AD/DNS Issues with server

I have a server in our Maryland regional office that is having issues. It's slow to logon and services that point to it such as network scanning are extremely slow. I did a set L and it is pointing to our Corporate office server in Virginia to log onto. This server is a domain controller and should log onto itself. The DNS is set up to look to the locally first so I don't know where else to look. I think the server should look locally to logon since it's a DC, DNS, and DHCP server. Any help is appreciated.
mhmservicesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrej PirmanCommented:
Maybe you have public DNS entered under properties of TCP/IP protocol on your NIC adapter? This would slow it down dramatically!
Enter it's own IP there, and make sure that local DNS uses proper forwarders.
0
mhmservicesAuthor Commented:
I checked the dns settings under the NIC and sure enough the nic was pointed to VA and not local. This has been changed. I;'m not quite sure what you mean about dns forwarders. Can you elaborate?
0
ryansotoCommented:
Here is how to configure forwarders
http://support.microsoft.com/kb/323380
Basically forwarders do this -
Your clients look to the dns server for name resolution your dns server should talk to another dns server for lookups this second dns server best set to your ISP DNS.  This is called forwarders.

Now what I would also set up to solve one of the issues you stated -
Client should be authenticating against the local domain controller not the home office DC.
To do this you need to set up active directory sites and services.
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm

Look down for ADSS
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

mhmservicesAuthor Commented:
I'm looking through the file replication events and i found this below. I've also noticed that the c:\windows\sysvol directory doesn't exist. Shouldn't a DC have this directory? One more thing, I can perform an nslookup of our main DC using the host name but not the IP address.


The File Replication Service is having trouble enabling replication from MHMDC1 to MDDC1 for c:\windows\sysvol\domain using the DNS name mhmdc1.mhmnet.mhm-services.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name mhmdc1.mhmnet.mhm-services.local from this computer.
 [2] FRS is not running on mhmdc1.mhmnet.mhm-services.local.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
0
ryansotoCommented:
1.  To rebuild the sysvol directory on the server having the issues
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B315457

2.  For nslookup to work you need to have a reverse lookup zone in DNS.  Do you have this created?
If so then there is no harm deleting it and rebuilding it.
Once done then from your workstation run an ipconfig /registerdns

Then try an nslookup for that workstation - it should work fine
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mhmservicesAuthor Commented:
1. Does this really need to be done? I have 15 DC's across many states and to turn off frs on all will be a pain. Also, I notice that there is a note that once frs is off they will stop authenticating does this mean I won't be able to rdp? If so, that's a big problem. Would running dcpromo on the server be any help?


2. Looks like no reverse lookup zone is configured as when i click on it it gives me the "add new zone" message.
0
ryansotoCommented:
Its a last resort -

You can always dcpromo the machine and then repromote it and see if it will come back online
0
mhmservicesAuthor Commented:
Ok, so it's a last resort. I'll keep that in mind. If I need to perform that function will I be able to rdp my remote domain controllers after frs turned off? The article mentions that authentication will not start until frs is turned back on.
0
mhmservicesAuthor Commented:
Also, since there is no reverse lookup zone how do I go about making one?
0
ryansotoCommented:
Right click a server in the dns console and click new zone.  CHoose primary and ad integrated then choose reverse lookup zone.
The rest should be self explanitory - let me know if not
0
mhmservicesAuthor Commented:
ok, got the reverse lookup zone created. How do I populate it with ptr records that match the host A records from the forward lookup zone?
0
ryansotoCommented:
easy....either wait and it will happen automatically (via dhcp dns registrations) or if you want proof of concept from your workstation go to a command prompt and run an ipconfig /release then ipconfig /renew
Your dns record should then populate in the reverse lookup zone
0
mhmservicesAuthor Commented:
So that's why I still can't resolve the servers ip using nslookup? I just need to be patient?
0
ryansotoCommented:
from the server you will need to eiter manually create the records or run an ipconfig /registerdns

This should create the record in the reverse lookup zone
0
mhmservicesAuthor Commented:
Let me ask you this. When I run set l at a cmd prompt it still says mhmdc1 which is our corporate server. It this good or bad? Should it log into itself or through an upstream?
0
ryansotoCommented:
Dunno I dont run that command to set options.....
0
mhmservicesAuthor Commented:
How do you set options?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.