Microsoft KB Archive/316239

= SRV Records Cannot Be Registered on a DNS Server =

Article ID: 316239

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q316239



SYMPTOMS
The first domain controller in a child domain may not be able to register SRV records on the DNS server in the parent domain. When this problem occurs, the System event log may contain any of the following error messages:

Event ID: 5744

Source: NETLOGON

Registration of the DNS record '_ldap._tcp.MainSite._sites.pacific.firstworld.com. 600 IN SRV 0 100 389 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_kerberos._tcp.dc._msdcs.pacific.firstworld.com. 600 IN SRV 0 100 88 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_kerberos._tcp.MainSite._sites.dc._msdcs.pacific.firstworld.com. 600 IN SRV 0 100 88 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_ldap._tcp.MainSite._sites.dc._msdcs.pacific.firstworld.com. 600 IN SRV 0 100 389 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_kerberos._tcp.pacific.firstworld.com. 600 IN SRV 0 100 88 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_kerberos._tcp.MainSite._sites.pacific.firstworld.com. 600 IN SRV 0 100 88 childdcname.childdomain.parentdomain.com.' failed with the following error: DNS operation refused.

-or-

Registration of the DNS record '_kerberos._udp.pacific.firstworld.com. 600 IN SRV 0 100 88 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_kpasswd._tcp.pacific.firstworld.com. 600 IN SRV 0 100 464 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.

-or-

Registration of the DNS record '_kpasswd._udp.pacific.firstworld.com. 600 IN SRV 0 100 464 childdcname.childdomain.parentdomain.com.' failed with the following error:

DNS operation refused.



CAUSE
Registration of SRV records may not work if the following conditions exist:
 * During the Dcpromo.exe process on the first domain controller for a child domain, that domain controller points to the Active Directory-integrated DNS server in the parent domain as a primary DNS server.
 * The Allow dynamic updates setting on the parent Active Directory-integrated DNS server is set to Only Secure Updates.



RESOLUTION
To resolve this issue:  In the parent domain, start the DNS snap-in. Open the Forward Lookup zone, right-click your domain name, and then click Properties. On the General tab, make sure that Allow dynamic updates is set to Yes. By default, this is set to Only Secure Updates. Stop and then restart the DNS service. At a command prompt, type the following lines, pressing ENTER after each line:

net stop dns

net start dns

 On the child domain controller, stop and then restart the Netlogon service. This registers SRV records. At a command prompt, type the following lines, pressing ENTER after each line:

net stop netlogon

net start netlogon



<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

<div class="moreinformation_section">

MORE INFORMATION
When a Windows 2000-based domain controller starts, the Netlogon service uses dynamic updates to register SRV resource records in the DNS database. SRV records are used to map the name of a service (in this case, the LDAP service) to the DNS computer name of a server that offers that service.

Keywords: kbprb KB316239

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.