7062 and 5781 errors after changing _msdcs.domain.local to AD-integrated

7062 and 5781 errors after changing _msdcs.domain.local to AD-integrated

Post by Spin » Tue, 25 Oct 2005 13:43:31


On a Windows Server 2003 DC, running DNS, had an event log clear of errors.
Until I tried to convert my _msdcs.domain.local zone from standard primary
into AD-integrated wth replication to all DNS servers in the forest. When I
tried to do so, the following errors appear.

This one from my DNS log:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 7062
Date: 10/23/2005
Time: 10:44:03 PM
User: N/A
Computer: EBIZ-GATE
The DNS server encountered a packet addressed to itself on IP address The packet is for the DNS name
"_ldap._tcp.pdc._msdcs.ebiz.local.". The packet will be discarded. This
condition usually indicates a configuration error.

Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for this DNS
server unless subzone is also on this server.
5) Root hints.

Example of self-delegation:
-> This DNS server dns1.example.microsoft.com is the primary for the zone
-> The example.microsoft.com zone contains a delegation of
bar.example.microsoft.com to dns1.example.microsoft.com,
(bar.example.microsoft.com NS dns1.example.microsoft.com)
-> BUT the bar.example.microsoft.com zone is NOT on this server.

Note, you should make this delegation check (with nslookup or DNS manager)
both on this DNS server and on the server(s) you delegated the subzone to.
It is possible that the delegation was done correctly, but that the primary
DNS for the subzone, has any incorrect NS record pointing back at this
server. If this incorrect NS record is cached at this server, then the
self-send could result. If found, the subzone DNS server admin should
remove the offending NS record.

You can use the DNS server debug logging facility to track down the cause of
this problem.

And this one from my System log:

Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 10/23/2005
Time: 10:44:07 PM
User: N/A
Computer: EBIZ-GATE
Dynamic registration or deletion of one or more DNS records associated with
DNS domain 'ebiz.local.' failed. These records are used by other computers
to locate this server as a domain controller (if the specified domain is an
Active Directory domain) or as an LDAP server (if the specified domain is an
application partition).

Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain
wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone
authoritative for the DNS records that failed registration

Fix possible misconfiguration(s) specified above and initiate registration
or deletion of the DNS records by running 'nltest.exe /dsregdns' from the
command prompt or by restarting Net Logon service. Nltest.exe is available
in the Microsoft Windows Server Resource Kit CD.

Here are my vitals.

1) ipconfig /all

Windows IP Configuration


7062 and 5781 errors after changing _msdcs.domain.local to AD-integrated

Post by Kevin D. G » Sat, 29 Oct 2005 05:13:41

This is common with one DC, DNS starts before AD, so DNS cannot load the
zone from AD. If the ebiz.local zone is a standard primary it has already
loaded and since the msdcs.ebiz.local zone is not loaded yet you get this

You're getting the 5781 because the msdcs.ebiz.local does not exist yet, due
to AD not being started when the DC tries to register.
Add a second DC or use standard primary zones to make this go away. Or,
preferably leave the zones AD integrated and ignore the error if it only
happens at startup.

Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://www.yqcomputer.com/ ~jain/software/oe-quotefix/
Keep a back up of your OE settings and folders
with OEBackup: