Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 03:30 PM (PDT)
Microsoft Tech Community
LIVE

Server 2016 Std DNS BPA Errors

Copper Contributor

I have three DNS errors and a large number of warnings which I cannot resolve.  There is also a problem with Windows Time which cannot resolve the time server and defaults to the CMOS clock.

clipboard_image_2.png

clipboard_image_3.png

 

There is only one ethernet adaptor:

clipboard_image_1.png

IPConfig/all gives:

 


Windows IP Configuration

Host Name . . . . . . . . . . . . : XXX-Server
Primary Dns Suffix . . . . . . . : XXX.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.local

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connection
Physical Address. . . . . . . . . : AC-1F-6B-6A-2F-F5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f8db:3ccb:4fb6:a153%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 61611883
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-E0-CA-14-AC-1F-6B-6A-2F-F5
DNS Servers . . . . . . . . . . . : 10.0.0.100
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7E07F518-866F-449E-8032-3F6AAF177C0F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

 

DCDiag /test:dns gives:


Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = XXX-Server
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\XXX-Server
Starting test: Connectivity
......................... XXX-SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\XXX-SERVER

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... XXX-SERVER passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : XXX

Running enterprise tests on : XXX.local
Starting test: DNS
Test results for domain controllers:

DC: XXX-Server.XXX.local
Domain: XXX.local


TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone XXX.local

XXX-Server PASS PASS PASS PASS WARN PASS n/a
......................... XXX.local passed test DNS

 

Any help gratefully received.

8 Replies

 

There is only one ethernet adaptor:

clipboard_image_1.png

If this were the PDC emulator then time would / should be sync'd to either a hardware clock or possibly an external known source.

 

 

 

 

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:xxx.xxx.xxx.xxx /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time

 

 

 

then check

 

 

 

w32tm /query /source
w32tm /query /configuration

 

 

 

(replace xxx.xxx.xxx.xxx with desired source)

 https://tf.nist.gov/tf-cgi/servers.cgi

 

  

If you're using integration services Time synchronization box checked then this overrides NT5DS and makes the source come from the hypervisor host only.

All domain members should use NT5DS domain time. Desktops and member servers will sync with any domain controller. Domain controllers sync with PDC emulator, PDCe syncs with either a hardware clock or possibly an external source.

https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-direc...

 

 

 

 

 

Thanks very much @Dave Patrick for your reply.  Unfortunately the time sync didn't work.  I think there is a slight sequence error in the commands. So I have changed the unregister command to be after the net stop command.  I have changed the time server IP to 3.uk.pool.ntp.org which pings successfully.

 

The serious issue as I see it are the DNS errors.  I suppose I can always set the CMOS clock accurately occasionally but any further assistance in resolving the NTP issue gratefully received..

 

Results below:

 

C:\Users\XXX-Admin>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

C:\Users\XXX-Admin>w32tm /unregister
W32Time successfully unregistered.
C:\Users\XXX-Admin>w32tm /register
W32Time successfully registered.
C:\Users\XXX-Admin>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

C:\Users\XXX-Admin>w32tm /config /manualpeerlist:85.199.214.100 /syncfromflags:manual /reliable:yes /update
The command completed successfully.
C:\Users\XXX-Admin>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

C:\Users\XXX-Admin>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

C:\Users\XXX-Admin>w32tm /query /source
Local CMOS Clock

C:\Users\XXX-Admin>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Policy)
AnnounceFlags: 5 (Policy)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Policy)
MaxPollInterval: 10 (Policy)
MaxNegPhaseCorrection: 172800 (Policy)
MaxPosPhaseCorrection: 172800 (Policy)
MaxAllowedPhaseOffset: 300 (Policy)
FrequencyCorrectRate: 4 (Policy)
PollAdjustFactor: 5 (Policy)
LargePhaseOffset: 50000000 (Policy)
SpikeWatchPeriod: 900 (Policy)
LocalClockDispersion: 2 (Policy)
HoldPeriod: 5 (Policy)
PhaseCorrectRate: 1 (Policy)
UpdateInterval: 100 (Policy)

[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Policy)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NT5DS (Policy)
NtpServer (Local)
DllName: C:\Windows\SYSTEM32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
 
 
 

 

 

 

 

 

No, the sequence is correct. You can ignore errors depending on the state of service. From the results above the time configuration is being overridden by a policy. However if you're moving on to other issues then please run;

  • Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
  • repadmin /showrepl >C:\repl.txt
  • ipconfig /all > C:\dc1.txt
  • ipconfig /all > C:\dc2.txt
  • ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.
 
 
 

Hi @Dave Patrick

 

Content not anonymised.  Link herewith:

 

https://1drv.ms/u/s!AmMne01oSBYoixayALNeAxb9e8Dt?e=izuUW9

 

Thanks again.

 

Looks Ok to me. I'd suggest removing the router address as forwarder. There are quite a number of DCOM errors in system event log that may need attention. As to anything DNS I'd check the system event log for related errors since last boot.

 

 

@Dave Patrick 

 

Hi Dave
 
Thanks for the response and apologies for the delay in replying. I don't come to site too often and don't like making some changes remotely.
 
I've removed the router IP from the list of forwarders but still have the same BPA results.
 
When I ran the DNS configuration wizard I selected 'small network' there being only nine users and 12 devices hence only creating forward lookup zones. Should I try rerunning the wizard selecting large users and hence creating forward and reverse lookup zones?  This is the only server on the network and as such has the FSMO roles.
 
Thanks.

For any errors reported I'd check the system event log for more details.

 

 

Are the IPv6 root hints actually reachable? Does you have an IPv6 internet connection? I would assume not. If so, you can delete the IPv6 root hints.

The reverse lookup zone is not required, but can ease troubleshooting. You can just create it manually and you're finished. In the dialog, enter the IP address of your network backwards. For example, the reverse lookup zone for 192.168.0.0/24 is 0.168.192.in-addr.arpa.