Uninstall/Reinstall DNS with AD already installed? Server ..

Ben81 · External Since: Aug 22, 2004 Posts: 76

Hi all. I think I may have goofed...

We were getting a good many DNS errors on a server that was setup before I
took this job. I was doing some other things on the network like changing
the IP scheme and some updates to some software, when I had the bright idea
to uninstall DNS and then just reinstall it.

Well, now I am getting more errors. The workstations are taking much longer
to login, in the event viewer of the XP workstations, I am getting errors
stating like:

Automatic certificate enrollment for local system failed to contact the
active directory (0x8007054b). The specified domain either does not exist or
could not be contacted.
Enrollment will not be performed.

and

Windows cannot determine the user or computer name. (The specified domain
either does not exist or could not be contacted. ). Group Policy processing
aborted.

Is there hope of getting DNS fixed without removing AD and redoing the whole
AD and DNS setup?

--
Thanks for your help!
Ben

Kevin D. Goodknech1 · External Since: Jun 20, 2004 Posts: 1397

Ben wrote:
> Hi all. I think I may have goofed...
>
> We were getting a good many DNS errors on a server that was setup
> before I took this job. I was doing some other things on the network
> like changing the IP scheme and some updates to some software, when I
> had the bright idea to uninstall DNS and then just reinstall it.
>
> Well, now I am getting more errors. The workstations are taking much
> longer to login, in the event viewer of the XP workstations, I am
> getting errors stating like:
>
> Automatic certificate enrollment for local system failed to contact
> the active directory (0x8007054b). The specified domain either does
> not exist or could not be contacted.
> Enrollment will not be performed.
>
> and
>
> Windows cannot determine the user or computer name. (The specified
> domain either does not exist or could not be contacted. ). Group
> Policy processing aborted.
>
> Is there hope of getting DNS fixed without removing AD and redoing
> the whole AD and DNS setup?

Sure there is, did you uninstall the DNS server service?
Did you get it reinstalled if you did?

Do you have a forward lookup zone for your Active Directory domain name?
(From ADU&C)
If not, create one. And set it to allow dynamic updates.

Does your AD Domain name match you Primary DNS suffix in your ipconfig /all?
If not see:
257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
Name
http://support.microsoft.com/?id=257623&sd=RMVP

Is your AD Domain Name a single-label name (domain vs. domain.com)
If it is see:
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&sd=RMVP

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

wsculver · External Since: Sep 07, 2006 Posts: 1

I have a similar situation. The domain was somehow removed from DNS.

The domain was then recreated in DNS. It has repopulated some stuff
but not all.

The only folder that exists under the recreated domain on the PDC/DNS
server is the _msdcs folder and it is incomplete

I know this because there are two other DCs which appear to be
recursive to each other as secondaries (strange). They have more
records from prior to the removal on the PDC/DNS server, for example,
_tcp, _udp, etc.

Should I a) manually create the missing folders? b) create the missing
records under them and c) remove the secondaries once a and b are done
then set them up correctly as secondaries to the master?

Any thoughts/help greatly appreciated.

Kevin D. Goodknecht Sr. [MVP] wrote:
> Ben wrote:
> > Hi all. I think I may have goofed...
> >
> > We were getting a good many DNS errors on a server that was setup
> > before I took this job. I was doing some other things on the network
> > like changing the IP scheme and some updates to some software, when I
> > had the bright idea to uninstall DNS and then just reinstall it.
> >
> > Well, now I am getting more errors. The workstations are taking much
> > longer to login, in the event viewer of the XP workstations, I am
> > getting errors stating like:
> >
> > Automatic certificate enrollment for local system failed to contact
> > the active directory (0x8007054b). The specified domain either does
> > not exist or could not be contacted.
> > Enrollment will not be performed.
> >
> > and
> >
> > Windows cannot determine the user or computer name. (The specified
> > domain either does not exist or could not be contacted. ). Group
> > Policy processing aborted.
> >
> > Is there hope of getting DNS fixed without removing AD and redoing
> > the whole AD and DNS setup?
>
> Sure there is, did you uninstall the DNS server service?
> Did you get it reinstalled if you did?
>
> Do you have a forward lookup zone for your Active Directory domain name?
> (From ADU&C)
> If not, create one. And set it to allow dynamic updates.
>
> Does your AD Domain name match you Primary DNS suffix in your ipconfig /all?
> If not see:
> 257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
> Name
> http://support.microsoft.com/?id=257623&sd=RMVP
>
> Is your AD Domain Name a single-label name (domain vs. domain.com)
> If it is see:
> 300684 - Information About Configuring Windows 2000 for Domains with
> Single-Label DNS Names
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&sd=RMVP
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================

Ben81 · External Since: Aug 22, 2004 Posts: 76

Thanks Kevin! You pointed me in the right direction and I was able to get
DNS back up and running correctly.

Unfortunatly, I encountered another issue which I knew would be when I read
you reply. The idiot that setup this server (again I was not here when it
was done), set it up as a .com domain name. This causes a problem because it
is also our internet domain name. For expample:

Local domain in the office: ourdomain.com
Website: www.ourdomain.com
Email: mail.ourdomain.com

So I had DNS "fixed" when I left the office late last night and when I come
in this morning, no one on our network here at the office can get their email
or go to our website.

Any ideas on how to circumvent this? Again, this is a Server 2003 box (I
realized that I was in the wrong forum after I read your reply).

Thanks again. I really appreciate your help so far!
--
Ben

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Ben wrote:
> > Hi all. I think I may have goofed...
> >
> > We were getting a good many DNS errors on a server that was setup
> > before I took this job. I was doing some other things on the network
> > like changing the IP scheme and some updates to some software, when I
> > had the bright idea to uninstall DNS and then just reinstall it.
> >
> > Well, now I am getting more errors. The workstations are taking much
> > longer to login, in the event viewer of the XP workstations, I am
> > getting errors stating like:
> >
> > Automatic certificate enrollment for local system failed to contact
> > the active directory (0x8007054b). The specified domain either does
> > not exist or could not be contacted.
> > Enrollment will not be performed.
> >
> > and
> >
> > Windows cannot determine the user or computer name. (The specified
> > domain either does not exist or could not be contacted. ). Group
> > Policy processing aborted.
> >
> > Is there hope of getting DNS fixed without removing AD and redoing
> > the whole AD and DNS setup?
>
> Sure there is, did you uninstall the DNS server service?
> Did you get it reinstalled if you did?
>
> Do you have a forward lookup zone for your Active Directory domain name?
> (From ADU&C)
> If not, create one. And set it to allow dynamic updates.
>
> Does your AD Domain name match you Primary DNS suffix in your ipconfig /all?
> If not see:
> 257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
> Name
> http://support.microsoft.com/?id=257623&sd=RMVP
>
> Is your AD Domain Name a single-label name (domain vs. domain.com)
> If it is see:
> 300684 - Information About Configuring Windows 2000 for Domains with
> Single-Label DNS Names
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&sd=RMVP
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>

Ben81 · External Since: Aug 22, 2004 Posts: 76

Forget that last question for now about the local domain name being the same
as the internet domain name. After I took a few deep breaths, I found where
you had answered the same question in another forum. I will try the
suggestions listed there.

Thanks again!
Ben

"Ben" wrote:

> Thanks Kevin! You pointed me in the right direction and I was able to get
> DNS back up and running correctly.
>
> Unfortunatly, I encountered another issue which I knew would be when I read
> you reply. The idiot that setup this server (again I was not here when it
> was done), set it up as a .com domain name. This causes a problem because it
> is also our internet domain name. For expample:
>
> Local domain in the office: ourdomain.com
> Website: www.ourdomain.com
> Email: mail.ourdomain.com
>
> So I had DNS "fixed" when I left the office late last night and when I come
> in this morning, no one on our network here at the office can get their email
> or go to our website.
>
> Any ideas on how to circumvent this? Again, this is a Server 2003 box (I
> realized that I was in the wrong forum after I read your reply).
>
> Thanks again. I really appreciate your help so far!
> --
> Ben
>
>
> "Kevin D. Goodknecht Sr. [MVP]" wrote:
>
> > Ben wrote:
> > > Hi all. I think I may have goofed...
> > >
> > > We were getting a good many DNS errors on a server that was setup
> > > before I took this job. I was doing some other things on the network
> > > like changing the IP scheme and some updates to some software, when I
> > > had the bright idea to uninstall DNS and then just reinstall it.
> > >
> > > Well, now I am getting more errors. The workstations are taking much
> > > longer to login, in the event viewer of the XP workstations, I am
> > > getting errors stating like:
> > >
> > > Automatic certificate enrollment for local system failed to contact
> > > the active directory (0x8007054b). The specified domain either does
> > > not exist or could not be contacted.
> > > Enrollment will not be performed.
> > >
> > > and
> > >
> > > Windows cannot determine the user or computer name. (The specified
> > > domain either does not exist or could not be contacted. ). Group
> > > Policy processing aborted.
> > >
> > > Is there hope of getting DNS fixed without removing AD and redoing
> > > the whole AD and DNS setup?
> >
> > Sure there is, did you uninstall the DNS server service?
> > Did you get it reinstalled if you did?
> >
> > Do you have a forward lookup zone for your Active Directory domain name?
> > (From ADU&C)
> > If not, create one. And set it to allow dynamic updates.
> >
> > Does your AD Domain name match you Primary DNS suffix in your ipconfig /all?
> > If not see:
> > 257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
> > Name
> > http://support.microsoft.com/?id=257623&sd=RMVP
> >
> > Is your AD Domain Name a single-label name (domain vs. domain.com)
> > If it is see:
> > 300684 - Information About Configuring Windows 2000 for Domains with
> > Single-Label DNS Names
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&sd=RMVP
> >
> > --
> > Best regards,
> > Kevin D. Goodknecht Sr. [MVP]
> > Hope This Helps
> > ===================================
> > When responding to posts, please "Reply to Group"
> > via your newsreader so that others may learn and
> > benefit from your issue, to respond directly to
> > me remove the nospam. from my email address.
> > ===================================
> > http://www.lonestaramerica.com/
> > http://support.wftx.us/
> > http://message.wftx.us/
> > ===================================
> > Use Outlook Express?... Get OE_Quotefix:
> > It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> > ===================================
> > Keep a back up of your OE settings and folders
> > with OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> > ===================================
> >
> >
> >

Paul Bergson · External Since: Jun 03, 2005 Posts: 571

I would follow Kevin's advice and also run diagnostics.

DNSLint for dns health
dnslint /ad /s "ip address of your dc"

Diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Ben" wrote in message

> Hi all. I think I may have goofed...
>
> We were getting a good many DNS errors on a server that was setup before I
> took this job. I was doing some other things on the network like changing
> the IP scheme and some updates to some software, when I had the bright
> idea
> to uninstall DNS and then just reinstall it.
>
> Well, now I am getting more errors. The workstations are taking much
> longer
> to login, in the event viewer of the XP workstations, I am getting errors
> stating like:
>
> Automatic certificate enrollment for local system failed to contact the
> active directory (0x8007054b). The specified domain either does not exist
> or
> could not be contacted.
> Enrollment will not be performed.
>
> and
>
> Windows cannot determine the user or computer name. (The specified domain
> either does not exist or could not be contacted. ). Group Policy
> processing
> aborted.
>
> Is there hope of getting DNS fixed without removing AD and redoing the
> whole
> AD and DNS setup?
>
> --
> Thanks for your help!
> Ben

Kevin D. Goodknech1 · External Since: Jun 20, 2004 Posts: 1397

wrote:
> I have a similar situation. The domain was somehow removed from DNS.
>
> The domain was then recreated in DNS. It has repopulated some stuff
> but not all.
>
> The only folder that exists under the recreated domain on the PDC/DNS
> server is the _msdcs folder and it is incomplete
>
> I know this because there are two other DCs which appear to be
> recursive to each other as secondaries (strange).

You really puzzled me on this statement.

They have more
> records from prior to the removal on the PDC/DNS server, for example,
> _tcp, _udp, etc.
>
> Should I
a) manually create the missing folders?
b) create the missing records under them and
c) remove the secondaries once a and b are done then set them up correctly
as secondaries to the master?
-or-
d) None of the above

You need to clarify your scenario, are all DNS server Domain Controllers?
Domain Controllers in the same domain? Forest if Win2k3?
Zones AD Integrated?

Don't confuse Primary and Secondary with Preferred and Alternate.
If all DNS servers are on Domain Controllers in the same domain, you can
have a zone that is AD Integrated on one server and Secondary on another
DC/DNS in the same domain (or forest if Win2k3)

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Kevin D. Goodknech1 · External Since: Jun 20, 2004 Posts: 1397

Ben wrote:
> Forget that last question for now about the local domain name being
> the same
> as the internet domain name. After I took a few deep breaths, I
> found where you had answered the same question in another forum. I
> will try the suggestions listed there.

Yes, I think I've answered that question several times this week already.
I'm glad you found the answer, I would have answered it again without
hesitation, if you had asked it though.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================