[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


DC Stopped Working No DNS and No AD Changes

Posted on 2009-04-16
Medium Priority
Last Modified: 2012-05-06

we have 4 DCs. the one that contains all the FSMO roles has stopped working properly.

it no longer works as a DNS and when i add a machine to the domain it no longer shows in the computers OU.

if i do an nslookup on the troubled DC that is having trouble it will provide a correct response from itself. however, if i do an nslookup on a workstation, it will return "DNS request timed out" and then resolve to the secondary DC which will return the correct response.

if i attempt to add a machine to the domain using the troubled DC it will prompt me for authentication and then respond with "the network path was not found". but, if i point the workstation to another DC it add the macine to AD and that will be propagated to the other 2 DCs, but not to the troubled DC.

i can ping the troubled DC just fine.

any thoughts?

Question by:ysdadmin
  • 2
LVL 13

Expert Comment

ID: 24164587
Have you added to ISP's DNS address into DC's DNS setting ?

Your clients need to have the DC as default DNS. Your DC should have your ISP's DNS-servers configured as forwarders.
LVL 39

Expert Comment

ID: 24164879
Sounds like a firewall block, or the wrong preferred DNS server on the DC itself (as rhinoceros was saying).

Author Comment

ID: 24175976
thanks for the ideas.

but, turns out it was an update to the antivirus software that killed it. once i removed the AV the DC came back online. the weird thing is that the other 3 DC had no problem with the AV update.

must be something about this DC having all the FSMOs and ? that doesn't do well with AV?

LVL 13

Accepted Solution

rhinoceros earned 1500 total points
ID: 24181653
I think the problem is not come from AV....

Have you tried to check your DNS setting from Master DC (FMSOs holder)  ?

It is likely the following setting?
Master DC
DNS1: 20x.xxx.xxx.xxx
DNS2: 20x.xxx.xxx.xxx

Secondary DC

If true, so why you get the result...
"it will return "DNS request timed out" and then resolve to the secondary DC which will return the correct response."
Because only secondary DC is pointed to correct INTERNAL DNS for resolve workstation. You should change ISP DNS setting as forwarders, not preferred DNS server.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question