsvr.mydomain.net Locator Flags: 0xe00003fc KDC Name: \\ag-dbsvr.mydomain.net Locator Flags: 0xe00003fc ......................... mydomain.net failed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: ag-dbsvr.mydomain.net Domain: mydomain.net TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Error: No LDAP connectivity Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 1.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000002] Compaq NC3123 Fast Ethernet NIC: MAC address is 00:02:A5:43:ED:53 IP address is static IP address: 100.200.52.145 DNS servers: Warning: 100.200.52.145 (<name unavailable>) [Invalid] Error: all DNS servers are invalid The A record for this DC was found The SOA record for the Active Directory zone was found Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration) Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders are not configured on this DNS server Root hint Information: Name: a.root-servers.net. IP: 198.41.0.4 [Invalid] Name: b.root-servers.net. IP: 192.228.79.201 [Invalid] Name: c.root-servers.net. IP: 192.33.4.12 [Invalid] Name: d.root-servers.net. IP: 128.8.10.90 [Invalid] Name: e.root-servers.net. IP: 192.203.230.10 [Invalid] Name: f.root-servers.net. IP: 192.5.5.241 [Invalid] Name: g.root-servers.net. IP: 192.112.36.4 [Valid] Name: h.root-servers.net. IP: 128.63.2.53 [Invalid] Name: i.root-servers.net. IP: 192.36.148.17 [Invalid] Name: j.root-servers.net. IP: 192.58.128.30 [Invalid] Name: k.root-servers.net. IP: 193.0.14.129 [Invalid] Name: l.root-servers.net. IP: 198.32.64.12 [Invalid] Name: m.root-servers.net. IP: 202.12.27.33 [Invalid] TEST: Records registration (RReg) Error: Record registrations cannot be found for all the network adapters Total query time:0 min. 2 sec.. Total RPC connection time:0 min. 0 sec. Total WMI connection time:0 min. 0 sec. Total Netuse connection time:0 min. 0 sec. Summary of test results for DNS servers used by the above domain controllers: DNS server: 128.63.2.53 (h.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 128.8.10.90 (d.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.203.230.10 (e.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.228.79.201 (b.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201 [Error details: 9002 (Type: Win32 - Description: DNS server failure.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.33.4.12 (c.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.36.148.17 (i.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.5.5.241 (f.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.58.128.30 (j.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30 [Error details: 9002 (Type: Win32 - Description: DNS server failure.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 193.0.14.129 (k.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 100.200.52.145 (<name unavailable>) 1 test failure on this DNS server This is a valid DNS server. Name resolution is not functional. _ldap._tcp.mydomain.net. failed on the DNS server 100.200.52.145 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 198.32.64.12 (l.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 198.41.0.4 (a.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 202.12.27.33 (m.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.112.36.4 (g.root-servers.net.) All tests passed on this DNS server This is a valid DNS server. Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: mydomain.net ag-dbsvr PASS FAIL PASS n/a PASS FAIL n/a Total Time taken to test all the DCs:0 min. 2 sec. ......................... mydomain.net failed test DNS ==================== Thanks, Berty |