Windows Server 2003 AD and File Server issues with DNS
I need some real help. I just took a new job which had a Windows 2003 server and XP pro clients. They had a workgroup file share going on and all the clients had admin priveledges. So I changed all this. Now I have big problems. Here is what I have now.
I changed the file server to be a domain controller AD as well as a file server. I called the domain AATCINC through the wizard. The server is called aatc-server. The server static IP is 192.168.1.111. All the XP pro's had all static address's when I got there so I just left them. I have a router from quest who's address is 192.168.1.1.
Now the problems. 1. Very slow response times. I thought I fixed this by adding a reg edit of TcpAckFrequency in a tcpip key. This did work for the day, but when I come in the morning I notice slow responses again. I noticed and error in the Event Veiwer of DNS failed Error 4007. I have something configured wrong. Because when this happens, my mapping is all slow again.
I proved this by rebooting the server. I lost connections or slow mapped responses immediately.
I know it has to be something to do with TCPIP.
Some of my questions are
What should my TCPIP settings be on the server? the XP clients?
eg. on an XP pro
Static
192.168.1.68
gateway
192.168.1.1
pri Dns
192.168.1.1
I was going to put 192.168.1.111
wins
192.168.1.111
Is the router acting as a DNS?
How do I configure the DNS on the aatc-server (not a public server). I have a zone. It says AATCINC. what do i do there?
Any help is much appreciated. The employees are going to strangle me soon.
Todd
I changed the file server to be a domain controller AD as well as a file server. I called the domain AATCINC through the wizard. The server is called aatc-server. The server static IP is 192.168.1.111. All the XP pro's had all static address's when I got there so I just left them. I have a router from quest who's address is 192.168.1.1.
Now the problems. 1. Very slow response times. I thought I fixed this by adding a reg edit of TcpAckFrequency in a tcpip key. This did work for the day, but when I come in the morning I notice slow responses again. I noticed and error in the Event Veiwer of DNS failed Error 4007. I have something configured wrong. Because when this happens, my mapping is all slow again.
I proved this by rebooting the server. I lost connections or slow mapped responses immediately.
I know it has to be something to do with TCPIP.
Some of my questions are
What should my TCPIP settings be on the server? the XP clients?
eg. on an XP pro
Static
192.168.1.68
gateway
192.168.1.1
pri Dns
192.168.1.1
I was going to put 192.168.1.111
wins
192.168.1.111
Is the router acting as a DNS?
How do I configure the DNS on the aatc-server (not a public server). I have a zone. It says AATCINC. what do i do there?
Any help is much appreciated. The employees are going to strangle me soon.
Todd
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check this link to see whether you missed anything....
http://www.windowsreference.com/windows-2003/step-by-step-guide-for-windows-server-2003-domain-controller-and-dns-server-setup/
http://www.windowsreference.com/windows-2003/step-by-step-guide-for-windows-server-2003-domain-controller-and-dns-server-setup/
DNS is VITAL to a quick response in an Active Directory domain. I suggest you review some of the links on my web page to better understand what you are doing with it - http://www.lwcomputing.com/tips/static/dns.asp
In summary, the server's TCP/IP DNS settings should point ONLY to itself;
The workstation's TCP/IP DNS should point ONLY to the AD DC(s) running DNS - NEVER include another NON-AD DNS server as this can cause sporadic problems. More info in the link above.
In summary, the server's TCP/IP DNS settings should point ONLY to itself;
The workstation's TCP/IP DNS should point ONLY to the AD DC(s) running DNS - NEVER include another NON-AD DNS server as this can cause sporadic problems. More info in the link above.
I will put all these suggestions to use in the morning.
Just one thing on the aatc-server that is 192.168.1.111. For its TCPIP properties, the Pri DNS should read only 192.168.1.111 and do not add the router IP as 2nd? Should I put this on the XP's as well ? should i take the statics off? The XP's have 192.168.1.1 (router) for the pri DNS as they sit now.
I will turn DHCP off on the router. Anything else with the router? I will also post IP config all tomorrow and read the links.
Just one thing on the aatc-server that is 192.168.1.111. For its TCPIP properties, the Pri DNS should read only 192.168.1.111 and do not add the router IP as 2nd? Should I put this on the XP's as well ? should i take the statics off? The XP's have 192.168.1.1 (router) for the pri DNS as they sit now.
I will turn DHCP off on the router. Anything else with the router? I will also post IP config all tomorrow and read the links.
You have to have DNS to run AD.
It sounds like you probably have a couple of issues going on.
I would look into these issues in the following order:
1. Ensure DNS is setup properly on the Domain Controller.
a. Open up DNS and Right Click on your server --> properties
b. Click on the Root Hints - if you have root hints you will see several different root servers. (ie. m.root-servers.net 202.x.x.x , f.root-servers.net 192.5.x.x)
c. If you do not see any root hints, for a quick fix --> go to the forwarders tab
under - Selected Domain's forwarder IP address type in 4.2.2.3 and Add
This will at the very least forward to a known public DNS server. You should also add any DNS servers that your ISP has given you to use.
2. Ensure that the IP settings on the Domain Controller are:
a. Static settings -- Server IP: 192.168.1.5 255.255.255.0 GW: 192.168.1.1
b. For the DNS settings - put the IP address of the Domain Controller : 192.168.1.5
c. for the WINS settings - if you are using WINS -- IP address: 192.168.1.5
3. Either set up DHCP or change all workstations DNS settings to: 192.168.1.5 and if you are using WINS, put the IP address to: 192.168.1.5
4. I would reboot the workstations, but if you can't, go to a command prompt and type in: ipconfig /flushdns --> press enter, then: type in: ipconfig /registerdns --> press enter.
You shouldn't have to mess with the actual zone within DNS. Typically that gets set up correctly when you DCPROMO initially.
Have you added the workstations to the domain?
It sounds like you probably have a couple of issues going on.
I would look into these issues in the following order:
1. Ensure DNS is setup properly on the Domain Controller.
a. Open up DNS and Right Click on your server --> properties
b. Click on the Root Hints - if you have root hints you will see several different root servers. (ie. m.root-servers.net 202.x.x.x , f.root-servers.net 192.5.x.x)
c. If you do not see any root hints, for a quick fix --> go to the forwarders tab
under - Selected Domain's forwarder IP address type in 4.2.2.3 and Add
This will at the very least forward to a known public DNS server. You should also add any DNS servers that your ISP has given you to use.
2. Ensure that the IP settings on the Domain Controller are:
a. Static settings -- Server IP: 192.168.1.5 255.255.255.0 GW: 192.168.1.1
b. For the DNS settings - put the IP address of the Domain Controller : 192.168.1.5
c. for the WINS settings - if you are using WINS -- IP address: 192.168.1.5
3. Either set up DHCP or change all workstations DNS settings to: 192.168.1.5 and if you are using WINS, put the IP address to: 192.168.1.5
4. I would reboot the workstations, but if you can't, go to a command prompt and type in: ipconfig /flushdns --> press enter, then: type in: ipconfig /registerdns --> press enter.
You shouldn't have to mess with the actual zone within DNS. Typically that gets set up correctly when you DCPROMO initially.
Have you added the workstations to the domain?
Hi
As mentioned in my earlier comment...
DNS Entries For DC & XP ----- 192.168.1.111
Thanks
Nitin
As mentioned in my earlier comment...
DNS Entries For DC & XP ----- 192.168.1.111
Thanks
Nitin
netcepter - read the links on the link I posted. When you list non-AD DNS servers you can have SPORADIC network performance issues.
Active Directory uses DNS to locate network resources. If your clients have an ISP (NON-AD DNS) listed, and they happen to end up using your ISP when they try asking "where's the domain controller" the ISP has NO IDEA because they are not maintaining your active directory DNS (and Most ISPs wouldn't even if you asked and offered to pay). Don't fall into the trap of thinking "well, it's secondary" - I've read articles by reputable experts who indicate in their testing, a secondary DNS CAN be used even when the primary SHOULD be used.
Active Directory uses DNS to locate network resources. If your clients have an ISP (NON-AD DNS) listed, and they happen to end up using your ISP when they try asking "where's the domain controller" the ISP has NO IDEA because they are not maintaining your active directory DNS (and Most ISPs wouldn't even if you asked and offered to pay). Don't fall into the trap of thinking "well, it's secondary" - I've read articles by reputable experts who indicate in their testing, a secondary DNS CAN be used even when the primary SHOULD be used.
Sorry to interupt the weekend. I'm here at work because it's difficult to troubleshoot while people need the PC. A couple of things.
Here is the IP config all on the server
Windows IP Configuration
Host Name . . . . . . . . . . . . : aatc-server
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-77-F1-D0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.111
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.111
Primary WINS Server . . . . . . . : 192.168.1.111
C:\Documents and Settings\Administrator.AAT
Here is my XP Box
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.68
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
I have tried a couple of TCPIP settings. First the XP's don't seem to like the PRI DNS as being 192.168.1.111. However if I put PRI DNS as 192.168.1.1, I can see the network on mapping drives.
I have read the links and when I did create an AD I followed those steps. It said it installed correctly. The DNS Properties for AATC-SERVER has these items.
Interfaces (select this address)
192.168.1.111
Forwarders
192.168.1.1
192.168.1.0
LOTS OF ROOT HINTS. I did not add any new ones
Forward look up zone is AATCINC Type is Active Directory Integrated.
I did turn off the AATCINC DHCP reference on the Adtran Router which I think may have helped.
Question. Why do the xp's like the 192.168.1.1? When I changed to 192.168.1.111 the internet was very sluggish and I could not see the server or other XP's when trying to map. Although I could manually map.
One last thing. On the Adtran Netvanta 1335. There is a reference to Hostname/DNS. When I click on that it gives me this.
DNS Setup
Configure the hostname and domain name for the NetVanta. The domain name is used when hosts on the private network of the NetVanta use DNS queries to resolve domain names.
HostName: AATCHOST
Domain: AATCINC
PRI DNS IP ADDRESS: 205.171.3.65
SEC DNS IP ADDRESS: 205.171.3.65
Sincerely in need of help
Net
Here is the IP config all on the server
Windows IP Configuration
Host Name . . . . . . . . . . . . : aatc-server
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-77-F1-D0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.111
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.111
Primary WINS Server . . . . . . . : 192.168.1.111
C:\Documents and Settings\Administrator.AAT
Here is my XP Box
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.68
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
I have tried a couple of TCPIP settings. First the XP's don't seem to like the PRI DNS as being 192.168.1.111. However if I put PRI DNS as 192.168.1.1, I can see the network on mapping drives.
I have read the links and when I did create an AD I followed those steps. It said it installed correctly. The DNS Properties for AATC-SERVER has these items.
Interfaces (select this address)
192.168.1.111
Forwarders
192.168.1.1
192.168.1.0
LOTS OF ROOT HINTS. I did not add any new ones
Forward look up zone is AATCINC Type is Active Directory Integrated.
I did turn off the AATCINC DHCP reference on the Adtran Router which I think may have helped.
Question. Why do the xp's like the 192.168.1.1? When I changed to 192.168.1.111 the internet was very sluggish and I could not see the server or other XP's when trying to map. Although I could manually map.
One last thing. On the Adtran Netvanta 1335. There is a reference to Hostname/DNS. When I click on that it gives me this.
DNS Setup
Configure the hostname and domain name for the NetVanta. The domain name is used when hosts on the private network of the NetVanta use DNS queries to resolve domain names.
HostName: AATCHOST
Domain: AATCINC
PRI DNS IP ADDRESS: 205.171.3.65
SEC DNS IP ADDRESS: 205.171.3.65
Sincerely in need of help
Net
I know this is strange, But one last thing before i go home. The XP that did not see the networl on 192.168.1.111 and then did on 192.168.1.1 is a brand new box, formatted and installed with all updates. However my system. That has has a PRI DNS of 192.168.1.111 does see the network anyway. Just another confusing issue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
henjoh09
So put the forwarder as
205.171.3.65
205.171.3.65
Not 192.168.1.1
There are some other IP address's on the router as well, but I think those are used differently. They are the asssigned numbers from our ISP to enter from outside the network. Meaning when I am home I can access the company router when I type them in. I shouldn't use those right?
192.168.1.0 is one that is listed in the those router numbers. It says connected. However is does not work when I type 192.168.1.0 in but the others I can log in to my router.
Net
So put the forwarder as
205.171.3.65
205.171.3.65
Not 192.168.1.1
There are some other IP address's on the router as well, but I think those are used differently. They are the asssigned numbers from our ISP to enter from outside the network. Meaning when I am home I can access the company router when I type them in. I shouldn't use those right?
192.168.1.0 is one that is listed in the those router numbers. It says connected. However is does not work when I type 192.168.1.0 in but the others I can log in to my router.
Net
qupnit,
Does the config /all help at all?
Net
Does the config /all help at all?
Net
No, DNS forwarders isn't related to be able to access the router from the outside. For that purpose, you nead to configure port mapping in the firewall/router.
Forwarders is used on the DNS server to let the DNS server know where it shall send unresolved DNS queries. Cleanup the forwarders and get rid of unnecessary/incorrect entries and only use the ISP servers as forwarders.
Forwarders is used on the DNS server to let the DNS server know where it shall send unresolved DNS queries. Cleanup the forwarders and get rid of unnecessary/incorrect entries and only use the ISP servers as forwarders.
Things look a little better here. I have the Server 2003 pointing to itself and the forwarders are pointed to the routers dns server IP's. The DHCP is turned off within the router. It still looks as if each morning all the clients have to re-boot. In other words it works all day and then when we all come in we lose connections if the PC's are running all night.
Any ideas?
Any ideas?
Can you post a ipconfig/all for the clients?
henjoh09,
Thanks for taking the time to look. Here is my client ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : it-manager
Primary Dns Suffix . . . . . . . : AATCINC
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : AATCINC
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-16-E6-8A-E7-22
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.68
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.111
Thanks for taking the time to look. Here is my client ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : it-manager
Primary Dns Suffix . . . . . . . : AATCINC
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : AATCINC
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-16-E6-8A-E7-22
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.68
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.111
Help?
Does my settings look ok?
Anybody?
Does my settings look ok?
Anybody?
Yes, the IP-config looks better now when both client and server use the internal server. Have you verified that the name resolving works as expected?
nslookup .
nslookup -q=srv _ldap._tcp.
Comparing the output from client and server, the server is configured for WINS, but not the clients? Shouldn't matter when DNS has higher priority than WINS, but to pass that out configure the clients to have the same WINS-settings as the server and ensure that the services on the server is running.
nslookup .
nslookup -q=srv _ldap._tcp.
Comparing the output from client and server, the server is configured for WINS, but not the clients? Shouldn't matter when DNS has higher priority than WINS, but to pass that out configure the clients to have the same WINS-settings as the server and ensure that the services on the server is running.
Thats good, thats what we have been suggesting...:-) !
Hope things are ok now...
Hope things are ok now...
I have resolved my issues. Thanks to you all. There are three very important things that I needed to do. One I had done and the other two were suggested by gupnit and henjoh09. Thanks much to the both of you as I hope you both think it is fair to split the points. What needed to happen was
A. gupnit's suggestion to shut down the router DHCP as it was on..... Thanks for the suggestion
B. DNS forwarders were way off. Thanks henjoh09!
C. My record A was somehow deleted and needed to be reinstalled in the DNS. Also, I added reverse lookup.
What a training lesson. Thanks to all that supported this thread!
Net
A. gupnit's suggestion to shut down the router DHCP as it was on..... Thanks for the suggestion
B. DNS forwarders were way off. Thanks henjoh09!
C. My record A was somehow deleted and needed to be reinstalled in the DNS. Also, I added reverse lookup.
What a training lesson. Thanks to all that supported this thread!
Net
might want to do a performance monitor and see if the avg. disk queue length is high. this would indicate you have a hard drive bottleneck
if you don't have a wins server you don't need to specify that option. if your DC a DNS server also? you may want to consider making it an AD-integrated dns server