DNS Server on Windows Server 2012 does not pass basic, delegations, dynamic updates, and records registration tests upon running DCDiag /c /v, how do I fix this problem? I am new to managing DNS in a small server forest.

Vincent Badenhorst 0 Reputation points
2023-05-31T16:03:16.79+00:00
C:\Users\Administrator>DCDiag /c /v

 

Directory Server Diagnosis

 

Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine server1, is a Directory Server.

   Home Server = server1

   * Connecting to directory service on server server1

   * Identified AD Forest.

   Collecting AD specific global data

   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=dc,DC=ca,LD

AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......

   The previous call succeeded

   Iterating through the sites

   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name

,CN=Sites,CN=Configuration,DC=dc,DC=ca

   Getting ISTG and options for the site

   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=dc,DC=ca,LD

AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......

   The previous call succeeded....

   The previous call succeeded

   Iterating through the list of servers

   Getting information for the server CN=NTDS Settings,CN=server1,CN=Servers,C

N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dc,DC=ca

   objectGuid obtained

   InvocationID obtained

   dnsHostname obtained

   site info obtained

   All the info for the server collected

   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.

 

Doing initial required tests

 

   Testing server: Default-First-Site-Name\server1

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         The host host could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... server1 failed test Connectivity

 

Doing primary tests

 

   Testing server: Default-First-Site-Name\server1

      Skipping all tests, because server server1 is not responding to

      directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

 

      Starting test: DNS

 

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results

         ......................... server1 passed test DNS

 

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

 

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

 

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

 

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

 

   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... domain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... domain passed test CrossRefValidation

 

   Running enterprise tests on : domain.ca

      Starting test: DNS

         Test results for domain controllers:

 

            DC: server1.domain.ca

            Domain: domain.ca

 

 

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

 

               TEST: Basic (Basc)

                  Error: No LDAP connectivity

                  The OS

                  Microsoft Windows Server 2012 Standard (Service Pack level: 0.

0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter adapter:

                     MAC address is AA:AA:AA:AA:AA

                     IP Address is static

                     IP address: 0.0.0.0,

                     DNS servers:

                        Warning:

                        0.0.0.0 (server1) [Invalid]

                        Warning: adapter

                        [00000010] adapter has

                        invalid DNS server: 0.0.0.0 (server1)

                  Error: all DNS servers are invalid

                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found prim

ary

                  Root zone on this DC/DNS server was not found

 

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information:

                    some forwarder addresss (<name unavailable>) [Valid]

 

               TEST: Delegations (Del)

                  Delegation information for the zone: domain.ca

                     Delegated domain name: corp.domain.ca

                        Warning: Delegation of DNS server server1. is broken o

n IP:0.0.0.1

                        Warning: Delegation of DNS server server1. is broken o

n IP:ip

                        Error: DNS server: server1

                        IP:ip

                        [Broken delegation]

 

               TEST: Dynamic update (Dyn)

                  Warning: Failed to add the test record dcdiag-test-record in z

one domain.ca

                  [Error details: 9002 (Type: Win32 - Description: DNS server fa

ilure.)]

                  Test record dcdiag-test-record deleted successfully in zone domain.ca

 

            TEST: Records registration (RReg)

               Error: Record registrations cannot be found for all the network

               adapters

 

         Summary of test results for DNS servers used by the above domain

         controllers:

 

            DNS server: 0.0.0.1 (server2.)

               1 test failure on this DNS server

               PTR record query for the something.in-addr.arpa. failed on the DN

S server 0.0.0.1               [Error details: 1460 (Type: Win32 - Descripti

on: This operation returned because the timeout period expired.)]

               DNS delegation for the domain corp.domain.ca. is broken on IP 0.0.0.1

 

               [Error details: 1460 (Type: Win32 - Description: This operation r

eturned because the timeout period expired.)]

 

            DNS server: 0.0.0.0 (server1)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.domain.ca failed on

 the DNS server 0.0.0.0

               [Error details: 9003 (Type: Win32 - Description: DNS name does no

t exist.)]

 

            DNS server: dnsaddress (server1.)

               1 test failure on this DNS server

               PTR record query for the address.ip6.arpa failed on the DNS server server address            [Error details: 1460 (Type: Win32 - Description: This

 operation returned because the timeout period expired.)]

               DNS delegation for the domain corp.domain.ca. is broken on IP ip address

 

               [Error details: 1460 (Type: Win32 - Description: This operation r

eturned because the timeout period expired.)]

 

            DNS server: server address (<name unavailable>)

               All tests passed on this DNS server

 

         Summary of DNS test results:

 

                                            Auth Basc Forw Del  Dyn  RReg Ext

            _________________________________________________________________

            Domain: domain.ca

               server1                    PASS FAIL PASS FAIL WARN FAIL n/a

 

         ......................... domain.ca failed test DNS

      Starting test: LocatorCheck

         GC Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         PDC Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         Time Server Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         Preferred Time Server Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         KDC Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         ......................... domain.ca passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         PDC Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         Time Server Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         Preferred Time Server Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         KDC Name: \\server1.domain.ca

         Locator Flags: 0xe00073fd

         ......................... domain.ca passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.

         ......................... domain.ca passed test Intersite
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,565 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,569 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,183 questions
0 comments No comments
{count} votes

8 answers

Sort by: Most helpful
  1. Anonymous
    2023-05-31T16:50:18.86+00:00

    Please run;

    Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
    repadmin /showrepl >C:\repl.txt (run on any domain controller)
    ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)

    Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

    then put unzipped text files up on OneDrive and share a link.


  2. Anonymous
    2023-05-31T17:44:22.2266667+00:00

    Looks like there could be a rouge IPv6 DHCP server on the network. If IPv6 is being used it must be configured correctly. Simplest solution may be to disable the IPv6 DHCP server (likely is a router?) Then do ipconfig /flushdns, ipconfig /registerdns, restart the netlogon service.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  3. Anonymous
    2023-05-31T18:02:31.2366667+00:00

    Most likely is a rouge router on the network. If you cannot locate it then another option is to uncheck IPv6 as below. Then do ipconfig /flushdns, ipconfig /registerdns, restart the netlogon service. Then if problems persist put up a new set of files to look at.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    User's image


  4. Anonymous
    2023-05-31T18:27:18.9066667+00:00

    My only forwarder uses ipv6

    For what purpose? Internet or other domain DNS?

    You can also try setting up prefer IPv4 over IPv6 https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  5. Anonymous
    2023-05-31T18:34:07.5133333+00:00

    You can add any public IPv4 addresses as forwarders such as 8.8.8.8, 8.8.4.4 or if you prefer your own ISP then lookup their IPv4 addresses to use.

    --please don't forget to upvote and Accept as answer if the reply is helpful--