DNS Nightmare - Can't create forward zone
in [Active Directory]
|
From: BertramWilberforceWooster on 2 May 2006 07:22 Hi, I am having trouble with Active Directory and DNS on a new Windows 2003 box. The default entries (_ldap etc.) which are usually created by netlogon are not there, nor can I manage to create them. I have tried creating the forward zone from scratch, however I am not able to. When I try to create a new forward zone, I get the message: "The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application directory partition does not exist. Only Enterprise Administrators have the appropriate permissions to create an application directory partition." As I'm logged on as Administrator, which is in the Enterprise Admins group, this is somewhat worrying! The message goes on to advise me to try using "Replicate to All Domain Controllers in the Active Directory Domain" option. When I do this I get: "The zone can not be created - The data is invalid" netdiag /fix gives the following output: <snip> DNS test . . . . . . . . . . . . . : Failed [WARNING] Cannot find a primary authoritative DNS server for the name 'dbsvr.domain.net.'. [ERROR_TIMEOUT] The name 'dbsvr.domain.net.' may not be registered in DNS. [WARNING] Cannot find a primary authoritative DNS server for the name 'dbsvr.domain.net.'. [ERROR_TIMEOUT] The name 'dbsvr.domain.net.' may not be registered in DNS. [FATAL] Failed to fix: DC DNS entry domain.net. re-registeration on DNS server '100.200.52.145' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain.net. re-registeration on DNS server '100.200.52.145' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.domain.net. re-registeration on DNS server '100.200.52.145' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ec198d88-e0cb-4344-8703-b17839ed5ebd.domains._msdcs.domain.net. re-registeration on DNS server '100.200.52.145' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry 1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.domain.net. re-registeration on DNS server '100.200.52.145' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.domain.net. re-registeration on DNS server '100.200.52.145' failed. <snip> Does anyone know what steps I can take to get me back on my feet with regards to DNS? Just let me know if you want the output from any more commands. As I'm sure you can imagine, this lack of DNS is causing me all sorts of problems with AD, so any advice you can give will be immensely appreciated! Thanks, Berty (I'm afraid I've also posted this in .sbs, as I wasn't sure which was the best location)
From: strongline on 2 May 2006 10:35 try to create non-ad-integrated zones to see if that makes your DNS work first. then you can work on other issues.
From: Jorge Silva on 2 May 2006 13:47 Hi Follow this steps: - Point the DNS properties of Dc to the root Dc. - Type on cmd prompt dnscmd /clearcache press enter ipconfig /flushdns press enter - Go to c:\windows\system32\config and delete the netlogon.dns and the netlogon.dnb files. - Create the Dns Zone (At this point no error is shown) - Point the DNS properties of Dc to itself (Make sure that the server is cable of resolving the root domain through Forward zones or stub Zones or Secondary zones) - Type on cmd prompt ipconfig /registerdns - Type - net stop netlogon & net start netlogon (confirm the creation of the netlogon.dns and the netlogon.dnb files on c:\windows\system32\config ) - Type - Netdiag /fix - Test replication. It should be fine now. -- I hop that helps Good Luck Jorge Silva MCSA Systems Administrator <BertramWilberforceWooster(a)gmail.com> wrote in message news:1146568942.501480.255050(a)i39g2000cwa.googlegroups.com... > Hi, > > I am having trouble with Active Directory and DNS on a new Windows 2003 > box. The default entries (_ldap etc.) which are usually created by > netlogon are not there, nor can I manage to create them. I have tried > creating the forward zone from scratch, however I am not able to. > > When I try to create a new forward zone, I get the message: > > "The zone cannot be replicated to all DNS servers in the (null) Active > Directory domain because the required application directory partition > does not exist. Only Enterprise Administrators have the appropriate > permissions to create an application directory partition." > > As I'm logged on as Administrator, which is in the Enterprise Admins > group, this is somewhat worrying! > > The message goes on to advise me to try using "Replicate to All Domain > Controllers in the Active Directory Domain" option. When I do this I > get: > > "The zone can not be created - The data is invalid" > > > netdiag /fix gives the following output: > > <snip> > > DNS test . . . . . . . . . . . . . : Failed > [WARNING] Cannot find a primary authoritative DNS server for > the name > 'dbsvr.domain.net.'. [ERROR_TIMEOUT] > The name 'dbsvr.domain.net.' may not be registered in DNS. > [WARNING] Cannot find a primary authoritative DNS server for > the name > 'dbsvr.domain.net.'. [ERROR_TIMEOUT] > The name 'dbsvr.domain.net.' may not be registered in DNS. > [FATAL] Failed to fix: DC DNS entry domain.net. re-registeration on > DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain.net. > re-registeration on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.Default-First-Site-Name._sites.domain.net. re-registeration > on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.ec198d88-e0cb-4344-8703-b17839ed5ebd.domains._msdcs.domain.net. > re-registeration on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > 1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.domain.net. > re-registeration on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _kerberos._tcp.dc._msdcs.domain.net. re-registeration on DNS server > '100.200.52.145' failed. > > <snip> > > Does anyone know what steps I can take to get me back on my feet with > regards to DNS? Just let me know if you want the output from any more > commands. > > As I'm sure you can imagine, this lack of DNS is causing me all sorts > of problems with AD, so any advice you can give will be immensely > appreciated! > > Thanks, > > Berty > > (I'm afraid I've also posted this in .sbs, as I wasn't sure which was > the best location) >
From: Jorge de Almeida Pinto [MVP] on 2 May 2006 14:34 Do the default DNS application partitions exist on the DC/DNS server or at all? under the ZONE domain.net you should see a subdomain called "DomainDNSZones" and "ForestDNSZones". Yes or no? I no.. then --> http://www.windowsitpro.com/Article/ArticleID/47199/47199.html if the DNS app. partition does not exist on that particular DC/DNS server but it does on others, check if replication is working. if it does not exist (for some reason) on all DC/DNS servers then recreate it. http://technet2.microsoft.com/WindowsServer/en/Library/c2d2fcbd-c859-493e-a4fc-aef57a880db11033.mspx -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ----------------------------------------------------------------------------- * This posting is provided "AS IS" with no warranties and confers no rights! * Always test before implementing! ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- <BertramWilberforceWooster(a)gmail.com> wrote in message news:1146568942.501480.255050(a)i39g2000cwa.googlegroups.com... > Hi, > > I am having trouble with Active Directory and DNS on a new Windows 2003 > box. The default entries (_ldap etc.) which are usually created by > netlogon are not there, nor can I manage to create them. I have tried > creating the forward zone from scratch, however I am not able to. > > When I try to create a new forward zone, I get the message: > > "The zone cannot be replicated to all DNS servers in the (null) Active > Directory domain because the required application directory partition > does not exist. Only Enterprise Administrators have the appropriate > permissions to create an application directory partition." > > As I'm logged on as Administrator, which is in the Enterprise Admins > group, this is somewhat worrying! > > The message goes on to advise me to try using "Replicate to All Domain > Controllers in the Active Directory Domain" option. When I do this I > get: > > "The zone can not be created - The data is invalid" > > > netdiag /fix gives the following output: > > <snip> > > DNS test . . . . . . . . . . . . . : Failed > [WARNING] Cannot find a primary authoritative DNS server for > the name > 'dbsvr.domain.net.'. [ERROR_TIMEOUT] > The name 'dbsvr.domain.net.' may not be registered in DNS. > [WARNING] Cannot find a primary authoritative DNS server for > the name > 'dbsvr.domain.net.'. [ERROR_TIMEOUT] > The name 'dbsvr.domain.net.' may not be registered in DNS. > [FATAL] Failed to fix: DC DNS entry domain.net. re-registeration on > DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain.net. > re-registeration on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.Default-First-Site-Name._sites.domain.net. re-registeration > on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.ec198d88-e0cb-4344-8703-b17839ed5ebd.domains._msdcs.domain.net. > re-registeration on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > 1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.domain.net. > re-registeration on DNS server '100.200.52.145' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _kerberos._tcp.dc._msdcs.domain.net. re-registeration on DNS server > '100.200.52.145' failed. > > <snip> > > Does anyone know what steps I can take to get me back on my feet with > regards to DNS? Just let me know if you want the output from any more > commands. > > As I'm sure you can imagine, this lack of DNS is causing me all sorts > of problems with AD, so any advice you can give will be immensely > appreciated! > > Thanks, > > Berty > > (I'm afraid I've also posted this in .sbs, as I wasn't sure which was > the best location) >
From: Bertram on 3 May 2006 12:02
Hi, Thank you all for your responses. strongline - I was able to create the DNS zone, but I got the same error message when I tried to convert the zone to AD-integrated. Jorges Silva - I followed the recommended steps, however I got the same error message when I tried to recreate the zone (step four). Jorges de Almeida Pinto - This is the only DC in the domain, and the zone does not exist at all. I am currently following the steps in the windowsitpro.com article - if this meets with no success I shall try the technet article. Any more suggestions? Thank you all for taking the time to respond. |