Active Directory, Domain Controller and DNS

Anyone who has ever installed Exchange Server 2000 on a Windows 2000 Domain Controller will tell you that it can be a real pain in the rump when something goes wrong.  You see, the SMTP service, Exchange services, DNS service and active directory services are all intertwined like grandma’s spaghetti on your dinner plate (sans the tomato sauce). God forbid that anyone of them should go out to lunch one day, and the whole server comes crashing down to it’s knees. 

I happen to find out yesterday that none of my outgoing mails were leaving the Exchange outbound message queues.  After taking a quick peek at the event log I saw a long list of red messages – Event ID 5774 Net Logon DNS failed access errors.  Somehow, my DNS forward lookup zones were messed up, and Active Directory was in a tizzy over it.  This caused Exchange to sulk and thus no mail was leaving the server. Naturally, I checked Google and found an article about reinstalling DNS zones in Active Directory (link). 

I do not confess to being an AD nor an Exchange 2000 guru, so I followed the instructions as best as I could, and eventually fixed my problem (well it at least appears that way for now).  Below is a synopsis of the steps I followed.  Be sure that you know what you’re doing before following these instructions, they worked for me, but not every situation is the same and there is a possibility that you might toast your server.  If possible backup the server first. Also, I only tried these steps on a Windows 2000 server domain controller with Exchange 2000 on the same box – there is no saying how these steps will behave in a different configuration.

Haven’t scared you off? Good, here we go…

1. Open up Administrative Tools in the Control panel (If I’ve lost you already then I would suggest calling in an expert).
2. Double click the DNS applet to view the currently installed forward lookup zones and reverse look up zones.
3. Right click each zone, click properties and change active directory zones types to “Standard Primary”.
    (Before making and changes, make a note of the zone settings for later).
4. Double click the services applet, find the DNS Server service and stop it.
5. Stop the Net Logon service too.
6. In %SystemRoot%System32DNS remove the “.dns” files corresponding to the zones you just changed in step #3.
7. Double click the Active Directory Users and Computers applet.
8. Click the view menu and make sure that Advanced Features is checked.
9. In the treeview on the left navigate to SystemMicrosoftDNS
10. Remove the zones (note: ignore the scary dialog about removing entries from Exchange if you have Exchange installed, it didn’t seem to break anything).
11. Remove the zones from the DNS server applet.
12. From a command prompt execute ipconfig /flushdns.

The article, I read, mentioned removing and reinstalling the DNS server service at one point, which cannot hurt (unless you have custom configured your DNS entries).  I’ll not document these steps because if you’ve got this far then you should know how to do this already.  The DNS service can be uninstalled from “Add Remove Windows Components” in the control panel.

12. With a fresh install of the DNS server continue with the following steps.
13. Make sure the DHCP client is running.
14. Remove all DNS IP addresses from the active network TCP/IP settings, and set the main DNS server address to the IP address of this domain controller.

NOTE : The Dynamic Host Configuration Protocol (DHCP) client service needs to be running on each of these computers to register the records in Dynamic DNS. It is not relevant if the computer is a DHCP client or not. You must have this service set to “start” and the “Start up” type set to “automatic.” The DHCP client service is what registers records in Dynamic DNS. (Refer to the description in the Computer Management snap-in.) – Yes this one perplexed me at first, but it seems to make sense.

15. If not already started, start the DNS Server service and Net Logon service.
16. Open the DNS server applet again and add the forward zones and reverse zones back from step #3, their type should be AD integrated.
17. From the command line execute ipconfig /flushdns followed by ipconfig /registerdns.
18. Make sure that you can still access the Active Directory Users and Computers applet.
19. Reboot the server for kicks, and all may be good again.

After I had completed the above I no longer received Net Logon errors, and pending mail in the Exchange SMTP queues started to leave the server.  I’ll check back in a few hours to see if I see anymore problems listed in the event log, but for now the outlook appears sunny.

2 thoughts on “Active Directory, Domain Controller and DNS

Comments are closed.