All about Information Technology infrastructure and system. Helpdesk & support issue, deployment guide, and daily activity in managing an information technology operation.
Search This Blog
Saturday, March 11, 2023
Cannot Delete DNS Zone - Access was Denied
Friday, June 3, 2022
Error while creating Windows 2016 Cluster at "Find a suitable Domain Controller"
You want to create Windows 2016 cluster on Windows 2012 R2 Domain. You run the Wizard, however encountered error and the cluster cannot be created.
"Check whether the computer object "clustername" for node "hostnameFQDN" exists in the domain. More data is available".
"Failed to find suitable DC. Error 234"
"Searching for object "clustername" on first choice DC failed. Error 234"
"Couldn't resolve RPC binding to cluster, Status = 1753"
Resolution:
First, verified the DNS record in your DNS Server. Especially the record for all of your Domain Controllers. Make sure the Active Directory required Zones has the correct NS records, CNAME records, A Records, and also SRV DNS records. Remove the stale records for old or unknown broken Domain Controllers.
Second, check the Application partition (DomainDnsZone and ForestDnsZone) in your Active Directory. Use ADSIedit to connect to the application partition and try to browse the content. If you encountered error, you may need to delete the application partition using NTDSUtil.
Thursday, February 3, 2022
DNS Event 4015 on Windows 2012 R2 Domain Controller
Description:
At DNS Server which also a Domain Controller, you notice the Event Viewer is full with the following error.
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly.
The extended error debug information (which may be empty) is 0000051B: AtrErr: DSID-031508EF, #1:0: 0000051B: DSID-031508EF, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor).
Resolution:
Enabled AD diagnostic logging, Enabled Directory access key and set the value to 5.
Look for Event ID 1175 at event viewer and noticed the Object Distinguished Name. You may need to change the ownership of that AD Object to SYSTEM and restarted the DNS service on the domain controller.
Tuesday, November 1, 2011
DNS Tombstones in Windows 2003 and 2008
Saturday, October 29, 2011
Prevent Registration of Certain Domain Controller DNS Records
To achieve this behavior, the domain controllers/global catalogs in the satellite offices should not register generic (non-site-specific) domain controller locator DNS records
To restrict the DNS resource records that are updated by NetlLogon
- Open Registry Editor.
- In Registry Editor, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters - Add the following multistring value (REG_MULTI_SZ) value:
DnsAvoidRegisterRecords - In this value, specify the list of data corresponding to the DNS resource records that should not be registered for this domain controller by the Net Logon service. The following table contains the list of data.
Mnemonic | <>>Type | <>DNS Record |
---|---|---|
LdapIpAddress | A | |
Ldap | SRV | _ldap._tcp. |
DcByGuid | SRV | _ldap._tcp. |
Kdc | SRV | _kerberos._tcp.dc._msdcs. |
Dc | SRV | _ldap._tcp.dc._msdcs. |
Rfc1510Kdc | SRV | _kerberos._tcp. |
Rfc1510UdpKdc | SRV | _kerberos._udp. |
Rfc1510Kpwd | SRV | _kpasswd._tcp. |
Rfc1510UdpKpwd | SRV | _kpasswd._udp. |
Global Catalog-Specific Records
Mnemonic | Type | DNS Record |
---|---|---|
Gc | SRV | _ldap._tcp.gc._msdcs. |
GcIpAddress | A | gc._msdcs. |
GenericGc | SRV | _gc._tcp. |
Tuesday, May 12, 2009
Checklists when promoting a Windows Domain Controller
Here are some of the things that you must configure when promoting a domain controller at a forest with multi sites and multi domains topology.
If this is a new Domain Controller at new site:
a. At Active Directory Sites and Services, create a new site.
b. Create a new subnet and link it to the newly created site.
c. Configure the IP site link for Active Directory replication.
· Promote the Windows Server to become Domain Controller.
· Configure the Domain Controller to become a DNS server – Active Directory Integrated (Domaindnszones).
· Configure the Domain Controller to become a Global Catalog server.
· Configure DNS Forwarders.
· Configure the Domain Controller to be the Authoritative Name Servers in the domain.
· Enable Strict Replication Consistency. (more)
· Disable Windows Scalable Networking Pack Components. (more)
· Change Windows Time Service MaxNegPhaseCorrection and MaxPosPhaseCorrection value to 48 hours. (more)
Monday, April 6, 2009
Missing PTR Record in DNS
Saturday, April 5, 2008
A duplicate name exist error when connecting to SMB share using CNAME alias
When you are setting up CNAME alias in DNS for a Windows 2003 Server and then try to connect to server using CNAME alias, you may encounter "a duplicate name exists on the network" error.
Resolution
To resolve this problem in Windows Server 2003, complete the following steps:
1. Create the CNAME record for the file server on the appropriate DNS server, if the CNAME record is not already present.
2. Apply the following registry change to the file server. To do so, follow these steps:
a. Start Registry Editor (Regedt32.exe).
b. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
c. On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableStrictNameCheckingData
type: REG_DWORD
Radix: Decimal
Value: 1
d. Quit Registry Editor.
3. Restart your computer.
Sunday, March 30, 2008
Tools For DNS Testing and Validation
Whenever you do email troubleshooting, website lookup, and or domain whois, you will find that these websites are quite helpful.
- www.dnsstuff.com > This is the best one I think. It has a lot of tools and the result are very accurate and fast. You can query and get almost every information here. However you have to pay to get the service. They are not free anymore. Trial period are available.
- www.zonedit.com/smtp.html > You can send email testing from this website for validation or troubleshooting. All you have to do is put the email server MX record, sender address, and recipient address.
- www.mxtoolbox.com > Through this tool you can query MX record from a domain name.
- http://network-tools.com/nslook > You can do NSLookup query for A record, CNAME, PTR, MX, NS, etc to certain server through this tool.
- http://www.dnstools.com/ > Besides getting IP whois information, you can also do port checking status from this website.