Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, March 19, 2020 7:54 AM
Hi Support,
When run the BPA in the Windows 2016 DC, we found one of the DC have many error as below:
The error detail is:
Issue:
The Active Directory Domain Services Best Practices Analyzer (AD DS BPA) is not able to collect data about the hostname NS A/AAAA records from the DNS servers.
Impact:
The AD DS BPA will not be able to validate configuration data about the hostname DNS A/AAAA records.
Resolution:
Troubleshoot the DNS servers to determine the root cause of the problem.
When check the DirectoryServices_EngineReport, it have this error:
<HostNameDnsRecord>
<Error>
<Report>true</Report>
<DataItem>the hostname DNS A/AAAA records</DataItem>
<Computer>the DNS servers</Computer>
<Message>This element requires a valid Server Hostname</Message>
<FullyQualifiedErrorId>This element requires a valid Server Hostname</FullyQualifiedErrorId>
<Exception>
<Type>System.ArgumentException</Type>
<Message>This element requires a valid Server Hostname</Message>
<InnerException>
<Type>Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException</Type>
<Message>Cannot find directory server with identity: 'Server$'.</Message>
I checked DNS have the server record, nslookup can resolve the server name and domain name correctly. Try to use ntdsutil and the server can be found. The replication on all DC is healthy.
Any idea?
Best Regards
Chong
All replies (6)
Friday, March 20, 2020 8:01 AM
Hi,
Please troubleshoot the DNS Client service on the local computer.
Please make sure the server is not pointing to itself as Preferred DNS server.
Run the Ping command to verify connectivity between this server and the Preferred DNS server.
Open control panel>>Ethernet properties>>Internet Protocol Version 4 (TCP/IPv4) Properties >> Use the following DNS server addresses and verify that a valid IP address is listed for Preferred DNS server.
If the registration problems are not identified and resolved, troubleshoot the DNS server or servers to which the DNS client settings point.
For more information, please refer to the following link:
/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd391889(v%3dws.10)
Hope this can help you, if you have further questions, please let me know.
Have a nice day!
Best Regards,
Cherry
Monday, March 23, 2020 2:23 AM
Hi Cherry,
This DC's DNS is pointing to other DC which is own the FSMO role, other DCs also point to this DC but no error.
The connection between this server and the DC (DNS server) is OK. Windows firewall are disabled.
This DC DNS record can register to all DNS server same as other DCs.
Tried to change the Preferred DNS to other DNS server also not work
Best Regards
Chong
Monday, March 23, 2020 6:50 AM
Hi,
This issue may be caused by an unknown SID. Please try to remove it from the Group Policy Objects.
Here's a similar situation that can be referenced:
If the question still existed, please let me know.
Best Regards
Cherry
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 23, 2020 7:29 AM
Hi Cherry,
First, it don't have the mention script "DirectoryServices_model.ps1". It only have "DirectoryServices.ps1". And I tied to run it and have below error:
C:\Windows\system32\BestPractices\v1.0\Models\Microsoft\Windows\DirectoryServices> $doc=.\DirectoryServices.ps1
WARNING: Cannot collect local DC information
FullyQualifiedErrorId: ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADDomainController
ScriptLineNumber: 2363
OffsetInLine: 19
ScriptLine: $server = Get-ADDomainController -Identity $name -Server $computer -ErrorVariable cmdErr
Exception:
Type: Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException
Message: Cannot find directory server with identity: 'NDS38$'.
InnerException: N/A
WARNING: Cannot retrieve the domain controller object from server NDS38
FullyQualifiedErrorId: ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,
Microsoft.ActiveDirectory.Management.Commands.GetADDomainController
ScriptLineNumber: 2339
OffsetInLine: 13
ScriptLine: Get-ADDomainController -Identity $identity -Server $computer
Exception:
Type: Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException
Message: Cannot find directory server with identity: 'NDS38'.
InnerException: N/A
Best Regards
Chong
Monday, March 23, 2020 8:12 AM
Hi,
Since your question is more related to AD, we advise you to have this asked in AD forum for better answers.
It's a right place you could get more information.
Link: https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS
Hope this can help you, if you have anything unclear, please let me know.
Have a nice day!
Cherry
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, March 27, 2020 7:34 AM
Hi,
As this thread has been quiet for a while, we will propose it as ‘Answered’ as the information provided should be helpful.
If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
Best regards,
Cherry
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].