Link to home
Start Free TrialLog in
Avatar of prutter
prutter

asked on

DNS Assistance

Seems like i have a DNS issue and i can't figure what direction to go in.   It ssms like teh DNS server (Primary) operated just fine for 4 or 5 days then i start to get errors at some point and the log fills up.  When that happens, all my users experience extremely log login times (4 minutes plus).  The errors that arise in the logs are 4011 and 4015.  This server is a DC and also holds the FSMO roles (not sure if this is a bad thing or not).  I also have a secondary DNS server installed but not really sure what good it's doing me.  Should i move DNS to a differnt server?  Does it have to be a DC?  Or should i try something else?  Any help is appreciated.  Thanks!
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

From the sounds of it you don't have a very big network?

How is system performance when it starts falling apart? Particularly memory and CPU usage.

Could you run DCDiag and NetDiag against the DC? See if it's upset about anything. Are the other event logs clear?

Chris
Avatar of prutter
prutter

ASKER

That's the odd thing about it.  When i run DCdiag and NetDIAG they all look fine even when the issue is occurring.  I can't really tell you what the resources are loike when this happens but the server appears to run just fine otherwise.  You are correct about the size of the network.  About 110 users.  All the docs i've looked at talk about the server being a GC server.  At this point i only have two DC's but i am willing to add a third if it makes sense to do this.  I forgot to mention that this server also handles DHCP requests also.  DC, DNS, DHCP, and GC are all this server does.  Your thoughts?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Two should be plenty. All the services mentioned should be really lightweight.

Is the other DC also a Global Catalog? And does it also have DNS running?

Chris
Avatar of prutter
prutter

ASKER

The other server is a GC adn it is NOT a DNS server
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Your zones are AD Integrated?

I'd install the DNS service on there as well (don't add a zone, they'll appear as soon as replication kicks in). Do you have any other DNS servers listed in TCP/IP configuration at the moment?

Chris
Avatar of prutter
prutter

ASKER

I have a new server configured if i should move it.  Would you recommend that?   If so are there preferred steps to follow to move this?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Move it? I just meant as an additional DNS service, I like having more than one available :)

Chris
Avatar of prutter
prutter

ASKER

i have more than one available now but still have this issue.  There are no error on the other server though.  The secondary DNS server is not a DC or a GC server.  Can i just make that the Primary?  
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

So it's has a Secondary copy of the zone for AD?

You could make that the Primary, but you could also just remove the AD Integrated flag, has the same effect. Seems a bit unnecessary though, you shouldn't be having these problems, changing it to standard Primary just tucks them under the carpet (in my opinion of course).

Chris
Avatar of prutter
prutter

ASKER

Does teh seconday server need to be added to the Forwarders tab?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

No. That would make the DNS services dependant on each other, not really desirable, especially not if you need to reboot one of them.

Chris
Avatar of prutter
prutter

ASKER

Are there going to be network issues if i switch the zones now or should i do it after hours?  
Avatar of prutter
prutter

ASKER

What are you referring to when you say remove the AD itegration tag?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

I still don't think switching the zones is the right direction to go.

But anyway, no, there won't be any interruption unless you take the DNS service off-line entirely (unticking store in AD won't do that).

You might still grab a backup of the zone first... just in case and all that... This should do:

DNSCMD /ZoneExport name.com name.com.backup

Chris
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

If you open up the properties for the zone on the current server, then select Change next to Type, there's a tick box for store in AD here. The tick can be removed which changes the zone to standard primary.

Note that you lose secure dynamic updates, Aging / Scavenging, and multi-master DNS (if you were hosting it on multiple DCs).

Chris
Avatar of prutter
prutter

ASKER

What do you think hte proper direction should be for my issue?  Can this be related to the fact that this is a DC and a GC?  If so then changing the secondary to the Primary sould satisfy that.  I am not the DNS expert.  I just can't find any other docs that point a differnt direction.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of prutter
prutter

ASKER

I looked in the other event logs and there is/was a replication issue between both DC's.  I guess i will look in this direction to resolve the issue.