What causes Summary of DNS Basc Warn?

techcoor 1,251 Reputation points
2021-05-13T22:39:15.007+00:00

Ran Dcdiag /v /c /d /e /s:DC3 >c:\dcdiag.log The DNS tests appear to pass but there is a warning.

Summary of DNS test results:

                                   Auth Basc Forw    Del  Dyn  RReg Ext
        _________________________________________________________________

           DC3               PASS WARN PASS PASS PASS PASS n/a

How do I correct the warning?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,471 questions
0 comments
Accepted answer
  1. techcoor 1,251 Reputation points
    2021-05-24T22:13:21.94+00:00

    Talked to Dell support.
    Was told the problem is a new interface that allows the iDRAC to be accessed through an USB port.
    I decided not to use the new interface that allows the iDRAC to be accessed through an USB port. I went into Network & Internet Settings, Change adapter options, selected the Remote NDIS Compatible Device and disable it.
    The disable did not remove all messages like Warning: Delegation of DNS server DC2.domain. is broken on IP:fde1:53ba:e9a0:de11:906e:5a09:5d53:ed19
    Selected iDrac Settings, Management USB Settings, Disable USB Managment Port

    0 comments

11 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. techcoor 1,251 Reputation points
    2021-05-19T22:20:15.013+00:00

    More problems with Windows Server 2019 unable to handle idrac

    • Active Directory LDAP Services Check
      The GUID based DNS Name resolved to several IPs 
       (fde1:53ba:e9a0:de11:1db4:ef45:906f:49b0, 192.168.1.222), but not all

 were pingable. Replication and other operations may fail if a

 non-pingable IP is chosen. The first pingable IP is 192.168.1.222. 
 Determining IP4 connectivity 
 Failure Analysis: DC1 ... OK.
 * Active Directory RPC Services Check
      The problem repeats for DC2 but not DC3

    DC1 is not having the same trouble as DC3.

    0 comments
  2. techcoor 1,251 Reputation points
    2021-05-18T00:06:29.76+00:00

    Moved the The DFS Replication service is stopping communication with partner DC3 for replication group Domain System Volume due to an error. to a separate question.

    Made the change suggested by BPA for Short file name creation should be disabled.

    Where are you looking for abnormalities in the current DNS resolution?

    Looking at events for DNS see
    DC3 4013 Warning Microsoft-Windows-DNS-Server-Service DNS Server 5/16/2021 5:12:54 PM
    The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

    Seems like an old warning from yesterday.

    https://activedirectorypro.com/dns-best-practices says:
    How To Run BPA DNS Using The GUI. Open Server Manager, then click DNS. Now scroll down to the Best Practices Analyzer section, click tasks then select “Start BPA Scan” Once the scan completes the results will be displayed.

    DC3 Warning DNS: Ethernet should be configured to use both a preferred and an alternate DNS server Configuration
    DC3 Warning DNS: Ethernet should have static IPv4 settings Configuration
    DC3 Warning DNS: Ethernet should have static IPv4 settings Configuration
    DC3 Warning DNS: The DNS server should have scavenging enabled. Configuration
    DC3 Error DNS: The IP address 169.254.1.2 on Ethernet must be accessible to clients Configuration
    DC3 Error DNS: DNS servers on NIC2 should include the loopback address, but not as the first entry. Configuration
    DC3 Error DNS: DNS servers on NIC2 should include the loopback address, but not as the first entry. Configuration

    First problem here is BPA is unable to handle the Dell iDrac. BPA assume iDrac is a standard NIC which iDrac is not. So to clear those BPA errors. Disable the iDrac and rerun.

    That eliminates 4 problems

    DC3 Warning DNS: Root hint server 128.63.2.53 must respond to NS queries for the root zone. Configuration
    DC3 Warning DNS: The DNS server should have scavenging enabled. Configuration
    DC3 Error DNS: DNS servers on NIC2 should include the loopback address, but not as the first entry. Configuration

    Taking the first one. BPA directs to https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807382(v=ws.10)?redirectedfrom=MSDN

    Tried command nslookup -type=ns . 128.63.2.53
    Time out.

    Clicking on ftp://ftp.rs.internic.net/domain/db.cache Changed B.root-servers.net to 199.9.14.201. Changed H.root-servers.et from 128.63.2.53 to 198.97.190.53. Added C.root-servers.net, D.root-servers.net, and E.root-server.net

    Taking the middle one BPA directs to https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807390(v=ws.10)?redirectedfrom=MSDN

    1.Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
    2.Click the Advanced tab.
    3.Select the Enable automatic scavenging of stale records check box.

    The location of Advanced tab is unclear.
    The location is right clicking the DC name and selecting properties, Advanced.
    Checked Enable automatic scavenging of stale records.

    Third This ties in with the problem I am trying to fix.
    BPA directs to https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10)?redirectedfrom=MSDN

    But there is no help here. If I look at IPv4 I only see ip address for DC2 and DC3. I do not see where the 127.0.0.1 is coming from.

  3. techcoor 1,251 Reputation points
    2021-05-19T21:37:55.917+00:00

    From dcdiag /test:dns /v /s:DC /DnsBasic /f:c:\dc3diagreport.txt
    DC = DC3
    TEST: Basic (Basc)
    The OS Microsoft Windows Server 2019 Standard (Service Pack level: 0.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet: MAC address is 2C:EA:7F:99:AD:9D
    IP Address is static
    IP address: 192.168.1.220, fe80::e9b6:2818:92c2:cbba
    DNS servers: 192.168.1.214 (DC2) [Valid]
    192.168.1.220 (DC3) [Valid]
    Adapter [00000003] Remote NDIS Compatible Device: MAC address is 2C:EA:7F:99:AD:99
    Warning IP address is dynamic (can be a misconfiguration)
    Warning: Adapter 2C:EA:7F:99:AD:99 has dynamic IP address (can be a misconfiguration) IP address: 169.254.1.2, fe80::9d97:9275:531a:deb, fde1:53ba:e9a0:de11:9d97:9275:531a:deb
    DNS servers: 127.0.0.1 (DC3) [Valid]
    The A host record(s) for this DC was found
    The SOA record for the Active Directory zone was found
    The Active Directory zone on this DC/DNS server was found primary
    Root zone on this DC/DNS server was not found
    Summary of test results for DNS servers used by the above domain controllers:

    The NIC lists second DNS as the DC3 ip address. Windows Server 2019 for this DC is tripping over the iDRAC (NDIS)

    DC1
    TEST: Basic (Basc)
    The OS Microsoft Windows Server 2019 Standard (Service Pack level: 0.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000003] Broadcom NetXtreme Gigabit Ethernet: MAC address is D0:94:66:5F:9D:6A
    IP Address is static
    IP address: 192.168.1.222, fe80::c4ff:da78:48b3:4c18
    DNS servers: 192.168.1.214 (DC2) [Valid]
    192.168.1.222 (DC1) [Valid]
    The A host record(s) for this DC was found
    The SOA record for the Active Directory zone was found
    The Active Directory zone on this DC/DNS server was found primary
    Root zone on this DC/DNS server was not found
    Summary of test results for DNS servers used by the above domain controllers:
    Have two identical servers configured the same way with the NIC second DNS server the ip address of that same server. One trips on idrac and one does not.

    Disable idrac on DC3.
    TEST: Basic (Basc)
    The OS Microsoft Windows Server 2019 Standard (Service Pack level: 0.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet: MAC address is 2C:EA:7F:99:AD:9D
    IP Address is static
    IP address: 192.168.1.220, fe80::e9b6:2818:92c2:cbba
    DNS servers: 192.168.1.214 (DC2) [Valid]
    192.168.1.220 (DC3) [Valid]
    The A host record(s) for this DC was found
    The SOA record for the Active Directory zone was found
    The Active Directory zone on this DC/DNS server was found primary
    Root zone on this DC/DNS server was not found
    Summary of test results for DNS servers used by the above domain controllers:
    That also fixes the problem
    Auth Basc Forw Del Dyn RReg Ext
    _________________________________________________________________
    Domain: Domain
    DC3 PASS PASS n/a n/a n/a n/a n/a

    The problem becomes why can not the new server handle the idrac?

    0 comments