WIN2K SERVER Event Viewer

here is a couple of errors in event viewer sys log that I don't know how to address:

This Machine is a PDC of the domain at the root of the forest. Configure to sync from External time source using the net command, 'net time /setsntp:<server name>'.

Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.

I know the DNS issue has to do with my ISP and Domain host not supporting dynamic DNS but I don't know how to fix it.

Thanks,

 

Anyone?

 

If you look at the properties of the forward lookup zone in DNS there is an option for alowing zone transfer. Obviously if you have more than one DNS server on your network that requir Zone transfer then you will need this option ticked.
You can specify your other DNS servers their instead of the default option of all servers. which would stop the server from attempting to transfer zone info to anywhere else.

not one hundred % that is the problem.... maybe someone else can confirm or correct me....

 

whoops

 

We will give that a shot. I went to the properties of the foward look up zones and then to the zone transfer tab where I added the name server IP's provided by my ISP. And checked off "only the following servers "
If it crashes I know how to put it back!!
Thanks,
I'll keep an eye on event viewer. I should know in a few hours.

 

Nope, That didn't work..

Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.

 

What sort of network are we speaking of here. The "PDC ... root of the forest" indicates that your PC thinks it is the domain PDC and wants you to point it at an internet time server to insure that it has accurate time to pass around. If this the case see the below. Otherwise, say how you are set up.

Time Error - If your Win2K server is the PDC, it should be getting an accurate time tick from some accurate source. All other 2K/XP-pro machines on the network should be getting a time tick from it. The PCs will use w32time as the service to keep things in synch.

If you have 2K servers on an NT4 domain, you can still do the deed but you will have to fool the systems a little.

Main issue is that NT4 likes to use NTP as the time protocol. 2K can use it as well but for some reason which completely escapes me, it isn't the default.

M$ has lots of articles dealing with this. Try How to Configure an Authoritative Time Server in Windows (Q216734) which will get you started and will give you links to more information.

Failing in that, do a Google search and look for w32Time[/url].

DNS Error - I'll wait on the answer to the above re: your network setup as it makes quite a bit of difference in the cause and cure for your error.

 

Newt,
Yes this server (WIN2K SBS) is the PDC and only server on the LAN.
I have the box hooked to a switched network with several (10) win2k clients, (4) 98 clients, and (1) printer with NIC card.
The domain name is companyname.local
The box is hooked to a router that handles DHCP and connects via T-1 to my ISP that hosts my www.companyname.com
I pointed the server to their DNS servers which I'm told by them they don't support dynamic DNS.
I will work on the time thing tomorrow because I have 3 diffrent servers on three diffrent networks with that same error.

 

Have you tried pointing your server to it's own IP address (if that's where DNS is installed) for DNS? You can use root hints or DNS forwarding to resolve Internet addresses.

There is also an option to turn off DDNS registration in TCP/IP Advanced properties but not a good idea if the server is a DC and running DNS anyway.

 

yea I tried to disable a few months ago and had a serious network wide crash.
Thank god it was on a weekend.

 

I agree with UNIXFAN, you need to have your DNS server pointing to its self and also all to the Clients should be pointing to it in order for AD to work properly.
AD relies heavily on DNS.

You will then need to set up a forwarder from the server to the ISP DNS, that will ensure that your clients can resolve names on the internet via the local DNS server.
If your server is the root server as you mentioned, By default it will have the forwarders option grey'd out.
You will need to delete the "DOT" folder in your forward lookup zone I.E the "." folder. That will let the server know that it is not the route DNS server and allow it to forward requests other servers when it cannot resolve them therefore enabling the forwarders option.

 

Let's take this from the top. SSMITH has ~15 clients connecting to his SBS server. This being the only server makes it a little easier. We know that this server will be running AD and will therefore require DNS for resolution of the local domain, which he says is companyname.local. If a straight install is done SBS server, then AD/DNS is already configured. The curve ball here probably lies in the router that is handling DHCP (make sure DHCP is disabled on the SBS server!). It is, more likely than not, pointing all the clients to the ISPs DNS servers. The first thing I would do is reconfigure the router/DHCP server so that it give out three DNS servers, the first being the IP of your SBS server....the other two being the ISPs servers, of course. In doing this, the first server that is going to be queried is going to be the SBS server. If it is a companyname.local address, then it's going to be resolved locally...if it is anything else (.com, .net, etc.) then the SBS server is going to go out and find it. Problem solved. You may have to manually enter the DNS records for your Win98 machines (don't think they'll do DDNS), and you'll definitely have to enter the one for the printer...remember to add them to both forward and reverse zones to be on the safe side. And, as unixfan stated, go ahead and point the server to itself for DNS.


As far as slave forwarding the DNS service, this is usually only done for two reasons.

1) Security - If this was a server behind a firewall with a .com domain and you didn't want people beating it up from the rest of the world, you could put your two public IP DNS servers on the outside of your firewall. Configure your firewall to only allow DNS requests from the interal server to the external servers. This also allows for a single point for logging DNS requests.

2) Slow WAN Link - If this were a server behind a 56K dialup connection, you wouldn't want 15 clients causing DNS recursion all day long!! In this case, the SBS server would send one request to the ISP nameservers and let them deal with the recursion. They would then return the address....one request, one response. BUT, since he's behind a T1, this isn't necessary.

After reconfiguring the DHCP server, do a release and renew on one box and make sure the first IP listed in DNS servers is your server. If not, you'll have to manually configure DNS on all the machines.....which would ****.

Let me know how it goes!!

 

Mjg1973
I was also under the assumption that the clients where looking at the external DNS server hence the reason that I suggested that to be changed to point all of the clients at the internal DNS.

First thing,
Dynamic update is done via DHCP in win2k. DHCP will update DNS on behalf of the Client for the Clients configured DNS server.( If the clients are pointing out to external DNS server then this could be the problem that he is having, in other words DHCP is trying to update the ext DNS server for the Client) so disabling the DHCP on the win2k server would be a bad move, I would be looking at disabling DHCP on the router.

Second thing
in DHCP there is an option to enable updates for DNS cleints that do not support Dynamic update( win98 cleints etc)

Third thing
If you dish out three DNS servers to the clients you will NOT get name resolution for .com .net etc it does not work like that.
the client will try the primary DNS and the primary server will look at the zones that it is responsible for (which will be companyname.local) and as I stated before it by default will have a "dot" file under its configured zone and therfore know that it is the route DNS server I.E the end of the line. it will not go any further than that. you will just get an unknown host error.
Secondary DNS servers are specified in clients for when the primary is not avialable, not for when it cannot resolve a name.

Fourth thing
You set up forwarders in DNS so that if the DNS server cannot resolve a name it will forward the request to an alternative server
untill it reaches a root server, which is the end of the line.
That is all the a DNS forwarder is.

conclusion
Delete the "DOT" file in the configured zone (AD integrated) which will tell the server that it is not a DNS root serve therefore as I said before this will enable the forwarder option.

GJones MCSE Win2k

 

GJones

First thing,
Dynamic DNS Updates CAN be done by Microsoft's DHCP service, but it is not required. Clients that are DDNS aware can post thier info to a DDNS capable server like Microsoft's (Win2K or later) or BIND 8.X, which you'll find in many/most larger corps. As far as disabling DHCP on the SBS server, I think anyone out there that has been around M$ longer than when it first became cool to have an MSCE in a signature block would agree that the fewer network services that you can run on the M$ platform, the better! Except, of course, Exchange.....where the good outweighs the bad! IMO, network appliances will ALWAYS be a better match than an app on a M$ based server. Which would you rather use for routing, a M$ box or a Cisco router?

Second thing,
Thanks for the tidbit on M$ DHCP helping with DDNS updates. In this case, however, it won't help since he's got his router/firewall assigning IPs.

Third thing,
I guess I should have spelled out my thoughts on the three DNS server IPs in DHCP. The first IP would be the SBS server. This way, all clients will point to the only server that is authoritative for the .local address scheme that is being used here. If that server wasn't available (ie. server crashed, rebooting, etc.) then all the clients would roll over to the next two addresses...so they could at least surf while the server was coming back up! If a BDC exists, then it would be second in the search order. As for configuring your DNS server as a root server....not too many people do that! The only reason for that would be A.) to stop people from surfing or B.) because you don't have a connection to the internet and the server really is the end of the line!

Fourth thing,
This is what happens when you "enable forwarders ":
- DNS request received by Win2K server
- If it is a request for a zone the server is authoritative for (ie. .local) then the server responds
- If it is a request for another zone, the Win2K server acts as a client and queries the first server in the list of forwarders. If it receives a response, then it passes that response back to the client that initially made the request. If it doesn't get a response, then it proceeds to the next IP in the list of forwarders. It will continue this process until it reaches the end of the list of forwarders. At this point, the Win2K server itself will start the normal process of recursion until it receives a response from an authoritative server. The exception to this would be if you had the "Do not use recursion" box checked. If this box is checked, when it reaches the end of the forwarders list without a response, it will respond with a host not found message.
(If anyone would like to read more about the use of slave forwarding in large networks, usually for security reasons, search on "split DNS" Something to think about if you're in the security arena!)
That is what happens when you configure your server as a forwarder.


Conclusion,
*IF* the "DOT" file exists, DELETE IT! Then enable forwarders and add the IPs of your ISPs DNS servers to the list of forwarders. It wouldn't hurt to leave the "Do not use recursion" box UNCHECKED. This way, if your ISPs DNS servers are down or, more commonly, unreachable....your Win2K server will attempt to find the address on it's own.

 

Wo there
MJG1973 ol Smith there has got a bit of an issue with his DNS setup and from wot I can see GJones has given a pretty logical responce to the problem,
By the way I am also an MCSE and cool isn't the word for it,
there are two words HARD and WORK.
from wat I have just read you are kinda going around in circles a bit and changing your mind to not look bad.
if you can't take constructive critisism then you shouldn't comment.
Although I see in the end you agreed with GJones's conclusion.

Bruster MCSE UPVC YMCA RSPCA BILLGATESBESTBUD

 

Well, alrighty then!

 

To those who understand systems, please don't take the MCSE dig to heart. It was more aimed at the ExamCram certified folks out there....and there are plenty of 'em!!! You can usually tell them by the quoting of the crash courses!!!! Either way, no personal offense was intended.

Hey SMITH, how are things going, anyway?

Hope this tennis match hasn't got you all confused.

 

Well - he ain't been back so he is either cured, researching, or over/underwhelmed.

As for me, it has been educational. Thanks folks.

 

Well I have a squeeky clean event viewer!
the fix was pretty simple.
First thing was the net time issue.
at the command prompt:
C:\NET TIME /SETSNTP:192.5.41.209
BOOM!! Fixed!!
On the DDNS issue, turned out to be a pretty simple fix also.
Keep in mind I have a peice of hardware managing DHCP and not Win2k! That way if the server goes down for an extended period of time the network will still surf and receive internet E mail.
I went into the TCP/IP properties of the Network connection on the Server (AKA Domain Controler), and pointed the first DNS server address to itself (192.168.1.5). Second address was my ISP name server 1 & 2.
Next I went to my DHCP server/router and pointed it's DNS address to the Server (192.168.1.5) and the second address as the ISP name server.
So in conclusion, (if I understand this correctly) by pointing the win2kserver to itself, the clients will go there first to resolve .local addresses and then go to the next address for .com,.net, ect. for web resolutions.

 

Hmmm

Newt,
I didn't get back because I could see that things where getting a bit silly!!

MJG
First thing,
your initial response did seem to undermine in a not to tacked full way my genuine effort to resolve SMITH's error and hopefully avoid potential problems with AD at a later date.
However... I guess my response to that was not any more tacked full either. Please except my most humble apology!

Second thing
Although it seems we disagree on some things, perhaps we should discuss these issues without trying to prove each other wrong that way we can learn from each other.

Third thing
I have came a long way to earn my MCSE and have had a lot of experience on the way. However there are some out there that don't have the experience to back up the qualification, but I can assure you I am not in that category.

Fourth thing
Do you think we could call a truce.

No hard feelings at this side.

SMITH
Good to see you got your error log clear

GJones, (Dare I add) MCSE Win2k