DNS issues?

Our primary domain controller which has the FSMO roles on it, stops authenticating users periodically. The server appears to be working ok and all of sudden, we will get calls that users are unable to log into different programs, also, once this happens, we are unable to quickly nav to \\servername\netlogon. It will take several minutes for it to come up. Once we reboot the server everything is fine for about 4 hours...give or take an hour.
 
Have you seen anything like this or have any suggestions as to where to check? We have ran dcdiag on the server an everything looks fine.
 
One thing is have seen is consistent Event errors 4010
he DNS server was unable to create a resource record for x.x.xx.in-addr.arpa. in zone 10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

and  4016
The DNS server timed out attempting an Active Directory service operation on DC=_ldap._tcp.d7f56b51-2178-4c18-b7cf-ca0d9e677278.domains,DC=_msdcs.xxxx.ad,cn=MicrosoftDNS,DC=ForestDnsZones,DC=xxxx,DC=ad. Check Active Directory to see that it is functioning properly. The event data contains the error.
and
The DNS server timed out attempting an Active Directory service operation on DC=x,DC=x.x.x.in-addr.arpa,cn=MicrosoftDNS,cn=System,DC=xxxxDC=ad. Check Active Directory to see that it is functioning properly. The event data contains the error. Also, Our firewall logs show that our DNS servers are making constant requests out to the internet to the Auth servers.

Penny for your thoughts...
LVL 5
marques_salazarAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

proadminCommented:
Boy, thats a tough spot to be in. It sounds like your firewall or something to that effect is not allowing your users to connect. I don't know how the DNS would be effected in this situation. My solution would be for you to verify everything is in working order and then opening up some firewall ports... This may be it! if not, we can talk about oh things that could be it.

I wish you the best, sorry mate...
0
g000seCommented:
Hi,

Have you tried running a netdiag and dcdiag to gather more information?
0
murgroupCommented:
How many domain controllers do you have? Check the DNS settings in your network settings on each server. Make sure they are pointing to the correct internal DNS server. Look at your DNS name servers and forwarders tabs. Make sure everything is correct.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

thabashCommented:
you have an issue with your dns
seems there are some station or server using the worng preferred DNS1, DNS2

if i were you

1- check all pcs and server network property and ensure all having the correct dns

2- from each workstation use
c:\nslookup domain.com
to ensure that it seeing your correct server

3- open your dns and delete the old record -not existing any more- it might be curropted

4- if you didnt be able to solve the problem
immediatelly prepare a new server, install all windows update and latest service pack
join it to the domain
run dcpromo
then move the 5  FSMO rules to it
and try

5- be sure that you backed up your previous DC server system state + full drive C

0
ChiefITCommented:
Check your MSDCS file folders under DNS forward lookup zones and see if any are greyed out.
0
thabashCommented:
post the log of netdiag
0
marques_salazarAuthor Commented:
One of our domain admins was logged into another server with an old password.
Believe it or not, when he logged off said server, the issue disappeared.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
marques_salazarAuthor Commented:
Thanks for trying to help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.