• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

DNS issues?

Our primary domain controller which has the FSMO roles on it, stops authenticating users periodically. The server appears to be working ok and all of sudden, we will get calls that users are unable to log into different programs, also, once this happens, we are unable to quickly nav to \\servername\netlogon. It will take several minutes for it to come up. Once we reboot the server everything is fine for about 4 hours...give or take an hour.
Have you seen anything like this or have any suggestions as to where to check? We have ran dcdiag on the server an everything looks fine.
One thing is have seen is consistent Event errors 4010
he DNS server was unable to create a resource record for x.x.xx.in-addr.arpa. in zone 10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

and  4016
The DNS server timed out attempting an Active Directory service operation on DC=_ldap._tcp.d7f56b51-2178-4c18-b7cf-ca0d9e677278.domains,DC=_msdcs.xxxx.ad,cn=MicrosoftDNS,DC=ForestDnsZones,DC=xxxx,DC=ad. Check Active Directory to see that it is functioning properly. The event data contains the error.
The DNS server timed out attempting an Active Directory service operation on DC=x,DC=x.x.x.in-addr.arpa,cn=MicrosoftDNS,cn=System,DC=xxxxDC=ad. Check Active Directory to see that it is functioning properly. The event data contains the error. Also, Our firewall logs show that our DNS servers are making constant requests out to the internet to the Auth servers.

Penny for your thoughts...
1 Solution
Boy, thats a tough spot to be in. It sounds like your firewall or something to that effect is not allowing your users to connect. I don't know how the DNS would be effected in this situation. My solution would be for you to verify everything is in working order and then opening up some firewall ports... This may be it! if not, we can talk about oh things that could be it.

I wish you the best, sorry mate...

Have you tried running a netdiag and dcdiag to gather more information?
How many domain controllers do you have? Check the DNS settings in your network settings on each server. Make sure they are pointing to the correct internal DNS server. Look at your DNS name servers and forwarders tabs. Make sure everything is correct.
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

you have an issue with your dns
seems there are some station or server using the worng preferred DNS1, DNS2

if i were you

1- check all pcs and server network property and ensure all having the correct dns

2- from each workstation use
c:\nslookup domain.com
to ensure that it seeing your correct server

3- open your dns and delete the old record -not existing any more- it might be curropted

4- if you didnt be able to solve the problem
immediatelly prepare a new server, install all windows update and latest service pack
join it to the domain
run dcpromo
then move the 5  FSMO rules to it
and try

5- be sure that you backed up your previous DC server system state + full drive C

Check your MSDCS file folders under DNS forward lookup zones and see if any are greyed out.
post the log of netdiag
marques_salazarAuthor Commented:
One of our domain admins was logged into another server with an old password.
Believe it or not, when he logged off said server, the issue disappeared.
marques_salazarAuthor Commented:
Thanks for trying to help.

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now