[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 170
  • Last Modified:

AD Search issue detected

This problem first came to my attention when attempting to add a new user to our domain. Ours is a single domain consisting of 4 2003 servers (domain controller/file/print, SQL, Exchange 2003, and a Terminal Server). When creating the user a dialogue box indicates that the GC is un-contactable.
After some research I attempted to manually set the GC in exchange, the process started a search with the default location of "Entire Directory" (no option at this point for just the domain)which failed to locate our DC/GC. Following up, I attempted to find objects using the ADUC console (any of the servers other than the DC). Using the domain in the locations field of the Find utility works for all objects, using the Entire Directory location option fails for all objects. On my XP pro workstation using the following run command "rundll32.exe dsquery,OpenQueryWindow" or in ADUC on the DC I have no problems locating objects at all.
We have had recent DNS problems with the local forward lookup zone recreated - not using active directory and set as primary. If as I suspect it is a DNS related issue what is my next step to resolve?

DNS Setup - primary, not using active directory, set to use the ISP DNS for Internet access. Servers are manually set with IP address, gateway and DNS (Local DC). Workstations are using DHCP with an additional secondary DNS included – the ISP DNS server. This secondary was configured temporarily resolve a DNS/Browsing issue several weeks ago and not as yet reversed. To resolve that problem the Forward lookup zone was deleted and recreated.
0
ozshag
Asked:
ozshag
  • 9
  • 8
1 Solution
 
Jay_Jay70Commented:
Hi ozshag,

you should have your DNS primary pointing to itself on the server with the ISP as a forwarder,
and clients pointing to the server as primary - this is crucial

fromy our question i take it you havent set that up?

Cheers!
0
 
ozshagAuthor Commented:
Jay,
In DNS, the server properties has the ISP's DNS set as the only forwarder address, with the simple and recursive tests both passed. In the properties of the forward lookup zone the Name Server and the State of Authority are set as the server FQDN. On the Interface the prefered DNS server is its own IP address.

Thanks for the reply,

0
 
Jay_Jay70Commented:
hey mate

does your dns log through up any errors?
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
ozshagAuthor Commented:
No errors since the forward lookup was deleted and recreated at the begining of the month. The only enties are for server shut down/start up - nothing out of norm.

0
 
Jay_Jay70Commented:
which server carries the GC role   -  sorry to ask such little questions im just trying to narrow down and get a grasp on your setup
0
 
ozshagAuthor Commented:
The setup was built in one go in Jan. The main server is an Optima duel xeon which is our only DC and GC by default. The other three servers are IBM rack mount 1RU single Xeon that are configured for Exchange 2003, SQL 2000, and Termiinal Server. All has been going well aside from two issues. Firstly was the DNS issue that prevented Internet browsing. As mentioned i used a quick fix (DHCP - secondry DNS server setting) to get the users off my back while i worked through the issues. Ultimatly i deleted the local forward lookup zone and recreated with the before mentioned settings. That was at the begining of this month. The other issue that i had was with Exchange. That was simply resolved with the application of SP1 (prior to the DNS issue).
The only thing that has changed since the DNS was delt with is the introduction of Blackberry Server to the SQL server. It was actually when attempting to create an admin user for blackberry that the issue was detected. At this point I don't really think that the blackberry has a part in the issue.

Fire away with as many qusetions as you like, i'm real keen to get past this one.

Cheers,
0
 
Jay_Jay70Commented:
from rereading your question up top, your DNS zones (ther recreated one) is not active directory integrated yes? why so?
0
 
ozshagAuthor Commented:
Correct, only DNS server in the domain with no replication.

The original config of DNS was integrated, this did produce event log entries regarding replication - "fix or ignor". When i needed to re do i simply omitted that check box option.

0
 
Jay_Jay70Commented:
i would make them AD integrated and work through the issues that it causes    AD integrated DNS is much nicer to work with   but its your call
0
 
ozshagAuthor Commented:
AD Integrated has been set, no change in the search issue. Other than the relocation of DNS there are no new entries in the DNS event log on the DC.
0
 
Jay_Jay70Commented:
hmm clutching at straws a little bit

on the server

ipconfig /flushdns
ipconfig /registerdns

see whether that makes any difference
0
 
ozshagAuthor Commented:
The following event was found in the System Log after the registerdns. Also verified tat the find operaton in the Entire Directory has not changed.

 
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {B771F91F-6B07-42C3-86EB-0B7C884679E3}
   Host Name : XXXXX-exch
   Primary Domain Suffix : XXXXX.local
   DNS server list :
           192.168.1.10
   Sent update to server : 192.168.1.10
   IP Address(es) :
     192.168.1.15

 The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

 You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
0
 
Jay_Jay70Commented:
what is that .15 address? is that of any importance
0
 
ozshagAuthor Commented:
.15 is the exchange server, i ran the flush/register there.
Is that what you indended, to run the commands from the member servers having the problem or did you intend me to run it on the DC/DNS server?
0
 
Jay_Jay70Commented:
both!
0
 
ozshagAuthor Commented:
Jay thankyou very much for your interest. The problem has just been solved with the following at the command prompt;

net stop dns
net stop netlogon
ipconfig /flushdns
net start dns
net start netlogon
ipconfig /registerdns
dcdiag /fix
netdiag /fix

For your support i would likke to give you part points (as soon as i work out how!)
Thanks again
Dave.
0
 
Jay_Jay70Commented:
excellent mate,

very glad you got it sorted and also glad that we were looking down the right track towards the end - makes me feel a bit better that we werent going nowhere!!

you can accept an answer by simply selecting an answer and hitting accept on the side - only accept if you feel i helped though and on the answer that did actually help :)

otherwise you can get your points back :)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now