question

techcoor-9538 avatar image
0 Votes"
techcoor-9538 asked techcoor-9538 answered

What causes Summary of DNS Basc Warn?

Ran Dcdiag /v /c /d /e /s:DC3 >c:\dcdiag.log The DNS tests appear to pass but there is a warning.

Summary of DNS test results:

                                    Auth Basc Forw    Del  Dyn  RReg Ext
         _________________________________________________________________
           
            DC3               PASS WARN PASS PASS PASS PASS n/a  

How do I correct the warning?


windows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

Talked to Dell support.
Was told the problem is a new interface that allows the iDRAC to be accessed through an USB port.
I decided not to use the new interface that allows the iDRAC to be accessed through an USB port. I went into Network & Internet Settings, Change adapter options, selected the Remote NDIS Compatible Device and disable it.
The disable did not remove all messages like Warning: Delegation of DNS server DC2.domain. is broken on IP:fde1:53ba:e9a0:de11:906e:5a09:5d53:ed19
Selected iDrac Settings, Management USB Settings, Disable USB Managment Port

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

The link you posted lists:
Basic
BASIC
Warning

Additional information

Warning: Adapter <adapter name> has dynamic IP address

Static IP addresses are recommended for all DNS servers.

Warning: Adapter <adapter name> has invalid DNS server: <name> <IP address>

DNS server may not be reachable.

Warning: No DNS RPC connectivity (error or non Microsoft DNS server is running)

Disregard this warning if the DNS server is a BIND or other non-Microsoft DNS server.

Warning: The Active Directory zone on this DC/DNS server was not found

N/A

Warning: Root zone on this DC/DNS server was found

How do I identify which of the number of causes listed above is causing a dcdiag warning?

This may be due to when the DNS was bought up there was a dynamic IP Address. Maybe this is a matter of clearing stored DNS errors

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered techcoor-9538 edited

ipconfig /flushdns, ipconfig /registerdns, restart the netlogon service did not solve the problem.

I will try uninstalling DNS and reinstalling.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

Uninstalling and reinstalling DNS did not work.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered DSPatrick commented

Modified your instructions with do not use Microsoft Edge as browser.
Opened Firefox.

https://1drv.ms/u/s!AnPHxlFO27CBjA4bPPmRnyxiBtaL?e=vpxU2L

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

Ran dcdiag /test:dns /v /s:DC3 /DnsBasic /f:dcdiagdnst.txt

This is more telling.

127.0.0.1 (DC3) [Valid].
dcdiag /test:dns /v /s:<DCName> /DnsBasic /f:dcdiagreport.txt
Therefore, DNS is ignoring the static ip address on NIC 2 and insisting going to NIC 1 which is not configured.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered CandyLuo-MSFT commented

To DSPatrick

I can not see any of your replies.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi,

Therefore, DNS is ignoring the static ip address on NIC 2 and insisting going to NIC 1 which is not configured.

Did you configure two NIC on your DC/DNS server? If yes, please disable NIC 1(that you don't need to use) and then check DNS test results.

By the way, you can run Best Practices Analyzer to scan DNS role.

For more details about Best Practices Analyzer, you can refer to the following link:

Run Best Practices Analyzer Scans and Manage Scan Results

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered CandyLuo-MSFT commented

I can not see your last post on this page. The post did arrive by email.

This is where I am at:

  1.  Therefore, DNS is ignoring the static ip address on NIC 2 and insisting going to NIC 1 which is not configured.
    

Did you configure two NIC on your DC/DNS server? If yes, please disable NIC 1(that you don't need to use) and then check DNS test results.

NIC 1 was disabled already.

My statement” insisting going to NIC 1” is probably inaccurate. I was trying to guess at where the 127.0.0.1 is coming from.
TEST: Basic (Basc)
The OS Microsoft Windows Server 2019 Standard (Service Pack level: 0.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 2C:EA:7F:99:AD:9D
IP Address is static
IP address: 192.168.1.220, fe80::e9b6:2818:92c2:cbba
DNS servers:
192.168.1.222 (DC1) [Valid]
192.168.1.214 (DC2) [Valid]
127.0.0.1 (DC3) [Valid]
Adapter [00000003] Remote NDIS Compatible Device:
MAC address is 2C:EA:7F:99:AD:99
Warning IP address is dynamic (can be a misconfiguration)
Warning: Adapter 2C:EA:7F:99:AD:99 has dynamic IP address (can be a misconfiguration)
IP address: 169.254.1.2, fe80::9d97:9275:531a:deb, fde1:53ba:e9a0:de11:9d97:9275:531a:deb
DNS servers:
127.0.0.1 (DC3) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

But I see no 127.0.0.1 if I run the same command on DC1.

TEST: Basic (Basc)
The OS Microsoft Windows Server 2019 Standard (Service Pack level: 0.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000003] Broadcom NetXtreme Gigabit Ethernet:
MAC address is D0:94:66:5F:9D:6A
IP Address is static
IP address: 192.168.1.222, fe80::c4ff:da78:48b3:4c18
DNS servers:
192.168.1.214 (DC2) [Valid]
192.168.1.220 (DC3) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

  1.  The DFS Replication service is stopping communication with partner DC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. 
             Additional Information:              Error: 1723 (The RPC server is too busy to complete this operation.)              Connection ID: 3102F341-A9F9-469F-ACED-D8D4D6B4AF9B              Replication Group ID: 678AF27B-4AC7-459A-84CD-C1C04A6BEB1F          An error event occurred.  EventID: 0xC0001390             Time Generated: 05/12/2021   19:34:07             Event String:             The DFS Replication service failed to communicate with partner DC3 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server.  
    

The DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 9036 (Paused for backup or restore) Connection ID: 92888B85-F6BD-4B62-BEB1-4EA4EA0046DD Replication Group ID: 678AF27B-4AC7-459A-84CD-C1C04A6BEB1F

Checking Windows Backup and it is not running a backup. Checked Retrospect and it is not running backup. Exit Retrospect and rerun test. Problem still listed. Removed Windows Server backup role and reran. Problem is still listed. Restarted Retrospect and added back Window Server backup role.

  1.  By the way, you can run Best Practices Analyzer to scan DNS role.
    

For more details about Best Practices Analyzer, you can refer to the following link:
Run Best Practices Analyzer Manage Scan Results

I went to File and Storage Services, Servers, Best Practices Analyzer and selected Start BPA Scan.
It ended up generating 99 total comments. Apparently the problems are not listed and one has to click each item. It did complain about Warning Short file name creation should be disabled
How important is that registry edit? There does not seem to be anything for Summary of DNS problem.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are there any abnormalities in the current DNS resolution? For DFSR error, you can have this asked in AD forum.

0 Votes 0 ·
techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered CandyLuo-MSFT commented

Moved the The DFS Replication service is stopping communication with partner DC3 for replication group Domain System Volume due to an error. to a separate question.

Made the change suggested by BPA for Short file name creation should be disabled.

Where are you looking for abnormalities in the current DNS resolution?

Looking at events for DNS see
DC3 4013 Warning Microsoft-Windows-DNS-Server-Service DNS Server 5/16/2021 5:12:54 PM
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Seems like an old warning from yesterday.

https://activedirectorypro.com/dns-best-practices says:
How To Run BPA DNS Using The GUI. Open Server Manager, then click DNS. Now scroll down to the Best Practices Analyzer section, click tasks then select “Start BPA Scan” Once the scan completes the results will be displayed.

DC3 Warning DNS: Ethernet should be configured to use both a preferred and an alternate DNS server Configuration
DC3 Warning DNS: Ethernet should have static IPv4 settings Configuration
DC3 Warning DNS: Ethernet should have static IPv4 settings Configuration
DC3 Warning DNS: The DNS server should have scavenging enabled. Configuration
DC3 Error DNS: The IP address 169.254.1.2 on Ethernet must be accessible to clients Configuration
DC3 Error DNS: DNS servers on NIC2 should include the loopback address, but not as the first entry. Configuration
DC3 Error DNS: DNS servers on NIC2 should include the loopback address, but not as the first entry. Configuration

First problem here is BPA is unable to handle the Dell iDrac. BPA assume iDrac is a standard NIC which iDrac is not. So to clear those BPA errors. Disable the iDrac and rerun.

That eliminates 4 problems

DC3 Warning DNS: Root hint server 128.63.2.53 must respond to NS queries for the root zone. Configuration
DC3 Warning DNS: The DNS server should have scavenging enabled. Configuration
DC3 Error DNS: DNS servers on NIC2 should include the loopback address, but not as the first entry. Configuration

Taking the first one. BPA directs to https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807382(v=ws.10)?redirectedfrom=MSDN

Tried command nslookup -type=ns . 128.63.2.53
Time out.

Clicking on ftp://ftp.rs.internic.net/domain/db.cache Changed B.root-servers.net to 199.9.14.201. Changed H.root-servers.et from 128.63.2.53 to 198.97.190.53. Added C.root-servers.net, D.root-servers.net, and E.root-server.net



Taking the middle one BPA directs to https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807390(v=ws.10)?redirectedfrom=MSDN

1.Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
2.Click the Advanced tab.
3.Select the Enable automatic scavenging of stale records check box.

The location of Advanced tab is unclear.
The location is right clicking the DC name and selecting properties, Advanced.
Checked Enable automatic scavenging of stale records.

Third This ties in with the problem I am trying to fix.
BPA directs to https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10)?redirectedfrom=MSDN

But there is no help here. If I look at IPv4 I only see ip address for DC2 and DC3. I do not see where the 127.0.0.1 is coming from.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I do not see where the 127.0.0.1 is coming from.

Could you post some screenshots to help us understand your issue better? Where did you see the 127.0.0.1?



0 Votes 0 ·