DNS Issue on SBS 2008

[ijacobs3]

Morning all

I'm hoping someone could provide a bit of insight on a DNS issue i am having on SBS 2008,
a bit of backround, i started working at a company a few years back, and the main domain controler server is an old sbs 2008 install, which has worked fins until a few weeks ago. As it sits now, the AD is working ( i can reset users passwords, and users can authenticate on the network). The DNS is still working ( well half of it) it still does what it is supposed to on the network ( ip = machine name). however, the link between the dns and AD isnt working anymore

but on the reverse lookup, i get error messages



i have tried gogoling , but to no avail

i even tried to delete the zone, and recreate it, but no joy either


can anyone offer some advice?

 

[dovij]

Just at a guess, are you sure your active directory and dns services are running on the server?

Have you switched it off and on again?

 

[bekdik]

Check the event logs.

 

[ijacobs3]

Just at a guess, are you sure your active directory and dns services are running on the server?

Have you switched it off and on again?

to the best of my knowledge, yes, have rebooted a few times

 

[irBosOtter]

What errors are under DNS Server, Directory Service and Active Directory Web Services logs? (Under Application and Services Logs)

 

[ijacobs3]

What errors are under DNS Server, Directory Service and Active Directory Web Services logs? (Under Application and Services Logs)

the ad even log has this

'This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory Domain Services database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.'

the dns one has this

'The DNS server was unable to complete directory service enumeration of zone fmp.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020800F3, problem 5012 (DIR_ERROR), data -1018". The event data contains the error'

 

[irBosOtter]

Problem lies with AD, once that is fixed DNS will probably start working properly again, so rather focus on the AD issue for now, once that is solved, then check if there there are still DNS issues.

How many domain controllers in your environment?
Any errors in the DFS Replication and File Replication Service logs?

 

[ijacobs3]

We have the main sbs server and another server running exchange ( which is also a has ad on it)

Will get when I get back to the office , just out at a call out quick )

 

[ijacobs3]

Problem lies with AD, once that is fixed DNS will probably start working properly again, so rather focus on the AD issue for now, once that is solved, then check if there there are still DNS issues.

How many domain controllers in your environment?
Any errors in the DFS Replication and File Replication Service logs?

dfs replication
"The DFS Replication service successfully contacted domain controller FMPSRV01.fmp.local to access configuration information."

 

[irBosOtter]

The server where exchange is installed on might not be a AD server, might have AD tools installed on but not AD itself.
Is there more than one server under "Domain controllers" OU in Active Directory Users and Computers? Or under AD Sites and Services, expand your site, how many servers there?

 

[ijacobs3]

The server where exchange is installed on might not be a AD server, might have AD tools installed on but not AD itself.
Is there more than one server under "Domain controllers" OU in Active Directory Users and Computers? Or under AD Sites and Services, expand your site, how many servers there?

the exchange server is listed under domain controllers as well

if i try do a replication , it gives me an error


sorry for the ignorance, i have never had to deal with AD once its broken and google not helping much

 

[irBosOtter]

Ok cool, well, not the best to have Exchange installed on a AD server, just complicates it more I suppose.

Have you tried rebooting the Exchange/AD server to see if it helps?

What happens if you create a new AD user account, does it replicate over the the exchange AD server at least?
Also check the logs for errors on the second AD server, the one where Exchange is on. That one will probably also be a DNS server, check if you can access DNS on that one

 

[ijacobs3]

Ok cool, well, not the best to have Exchange installed on a AD server, just complicates it more I suppose.

Have you tried rebooting the Exchange/AD server to see if it helps?

yes, didnt help

What happens if you create a new AD user account, does it replicate over the the exchange AD server at least?

yup, it does

Also check the logs for errors on the second AD server, the one where Exchange is on. That one will probably also be a DNS server, check if you can access DNS on that one

nope

 

[irBosOtter]

In elevated command prompt run "dcdiag" and check for any issues. (On both domain controllers)

Then also dcdiag /test:dns

And what version of Windows Server is the other one where Exchange is installed on?

 

[Telasera]

Have you tired using nslookup to test the DNS server directly?

 

[ijacobs3]

In elevated command prompt run "dcdiag" and check for any issues. (On both domain controllers)

Then also dcdiag /test:dns

And what version of Windows Server is the other one where Exchange is installed on?

will do it tomorrow and let you know, im almost sure i did run this already, but will revert first thing tomorrow

 

[ijacobs3]

In elevated command prompt run "dcdiag" and check for any issues. (On both domain controllers)

Then also dcdiag /test:dns

And what version of Windows Server is the other one where Exchange is installed on?

the exchange is running on 2003 , and sbs is 2008

the mess is, i started here, and picked up from about 5 other peoples mess, still need to schedule moving 35 workstation on a new domain / setup

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = FMPSRV01

* Identified AD Forest.
Done gathering initial info.


Doing initial required tests


Testing server: Default-First-Site-Name\FMPSRV01

Starting test: Connectivity

The host d338fbdb-4f05-4f30-b1fd-d7cea40f61f2._msdcs.fmp.local could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

......................... FMPSRV01 failed test Connectivity



Doing primary tests


Testing server: Default-First-Site-Name\FMPSRV01


Starting test: DNS



DNS Tests are running and not hung. Please wait a few minutes...

......................... FMPSRV01 passed test DNS


Running partition tests on : ForestDnsZones


Running partition tests on : DomainDnsZones


Running partition tests on : Schema


Running partition tests on : Configuration


Running partition tests on : fmp


Running enterprise tests on : fmp.local

Starting test: DNS

Test results for domain controllers:


DC: FMPSRV01.fmp.local

Domain: fmp.local




TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter

[00000006] D-Link DGE-528T Gigabit Ethernet Adapter has

invalid DNS server: 192.168.0.2 (FMPSRV01)

Error: all DNS servers are invalid

No host records (A or AAAA) were found for this DC


TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 196.14.239.2 (<name unavailable>)

TEST: Dynamic update (Dyn)
Warning: Failed to add the test record _dcdiag_test_record in zone fmp.local

TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network

adapters


Summary of test results for DNS servers used by the above domain

controllers:



DNS server: 192.168.0.2 (FMPSRV01)

1 test failure on this DNS server

Name resolution is not functional. _ldap._tcp.fmp.local. failed on the DNS server 192.168.0.2

DNS server: 196.14.239.2 (<name unavailable>)

1 test failure on this DNS server

PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 196.14.239.2
Summary of DNS test results:


Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: fmp.local

FMPSRV01 PASS FAIL FAIL PASS WARN FAIL n/a

......................... fmp.local failed test DNS

 

[ijacobs3]

Have you tired using nslookup to test the DNS server directly?

C:\Users\admin>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: fe80::6d2a:520b:fbc0:1573

 

[irBosOtter]

You could use ADSI Edit to delete the "corrupt" DNS zone and then re-create it, but I would be very careful with that, could cause more issues in the end if you delete the wrong stuff

Follow this and see if it helps... this guy hat to reset permissions as well before he could delete the zone...
http://serverfault.com/questions/17748/delete-corrupt-ad-integrated-dns-zone

 

[The_Unbeliever]

try demoting (or removing DNS) services and installing DNS services on another server?

Or you don't need to demote/remove the current DNS server actually. Just get another DNS server up and running, check if it's working and then point all your servers/workstations to the new DNS server and see if it works. (quick and dirty solution).