I've just had an issue arrise that I cannot seem to solve. I recently set up a Windows Server 2008 DC with DNS and DHCP and all has been working fine, but I discovered today that when I go into the DNS Manager I get the following issue:
DNS. Access was denied. Would you like to add it anyway?
I choose the option to connect to the local computer as that is where the DNS service is running, and I have tried using the FQDN with no luck.
The DNS services have been restarted with no effect, and I have tried adding the Administrator group to the DNSAdmins group but this didn't help either. Also I changed the ACL for the DNS object in the Active Directory Users and Computers to give Administrators full access but this didn't help either.
The domain isn't fucntioning properly as a result, with slow logins now and new GPOs not being pushed. (I'm assuming as the Windows 7 clients cannot map the server name with the IP maybe?)
I've checked the Event Log for the DNS and these are the most common errors:
1) The DNS server was unable to open Active Directory
2) The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.Any suggestions would be appreciated.
Thank you,
Jake
In my case, the hosts file (c:\Windows\System32\drivers\etc\hosts) had the following two lines hashed out:
They need to be like the example above for the DNS server to funtion properly.
I had tried Jake's suggestion on our backup domain server and it did not help. I also tried remove/add the DNS role as suggested by other site and that didn't help either. It looked like a network issue to me after I found out it started after we experienced some power surge due to bad weather. All our servers are on UPS and none of them were shut down or restarted.
After spending so many hours on it, I decide to disconnect the network cable of that server at the switch and plugged it into a different port. I restarted that server and the error disappeared but the DNS list was empty. I figured since I added the role back so I issued "Replicate Now" via Primary DC. It was the end of the day so I left. About 3 hours later I checked and every thing was back to normal.
BTW, ping and active directory were tested fine before I switched it to a different port.
Someone had replaced the Host file on the DC in our situation. I tried to fix the host file on one of our DC's and that's didn't work. Only copying a Host file from a working Server resolved our Issue
I had a client with the same issue, after looking through their DNS settings for their adapter which lists the host file, I discovered that they had migrated from an external IP config to an internal IP config and forgot to update the DNS address'. Once I made the changes to both the PDC and the secondary DC\DNS server all was well. Did have to reboot the secondary servers so all the necessary services would restart with domain credentials.