DCDIAG Failing DNSBASIC Test
tkutil
the basic connectivity test back to one server. Meaning 2 of 3 communicate,
but fail to the 3rd. I posted the result table from all 3 servers below.
This is the result from MKS00W01
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: met.globaltti.net
MKS00W46 PASS FAIL n/a n/a n/a n/a
n/a
MKS00W01 PASS PASS PASS PASS PASS PASS
n/a
mks00w10 PASS FAIL n/a n/a n/a n/a
n/a
......................... met.globaltti.net failed test DNS
This is the result from MKS00W46
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: met.globaltti.net
MKS00W46 PASS PASS PASS PASS PASS PASS
n/a
MKS00W01 PASS FAIL n/a n/a n/a n/a
n/a
mks00w10 PASS PASS PASS PASS PASS PASS
n/a
This is the result from MKS00W10
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: met.globaltti.net
MKS00W01 PASS FAIL n/a n/a n/a n/a
n/a
MKS00W46 PASS PASS PASS PASS PASS PASS
n/a
mks00w10 PASS PASS PASS PASS PASS PASS
n/a
Meinolf Weber [MVP-DS]
Hello tkutil,
Let's start with an unedited ipconfig /all from all 3 servers to exclude
DNS configuration as a problem.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
tkutil
____________________________________________________________________
Windows IP Configuration
Host Name . . . . . . . . . . . . : mks00w10
Primary Dns Suffix . . . . . . . : met.globaltti.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : met.globaltti.net
globaltti.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-8D-59-40
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.100.1.40
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 10.100.1.1
DNS Servers . . . . . . . . . . . : 10.100.1.40
10.100.2.45
10.100.1.31
Primary WINS Server . . . . . . . : 10.100.1.40
_____________________________________________________________________
Windows IP Configuration
Host Name . . . . . . . . . . . . : MKS00W01
Primary Dns Suffix . . . . . . . : met.globaltti.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : met.globaltti.net
globaltti.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-8D-75-51
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.100.1.31
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 10.100.1.1
DNS Servers . . . . . . . . . . . : 10.100.1.31
10.100.1.40
10.100.2.45
_____________________________________________________________
Windows IP Configuration
Host Name . . . . . . . . . . . . : MKS00W46
Primary Dns Suffix . . . . . . . : met.globaltti.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : met.globaltti.net
globaltti.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-8D-06-1F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.100.2.45
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 10.100.1.1
DNS Servers . . . . . . . . . . . : 10.100.2.45
10.100.1.31
10.100.1.40
Ace Fekay [MCT]
news:08E18C51-4CCC-4C9E...@microsoft.com...
Hi tkutil,
The ipconfigs look good.
Are all DNS servers configured with a Forwarder?
Do you have a reverse zone created for your subnets?
Any event log errors?
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
ace...@mvps.RemoveThisPart.org
http://twitter.com/acefekay
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
tkutil
if this is proper? I have seen articles concerning split brain DNS, which I
gathered has one forwarder and subordinate DNS point to that DNS. I do get
errors about some repeated event too many times. I don't remember exactly
what the event ID was. I l cleared all of my events and restarted DNS, but no
new error showed up. According to DCDIAG it looks like MKS00W01 is the
problem DNS since the others fail the BASC test to that server.
tkutil
When I run DCDIAG /test:dns /e /v I get this error on all 3 servers for
MKS00W01
TEST: Basic (Basc)
Error: No WMI connectivity
[Error details: 0x80070005 (Type: HRESULT - Facility:
Win32, Description: Access is denied.) - Connection to WMI server failed]
Meinolf Weber [MVP-DS]
Please download and run dnslint.
http://support.microsoft.com/kb/321045
dnslint /ad /s "dc ip address"
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> When I run DCDIAG /test:dns /e /v I get this error on all 3 servers
> for MKS00W01
>
> TEST: Basic (Basc)
> Error: No WMI connectivity
> [Error details: 0x80070005 (Type: HRESULT -
> Facility:
> Win32, Description: Access is denied.) - Connection to WMI server
> failed]
> "tkutil" wrote:
>
>> I have all three DNS servers setup with identical forwarders. I am
>> not sure if this is proper? I have seen articles concerning split
>> brain DNS, which I gathered has one forwarder and subordinate DNS
>> point to that DNS. I do get errors about some repeated event too many
>> times. I don't remember exactly what the event ID was. I l cleared
>> all of my events and restarted DNS, but no new error showed up.
>> According to DCDIAG it looks like MKS00W01 is the problem DNS since
>> the others fail the BASC test to that server.
>>
>> "Ace Fekay [MCT]" wrote:
>>
>>> "tkutil" <tku...@discussions.microsoft.com> wrote in message
>>> news:08E18C51-4CCC-4C9E...@microsoft.com...
>>>
>>>> Here is the ipconfig /all results for all 3 servers
>>>> ___________________________________________________________________
>>>> _ Windows IP Configuration
Ace Fekay [MCT]
>I have all three DNS servers setup with identical forwarders. I am not sure
> if this is proper? I have seen articles concerning split brain DNS, which
> I
> gathered has one forwarder and subordinate DNS point to that DNS. I do get
> errors about some repeated event too many times. I don't remember exactly
> what the event ID was. I l cleared all of my events and restarted DNS, but
> no
> new error showed up. According to DCDIAG it looks like MKS00W01 is the
> problem DNS since the others fail the BASC test to that server.
>
That's fine to use identical Forwarders. If all DC/DNS are identical, I
would rather Forward all to an ISP's, rather than to a common one
internally, otherwise the resolution will be performing additional steps.
Is there any firewall rules blocking UDP and/or TCP 53 to the outside and
back in (established)?
Ace
tkutil
companies with internal IP addresses. I am not certain on the firewall
blocking port 53, but I was assuming the test was testing connectivity
between the AD/DNS servers?
tkutil
System Date: Thu Jul 16 14:24:21 2009
Command run:
C:\dnslint\dnslint.exe /ad /s 10.100.1.31
Root of Active Directory Forest:
Active Directory Forest Replication GUIDs Found:
DC: MKS00W46
GUID: 84854ae9-b9af-4973-b22b-2fa962b4ff0f
DC: MKS00W01
GUID: 5aac1842-1ae5-46d1-baeb-17563310d166
DC: MKS00W10
GUID: 806c4d86-df98-491d-94dc-1f35c2eb3962
Total GUIDs found: 3
--------------------------------------------------------------------------------
The following 3 DNS servers were checked for records related to AD forest
replication:
DNS server: mks00w01.met.globaltti.net
IP Address: 10.100.1.31
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: mks00w01.met.globaltti.net
Hostmaster: hostmaster
Zone serial number: 1030
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
mks00w46.met.globaltti.net Unknown
mks00w10.met.globaltti.net Unknown
mks00w01.met.globaltti.net Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 84854ae9-b9af-4973-b22b-2fa962b4ff0f._msdcs.met.globaltti.net
Alias: mks00w46.met.globaltti.net
Glue: 10.100.2.45
CNAME: 5aac1842-1ae5-46d1-baeb-17563310d166._msdcs.met.globaltti.net
Alias: mks00w01.met.globaltti.net
Glue: 10.100.1.31
CNAME: 806c4d86-df98-491d-94dc-1f35c2eb3962._msdcs.met.globaltti.net
Alias: mks00w10.met.globaltti.net
Glue: 10.100.1.40
Total number of CNAME records found on this server: 3
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------------------------------------------------------------
DNS server: mks00w46.met.globaltti.net
IP Address: 10.100.2.45
UDP port 53 responding to queries: NO
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: Unknown
SOA record data from server:
Authoritative name server: Unknown
Hostmaster: Unknown
Zone serial number: Unknown
Zone expires in: Unknown
Refresh period: Unknown
Retry delay: Unknown
Default (minimum) TTL: Unknown
Total number of CNAME records found on this server: 0
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------------------------------------------------------------
DNS server: mks00w10.met.globaltti.net
IP Address: 10.100.1.40
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: mks00w10.met.globaltti.net
Hostmaster: hostmaster
Zone serial number: 1030
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
mks00w01.met.globaltti.net Unknown
mks00w46.met.globaltti.net Unknown
mks00w10.met.globaltti.net Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 84854ae9-b9af-4973-b22b-2fa962b4ff0f._msdcs.met.globaltti.net
Alias: mks00w46.met.globaltti.net
Glue: 10.100.2.45
CNAME: 5aac1842-1ae5-46d1-baeb-17563310d166._msdcs.met.globaltti.net
Alias: mks00w01.met.globaltti.net
Glue: 10.100.1.31
CNAME: 806c4d86-df98-491d-94dc-1f35c2eb3962._msdcs.met.globaltti.net
Alias: mks00w10.met.globaltti.net
Glue: 10.100.1.40
Total number of CNAME records found on this server: 3
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
=====================================================
tkutil
Notes:
One or more DNS servers may not be authoritative for the domain
One or more DNS servers did not respond to UDP queries
One or more zone files may have expired
SOA record data was unavailable and/or missing on one or more DNS servers
===================================================
Meinolf Weber [MVP-DS]
As Ace already metioned, on mks00w46.met.globaltti.net port 53 UDP is not
responding. So check this one for firewall or other network problems.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> __ _ Windows IP Configuration
Ace Fekay [MCT]
>I have each DNS server forwarding to the internet, plus other sister
> companies with internal IP addresses. I am not certain on the firewall
> blocking port 53, but I was assuming the test was testing connectivity
> between the AD/DNS servers?
It's not that it tests connectivity, rather it tests communications.
It appears UDP 53 is blocked on that one server based on the DNSLint test.
Ace