Hi Eric, THANKS FOR UR REPLY. MY ANSWERS ARE IN UPPER CASE.
0) Does the following work to register, if not please tell us the errors thrown: ipconfig /registerdns FOLLOWING IS THE OUTPUT: C:\Documents and Settings\Administrator>ipconfig /registerdns Windows 2000 IP Configuration Registration of the DNS resource records for all adapters of this computer has b een initiated. Any errors will be reported in the Event Viewer in 15 minutes. 1) Does netlogon.dns have all of the appropriate records in it? If you restart netlogon do you get DNS registration errors in the event logs? I AM RUNNING THE TESTS WITHOUT ACTIVE DIR INSTALLED, HENCE THE NETLOGON.DNS FILE IS NOT PRESENT AND ALSO A RESTART OF NETLOGON SERVICE FAILS AS THE SYSTEM IS IN A WORKGROUP. 2) Noticed that you have a single label domain name (admin)....do you have the single label domain name reg changes in place? WHT IS THE "reg" CHANGES THING? I HAVE CHECKED IN THE REGISTRY AND THERE ARE CORRECT ENTRIES FOR THE HOSTNAME AND DOMAIN NAME OF THE SYSTEM. IS THERE ANY SPECIFIC ENTRY WHICH NEEDS TO BE LOOKED UPON? 3) Can you paste in the actual command and such that you issued? I can tell you did not do this below as your re-type of the command has a typo in it. An actual cut-and-paste would be a bit more useful. SORRY FOR THE TYPO, HERE IS THE COMMAND: E:\Program Files\Support Tools>dcdiag /test:DcPromo /DnsDomain:admin /newforest E:\Program Files\Support Tools>dcdiag /test:RegisterInDns /DnsDomain:admin /newforest -- thanks, Best regards, Abhishek Sharma | Network Architect | netdecisions Mumbai Software Development Centre 6th Flr, MET Building, Gen. A.K.Vaidya Chowk Bandra Reclamation, Bandra (W), Mumbai 400050. INDIA t Direct - +91 22 2644 0564, Board - +91 22 2644 0000 - Extn: 564. f +91 22 2655 8048 Email : [EMAIL PROTECTED] Website: www.netdecisions.com -----Original Message----- From: Eric Fleischman [mailto:[EMAIL PROTECTED] Sent: Monday, February 23, 2004 12:11 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Dcdiag.exe giving problems. A few other thoughts come to mind: 0) Does the following work to register, if not please tell us the errors thrown: ipconfig /registerdns 1) Does netlogon.dns have all of the appropriate records in it? If you restart netlogon do you get DNS registration errors in the event logs? 2) Noticed that you have a single label domain name (admin)....do you have the single label domain name reg changes in place? 3) Can you paste in the actual command and such that you issued? I can tell you did not do this below as your re-type of the command has a typo in it. An actual cut-and-paste would be a bit more useful. ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, February 22, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Dcdiag.exe giving problems. If it is a problem on a hardened and unhardened machine this is most probably in DNS. Do you have dynamic updates enabled? Go into DNS with the admin tools and look for the GUID record specified below and verify manually it is there. Alternatively you can do an nslookup on it, it will be a cname. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhishek Sharma Sent: Friday, February 20, 2004 7:45 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Dcdiag.exe giving problems. Hello all, I am facing a problem in using dcdiag.exe. I am using dcdiag.exe to diagnose the installation/configuration of a hardened Windows 2000 box. I have configured DNS server and there is no problem in the name resolution. When I used dcdiag.exe on a hardened box without ADS installed, I got the following result: E:\Program Files\Support Tools>dcdiag /test:DcPormo /DnsDomain:admin /newforest Starting test: DcPromo Messages logged below this line indicate whether this domain controller will be able to dynamically register DNS records required for the location of this DC by other devices on the network. If any misconfiguration is detected, it might prevent dynamic DNS registration of some records, but does not prevent successful completion of the Active Directory Installation Wizard.However, we recommend fixing the reported problems now,unless you plan to manually update the DNS database. This domain controller cannot register domain controller Locator DNS records. This is because it cannot locate a DNS server authoritative for the zone admin. This is due to one of the following: 1. One or more DNS servers involved in the name resolution of the admin name are not responding or contain incorrect delegation of the DNS zones; or 2. The DNS server that this computer is configured with contains incorrect root hints. The list of such DNS servers might include the DNS servers with which this computer is configured for name resolution and the DNS servers responsible for the following zones: admin Verify the correctness of the specified domain name and contact your network/DNS administrator to fix the problem. You can also manually add the records specified in the %systemroot%\system32\config\netlogon.dns file. ......................... inmum0048 failed test DcPromo I tried it on a unhardened box and it yield the same result!! What could be the problem? After this I configured ADS on a unhardened box and tested with dcdiag, following are the results: E:\Program Files\Support Tools>dcdiag /s:inmum0050 Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\INMUM0050 Starting test: Connectivity INMUM0050's server GUID DNS name could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (27c53983-c5be-4863-996b-c20af4099f36._msdcs.admin) couldn't be resolved, the server name (inmum0050.admin) resolved to the IP address (10.9.65.200) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... INMUM0050 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\INMUM0050 Skipping all tests, because server INMUM0050 is not responding to directory service requests Running enterprise tests on : admin Starting test: Intersite ......................... admin passed test Intersite Starting test: FsmoCheck ......................... admin passed test FsmoCheck I have configured DNS and nslookup works fine. Why is this happening? What is the reason for the failure to resolve the Guid DNS name? Why does it fail connectivity tests? What is the reason for the directory services not responding to the requests? -- thanks, Best regards, Abhishek Sharma | Network Architect | netdecisions Mumbai Software Development Centre 6th Flr, MET Building, Gen. A.K.Vaidya Chowk Bandra Reclamation, Bandra (W), Mumbai 400050. INDIA t Direct - +91 22 2644 0564, Board - +91 22 2644 0000 - Extn: 564. f +91 22 2655 8048 Email : [EMAIL PROTECTED] Website: www.netdecisions.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
