How to Use DNS Traffic to Troubleshoot Windows 2000 Cluster Virtual Servers (326644)


The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
This article was previously published under Q326644

SUMMARY

The Cluster service may not be able to fail over or to bring a virtual server online. This can occur on an active/passive server cluster on Windows 2000 Advanced Server and may indicate a problem with Domain Name System (DNS) registration. To help you troubleshoot the problem, this article describes the DNS traffic that is typically expected when a virtual server starts. You can compare the expected traffic to traffic that you see on your cluster.

This article also describes one type of DNS failure that can prevent the Cluster service from bringing a cluster virtual server online correctly.

MORE INFORMATION

When you start a virtual server on a cluster, the virtual server first searches for the authoritative DNS server that is responsible for its information. Following are excepts from a network trace with comments detailing this process.

The cluster queries the DNS server. The DNS server responds with the appropriate address and computer name:

DNS: 0x19:Std Qry Resp. Auth. NS is cluster.com. of type SOA on class INET addr.
DNS: Authority Section: cluster.com. of type SOA on class INET addr.

This record includes the appropriate Internet Protocol (IP) address for the server. Next, the cluster tries to register a prerequisite record for the server cluster:

DNS: 0x1A:Dyn Upd PRE records to cl1850fs.cluster.com. of type Req for all.

Note that this record does not include an address. The DNS server may respond with only a success message, or it may respond as follows:

DNS: 0x1A:Dyn Upd Resp. PRE records to cl1850fs.cluster.com. of type Req for all : Name that ought not exist, does exist.

 This indicates that the record already exists and is not a problem. The cluster then finds the authoritative DNS server for the reverse pointer registration:

DNS: 0x1B:Std Qry for 23.0.0.10.in-addr.arpa. of type SOA on class INET addr.

The DNS server provides the appropriate response with its IP address:

DNS: 0x1B:Std Qry for 23.0.0.10.in-addr.arpa. of type SOA on class INET addr.

 Next, the cluster tries to register the correct pointer record:

DNS: 0x1C:Dyn Upd PRE records to 23.0.0.10.in-addr.arpa. of type Req for all.

This packet includes the address information in the PRE record. The server responds with a success message or responds as follows:

DNS: 0x14:Dyn Upd Resp. PRE records to 23.0.0.10.in-addr.arpa. of type Req for all : Name that ought not exist, does exist.

 Again, this response indicates that the record already exists. The critical information for the pointer update is stored in the "Prerequisite" section:

DNS: Prerequisite: 23.0.0.10.in-addr.arpa. of type Req for all on class Unknown Class

The cluster then repeats the initial series of queries to find the appropriate name server that is authoritative for the cluster:

DNS: 0x1D:Std Qry for cl1850fs.cluster.com. of type SOA on class INET addr.
DNS: 0x15:Std Qry Resp. Auth. NS is cluster.com. of type SOA on class INET addr.

 Next, the actual address for the virtual server is written to the DNS dynamic update protocol:

DNS: 0x16:Dyn Upd PRE/UPD records to cl1850fs.cluster.com. of type Canonical name
DNS: Resource Record: cl1850fs.cluster.com. of type Host Addr on class INET addr.
DNS: IP address = 10.0.0.23

The virtual server is now properly registered in the DNS dynamic update protocol and can be accessed by name.

If the cluster is pointing to an earlier static DNS from an earlier Berkeley Internet Name Domain (BIND) DNS server or a server that runs on a Microsoft Windows NT 4.0-based computer, the DNS server responds that it does not support the update. For example:

DNS: 0x9D2:Dyn Upd Resp. PRE records to 35.0.53.10.in-addr.arpa. of type Req for all : This request not supported by name server.

This response does not indicate a problem for the cluster. The node starts correctly. However, if you have Windows 2000 Service Pack 2 (SP2) installed, this last update will not occur because PS2 prevents registering of the reverse pointer. This issue results if access rights to the reverse zone do not permit the update. For example:

DNS: 0x141:Dyn Upd Resp. : Operation refused

At the same time, you will get an event logged for the error: 

6/3/2002 
1:19:57 PM 
2 2053 1119	
ClusSvc	N/A WADCHQSXF11

The registration of DNS name 28.70.64.56.in-addr.arpa.
for network name resource 'Cluster Name' failed for the 
following reason:

This operation returned because the timeout period expired.

The "A" DNS record fails, and the following network communication occurs:

Network Name Cluster Name: Registered server name VIRTUALSERVER on transport \Device\NetBt_If1.
Network Name Cluster Name: Registered workstation name VIRTUALSERVER on transport \Device\NetBt_If1.
Network Name Cluster Name: corp.microsoft.com is a secure zone and has refused the registration of 10.0.0.1.in-addr.arpa.
Network Name Cluster Name: Deleted server name VIRTUALSERVER from all transports.
Network Name Cluster Name: Deleted workstation name VIRTUALSERVER from transport 0.

 When the reverse zone fails, the following response is generated:

Network Name Cluster Name: Failed to register DNS PTR record 10.0.0.1.in-addr.arpa. for host VIRTUALSERVER.corp.microsoft.com, status 9005

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Windows 2000 Service Pack 3 provides new functionality that resolves this issue. After you apply Windows 2000 SP3, the default behavior allows the Cluster service to bring network name resources online even if DNS registration fails.

To force the Cluster service to enable the network name if DNS registration fails, click the article number below to view the article in the Microsoft Knowledge Base, and then follow the steps in the section that describes how to set the RequireDNS parameter to 1:

235529 Kerberos Support on Windows 2000-Based Server Clusters

WORKAROUND

To work around this issue, do any one of the following:
  • Disable the registration of reverse pointer records. For additional information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

    246804 How to Enable/Disable Windows 2000 Dynamic DNS Registrations

  • Enable dynamic updates for specific addresses in the access control lists on the DNS server. To do this, click the following article number for more information. You can also use third-party DNS servers in a Windows 2000 domain to provide dynamic updates for specific addresses.

    246804 How to Enable/Disable Windows 2000 Dynamic DNS Registrations

  • Configure all virtual server and node addresses in DNS statically, together with their associated pointer records. After you configure all the records, click to clear the Register this connection's addresses in DNS check box in the TCP/IP properties of the network adapter that communicates with clients.
Modification Type:MinorLast Reviewed:4/17/2003
Keywords:kbinfo KB326644
©2002 Microsoft Corporation. All rights reserved.