Solved

DNS server updates and removes 2nd Host record of itself (it's Hamachi, software VPN, IP address)

Posted on 2008-06-23
14
1,711 Views
Last Modified: 2008-07-04
I have a domain that has an SBS 2003 server as the PDC, we'll call this server "Server A" at "Site A". DNS server is running on Server A, as well as DHCP. Server A is also the Exchange server for the domain. The local area connection on Server A has a static IP and the only DNS server for the connection is itself. Everything DNS related for the workstations at Site A is working fine.

There is a 2003 Standard server, "Server B" on the domain at another location "Site B" hundreds of miles away from Site A. I was able to use Hamachi (software VPN connection) to connect the two sites. After many many hours of struggling, I was able to run dcpromo on Server B with it at Site B in order to make it an additional domain controller on the domain. In order to do so I had to manually create and populate the _msdcs.domain.local forward lookup zone in the DNS server on Server B. Before doing so the dcpromo wizard would fail because it could not find the Domain controller.

So I got that fixed up and got Server B promoted to domain controller. Active Directory and DNS both replicated to Server B successfully. I was then able to join the 2 workstations at Site B to the domain. Both of those workstations are also running Hamachi and are joined to the same Hamachi network as the domain controllers. One of the workstation's Outlook client keeps losing its connection to the Exchange server (Server A at Site A). When it does, I check the DNS server (on either server) and the Hamachi IP address of Server A (the Exchange server) is missing from the Forward Lookup Zone. I can manually add the Host Record of the Hamachi IP address of Server A and then the workstation is once again able to connect to the Exchange server.

Everything would be fine if the DNS server would quit removing the Host Record for Server A conatining the Hamachi IP address. It seems that it is now removing that record every 15 minutes or so. This is causing a lot of email downtime and a lot of frustration (for the user and myself).

Addditional info... When running properly the DNS server should have 2 Host Record for Server A, it's local IP and it's Hamachi IP. Server B has two Host Records, its local IP and its Hamachi IP and neither record has ever disappeared. All necessary Reverse Lookup Zones are created and PTRs are created. I've opened the LDAP port in the firewall at Site A. DNS event viewer shows the following 2 events just before the Host Record goes missing:

Event ID 4521

The DNS server encountered error 32 attempting to load zone 255.162.5.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Event ID 6702

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
0
Comment
Question by:rnapro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
14 Comments
 

Author Comment

by:rnapro
ID: 21849899
Any takers?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21852261
Afraid it is not a solution but just an opinion; as wonderful a product as Hamachi is, I do not feel it is an enterprise solution. Have you considered site to site hardware VPN devices? A pair of Linksys RV042's work extremely well for $200 each, but you can get Linksys BEFV41's, or Netgear FVS318's for under $150 each.
Among other issues, Hamachi uses dynamic addressing which can play havoc with DNS and unless you have a paid version it does not run as a service.

I apologize up front, I appreciate this is not the information you are looking for.
0
 

Author Comment

by:rnapro
ID: 21854172
Thank you for the comment. We are using the paid version on both sides. We went with the software solution instead of hardware since we have had good experience with Himachi. We will have to keep the hardware you suggested in mind if no one is able to solve this issue.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:rnapro
ID: 21854933
As he said, we are usign the paid service. I've never seen a Hamachi address change when running on the same user profile. I appreciate your suggestion. My thoughts though, is that it is not a complcation of using Hamachi. With the problem being that DNS removes the Hamachi IP address, I'm not sure that if I wasn't using Hamachi, there would be a different result. And for whatever reason the Hamachi address of Server B never gets removed.

Is anyone aware of a way to make a Host record never get deleted? It seems like such a small issue causing such a big problem. When the Host Record is there, everything works like a charm.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21860926
>>"Is anyone aware of a way to make a Host record never get deleted?"
You could resort to using the Hosts file (for DNS names) or the LMHosts file (for NetBIOS names).
http://msmvps.com/blogs/robwill/archive/2008/05/10/lmhosts-and-hosts-files.aspx
0
 

Author Comment

by:rnapro
ID: 21861010
Already tried that and it didn't help.
0
 

Author Comment

by:rnapro
ID: 21861026
When the Hamachi address is missing from DNS, regardless of if I use lmhosts file or not... the computer resolves Server A to it's local IP address (local to Site A), which of course doesn't get it anywhere.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21867587
Does your version of Hamachi create a virtual adapter in network connections? If so the only other thought I would have is to verify that "register this connection's address in DNS" is checked under the advanced DNS tab of the virtual adapter.

The interesting part is if you had a site to site VPN connection there is no DNS entry relating to the VPN, just the remote site's LAN IP and routing knows the path to get there. I assume the remote site and subnet are set up in AD sites and services?
0
 

Author Comment

by:rnapro
ID: 21880975
I tried checking "register this connection's address in DNS". It did not register. I did a command prompt ipconfig /registerdns, it did not register. I am not familiar with using AD sites and services to achieve what I need. Could you elaborate?
0
 

Accepted Solution

by:
rnapro earned 0 total points
ID: 21881031
I finally figured out how to get the Host Record to stay. Instead of just creating a new Host Record in the forward lookup zone... I went tot he properties of the forward lookup zone, then to the Name Servers tab, selected Server A, clicked edit and added the Hamachi address. It automatically creates the Host Record and it appears to stay indefinitely.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21881040
Sounds good.

As for sites and services it is important to set up the different sites, subnets, and link to be used so that replication between the DC's works properly. Jay_Jay70 has written an excellent "down to earth" article about the basic functionality of AD sites & services, which may be of help:
http://www.block.net.au/help/AD-Sites/
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Mapping to two different IP for ISP Redundancy 2 26
Office 365 Public IP configuration on DNS ? 7 70
VPN Ports 8 57
Doing AD cleanup with Powershell 9 57
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question