Forum Discussion

David_Bex's avatar
David_Bex
Copper Contributor
Sep 11, 2019

Server 2016 Std DNS BPA Errors

I have three DNS errors and a large number of warnings which I cannot resolve.  There is also a problem with Windows Time which cannot resolve the time server and defaults to the CMOS clock.

 

There is only one ethernet adaptor:

IPConfig/all gives:

 


Windows IP Configuration

Host Name . . . . . . . . . . . . : XXX-Server
Primary Dns Suffix . . . . . . . : XXX.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.local

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connection
Physical Address. . . . . . . . . : AC-1F-6B-6A-2F-F5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f8db:3ccb:4fb6:a153%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 61611883
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-E0-CA-14-AC-1F-6B-6A-2F-F5
DNS Servers . . . . . . . . . . . : 10.0.0.100
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7E07F518-866F-449E-8032-3F6AAF177C0F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

 

DCDiag /test:dns gives:


Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = XXX-Server
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\XXX-Server
Starting test: Connectivity
......................... XXX-SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\XXX-SERVER

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... XXX-SERVER passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : XXX

Running enterprise tests on : XXX.local
Starting test: DNS
Test results for domain controllers:

DC: XXX-Server.XXX.local
Domain: XXX.local


TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone XXX.local

XXX-Server PASS PASS PASS PASS WARN PASS n/a
......................... XXX.local passed test DNS

 

Any help gratefully received.

  •  

    There is only one ethernet adaptor:

    If this were the PDC emulator then time would / should be sync'd to either a hardware clock or possibly an external known source.

     

     

     

     

    w32tm /unregister
    net stop w32time
    w32tm /register
    net start w32time
    w32tm /config /manualpeerlist:xxx.xxx.xxx.xxx /syncfromflags:manual /reliable:yes /update
    net stop w32time
    net start w32time

     

     

     

    then check

     

     

     

    w32tm /query /source
    w32tm /query /configuration

     

     

     

    (replace xxx.xxx.xxx.xxx with desired source)

     https://tf.nist.gov/tf-cgi/servers.cgi

     

      

    If you're using integration services Time synchronization box checked then this overrides NT5DS and makes the source come from the hypervisor host only.

    All domain members should use NT5DS domain time. Desktops and member servers will sync with any domain controller. Domain controllers sync with PDC emulator, PDCe syncs with either a hardware clock or possibly an external source.

    https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

     

     

     

     

     

    • David_Bex's avatar
      David_Bex
      Copper Contributor

      Thanks very much Dave Patrick for your reply.  Unfortunately the time sync didn't work.  I think there is a slight sequence error in the commands. So I have changed the unregister command to be after the net stop command.  I have changed the time server IP to 3.uk.pool.ntp.org which pings successfully.

       

      The serious issue as I see it are the DNS errors.  I suppose I can always set the CMOS clock accurately occasionally but any further assistance in resolving the NTP issue gratefully received..

       

      Results below:

       

      C:\Users\XXX-Admin>net stop w32time
      The Windows Time service is stopping.
      The Windows Time service was stopped successfully.

      C:\Users\XXX-Admin>w32tm /unregister
      W32Time successfully unregistered.
      C:\Users\XXX-Admin>w32tm /register
      W32Time successfully registered.
      C:\Users\XXX-Admin>net start w32time
      The Windows Time service is starting.
      The Windows Time service was started successfully.

      C:\Users\XXX-Admin>w32tm /config /manualpeerlist:85.199.214.100 /syncfromflags:manual /reliable:yes /update
      The command completed successfully.
      C:\Users\XXX-Admin>net stop w32time
      The Windows Time service is stopping.
      The Windows Time service was stopped successfully.

      C:\Users\XXX-Admin>net start w32time
      The Windows Time service is starting.
      The Windows Time service was started successfully.

      C:\Users\XXX-Admin>w32tm /query /source
      Local CMOS Clock

      C:\Users\XXX-Admin>w32tm /query /configuration
      [Configuration]
      EventLogFlags: 2 (Policy)
      AnnounceFlags: 5 (Policy)
      TimeJumpAuditOffset: 28800 (Local)
      MinPollInterval: 6 (Policy)
      MaxPollInterval: 10 (Policy)
      MaxNegPhaseCorrection: 172800 (Policy)
      MaxPosPhaseCorrection: 172800 (Policy)
      MaxAllowedPhaseOffset: 300 (Policy)
      FrequencyCorrectRate: 4 (Policy)
      PollAdjustFactor: 5 (Policy)
      LargePhaseOffset: 50000000 (Policy)
      SpikeWatchPeriod: 900 (Policy)
      LocalClockDispersion: 2 (Policy)
      HoldPeriod: 5 (Policy)
      PhaseCorrectRate: 1 (Policy)
      UpdateInterval: 100 (Policy)

      [TimeProviders]
      NtpClient (Local)
      DllName: C:\Windows\SYSTEM32\w32time.DLL (Local)
      Enabled: 1 (Local)
      InputProvider: 1 (Local)
      CrossSiteSyncFlags: 2 (Policy)
      AllowNonstandardModeCombinations: 1 (Local)
      ResolvePeerBackoffMinutes: 15 (Policy)
      ResolvePeerBackoffMaxTimes: 7 (Policy)
      CompatibilityFlags: 2147483648 (Local)
      EventLogFlags: 0 (Policy)
      LargeSampleSkew: 3 (Local)
      SpecialPollInterval: 3600 (Policy)
      Type: NT5DS (Policy)
      NtpServer (Local)
      DllName: C:\Windows\SYSTEM32\w32time.DLL (Local)
      Enabled: 1 (Local)
      InputProvider: 0 (Local)
      AllowNonstandardModeCombinations: 1 (Local)
       
       
       

       

       

       

       

       

      • Dave Patrick's avatar
        Dave Patrick
        MVP

        No, the sequence is correct. You can ignore errors depending on the state of service. From the results above the time configuration is being overridden by a policy. However if you're moving on to other issues then please run;

        • Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
        • repadmin /showrepl >C:\repl.txt
        • ipconfig /all > C:\dc1.txt
        • ipconfig /all > C:\dc2.txt
        • ipconfig /all > C:\dc3.txt

        then put unzipped text files up on OneDrive and share a link.
         
         
         

Resources