We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

How can i fix my DNS?

epipkin
epipkin asked
on
Medium Priority
726 Views
Last Modified: 2012-06-21
I have a 2003 Server with Echnge 07 and AD & DNS. I have implemented and the first few workstation joining the domain did ok. Slower than expected, but ok. Now all workstations will join the domain, however, it takes a very very long time to join. All network shares work great it just seems i have a horrible DNS problem and cannot seem to find the source of the problem.
Comment
Watch Question

First thing to check is where the workstations are looking for their DNS:

Do an IPCONFIG /all and see what the PCs are pointing to for their DNS, I suspect you may have them going out to Internet servers first.

Author

Commented:
I have completely redone my DHCP and it is handing out the DNS as the server itself as it should be. I cannot seem to get the DNS to function correctly. Any suggestions? Thanks in advance for your help.
From command prompt on a PC:

NSLOOKUP <return>

make sure that the server name / IP it comes back with are those of your internal DNS

now type servername.domain.name (whatever they may be) and hit return

make sure this comes back with the correct result

Author

Commented:
i have run nslookup and it seems to return ok. i now have a new very strange situation. my dhcp range is attached. when a 10.18.15.x address is sent out it, it is sent with my ISP dns and our internet works fine. however, if a machine pulls another address and uses our DNS, we have huge issues and i cannot seem to figure out why my part of my dhcp is acting differently than other parts.... i am really confused...
dhcp.jpg
dns.jpg
dhcp.jpg
nslookup.jpg
Your DHCP server should give clients ONLY DNS on your domain

The DNS server itself should then have a forwarder defined on it to point at your ISP

Your DHCP errors look like you have some statics that it is clashing with. Set all PCs to DHCP, release and renew and see if you can calm DHCP down

Author

Commented:
We have them set to DHCP and have performed the release and renew and we are still having DNS problems. When joining machines to the domain, it takes an extremely long time to join. Everything i've seen points to a DNS problem. But everything i've checked seems ok. But there is obviously a problem somewhere. The performance is not there.
you said in the previous post that DHCP was giving out ISP DNS to make the internet work - this will crucify local access

post a result of IPCONFIG /all from an affected PC please
You should configure conflict attempts value for you DHCP to "2" to avoid DHCP confilcts. Restart the netlogon service to ensure SRV-records are ok. Ensure Internet connectivity on the server. Check the scope options and the DNS server options..

Author

Commented:
We have removed the DHCP role, re added it, tried to edit the scope and everytime it hands out an address, it is handing out 10.18.15.x and the ISP DNS instead of itself as a DNS. Also, any other IP that a workstation has the DNS as the server, there is no internet. The forwarders look ok. We have succesfully stumped multiple people with this one. Why is it even handing out IP address that are in the middle of the scope instead of starting at the beginning?
joining.bmp
dhcp.bmp
Install the support tools from the server CD. Then run "netdiag /fix" and "dcdiag /fix".
If any domain relevant entries are missing in the DNS, these tools will automatically add them. Perhaps this solves your problem.
I forgot: you need to run this on the server.
You can see from the IPCONFIG result that the DHCP server it gets settings from is 10.18.254.1 and the DNS servers are internet servers. Thi sis not the IP address of your DHCP server on your Windows box (from previous screenshot)

As 10.18.254.1 is also your default gatewayI'm willing to bet this is your router and thus the cause of your problems

Turn off the DHCP server on the router and you should be able to troubleshoot as per all of the above posts

Author

Commented:
C:\Program Files\Support Tools>netdiag /fix

..................................

    Computer Name: ITTLMC1
    DNS Host Name: ittlmc1.trilakesmc.com
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : EM64T Family 6 Model 15 Stepping 11, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB926139-v2
        KB927891
        KB929123
        KB930178
        KB932168
        KB933729
        KB935839
        KB935840
        KB936357
        KB936782
        KB938127
        KB938464
        KB941569
        KB943055
        KB943460
        KB943485
        KB943545
        KB944338-v2
        KB944653
        KB945553
        KB946026
        KB948496
        KB950762
        KB950974
        KB951066
        KB951698
        KB951748
        KB952069
        KB952954
        KB954211
        KB954550-v7
        KB954600
        KB955069
        KB955839
        KB956391
        KB956802
        KB956803
        KB956841
        KB957097
        KB958215
        KB958644
        KB958687
        KB960714
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Intel(R) PRO/1000 PF Server Adapter' may not be work
ing.



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Failed
        NetCard Status:          DISCONNECTED
            Some tests will be skipped on this interface.

        Host Name. . . . . . . . . : ittlmc1
        Autoconfiguration IP Address : 169.254.183.71
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :


    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : ittlmc1
        IP Address . . . . . . . . : 10.18.18.3
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . : 10.18.254.1
        Dns Servers. . . . . . . . : 10.18.18.3


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{CE4703CD-4E08-4AA2-8678-3786D51F2CFC}
        NetBT_Tcpip_{FBB51E18-CAE3-4642-A756-A84EFDF37302}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'ittlmc1.trilakesmc.com.'. [ERROR_TIMEOUT]
            The name 'ittlmc1.trilakesmc.com.' may not be registered in DNS.
    PASS - All the DNS entries for DC are registered on DNS server '10.18.18.3'
and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{CE4703CD-4E08-4AA2-8678-3786D51F2CFC}
        NetBT_Tcpip_{FBB51E18-CAE3-4642-A756-A84EFDF37302}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{FBB51E18-CAE3-4642-A756-A84EFDF37302}
        NetBT_Tcpip_{CE4703CD-4E08-4AA2-8678-3786D51F2CFC}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Program Files\Support Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ITTLMC1
      Starting test: Connectivity
         ......................... ITTLMC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ITTLMC1
      Starting test: Replications
         ......................... ITTLMC1 passed test Replications
      Starting test: NCSecDesc
         ......................... ITTLMC1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... ITTLMC1 passed test NetLogons
      Starting test: Advertising
         ......................... ITTLMC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ITTLMC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ITTLMC1 passed test RidManager
      Starting test: MachineAccount
         ......................... ITTLMC1 passed test MachineAccount
      Starting test: Services
         ......................... ITTLMC1 passed test Services
      Starting test: ObjectsReplicated
         ......................... ITTLMC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ITTLMC1 passed test frssysvol
      Starting test: frsevent
         ......................... ITTLMC1 passed test frsevent
      Starting test: kccevent
         ......................... ITTLMC1 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000416
            Time Generated: 02/13/2009   04:24:22
            Event String: The DHCP/BINL service on the local machine,
         An Error Event occured.  EventID: 0x00000416
            Time Generated: 02/13/2009   04:25:07
            Event String: The DHCP/BINL service on the local machine,
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   04:46:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   04:46:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   04:46:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   04:46:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   05:03:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   05:03:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   05:03:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2009   05:07:36
            (Event String could not be retrieved)
         ......................... ITTLMC1 failed test systemlog
      Starting test: VerifyReferences
         ......................... ITTLMC1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : trilakesmc
      Starting test: CrossRefValidation
         ......................... trilakesmc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... trilakesmc passed test CheckSDRefDom

   Running enterprise tests on : trilakesmc.com
      Starting test: Intersite
         ......................... trilakesmc.com passed test Intersite
      Starting test: FsmoCheck
         ......................... trilakesmc.com passed test FsmoCheck

C:\Program Files\Support Tools>

Author

Commented:
um............................  wow.... anything in there i need to address?? lol    i'm new to server and domains... be gentle.....
Definitely your router giving out DHCP is screwing you up!

Commented:
Dude, just look at the results of ipconfig.

Your DHCP server is also your default gateway !!

It's a networking issue.

The BAD ADDRESSes in DHCP indicate that there is another DHCP server on your network.  Turn off DHCP on your firewall or router.
Definitely DHCP problem - I know that's the 3rd time I have said it but cant stress it enough

Author

Commented:
we found the router issuing IP addresses and resolved that issue. however, when we do get addresses now from the server, we have no internet - server does - but clients do not.... help....
make sure the clients get the router as their default gateway, server as their DNS and make sure the server has a DNS forwarder to an Internet DNS server (or two)
Commented:
In your DHCP options, make sure the default gateway (or Router, in Microsoft DHCP) is set to the same as your server's default gateway.

Make sure in your router/firewall, that the PCs have a route to that default gateway.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
that has been verified... they are pulling the correct info but still no internet and the workstations are still taking forever joining domain....
can you ping internet addresses from the workstaions by IP address and/or by name?

If by IP but not by name then you have DNS problems still

If by name resolves but cant get a reply then you have connectivity issue (likely dont have a route to Internet)

Author

Commented:
The server turned out to be running great. Our router didn't have the route built in. THANK YOU!!!
Somewhat disgruntled that, having worked all through this problem have been allocated no points when I had pointed out the same thing as the accepted solution in a previous post

Commented:
Randy,

I understand your frustration. It's happened to me too.  FWIW, I do recognise that your questions and the answers the poster provided were a big part of the solution to this problem.
Just blowing off steam really - ultimately I'm happy that they got a solution
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.