Unable to Contact, Connect to, or Manage, a DNS Server from DNS Management Console

KB ID 0000559 

Problem

If you open the DNS Management console on a server running an older OS than 2008 R2, then attempt to connect to a 2008 R2 DNS Server you will see this error.

You will also see this error on a 2012 Server, whilst attempting to add another DNS Server

Error:
Dnsmgmt
Cannot Contact the DNS Server

The specified DNS server cannot be contacted. Some possible reasons include; the DNS server may not be running, there may be network problems, or the computer associated with the specified name or IP address could not be found.

To retry connection, either press F5. or on the Action menu, click refresh.

For more information about troubleshooting a DNS server, see help.

Why this happens

This is normal, 2008 R2 introduced a more secure DNS Management authentication system to prevent “Man in the middle DNS attacks” that had been exploited in earlier versions of Windows.

Solution

The correct way to approach this problem is to accept it, your 2008 R2 Servers are more secure, if you need to manage them do so from the DNS management console on the 2008 R2 server itself. Or install the RSAT tools on a client machine.

You can also change the way it works so you can see and manage it from an older version of Windows. (Note: Be advised Microsoft recommend you do not do this, they turned this on for a reason).

1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).

2. Execute the following four commands.

[box]dnscmd.exe /Config /RpcProtocol 7

dnscmd.exe /Config /RpcAuthLevel 0

net stop “DNS Server”

net start “DNS Server”[/box]

Note: If you see an Access Denied error, you are probably NOT running the command window as an administrator.

3. You should now be able to connect to and manage the 2008 R2 DNS Server from an older Windows OS DNS Management console.

To Do the same by Directly Editing the Registry

Run the following .reg file

[box]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesDNSParameters]
“RpcAuthLevel”=dword:00000000

“RpcProtocol”=dword:00000007[/box]

Related Articles, References, Credits, or External Links

Thanks to Noel Reynolds for his patience, and for putting up with my terrible typing 🙂

Original Article Written 20/01/12

Exchange – 4.5.1. 4.4.0 Primary Target 4.2.1 unable to connect to alternative host

KB ID 0000790 

Problem

My colleague Allen was doing an Exchange 2003 to 2010 migration today, and things were not going well, mail refused to flow from the Exchange 2003 server to the Exchange 2010 server (it flowed from 2010 to 2003 without error). During migrations that’s not unusual, and removing and recreating the routing groups usually fixes it, but he had done that. Mail was sat on the Exchange 2003 Server outbound queues on the queue that matched the routing group connector, but refused to move with the above error.

Solution

For about 45 minutes I was also scratching my head, but then I had a brainwave. If Exchange 2003 has a ‘Smart Host’ Configured on the ‘Default SMTP Virtual Server’ then it attempts to send traffic down the routing group via the smart host, (which will obviously fail). Remove any entry from the smart host section.

When done, restart the SMTP Service, and the Exchange Routing Service, and the queues should start to clear.

Related Articles, References, Credits, or External Links

NA