Windows 2012 Domain Controller NETLOGON errorWindows Server 2012 cannot connect to local domain...

Why didn't the Space Shuttle bounce back into space as many times as possible so as to lose a lot of kinetic energy up there?

Size of electromagnet needed to replicate Earth's magnetic field

What's the polite way to say "I need to urinate"?

Re-entry to Germany after vacation using blue card

Implications of cigar-shaped bodies having rings?

How to stop co-workers from teasing me because I know Russian?

Minor Revision with suggestion of an alternative proof by reviewer

What's the name of these pliers?

How exactly does Hawking radiation decrease the mass of black holes?

555 timer FM transmitter

Rivers without rain

How to denote matrix elements succinctly?

If a planet has 3 moons, is it possible to have triple Full/New Moons at once?

Do I have an "anti-research" personality?

How much cash can I safely carry into the USA and avoid civil forfeiture?

Extension of 2-adic valuation to the real numbers

Why did C use the -> operator instead of reusing the . operator?

How do I deal with a coworker that keeps asking to make small superficial changes to a report, and it is seriously triggering my anxiety?

As an international instructor, should I openly talk about my accent?

How to not starve gigantic beasts

Can we say “you can pay when the order gets ready”?

Critique of timeline aesthetic

What does ゆーか mean?

What is causing the white spot to appear in some of my pictures



Windows 2012 Domain Controller NETLOGON error


Windows Server 2012 cannot connect to local domain controllerAuto-registered dns record on windows server 2012How do I add a Microsoft account user to Windows Server 2012?Domain Controller Target Principle Name is Incorrect?Can't Add Server to a Domain ControllerCreate Vagrant Windows Server 2012 box with Active Directory + Forest breaking WinRMUnable to join windows server 2012 r2 domainDetect user login in Windows Domain ControllerIs pointing DNS to Domain Controller required for GPOs to work?FRITZ!Box as a DNS for a Domain Controller?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















We have Sonicwall firewall user authentication System active since last two months.
We have Windows 2012 Active directory server setup with around 1400 user account created.
These accounts were created by using following PowerShell scripts



Import-Module ActiveDirectory 
#Import CSV
$csv = @()
$csv = Import-Csv -Path C:UsersAdministratorDesktop"College User Ac Password Details"FEcivil.csv
FOREACH ($Person in $csv) {
$name = $Person.UserName
$displayname = $Person.Name
$path = "OU=here,DC=comp,DC=com"
$password = $Person.Password
$enabled = $True
$changePW = $False
$description="CIVIL"
new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru


}



Above script reads an CSV file with username and passwords and create user accounts on Active Directory.



But since today we are facing issue during authentication process.
We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user.
When I checked Event logger on Windows Active Directory server it shows following message.



 The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600 
IN A 192.168.0.12' failed on the following DNS server:

DNS server IP address: (removed)
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate
registration of the DNS records by the domain controller. To determine what might have
caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
Support Center. To initiate registration of the DNS records by this domain
controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
controller or restart Net Logon service. Or, you can manually add this record to DNS,
but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.


Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last two months , but suddenly from today we are facing above issue.
Kindly help me out in resolving this issue.



EDIT1




Getting following warning in DNS Server Log




The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.










share|improve this question
















bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • Run this command and check the output dcdiag /test:dns

    – Colyn1337
    Apr 30 '14 at 12:39











  • Output is copied to ur1.ca/h7rs8

    – user2201980
    Apr 30 '14 at 12:50













  • Based on the output, do you have a firewall running on that box?

    – Colyn1337
    Apr 30 '14 at 12:54











  • I had stopped DNS client and DNS server services . Windows firewall is running.

    – user2201980
    Apr 30 '14 at 12:59











  • Can you join the chat? Also, just for clarification, I was asking if you had a firewall running on the DC.

    – Colyn1337
    Apr 30 '14 at 13:02




















0















We have Sonicwall firewall user authentication System active since last two months.
We have Windows 2012 Active directory server setup with around 1400 user account created.
These accounts were created by using following PowerShell scripts



Import-Module ActiveDirectory 
#Import CSV
$csv = @()
$csv = Import-Csv -Path C:UsersAdministratorDesktop"College User Ac Password Details"FEcivil.csv
FOREACH ($Person in $csv) {
$name = $Person.UserName
$displayname = $Person.Name
$path = "OU=here,DC=comp,DC=com"
$password = $Person.Password
$enabled = $True
$changePW = $False
$description="CIVIL"
new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru


}



Above script reads an CSV file with username and passwords and create user accounts on Active Directory.



But since today we are facing issue during authentication process.
We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user.
When I checked Event logger on Windows Active Directory server it shows following message.



 The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600 
IN A 192.168.0.12' failed on the following DNS server:

DNS server IP address: (removed)
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate
registration of the DNS records by the domain controller. To determine what might have
caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
Support Center. To initiate registration of the DNS records by this domain
controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
controller or restart Net Logon service. Or, you can manually add this record to DNS,
but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.


Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last two months , but suddenly from today we are facing above issue.
Kindly help me out in resolving this issue.



EDIT1




Getting following warning in DNS Server Log




The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.










share|improve this question
















bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • Run this command and check the output dcdiag /test:dns

    – Colyn1337
    Apr 30 '14 at 12:39











  • Output is copied to ur1.ca/h7rs8

    – user2201980
    Apr 30 '14 at 12:50













  • Based on the output, do you have a firewall running on that box?

    – Colyn1337
    Apr 30 '14 at 12:54











  • I had stopped DNS client and DNS server services . Windows firewall is running.

    – user2201980
    Apr 30 '14 at 12:59











  • Can you join the chat? Also, just for clarification, I was asking if you had a firewall running on the DC.

    – Colyn1337
    Apr 30 '14 at 13:02
















0












0








0








We have Sonicwall firewall user authentication System active since last two months.
We have Windows 2012 Active directory server setup with around 1400 user account created.
These accounts were created by using following PowerShell scripts



Import-Module ActiveDirectory 
#Import CSV
$csv = @()
$csv = Import-Csv -Path C:UsersAdministratorDesktop"College User Ac Password Details"FEcivil.csv
FOREACH ($Person in $csv) {
$name = $Person.UserName
$displayname = $Person.Name
$path = "OU=here,DC=comp,DC=com"
$password = $Person.Password
$enabled = $True
$changePW = $False
$description="CIVIL"
new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru


}



Above script reads an CSV file with username and passwords and create user accounts on Active Directory.



But since today we are facing issue during authentication process.
We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user.
When I checked Event logger on Windows Active Directory server it shows following message.



 The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600 
IN A 192.168.0.12' failed on the following DNS server:

DNS server IP address: (removed)
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate
registration of the DNS records by the domain controller. To determine what might have
caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
Support Center. To initiate registration of the DNS records by this domain
controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
controller or restart Net Logon service. Or, you can manually add this record to DNS,
but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.


Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last two months , but suddenly from today we are facing above issue.
Kindly help me out in resolving this issue.



EDIT1




Getting following warning in DNS Server Log




The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.










share|improve this question
















We have Sonicwall firewall user authentication System active since last two months.
We have Windows 2012 Active directory server setup with around 1400 user account created.
These accounts were created by using following PowerShell scripts



Import-Module ActiveDirectory 
#Import CSV
$csv = @()
$csv = Import-Csv -Path C:UsersAdministratorDesktop"College User Ac Password Details"FEcivil.csv
FOREACH ($Person in $csv) {
$name = $Person.UserName
$displayname = $Person.Name
$path = "OU=here,DC=comp,DC=com"
$password = $Person.Password
$enabled = $True
$changePW = $False
$description="CIVIL"
new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru


}



Above script reads an CSV file with username and passwords and create user accounts on Active Directory.



But since today we are facing issue during authentication process.
We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user.
When I checked Event logger on Windows Active Directory server it shows following message.



 The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600 
IN A 192.168.0.12' failed on the following DNS server:

DNS server IP address: (removed)
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate
registration of the DNS records by the domain controller. To determine what might have
caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
Support Center. To initiate registration of the DNS records by this domain
controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
controller or restart Net Logon service. Or, you can manually add this record to DNS,
but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.


Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last two months , but suddenly from today we are facing above issue.
Kindly help me out in resolving this issue.



EDIT1




Getting following warning in DNS Server Log




The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.







dns powershell active-directory windows-server-2012 active-directory-explorer






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 1 '14 at 9:04







user2201980

















asked Apr 30 '14 at 12:30









user2201980user2201980

112




112





bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • Run this command and check the output dcdiag /test:dns

    – Colyn1337
    Apr 30 '14 at 12:39











  • Output is copied to ur1.ca/h7rs8

    – user2201980
    Apr 30 '14 at 12:50













  • Based on the output, do you have a firewall running on that box?

    – Colyn1337
    Apr 30 '14 at 12:54











  • I had stopped DNS client and DNS server services . Windows firewall is running.

    – user2201980
    Apr 30 '14 at 12:59











  • Can you join the chat? Also, just for clarification, I was asking if you had a firewall running on the DC.

    – Colyn1337
    Apr 30 '14 at 13:02





















  • Run this command and check the output dcdiag /test:dns

    – Colyn1337
    Apr 30 '14 at 12:39











  • Output is copied to ur1.ca/h7rs8

    – user2201980
    Apr 30 '14 at 12:50













  • Based on the output, do you have a firewall running on that box?

    – Colyn1337
    Apr 30 '14 at 12:54











  • I had stopped DNS client and DNS server services . Windows firewall is running.

    – user2201980
    Apr 30 '14 at 12:59











  • Can you join the chat? Also, just for clarification, I was asking if you had a firewall running on the DC.

    – Colyn1337
    Apr 30 '14 at 13:02



















Run this command and check the output dcdiag /test:dns

– Colyn1337
Apr 30 '14 at 12:39





Run this command and check the output dcdiag /test:dns

– Colyn1337
Apr 30 '14 at 12:39













Output is copied to ur1.ca/h7rs8

– user2201980
Apr 30 '14 at 12:50







Output is copied to ur1.ca/h7rs8

– user2201980
Apr 30 '14 at 12:50















Based on the output, do you have a firewall running on that box?

– Colyn1337
Apr 30 '14 at 12:54





Based on the output, do you have a firewall running on that box?

– Colyn1337
Apr 30 '14 at 12:54













I had stopped DNS client and DNS server services . Windows firewall is running.

– user2201980
Apr 30 '14 at 12:59





I had stopped DNS client and DNS server services . Windows firewall is running.

– user2201980
Apr 30 '14 at 12:59













Can you join the chat? Also, just for clarification, I was asking if you had a firewall running on the DC.

– Colyn1337
Apr 30 '14 at 13:02







Can you join the chat? Also, just for clarification, I was asking if you had a firewall running on the DC.

– Colyn1337
Apr 30 '14 at 13:02












1 Answer
1






active

oldest

votes


















0














There were two issues with this case



1) Domain Controllers's Primary DNS has to loop-back address.



2)Second issue was very trivial..
The users I was trying to logon got its passwords expired. :-)



Thanks Colyn1337 for your help.






share|improve this answer
























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f747955%2fwindows-2012-domain-controller-netlogon-error%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    There were two issues with this case



    1) Domain Controllers's Primary DNS has to loop-back address.



    2)Second issue was very trivial..
    The users I was trying to logon got its passwords expired. :-)



    Thanks Colyn1337 for your help.






    share|improve this answer




























      0














      There were two issues with this case



      1) Domain Controllers's Primary DNS has to loop-back address.



      2)Second issue was very trivial..
      The users I was trying to logon got its passwords expired. :-)



      Thanks Colyn1337 for your help.






      share|improve this answer


























        0












        0








        0







        There were two issues with this case



        1) Domain Controllers's Primary DNS has to loop-back address.



        2)Second issue was very trivial..
        The users I was trying to logon got its passwords expired. :-)



        Thanks Colyn1337 for your help.






        share|improve this answer













        There were two issues with this case



        1) Domain Controllers's Primary DNS has to loop-back address.



        2)Second issue was very trivial..
        The users I was trying to logon got its passwords expired. :-)



        Thanks Colyn1337 for your help.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered May 2 '14 at 9:25









        user2201980user2201980

        112




        112






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f747955%2fwindows-2012-domain-controller-netlogon-error%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

            Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

            VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...