• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 274
  • Last Modified:

Windows 2003 DNS / WINS

I'm not going to go incredibly in depth yet unless you need me to. But anyway, I have a shop with 3 domain controllers. The primary has DNS, AD, and WINS. The two secondaries have just DNS and AD. Yesterday I pushed out a GPO setting that replaced one of the secondary servers with the new primary server. I changed the setting: Computer Config/Policies/Admin Templates/Network/DNSClient/DNSservers.

When I did this, some clients could not resolve network names using DNS only WINS. They all have the correct network settings local on the machine, but I'm assuming the GPO is overriding them. Once I changed the GPO back, everyone was OK.

My question is, how can I tell or set my domain to primary use DNS? I know I shouldn't need WINS, but we have it and that can't change right now unfortunately. Thank you for your help here.
0
Tim_Jr
Asked:
Tim_Jr
  • 16
  • 16
5 Solutions
 
bcrosby007Commented:
Are you using DHCP? If so, you would set your DNS servers in the Scope Options.
0
 
Tim_JrAuthor Commented:
DHCP is split between the primary and one of the secondary servers. I do set the options through DHCP, but again, the GPO must override them. I put all 3 name servers in the 006 DNS Servers options in the DHCP server options.
0
 
bcrosby007Commented:
Can you disable that GP entry? I did some looking and have not found a way to disable WINS in GP.
And yes, GP takes precedence over DHCP....
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Tim_JrAuthor Commented:
Well, unfortunately I'm not the senior guy here so I'd have to check if we can change it. I don't like changing network settings in the GPO, it doesn't sit well with me. But my boss says since it would require changing almost 3,000 computers, we're better off changing it through GPO. But again, how can I tell or set my domain to primarily use DNS? Is it possible?
0
 
bcrosby007Commented:
It really doesnt have anything to do with the domain. The order of a name resolutions is as follows...
Own Name - Local Hosts file - Cache - DNS - NetBIOS(WINS)

There is no explicit entry in GP for Wins... You can disable using a netsh command in a script.
http://technet.microsoft.com/en-us/library/bb490946.aspx 
0
 
Tim_JrAuthor Commented:
I get the order of resolution and all, but with WINS disabled, DNS should take over. Actually DNS should be the primary resolution over WINS, but it's not happening that way.
0
 
bcrosby007Commented:
Try the netsh command.
0
 
Tim_JrAuthor Commented:
What should I try to do with it?
0
 
bcrosby007Commented:
netsh interface ip set wins "Local Area Connection" dhcp

That will have your Wins look to DHCP.
0
 
Tim_JrAuthor Commented:
I know there is no explicit entry in GP for WINS, but the entry I altered in Computer Config/Policies/Admin Templates/Network/DNSClient/DNSservers affected resolution, even though it doesn't refer to WINS.

This is what happned with the GPO. Originally it had the addresses of both secondary servers. .21 and .40.  Each have DNS on them, nothing else. The new DC was built a few months ago. My boss changed the GPO keeping the one secondary server .21 and adding the new primary .97 which has DNS and WINS. The result was many people could not resolve server names for file shares and printers and some of our apps. When I did pings, it was resolving through WINS only, not DNS.
0
 
Tim_JrAuthor Commented:
Ok, but wouldn't GPO override the local network settings anyway?
0
 
bcrosby007Commented:
How are these users getting their WINS info? I assumed that they were manually put in or through dhcp. If there is no Wins entry in the GPO, how will it overwrite?

Also - is your DNS Active Directory integrated?
0
 
Tim_JrAuthor Commented:
It's confusing I know. You're right there is no WINS settings in the GPO, but somehow it's affecting users name resolution.

All users should be getting their settings from DHCP or statically. Most are DHCP except for machines in our lab, that's irrelavent.

Is my DNS Active Direcotry integrated? I wish I could tell you. How could I find out?
0
 
bcrosby007Commented:
Go to your DNS server snap in. Click on the Server, then on Forward lookup zones. Check the Type in the right window pane and see if it is AD Integrated.
0
 
Tim_JrAuthor Commented:
Two settings

_msdcs.mydomain.com active directory-integrated primary

mydomain.com active directory-integrated primary
0
 
bcrosby007Commented:
Is it the same on all 3 DNS servers? Because they should be sharing all records. And the only way switching DNS servers will mess up your lookups is if the server doesnt have a record.
0
 
Tim_JrAuthor Commented:
Yup each server has the same information regarding the AD integration.
0
 
bcrosby007Commented:
Was there any link between the users that couldnt do DNS lookups? Operating System?
0
 
Tim_JrAuthor Commented:
Well my machine for example is Vista and I had no problems, but I'm on a different network segment. Office users are on 172.16.1.x and I.T. is on 172.16.2.x. Only office users seemed to have issues, I.T. segment did not.
Which brings me back to my DHCP settings, but they're literally mirrored. Although, my DHCP server is the new DC, 172.16.1.97 and office users DHCP is another server 172.16.1.21. The GPO change yesterday didn't affect me, but who knows, maybe I didn't get the change in time. I know the exact registry key that was affected by the GPO.
HKLM/software/Policies/Microsoft/Windows NT/DNSClient.
0
 
bcrosby007Commented:
Are you both in the same OU with the same GPO?
0
 
Tim_JrAuthor Commented:
Yup. In a corp. laptop OU with a laptop GPO.
0
 
bcrosby007Commented:
So the same policy should apply to everyone. So the only difference is the DHCP servers?
0
 
Tim_JrAuthor Commented:
Correct. What about my DNS and WINS server integration? Currently my DNS does not forward lookup to the WINS server. Is that a good place to start?
Also the node type of the WINS server is 8.
0
 
bcrosby007Commented:
I never enable wins forward lookup. What happens if you disable the Wins service on the Wins server?
0
 
Tim_JrAuthor Commented:
That I have not tried.
0
 
bcrosby007Commented:
Give that a whirl. You shouldnt need Wins anyway unless you have windows 98 computers.
0
 
Tim_JrAuthor Commented:
We're going to test it in our lab. I'll let you know. Thanks.
0
 
Tim_JrAuthor Commented:
I turned off WINS today. I noticed from my one secondary domain controller that when I did a ping (to my laptop) it resolved through WINS. When I turned it off, DNS began to resolve. I had it off for aoubt 10 minutes and tested various computers that had problems the other day and everything seemed ok.
My boss mentioned to me that WINS is required to populate clients 'Network Neighborhood', is this true? I think that's one reason he wants to keep WINS on.
0
 
bcrosby007Commented:
We dont use WINS and we can browse the network.
0
 
Tim_JrAuthor Commented:
For the brief amount of time i had it off this morning browsing didn't work. But maybe it didn't have time to populate.
0
 
bcrosby007Commented:
Yeah Wins is used to populate Net Neighborhood. Otherwise, your computer browser service sends broadcasts around trying to find the computers.
0
 
bcrosby007Commented:
Maybe you need to look at your Wins settings?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 16
  • 16
Tackle projects and never again get stuck behind a technical roadblock.
Join Now