Still strange not fully working DNS server

Discussion in 'DNS Server' started by Harmjan Olthoff, Oct 9, 2008.

  1. another strange issue with DNS.

    Setting:
    1 Domain Controller (192.168.2.101)
    5 clients (DHCP (192.168.2.1 - 192.168.2.99)
    Internet through a router. (192.168.2.1)

    DC contains AD, DNS and DHCP.

    DNS is configured default and does not give any error in event viewer at all.
    Name server: DC01, 192.168.2.101

    DHCP has the following settings:
    scope: 192.168.2.1 - 192.168.2.99 (255.255.255.0)
    Server options:
    router: 192.168.2.1
    Name server: 192.168.2.101
    DNS server: 192.168.2.101
    DNS Domain name: maddogs.local
    WINS: 192.168.2.101

    when IPconfig /all on a client I get the following results:

    Host name: bar01
    Primary DNS suffix: maddogs.local
    Node Type: Hybride
    IP routing enabled: no
    WINS Proxy enabled: no
    DNS suffix search list: maddogs.local

    DHCP Enabled: yes
    IP Address: 192.168.2.3
    Subnet mask: 255.255.255.0
    Default gateway: 192.168.2.1
    DHCP Server: 192.168.2.101
    DNS server: 192.168.2.101

    Logon works with roaming profiles.
    Internet works on all clients.
    the shares on the internal nerwork work.

    and now the problem:

    Logon takes a very long time, it's extreme slow.
    GPO's do not work at all.
    when typing gpresult /user <username> on a client I get an error about
    missing RVB information (it's a dutch version and I have no idea what RVB
    means but i get this error with existing users and non existing users so I
    guess it is user information from AD).

    I have installed DNS and DHCP again and again but it just won't work.

    in system event viewer I get an error (event ID: 5781) something about
    failing registration of deletion of DNS records on the DNS domain
    forestdnszones.maddogs.local

    anyone an idea?
     
    Harmjan Olthoff, Oct 9, 2008
    #1
    1. Advertisements

  2. Hello Harmjan,

    Scroll down to 5781 in this one, you can prevent or ignore it if it is just
    after booting the server:
    http://support.microsoft.com/kb/259277

    What OS are the clients? If XP, have you configured the "Always wait for
    the network at computer startup and logon" policy? See under Computer configuration,
    administrative templates, System, Logon.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #2
    1. Advertisements

  3. Dear Meinolf,

    Then I think I have fixed the problem already by just removing the IP
    address in DNS server on the domain controller (by default it then takes
    localhost).
    It was only aftre a (re)boot by the way.

    All the clients are XP.
    The config you mentioned was not configured so I have configured and tested
    it just now, result:
    No result...
     
    Harmjan Olthoff, Oct 9, 2008
    #3
  4. Hello Harmjan,

    What do you mean with old server? Are all clients registered in DNS and do
    you use secure dynamic updates on the zone properties?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #4
  5. Hello Harmjan,

    Also check that the policy is applied on the client with gpresult /v. If
    the output is to big for the command window pipe it to textfile:

    gpresult /v >c:\output.txt

    If you not run gpupdate /force on the client the new policy setting can take
    about 90 minutes to apply to the workstation, because of the refresh time
    of the policy.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #5
  6. Dear Meinolf,

    None of the clients are registered in DNS (forgot to mention that).
    That is the main reason why I think the problem is in the DNS settings.

    We had an old server and I migrated everything to the new server.
    The old server was demoted succesfully and the new DC has all the master
    roles, DNS and DHCP server.

    with gpresult /v I also get an error about not having "RVB" information.

    gpupdate /force does not give an error but no result aswell (gpupdate and
    gpresult are the first things I always check, even when the GPO's does work).

    Best regards
     
    Harmjan Olthoff, Oct 9, 2008
    #6
  7. Hello Harmjan,

    If the clients are domain members they have to be registered in your DNS
    server. Did you run ipconfig /registerdns on a client to check if they will
    registrate?

    Is the new server Global catalog? You didn't mention it.

    During your migration i assume you added the new server as a member to the
    domain and then run dcpromo on it? Or did you just install a new domain with
    the same old name?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #7
  8. Dear Meinolf,

    At logon on the network with a client the error event ID 1054 appears.
    ipconfig /registerdns does nog give any information, nothing was written in
    the log (within 15 minutes) on both client and server.

    The new server is global catalog and has joined the domain as a member, then
    run DCpromo, turned on global catalog, transfer Operation master roles: RID
    master, PDC emulator and infrastructure master.
    also the domain naming master and schema master roles were transfered to the
    new DC.
    After full replication I demoted the old server.

    I guess this was the exact way to promote new and demote old server.

    Best regards

    Harmjan
     
    Harmjan Olthoff, Oct 9, 2008
    #8
  9. extra information:

    I also have disjoined and rejoined the client to the domain with no problem
    at all.

    Maby that info could also be helpfull.
     
    Harmjan Olthoff, Oct 9, 2008
    #9
  10. Hello Harmjan,

    Adding the new one sounds correct. Do you use secure dynamic updates on the
    zone properties? Or how is it configured? Do you have firewall running on
    the DC or client machines?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #10
  11. Hello Harmjan,

    But still not registered in DNS?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #11
  12. Dear Meinorf,

    I use standard secure dynamic updates only on the
    zone properties yes.
    On none of the computers (both DC and clients) no firewall software is
    running, only standard antivirus software.

    Registered in de DNS is only SOA, WINS lookup and NS.
    For the rest nothing happens in the DNS forward lookup zone.

    Best regards
     
    Harmjan Olthoff, Oct 9, 2008
    #12
  13. Hello Harmjan,

    Please post an unedited ipconfig /all from the DC. Do you use AD integrated
    zones? Or is this a secondary zone?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #13
  14. Dear Meinolf,

    this is the ipconfig /all from the DC:


    Windows IP Configuration

    Host Name . . . . . . . . . . . . : dc01
    Primary Dns Suffix . . . . . . . : maddogs.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : maddogs.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
    Adapter (10/100)
    Physical Address. . . . . . . . . : 00-02-B3-50-67-03
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.2.101
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.2.1

    I don't use a secondary zone, it's the zone created when installing DNS

    Best regards
     
    Harmjan Olthoff, Oct 9, 2008
    #14
  15. Hello Harmjan,

    Readd it's own ip address to the NIC as preferred DNS.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #15
  16. Hi Meinolf,

    I have just done that but I doubt if that helps.
    Ive removed that just a few hours ago and the GPO and DNS problem exists for
    about 2 weeks now.

    Can I help by posting a unedited copy/paste of an ipconfig /all from a client?

    Best regards
     
    Harmjan Olthoff, Oct 9, 2008
    #16
  17. Hello Harmjan,

    Just do it. Let's see again.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #17
  18. sorry it's all in dutch but should quite unterstandable:

    Windows IP-configuratie

    Host-naam . . . . . . . . . . . .: bar05
    Primair DNS-achtervoegsel. . . . .: maddogs.local
    Knooppunttype . . . . . . . . . . : hybride
    IP-routering ingeschakeld. . . . .: nee
    WINS-proxy ingeschakeld . . . . . : nee
    DNS-achtervoegselzoeklijst. . . . : maddogs.local
    maddogs.local

    Ethernet-adapter LAN-verbinding:

    Verbindingsspec. DNS-achtervoegsel: maddogs.local
    Beschrijving . . . . . . . . . . .:
    Realtek RTL8139 Family PCI Fast Ethernet NIC #2
    Fysiek adres. . . . . . . . . . . : 00-02-44-22-D0-93
    DHCP ingeshakeld. . . . . . . . . : ja
    Autom. configuratie ingeschakeld. : ja
    IP-adres. . . . . . . . . . . . . : 192.168.2.6
    Subnetmasker. . . . . . . . . . . : 255.255.255.0
    Standaardgateway. . . . . . . . . : 192.168.2.1
    DHCP-server . . . . . . . . . . . : 192.168.2.101
    DNS-servers . . . . . . . . . . . : 192.168.2.101
    Primaire WINS-server. . . . . . . : 192.168.2.101
    Lease verkregen . . . . . . . . . : donderdag 9 oktober 2008 13:15:15
    Lease verlopen . . . . . . . . . : vrijdag 17 oktober 2008 13:15:15

    If nothing helps I guess the only optuin is to reinstall server, completely
    create a new domain and AD and import all the GPO's but that wil take quite a
    long time and I still don't know what went wrong, it all seems ok but DNS is
    not working as it should...
     
    Harmjan Olthoff, Oct 9, 2008
    #18
  19. Hello Harmjan,

    Please run dcdiag /v, netdiag /v and post the output here.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 9, 2008
    #19
  20. DCdiag:

    C:\Program Files\Support Tools>dcdiag /v

    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine dc01, is a DC.
    * Connecting to directory service on server dc01.
    * Collecting site info.
    * Identifying all servers.
    * Found 1 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\DC01
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    DC01's server GUID DNS name could not be resolved to an
    IP address. Check the DNS server, DHCP, server name, etc
    Although the Guid DNS name
    (6379012e-2c39-4d39-b96d-06b9ae726697._msdcs.maddogs.local) couldn't
    be resolved, the server name (dc01.maddogs.local) resolved to the IP
    address (192.168.2.101) and was pingable. Check that the IP address
    is registered correctly with the DNS server.
    ......................... DC01 failed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\DC01
    Skipping all tests, because server DC01 is
    not responding to directory service requests
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels

    Running enterprise tests on : maddogs.local
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the scope
    provided by the command line arguments provided.
    ......................... maddogs.local passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\dc01.maddogs.local
    Locator Flags: 0xe00003fd
    PDC Name: \\dc01.maddogs.local
    Locator Flags: 0xe00003fd
    Time Server Name: \\dc01.maddogs.local
    Locator Flags: 0xe00003fd
    Preferred Time Server Name: \\dc01.maddogs.local
    Locator Flags: 0xe00003fd
    KDC Name: \\dc01.maddogs.local
    Locator Flags: 0xe00003fd
    ......................... maddogs.local passed test FsmoCheck

    The netdiag.exe I got was wrong version so need to find the right one (2003
    R2)

    Best regards

    Harmjan
     
    Harmjan Olthoff, Oct 9, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.