Windows 2003 server DNS problems

I seem to have a problem with an upgrade Windows NT to Windows 2003
installation.

There was one domain controller on the network, and a second domain
controller was installed as the temporary upgrade server, the temporary
server was promoted as a PDC and the original PDC was promoted to a BDC. The
temporary PDC was disconnected from the network and Windows 2003 was applied
as an upgrade. Everything went ok, then when I added DNS I started to get
the errors below. The DNS server is setup as a forwarder and is pointing to
the router, and under tcp/ip properties the server is setup to point to
itself.

Here are the errors.

Any idea's?

Thanks
John
================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server was unable to complete directory service enumeration of zone
abc.com. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.

Data:
0000: 2a 23 00 00 *#..

=================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.

Data:
0000: 51 00 00 00 Q...

=========================

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 8/9/2005
Time: 3:00:43 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

Data:
0000: 8b 01 00 c0 ‹..À

===============
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 8/9/2005
Time: 3:00:25 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System detected an authentication error for the server . The
failure code from authentication protocol Kerberos was "There are currently
no logon servers available to service the logon request.
(0xc000005e)".

Data:
0000: 5e 00 00 c0 ^..À

The issue could be the DNS "is pointing to the router". Do the netdaig test or post ipconfig /all may help. Check this page for the details,

Event ID 4004 - The DNS server was unable to complete directory service enumeration of zone %1

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"John" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I seem to have a problem with an upgrade Windows NT to Windows 2003
installation.

There was one domain controller on the network, and a second domain
controller was installed as the temporary upgrade server, the temporary
server was promoted as a PDC and the original PDC was promoted to a BDC. The
temporary PDC was disconnected from the network and Windows 2003 was applied
as an upgrade. Everything went ok, then when I added DNS I started to get
the errors below. The DNS server is setup as a forwarder and is pointing to
the router, and under tcp/ip properties the server is setup to point to
itself.

Here are the errors.

Any idea's?

Thanks
John
================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server was unable to complete directory service enumeration of zone
abc.com. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.

Data:
0000: 2a 23 00 00 *#..

=================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.

Data:
0000: 51 00 00 00 Q...

=========================

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 8/9/2005
Time: 3:00:43 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

Data:
0000: 8b 01 00 c0 <..À

===============
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 8/9/2005
Time: 3:00:25 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System detected an authentication error for the server . The
failure code from authentication protocol Kerberos was "There are currently
no logon servers available to service the logon request.
(0xc000005e)".

Data:
0000: 5e 00 00 c0 ^..À

I ran both and it came up as 192.168.0.11 which is the Windows 2003 server.

Any other idea's?

Thanks
"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
The issue could be the DNS "is pointing to the router". Do the netdaig test or post ipconfig /all may help. Check this page for the details,

Event ID 4004 - The DNS server was unable to complete directory service enumeration of zone %1

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"John" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I seem to have a problem with an upgrade Windows NT to Windows 2003
installation.

There was one domain controller on the network, and a second domain
controller was installed as the temporary upgrade server, the temporary
server was promoted as a PDC and the original PDC was promoted to a BDC. The
temporary PDC was disconnected from the network and Windows 2003 was applied
as an upgrade. Everything went ok, then when I added DNS I started to get
the errors below. The DNS server is setup as a forwarder and is pointing to
the router, and under tcp/ip properties the server is setup to point to
itself.

Here are the errors.

Any idea's?

Thanks
John
================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server was unable to complete directory service enumeration of zone
abc.com. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.

Data:
0000: 2a 23 00 00 *#..

=================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.

Data:
0000: 51 00 00 00 Q...

=========================

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 8/9/2005
Time: 3:00:43 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

Data:
0000: 8b 01 00 c0 <..À

===============
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 8/9/2005
Time: 3:00:25 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System detected an authentication error for the server .. The
failure code from authentication protocol Kerberos was "There are currently
no logon servers available to service the logon request.
(0xc000005e)".

Data:
0000: 5e 00 00 c0 ^..À

posting the result of netdiag and nslookup may help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"John" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I ran both and it came up as 192.168.0.11 which is the Windows 2003 server.

Any other idea's?

Thanks
"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
The issue could be the DNS "is pointing to the router". Do the netdaig test or post ipconfig /all may help. Check this page for the details,

Event ID 4004 - The DNS server was unable to complete directory service enumeration of zone %1

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"John" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I seem to have a problem with an upgrade Windows NT to Windows 2003
installation.

There was one domain controller on the network, and a second domain
controller was installed as the temporary upgrade server, the temporary
server was promoted as a PDC and the original PDC was promoted to a BDC. The
temporary PDC was disconnected from the network and Windows 2003 was applied
as an upgrade. Everything went ok, then when I added DNS I started to get
the errors below. The DNS server is setup as a forwarder and is pointing to
the router, and under tcp/ip properties the server is setup to point to
itself.

Here are the errors.

Any idea's?

Thanks
John
================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server was unable to complete directory service enumeration of zone
abc.com. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.

Data:
0000: 2a 23 00 00 *#..

=================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.

Data:
0000: 51 00 00 00 Q...

=========================

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 8/9/2005
Time: 3:00:43 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

Data:
0000: 8b 01 00 c0 <..À

===============
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 8/9/2005
Time: 3:00:25 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System detected an authentication error for the server . The
failure code from authentication protocol Kerberos was "There are currently
no logon servers available to service the logon request.
(0xc000005e)".

Data:
0000: 5e 00 00 c0 ^..À

nslookup returns the following:

*** Can't find server name for address 192.168.0.11: Non-existent domain
Default server: unknown
address: 192.168.0.11

tempsrv.abc.com
server: unknown
address: 192.168.0.11

name: tempsrv.abc.com
address: 192.168.0.11

-----------------------------

from netdiag

Computer Name: TEMPSRV
DNS Host Name: tempsrv.abc.com
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : tempsrv
IP Address . . . . . . . . : 192.168.0.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.150
Dns Servers. . . . . . . . : 192.168.0.11


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{E79233B7-AE98-4E6B-8AE8-20E476B5D9DB}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.11'.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{E79233B7-AE98-4E6B-8AE8-20E476B5D9DB}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{E79233B7-AE98-4E6B-8AE8-20E476B5D9DB}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
posting the result of netdiag and nslookup may help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"John" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I ran both and it came up as 192.168.0.11 which is the Windows 2003 server.

Any other idea's?

Thanks
"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
The issue could be the DNS "is pointing to the router". Do the netdaig test or post ipconfig /all may help. Check this page for the details,

Event ID 4004 - The DNS server was unable to complete directory service enumeration of zone %1

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"John" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I seem to have a problem with an upgrade Windows NT to Windows 2003
installation.

There was one domain controller on the network, and a second domain
controller was installed as the temporary upgrade server, the temporary
server was promoted as a PDC and the original PDC was promoted to a BDC. The
temporary PDC was disconnected from the network and Windows 2003 was applied
as an upgrade. Everything went ok, then when I added DNS I started to get
the errors below. The DNS server is setup as a forwarder and is pointing to
the router, and under tcp/ip properties the server is setup to point to
itself.

Here are the errors.

Any idea's?

Thanks
John
================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server was unable to complete directory service enumeration of zone
abc.com. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.

Data:
0000: 2a 23 00 00 *#..

=================
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 8/9/2005
Time: 2:57:45 PM
User: N/A
Computer: TEMPSRV
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.

Data:
0000: 51 00 00 00 Q...

=========================

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 8/9/2005
Time: 3:00:43 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System could not establish a secured connection with the server
DNS/prisoner.iana.org. No authentication protocol was available.

Data:
0000: 8b 01 00 c0 <..À

===============
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 8/9/2005
Time: 3:00:25 PM
User: N/A
Computer: TEMPSRV
Description:
The Security System detected an authentication error for the server . The
failure code from authentication protocol Kerberos was "There are currently
no logon servers available to service the logon request.
(0xc000005e)".

Data:
0000: 5e 00 00 c0 ^..À