DNS Problem with Windows Server 2008 R2

October 4, 2012 at 06:13:19
Specs: Windows Server 2008 R2
We are experiencing a problem with converting our Server 2008 r2 to an AD domain controller.

Previously:
1 Windows Server 2003, running Active Directory, DNS, DHCP for the LAN.
1 Server 2008 r2 running Voicemail, Print, E-mail servers only.
This setup worked fine.

Now:

We installed active directory on the new server, updated the 2003 server to be compatible, and thus have 2 Domain Controllers for the domain.
New server experiences a problem where it randomly begins having DNS issue which prevent it from resolving our Local Network name, or being able to be browse any web pages. This disables all of our voicemail, printing, and emailing for the whole office until we get it connected to our network name again. However, internet access and local network access for all office users is uninterrupted.
Problem is temporarily remedied by restarting the computer, changing LAC settings to obtain ip/dns automatically and then changing back to static ip settings, or just disabling the adapter and re-enabling it. Sometimes a combination of all these is needed to get the server to communicate with our network properly again and restore services.
The DNS Server Role WAS installed on the new server but in attempts to isolate the problem we uninstalled it, and the problem still occurs. DHCP is not installed on the new server either, only AD, voicemail, print, email.

The Internet configurations:

old server: Primary DNS server is itself, with the DNS server service configured to forward DNS requests to external openDNS servers.

new server: Primary DNS server IP is the OLD server, the same configuration used on all computers in our office which works fine for all except this server.

Again, the connection could work for hours or sometimes days before randomly breaking and then having to go through these steps to fix it. Any help would be GREATLY appreciated, as we simply don't know what is wrong with the configuration.


See More: DNS Problem with Windows Server 2008 R2

Report •

#1
October 4, 2012 at 09:25:53
Are there any event id's in the Event Log? Have you noticed any patterns as to when it happens? Is the DNS service running when this occurs? If not it may be crashing for some reason.

Tony


Report •

#2
October 4, 2012 at 09:46:02
here's the error from Active Directory Role:

Description:
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.

No patterns really to when it happens, and the DNS CLIENT service (as in going to your Services panel, not the DNS Role on the server) is running when it happens. Disabling and re-enabling it does not, on its own anyway, fix the problem. the DNS SERVER service we have since disabled as we have been trying to solve the problem and/or isolate it to a specific service. It seems like it may be an issue with the 2 domain controllers not being configured to work in the same forest properly? Not sure here..


Report •

#3
October 4, 2012 at 10:30:26
Next time it happens, try to do a direct DNS query using NSLOOKUP against the opendns server from your DNS server and see what the result is. It could all boil down to the outside DNS server being unreachable.

--
Andrew Leonard
BL Technical Services
Emergency IT Support


Report •

Related Solutions

#4
October 4, 2012 at 10:37:06
Hey thanks for the reply. But if that were the case, internet and DNS resolution for the entire office would go down with it, not just for the server 2008 machine, right? If the server is configured to connect to the internet the exact same way as all the other machines, why is it the only one who gets DNS problems?

I should also point out that during these down-periods, nslookup works, ping-ing outside hostnames works, everything seems like it should work. But then you go to the browser, no dice, and you then find out that your not connected to our local network, it connects to some arbitrary name like "Network 4" and claims internet access but doesn't actually work.


Report •

#5
October 4, 2012 at 10:42:26
Post the output of
dcdiag /test:dns /v

Tony


Report •

#6
October 4, 2012 at 10:46:29
EDIT:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.COMPANY2003>DCDIAG /TEST:DNS

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = COMPANY2K8
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\COMPANY2K8
Starting test: Connectivity
......................... COMPANY2K8 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\COMPANY2K8

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... COMPANY2K8 passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : COMPANY2003

Running enterprise tests on : COMPANY2003.local
Starting test: DNS
......................... COMPANY2003.local passed test DNS

C:\Users\Administrator.COMPANY2003>dcdiag /test:dns /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine COMPANY2K8, is a Directory Server.
Home Server = COMPANY2K8
* Connecting to directory service on server COMPANY2K8.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=COMPANY2003,DC=lo
cal,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=COMPANY2003,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=COMPANY2003,DC=lo
cal,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=COMPANY2K3,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=COMPANY2003,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=COMPANY2K8,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=COMPANY2003,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\COMPANY2K8
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... COMPANY2K8 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\COMPANY2K8
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... COMPANY2K8 passed test DNS

Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running partition tests on : COMPANY2003
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation

Running enterprise tests on : COMPANY2003.local
Starting test: DNS
Test results for domain controllers:

DC: COMPANY2K8.COMPANY2003.local
Domain: COMPANY2003.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level
: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is not a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Clien
t):

MAC address is D4:AE:52:B9:E0:5C
IP address: 192.168.2.116
DNS servers:
192.168.2.5 (COMPANY2K3) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found

TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Clien
t):

Matching CNAME record found at DNS server 192.168.2.5:
ff519358-e668-40e4-981e-b779f98b4d3a._msdcs.COMPANY2003.local

Matching A record found at DNS server 192.168.2.5:
COMPANY2K8.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.f2aa6a4d-26bb-44b5-9d84-19b3ea9a8748.domains._ms
dcs.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_kerberos._tcp.dc._msdcs.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.dc._msdcs.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_kerberos._tcp.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_kerberos._udp.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_kpasswd._tcp.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.Default-First-Site-Name._sites.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.NJA
R2003.local

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.COMPANY200
3.local

Matching SRV record found at DNS server 192.168.2.5:
_kerberos._tcp.Default-First-Site-Name._sites.COMPANY2003.loca
l

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.gc._msdcs.COMPANY2003.local

Matching A record found at DNS server 192.168.2.5:
gc._msdcs.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_gc._tcp.Default-First-Site-Name._sites.COMPANY2003.local

Matching SRV record found at DNS server 192.168.2.5:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.COMPANY200
3.local


Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 192.168.2.5 (COMPANY2K3)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: COMPANY2003.local
COMPANY2K8 PASS PASS n/a n/a n/a PASS n/a

......................... COMPANY2003.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite


Report •

#7
October 4, 2012 at 11:06:20
That all looks good. You may want to run this again the next time the outage occurs to see what differences there may be so you know where the problem may occur.

Next time it happens see if you can ping local nodes by FQDN and IP address from the server having issues. If it's not a VM, you may also want to check the physical NIC and run the diagnostic utility if one is available.

You can check if your forest is configured and functional by running dcdiag /a /v.

Tony


Report •

#8
October 4, 2012 at 11:09:45
Ok i just ran the DNS test on the old 2003 server thats handling DNS, and got all kinds of errors here. Could you maybe explain any of this?


mary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.222.222 (<name unavailable>) [Invalid]
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreach
able)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreac
hable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS server

TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone COMPANY2003.local.
Test record _dcdiag_test_record added successfully in zone NJA
R2003.local.
Test record _dcdiag_test_record deleted successfully in zone N
JAR2003.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Marvell Yukon 88E8050 PCI-E ASF Gig
abit Ethernet Controller:
Matching A record found at DNS server 192.168.2.5:
COMPANY2K3.COMPANY2003.local

Matching CNAME record found at DNS server 192.168.2.5:
9c5dbe67-543b-48cf-9b69-f2dca48d33ff._msdcs.COMPANY2003.local

Matching DC SRV record found at DNS server 192.168.2.5:
_ldap._tcp.dc._msdcs.COMPANY2003.local

Matching GC SRV record found at DNS server 192.168.2.5:
_ldap._tcp.gc._msdcs.COMPANY2003.local

Matching PDC SRV record found at DNS server 192.168.2.5:
_ldap._tcp.pdc._msdcs.COMPANY2003.local

Network Adapter [00000008] Intel(R) PRO/1000 MT Network Connec
tion:
Matching A record found at DNS server 192.168.2.5:
COMPANY2K3.COMPANY2003.local

Matching CNAME record found at DNS server 192.168.2.5:
9c5dbe67-543b-48cf-9b69-f2dca48d33ff._msdcs.COMPANY2003.local

Matching DC SRV record found at DNS server 192.168.2.5:
_ldap._tcp.dc._msdcs.COMPANY2003.local

Matching GC SRV record found at DNS server 192.168.2.5:
_ldap._tcp.gc._msdcs.COMPANY2003.local

Matching PDC SRV record found at DNS server 192.168.2.5:
_ldap._tcp.pdc._msdcs.COMPANY2003.local

Error: Missing A record at DNS server 208.67.222.222 :
COMPANY2K3.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing CNAME record at DNS server 208.67.222.222 :
9c5dbe67-543b-48cf-9b69-f2dca48d33ff._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing DC SRV record at DNS server 208.67.222.222 :

_ldap._tcp.dc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing GC SRV record at DNS server 208.67.222.222 :

_ldap._tcp.gc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing PDC SRV record at DNS server 208.67.222.222
:
_ldap._tcp.pdc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing A record at DNS server 208.67.220.220 :
COMPANY2K3.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing CNAME record at DNS server 208.67.220.220 :
9c5dbe67-543b-48cf-9b69-f2dca48d33ff._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing DC SRV record at DNS server 208.67.220.220 :

_ldap._tcp.dc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing GC SRV record at DNS server 208.67.220.220 :

_ldap._tcp.gc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing PDC SRV record at DNS server 208.67.220.220
:
_ldap._tcp.pdc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing A record at DNS server 167.206.112.138 :
COMPANY2K3.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing CNAME record at DNS server 167.206.112.138 :

9c5dbe67-543b-48cf-9b69-f2dca48d33ff._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing DC SRV record at DNS server 167.206.112.138
:
_ldap._tcp.dc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing GC SRV record at DNS server 167.206.112.138
:
_ldap._tcp.gc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing PDC SRV record at DNS server 167.206.112.138
:
_ldap._tcp.pdc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing A record at DNS server 167.206.7.4 :
COMPANY2K3.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing CNAME record at DNS server 167.206.7.4 :
9c5dbe67-543b-48cf-9b69-f2dca48d33ff._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing DC SRV record at DNS server 167.206.7.4 :
_ldap._tcp.dc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing GC SRV record at DNS server 167.206.7.4 :
_ldap._tcp.gc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Error: Missing PDC SRV record at DNS server 167.206.7.4 :
_ldap._tcp.pdc._msdcs.COMPANY2003.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

Warning: Record Registrations not found in some network adapters

Summary of test results for DNS servers used by the above domain contro
llers:

DNS server: 208.67.222.222 (<name unavailable>)
2 test failures on this DNS server
This is a valid DNS server
Name resolution is not functional. _ldap._tcp.COMPANY2003.local. fai
led on the DNS server 208.67.222.222
[Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is a valid DNS server
Name resolution is not functional. _ldap._tcp.COMPANY2003.local. fai
led on the DNS server 208.67.220.220
[Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107
[Error details: 1460 (Type: Win32 - Description: This operation r
eturned because the timeout period expired.)]

DNS server: 167.206.112.138 (<name unavailable>)
1 test failure on this DNS server
This is a valid DNS server
Name resolution is not functional. _ldap._tcp.COMPANY2003.local. fai
led on the DNS server 167.206.112.138
[Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

DNS server: 167.206.7.4 (<name unavailable>)
1 test failure on this DNS server
This is a valid DNS server
Name resolution is not functional. _ldap._tcp.COMPANY2003.local. fai
led on the DNS server 167.206.7.4
[Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 1460 (Type: Win32 - Description: This operation r
eturned because the timeout period expired.)]

DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 192.168.2.5 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the fores
t root domain is registered

DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: COMPANY2003.local
COMPANY2K3 PASS FAIL FAIL PASS PASS WARN n/a

......................... COMPANY2003.local failed test DNS


Report •

#9
October 4, 2012 at 11:12:53
in the dcdiag /a /v test on the old machine, all tests seem to pass EXCEPT systemlog test fails for both the old and new server.

Report •

#10
October 4, 2012 at 11:29:07
Can you post the output of ipconfig /all from both your DC/DNS servers. Also, when you say you updated your 2003 to match, do you mean it is now running 2008[r2]?

Tony


Report •

#11
October 4, 2012 at 11:42:16
No, I mean we had to run ADPREP on the old server to allow it to share a forest with the 2008 server for active directory. We followed the directions pretty exactly and all things went well, and the servers both recognize one another as Domain Controllers, aren't reporting any communication errors, etc.


Here's the IPConfig results:


New 2008 Server:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.COMPANY2003>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : COMPANY2K8
Primary Dns Suffix . . . . . . . : COMPANY2003.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : COMPANY2003.local

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
VBD Client) #31
Physical Address. . . . . . . . . : D4-AE-52-B9-E0-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
VBD Client) #28
Physical Address. . . . . . . . . : D4-AE-52-B9-E0-5C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.5
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FB98616F-5B1E-400C-897D-77DCACF1A006}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A3B6E04F-5151-481A-B788-AA699E9A0CAD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Old 2003 Server:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : COMPANY2K3
Primary Dns Suffix . . . . . . . : COMPANY2003.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : COMPANY2003.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : COMPANY2003.local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-04-23-CE-FA-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.134
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.5
DNS Servers . . . . . . . . . . . : 192.168.2.5
208.67.222.222
208.67.220.220
167.206.112.138
167.206.7.4
Primary WINS Server . . . . . . . : 192.168.2.5
Lease Obtained. . . . . . . . . . : Monday, October 01, 2012 5:37:47 PM
Lease Expires . . . . . . . . . . : Monday, October 08, 2012 5:37:47 PM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8050 PCI-E ASF Gigabit E
thernet Controller
Physical Address. . . . . . . . . : 00-04-23-CE-FA-A5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.5
NetBIOS over Tcpip. . . . . . . . : Disabled



Report •

#12
October 4, 2012 at 12:08:24
It looks like a lot of DNS records are missing or have been deleted. If you open the DNS snap-in can you see the records?

How is your DNS record scavenging configured? If you set your scavenging age too low it can delete critical records and hose the entire zone.

Check this.

Tony


Report •

#13
October 4, 2012 at 12:25:33
Well since the previous server acting alone never had any problems of this sort, we haven't changed any of those settings. If it was something like that, where the DNS settings were configured incorrectly on the DNS server for our network, I don't see how DNS could fail ONLY on the 2008 server, but internet/LAN connectivity continues working fine for everyone else. And that the problem really only comes and goes and that it's not a permanent issue is especially confusing.

Report •

#14
October 4, 2012 at 12:53:53
Does flushing the DNS cache on the 2008 box help?

Have you tried querying an external DNS server directly?

nslookup google.com 4.2.2.1

EDIT:

I found this article on Technet that you may want to read through.

It also looks like you have records for the OpenDNS servers. You should not have records for them, but rather configure a DNS forwarder with the OpenDNS addresses.

EDIT2:

You also don't need to configure external DNS servers on your DNS server. If you want to use external DNS servers you should configure them as forwarders.

Tony


Report •

#15
October 4, 2012 at 13:54:39
Thanks again for your help,

How would I remove the OpenDNS records from the DNS server? As far as I can tell, the OpenDNS servers ARE only listed under forwarders for the 2003 DNS server. If there is somewhere I am missing, how would I find that? Again, the 2008 server is currently not installed to be a DNS server at all. It should be acting as a client, but is this not possible when Active Directory is running?
EDIT: nevermind, as long as there is a DNS server on the network AD should function properly.


Report •

#16
October 4, 2012 at 14:08:40
Those IP's are showing up because you probably have them set in your TCP/IP properties. Remove the following DNS addresses from your TCP/IP settings:

208.67.222.222
208.67.220.220
167.206.112.138
167.206.7.4

You should only be configuring local DNS servers in your TCP/IP properties, and let either root hints or forwarders handle external name resolution.

After doing that run dcdiag /test:dns from your 2003 DNS server again.

Have you configured a reverse lookup zone?

I would also remove any root hints servers that are reporting errors.

Tony


Report •

#17
October 4, 2012 at 14:13:41
Hey,

I see those in the command prompt, but they are only there for the secondary Network Card, which isn't used or enabled. However, in that card's TCP settings, it is interesting because it is set to Obtain ip/dns automatically. So somewhere in the settings, automatic DNS settings are including those DNS ip's, I suppose. But for the network card that actually does get used, the only DNS server is 192.168.2.5

I would still like to find out why those IP's are being included.


Report •

#18
October 4, 2012 at 15:48:08
Most like your DHCP server is handing them out, or they are configured under the Advanced TCP/IP settings under the DNS tab.

Tony


Report •

Ask Question