2003: "dns server unable to open active directory&quo..

External Since: May 09, 2005 Posts: 1

I have a single 2003 PDC which runs AD, DNS, and DHCP. Since I
installed SP1 (~2 days ago), DNS has been dead. In the event viewer, I
get the following errors:

4000: "dns server unable to open active directory"

4007: The DNS server was unable to open zone _msdcs.cbhp.ua.edu in the
Active Directory from the application directory partition
ForestDnsZones.cbhp.ua.edu. This DNS server is configured to obtain and
use information from the directory for this zone and is unable to load
the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

I know this is related to AD not starting properly, but when I view the
event viewer for directory services, I see the following error:

---------------------------------
Active Directory was unable to establish a connection with the global
catalog.

Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200c67

User Action:
Make sure a global catalog is available in the forest, and is reachable
from this domain controller. You may use the nltest utility to
diagnose this problem.
---------------------------------

Any insight into this problem would be greatly appreciated. I have
googled the topic to death, and all of the kb articles don't really fit
my problem. Attached below are a few outputs from various tools:

/////////////////////////////
// Unedited ipconfig /all
/////////////////////////////
Windows IP Configuration

Host Name . . . . . . . . . . . . : mario
Primary Dns Suffix . . . . . . . : cbhp.ua.edu
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cbhp.ua.edu
ua.edu

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-11-43-D8-4C-C5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 130.160.121.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 130.160.121.1
DNS Servers . . . . . . . . . . . : 130.160.121.254

/////////////////////////////
// netdiag
/////////////////////////////
......................................

Computer Name: MARIO
DNS Host Name: mario.cbhp.ua.edu
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mario
IP Address . . . . . . . . : 130.160.121.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 130.160.121.1
Dns Servers. . . . . . . . : 130.160.121.254

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly
on DNS se
rver '130.160.121.254'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/mario.cbhp.ua.edu.

LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed
information

The command completed successfully

/////////////////////////////
// dcdiag
/////////////////////////////
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\MARIO
Starting test: Connectivity
The host
cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu)
couldn't be
resolved, the server name (mario.cbhp.ua.edu) resolved to the
IP
address (130.160.121.254) and was pingable. Check that the IP
address
is registered correctly with the DNS server.
......................... MARIO failed test Connectivity

Doing primary tests

Testing server: Default-First-Site\MARIO
Skipping all tests, because server MARIO is
not responding to directory service requests

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : cbhp
Starting test: CrossRefValidation
......................... cbhp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... cbhp passed test CheckSDRefDom

Running enterprise tests on : cbhp.ua.edu
Starting test: Intersite
......................... cbhp.ua.edu passed test Intersite
Starting test: FsmoCheck
......................... cbhp.ua.edu passed test FsmoCheck

Sorry for the long post. Any insight/prior experience would be greatly
appreciated.
--Josh Converse

External Since: Jul 17, 2004 Posts: 159

Since you think this is SP1-related, have you considered uninstalling SP1? You can also try a DS restore if you have a pre-SP1
backup of your AD that is useable.

And you should always double-check your system time/date/time zone since a problem there can manifest in the most mysterious ways.

If none of that is feasible or doesn't help, try getting your DNS zone loaded and running as a 'standard primary' instead of
AD-integrated. This may require loading from .dns files if you can't get to the zone at all the way it is, but it is certainly
do-able.

Once you have a functioning DNS you can do a dcdiag /fix and netdiag /fix to clean it up, and then you're in a much better position
to dig in to try and see what is really wrong with AD. It may be a permissions problem inside AD or netvol, but with a
malfunctioning DNS, it is very hard to see past that.

I have installed SP1 on several servers and have not seen this problem, but you're making me nervous...

Steve Duff [MVP]
Ergodic Systems, Inc.

"Josh Converse" <josh.converse.DeleteThis@gmail.com> wrote in message news:1115668651.655050.82700@z14g2000cwz.googlegroups.com...
>I have a single 2003 PDC which runs AD, DNS, and DHCP. Since I
> installed SP1 (~2 days ago), DNS has been dead. In the event viewer, I
> get the following errors:
>
> 4000: "dns server unable to open active directory"
>
> 4007: The DNS server was unable to open zone _msdcs.cbhp.ua.edu in the
> Active Directory from the application directory partition
> ForestDnsZones.cbhp.ua.edu. This DNS server is configured to obtain and
> use information from the directory for this zone and is unable to load
> the zone without it. Check that the Active Directory is functioning
> properly and reload the zone. The event data is the error code.
>
>
> I know this is related to AD not starting properly, but when I view the
> event viewer for directory services, I see the following error:
>
> ---------------------------------
> Active Directory was unable to establish a connection with the global
> catalog.
>
> Additional Data
> Error value:
> 8430 The directory service encountered an internal failure.
> Internal ID:
> 3200c67
>
> User Action:
> Make sure a global catalog is available in the forest, and is reachable
> from this domain controller. You may use the nltest utility to
> diagnose this problem.
> ---------------------------------
>
> Any insight into this problem would be greatly appreciated. I have
> googled the topic to death, and all of the kb articles don't really fit
> my problem. Attached below are a few outputs from various tools:
>
> /////////////////////////////
> // Unedited ipconfig /all
> /////////////////////////////
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : mario
> Primary Dns Suffix . . . . . . . : cbhp.ua.edu
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : cbhp.ua.edu
> ua.edu
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-11-43-D8-4C-C5
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 130.160.121.254
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 130.160.121.1
> DNS Servers . . . . . . . . . . . : 130.160.121.254
>
> /////////////////////////////
> // netdiag
> /////////////////////////////
> .....................................
>
> Computer Name: MARIO
> DNS Host Name: mario.cbhp.ua.edu
> System info : Windows 2000 Server (Build 3790)
> Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
> List of installed hotfixes :
> Q147222
>
>
> Netcard queries test . . . . . . . : Passed
>
> Per interface results:
> Adapter : Local Area Connection
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : mario
> IP Address . . . . . . . . : 130.160.121.254
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 130.160.121.1
> Dns Servers. . . . . . . . : 130.160.121.254
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
> No remote names have been found.
>
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this interface.
>
> Global results:
>
> Domain membership test . . . . . . : Passed
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
> IP loopback ping test. . . . . . . : Passed
> Default gateway test . . . . . . . : Passed
> NetBT name test. . . . . . . . . . : Passed
> Winsock test . . . . . . . . . . . : Passed
>
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] The DNS entries for this DC are not registered correctly
> on DNS se
> rver '130.160.121.254'. Please wait for 30 minutes for DNS server
> replication.
> [FATAL] No DNS servers have the DNS records for this DC registered.
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
> The redir is bound to 1 NetBt transport.
>
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{495BCA92-9C90-4A8D-8FA1-48DD2C4CE54D}
> The browser is bound to 1 NetBt transport.
>
> DC discovery test. . . . . . . . . : Passed
> DC list test . . . . . . . . . . . : Passed
> Trust relationship test. . . . . . : Skipped
>
> Kerberos test. . . . . . . . . . . : Failed
> [FATAL] Kerberos does not have a ticket for
> host/mario.cbhp.ua.edu.
>
>
> LDAP test. . . . . . . . . . . . . : Passed
> Bindings test. . . . . . . . . . . : Passed
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
>
> Modem diagnostics test . . . . . . : Passed
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
>
> The command completed successfully
>
> /////////////////////////////
> // dcdiag
> /////////////////////////////
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site\MARIO
> Starting test: Connectivity
> The host
> cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu could
> not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (cbd46d10-6482-45cd-a360-7616ba9fe087._msdcs.cbhp.ua.edu)
> couldn't be
> resolved, the server name (mario.cbhp.ua.edu) resolved to the
> IP
> address (130.160.121.254) and was pingable. Check that the IP
> address
> is registered correctly with the DNS server.
> ......................... MARIO failed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site\MARIO
> Skipping all tests, because server MARIO is
> not responding to directory service requests
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test
> CheckSDRefDom
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
>
> Running partition tests on : cbhp
> Starting test: CrossRefValidation
> ......................... cbhp passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... cbhp passed test CheckSDRefDom
>
> Running enterprise tests on : cbhp.ua.edu
> Starting test: Intersite
> ......................... cbhp.ua.edu passed test Intersite
> Starting test: FsmoCheck
> ......................... cbhp.ua.edu passed test FsmoCheck
>
>
>
> Sorry for the long post. Any insight/prior experience would be greatly
> appreciated.
> --Josh Converse
>