Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Repair/rebuild DNS on SBS 2003 (pre sp1)

Posted on 2007-09-18
17
Medium Priority
?
10,329 Views
Last Modified: 2012-08-01
I repaired a network issue the other day which was simply DNS pointing to the ISP instead of the SBS, for a colleagues client. However, looking at the SBS I noticed DNS was a mess, and lots of cannot find server errors in the event logs. Surprised it even worked. Looks almost as if someone manually tried to edit DNS, as there were random entries like SOAs for server.domain. as well as server.domain.local

Normally, it would be possible to uninstall DNS and re-install, or re-run the Configure DNS Wizard in dnsmgmt.msc, however being SBS, I suspect there would be side effects. I did run the CEICW to repair the DNS/Forwarders but it had no effect on the rest. Any recommendations? I may never see this server again as it is not my client, so I cannot test the recommendations, but curious if there is an option to rebuild DNS on a SBS, short of a clean install. The latter would be my choice, at least in this case, due to other problems if I had control.

Thanks,
--Rob
0
Comment
Question by:Rob Williams
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +2
17 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 19917229
Just delete and re-create the forward lookup zone for the domain, it should do the rest automatically.
0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19917354
I know that is fine with Server 2003, but I was concerned with all the integrated components of SBS. Any risks that you can think of ? It is not recommended with SBS to manually configure or even use the Wizard within the DNS management console.
0
 
LVL 39

Assisted Solution

by:Philip Elder
Philip Elder earned 400 total points
ID: 19918040
In Computer Management: Right Click on DHCP and go to properties. Make sure that the administrator's user name and password are in the Credentials button under Advanced. If not, set them and hit APPLY and OK before going on. Without those credentials, your DNS will not update properly either.
On the DNS tab:
Tick: Enable DNS dynamic updates according...
   Always dynamically update DNS A and PTR records
Tick: Diskcard A and PTR records when lease is deleted
Tick: Dynamically update DNS A and PTR records for DHCP clients that do not request updates ...
General tab:
So, form here, go and cleanse all workstation leases out of DHCP: Delete them!
In DNS management, remove the offending A records for the workstations.
When your users come in and start up their machines, they will ask for new IP addresses, and your DNS should be updated accordingly.
Right click on your mydomain.local forward zone and click properties. Click AGING button:
  Tick: Scavenge stale resource records
  Set your No-refresh and Refresh intervals to your lease duration in DHCP.
Give it a bit of time, and your DNS will be good to go.
Philip
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Philip Elder
ID: 19918045
Oops, missed the rest of the General Tab!
Tick all three and leave the default of 10 minutes for the refresh time.
Philip
0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19918113
Great and thorough advice Philip, thank you. I did notice DHCP was not enabled, there were no Host records in DNS for any PC's, all network devices used statically assigned IP's, and only a couple had "register this connections address in DNS" checked. I am sure this is all related.

I did start and configure several disabled services such as DHCP, but as mentioned, there were numerous issues and I would personally like to rebuild. Unfortunately it is out of my hands.

However, the main problem, which is more a theoretical issue, as no repair is actually going to happen, is not DNS records for the client machines but the basic zone "construction"; multiple and missing NS, SRV, SOA and other records. This is why I feel DNS would need a re-build as a minimum.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 19918327
An option .... www.sbsmigration.com ... if remotely possible.

Otherwise, that is a tough one, since SBS DNS is AD integrated.
From KB: How to reinstall a dynamic DNS Active Directory-integrated zone: http://support.microsoft.com/kb/294328
Man, I am totally surprised the server isn't choked!
Here is a thought:
Run the Change Server IP wizard -->Server Console-->Internet & Email-->Change Server IP Address.
Just on the off chance it resets AD, DNS, DHCP, and any dependent services which it is supposed to do. It would be better to migrate everyone to DHCP enabled, and set reservations for things like printers and the like.
Philip
0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19923524
Philip, I am somewhat familiar with the Swing Server tools, which are great, but it is such a small network (4 PC's) I would likely start clean. Probably faster, and guaranteed. I would be afraid of migrating problems.

MS article is very good. With no SBS specific options I would consider that. Thanks.

Doubtful Change Server IP wizard would change the domain related zone items, however SBS works in weird and wondrous ways <G>

>>"Man, I am totally surprised the server isn't choked!"
Me too, but I suspect it's because it is only used for file shares, not even printer sharing. Nothing else is used; no RWW, no Group Policy, no Exchange, etc. I am still surprised they can authenticate, though I am willing to bet they may be using cached credentials. Logon scripts through user profiles still work.

I have no idea what changed. I actually set up the server a couple of years ago and 1 workstation. I have never seen it since, and the logs were clean then. Too many event errors to go back and see when and why it might have changed. There was a power outage a month ago which is when they started having problems, but the errors go back months before that. Doubtful a power outage made the changes.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 19923620
Is there power protection on the box? UPS or filtering of some sort?
Philip
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19923700
Rob...

I only have a couple of minutes right now... but until I can come back for more... check out http:Q_21795090.html#16335530 

I'd suggest that you delete and recreate the DNS zones if they are that chewed up...   the basics are in KB294328 that Phillip linked above, but make sure that you follow the instructions regarding the delegation and creation of the _msdcs zone in the Q I linked above.

Once you've recreated them, then you can run the CEICW to make sure everything is configured right... and running the Change IP Address Wizard is always a good idea as well... do that before the CEICW.

Jeff
TechSoEAsy
0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19923778
Philip, regarding the UPS; I don't know. I didn't see the server. I know there was no UPS management software configured on the server. This fellow is adamant about using UPS's on servers and any critical PC, but he also was suggesting this problem was a result of the power outage, so perhaps not.

For the record, the fellow who manages it, is extremely qualified, however, as an ex Novel and Linux guy, his knowledge of Windows domains, AD, and especially SBS, is a little limited. I think the "leave it alone" attitude is fear of the unknown.

Jeff, thanks very much for your input. I too am on the way out for a while, but I will review that upon my return.

Thanks all, for all the feedback.
--Rob
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1600 total points
ID: 19925612
I should have checked to make sure that the KB article that Philip posted was the correct one... it's not.

The right one to follow for SBS 2003 is http://support.microsoft.com/kb/323380, but even that's not totally complete.

At any rate, since your question is basically hypothetical, I can tell you that I've reinstalled DNS on many SBS's and it isn't really that much of a problem as long as you clean up all of the old stuff before reinstalling and reconfiguring the new.  Since part of what makes an internal DNS server work is the way it's NIC(s) are configured, so after you uninstall the DNS Service, and before reinstalling, you want to make sure that those are set right... but even more important is to make sure that there aren't any left-over TCP/IP settings hanging about in the registry.

So, after uninstalling DNS make sure this keys are empty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server

Then, look at this key to make sure there are no orphaned NICs:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

Make note of the Unique ID for each of the installed NICs listed under that key, and then go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Right near the top of the list (just under the .NET entries) you'll find the UID's for each of the cards.  You can delete any that are no longer installed on the server (or if a card was reinstalled, sometimes it will leave behind a UID... just expand them and you can see what IP they were configured for -- but essentially if you have two NICs you'll want just two UID's listed).

Then, I always make sure that the DNS Zones are deleted from AD.  You have to enable the Advanced View of ADUC and you'll find the zones in MicrosoftDNS.  Delete them all.

Finally, you might want to just make a copy of C:\WINDOWS\system32\dns to stash somewhere "just in case".

Then, follow the KB article I mentioned above combined with the Q I linked above to make sure that you've created the _msdcs.domain.local zone as well as delegating the domain.local zone to _msdcs.

Run the CEICW and you're done.

:-)

Jeff
TechSoEasy



0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19925749
Thanks Jeff.
Interesting in your earlier link, the fellow suggested his problem started with a power outage. Still skeptical it could actually change the zone configuration.

Excellent addition information regarding the registry items to clear. There is a strong possibility the NIC configurations were "tinkered with" and I am wondering about the NIC being re-installed, and thus the possibility of "orphaned NIC's". I did discover some NIC changes such as speed and duplex when I was there, so I question the rest. However, again, though this could break DNS, I don't know where the random entries in the zone configurations came from.

Just for the heck of it, and for experience, I will give this a try on a virtual machine tomorrow. Good routine to have practiced. I'll report back. Thanks very much Jeff and MPECSInc.
--Rob
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19933192
I've often heard of power outages wiping out router settings, and occassionally Windows DNS for some reason.  I wonder if the  routines that run after an Incorrect Shutdown may cause that.

FYI, I probably should have referred you to this before... but I always forget that it's there.  I had posted the SBS Technical Reference Guide a while back and it includes all the detailed technical info you would need about this.  
https://filedb.experts-exchange.com/incoming/ee-stuff/83-SBS2003TechnicalReferenceTraining.pdf

Jeff
TechSoEasy
0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19975955
Thanks VERY much for your help guys. I was going to test this on a virtual machine, but haven't had time. I'm trying to clean things up before I go on vacation for 3 weeks so other issue have taken priority. I will be sure to test when I get back as it is a good procedure to have done a walk through. Rather than leave the question open, I'll close at this time.

Your last link Jeff looks the like the Gospel according to SBS. Great white paper.
Thanks all.
--Rob
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19976087
Yeah... it's more like the Dead Sea Scrolls of SBS... not an easy document to get ahold of.

Jeff
0
 
LVL 77

Author Comment

by:Rob Williams
ID: 19976102
Regardless, it is amazingly helpful with all sorts of issues. I appreciate you supplying the link.
Cheers !
--Rob
0
 
LVL 3

Expert Comment

by:Tingathewinga
ID: 21123452
Hi, this is a question for techsoeasy, in regard to....
"Then, I always make sure that the DNS Zones are deleted from AD.  You have to enable the Advanced View of ADUC and you'll find the zones in MicrosoftDNS.  Delete them all."
When we do this is gives a big warning about marking selected exchange mailboxes for deletion, and all you can do is hit ok or cancel, what mailboxes is it wanting to delete and is this normal?

Thank you!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question