Solved

Domain Controller Causing Delays on Network?

Posted on 2010-11-15
14
500 Views
Last Modified: 2012-05-10
I am running MS Windows Server 2003 as a domain controller, and it also acts as my DNS and DHCP server.  STarting last week several users have noticed delays on the network in the form of Outlook losing conenction to Excahnge and reconnecting in 10 - 20 seconds, slow network printing, telnet sesions to the AS400 disconnecting, etc...  The server was way behind on patches so I downloaded and installed what was needed on Sunday and the delays were first reported on Wednesday.  I don't see anything out of the ordinary in the event viewer and the network connection appears normal (100mb, full duplex).  Could there be something happening on my domain controller to cause intermittent delays on the network?  It seems to affect different people at different times.
0
Comment
Question by:DarrinZuroff
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 34139465
Can you confirm all you network settings on the server and server ports on the switches are set to Auto-Negotiate. Also ensure the client machines are also set to Auto-negotiate.
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34139487
The servers and the switch ports they are connected to are all statically configured for 100mb, Full Duplex.  This was at the recommendation of the vendor that originally helped configure the network.  Is it better to use Auto-Negotiate?
0
 
LVL 5

Expert Comment

by:chqshaitan
ID: 34139489
hi, since you mention about an issue connecting from the pc's to your as400 i would say in the first instance that it is not related to the server.

Check the event logs and also performance monitor on the server
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 34139787
Make sure your server is pointing to itself for DNS in the TCP\IP properties and the clients only point to it in their TCP\IP properties.

Run dcdiag post results from domain controller
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140012
The server does point to itself for DNS.  Here is the output of DCDiag:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Replications
         ......................... HQ-APG2 passed test Replications
      Starting test: NCSecDesc
         ......................... HQ-APG2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... HQ-APG2 passed test NetLogons
      Starting test: Advertising
         ......................... HQ-APG2 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... HQ-APG2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... HQ-APG2 passed test RidManager
      Starting test: MachineAccount
         ......................... HQ-APG2 passed test MachineAccount
      Starting test: Services
         ......................... HQ-APG2 passed test Services
      Starting test: ObjectsReplicated
         ......................... HQ-APG2 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... HQ-APG2 passed test frssysvol
      Starting test: frsevent
         ......................... HQ-APG2 passed test frsevent
      Starting test: kccevent
         ......................... HQ-APG2 passed test kccevent
      Starting test: systemlog
         ......................... HQ-APG2 passed test systemlog
      Starting test: VerifyReferences
         ......................... HQ-APG2 passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : APG
      Starting test: CrossRefValidation
         ......................... APG passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... APG passed test CheckSDRefDom
   
   Running enterprise tests on : APG.LOCAL
      Starting test: Intersite
         ......................... APG.LOCAL passed test Intersite
      Starting test: FsmoCheck
         ......................... APG.LOCAL passed test FsmoCheck
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140139
Run dcdiag /test:dns

Everything so far looks good. Could be a network switch issue
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140300
Seeing some inmteresting things...  Here are the results of dcdiag /test:dns:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : APG
   
   Running enterprise tests on : APG.LOCAL
      Starting test: DNS
         Test results for domain controllers:
           
            DC: HQ-APG2.apg.local
            Domain: APG.LOCAL

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error:b.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:c.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:d.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:e.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:f.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure APG.LOCAL.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 8.8.4.4 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4
               
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: APG.LOCAL
               HQ-APG2                      PASS PASS FAIL PASS WARN PASS n/a  
         
         ......................... APG.LOCAL failed test DNS
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140341
Go into the properties of your DNS zone go to the forwarders tab remove any Forwarders listed and use 4.2.2.1 and 4.2.2.2
0
 
LVL 7

Assisted Solution

by:OxygenITSolutions
OxygenITSolutions earned 250 total points
ID: 34140375
Hard set network ports will produce the symptoms you have described. Auto negotiate is recommended.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140387
Auto-Negotiate is better but not required I have seen the issues like Oxygen has seen as well but not as much. I would start with enabling Auto-Negotiate on switch but it does seem like a switch issue
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140514
Out of all my servers it appears that my domain controller was the only one not set to Auto for Speed & Duplex.  I have changed the server nic and switch port to Auto and the server reconnected at 100/Full so I will see if that makes a difference.  I also changed my DNS forwarders as suggested and here is an updated "dcdiag /test:dns" output.  What does "DEL" mean?  If I run the same test on my backup DNS server everything passes (except for the WARN on DYN).



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : APG
   
   Running enterprise tests on : APG.LOCAL
      Starting test: DNS
         Test results for domain controllers:
           
            DC: HQ-APG2.apg.local
            Domain: APG.LOCAL

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 4.2.2.1 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 4.2.2.2 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error:b.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:c.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:d.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:e.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:f.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error:j.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:k.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:l.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:m.root-servers.net. IP: <Unavailabe> Status:A record not found
                 
               TEST: Delegations (Del)
                  Warning: DNS server: testbox.apg.local. IP: <Unavailable> Failure:Missing glue A record
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure APG.LOCAL.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.1
               
            DNS server: 4.2.2.2 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.2
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: APG.LOCAL
               HQ-APG2                      PASS PASS FAIL FAIL WARN PASS n/a  
         
         ......................... APG.LOCAL failed test DNS
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140611
I found out what DEL is... delegation.  There was an old entry called "testbox.apg.local" in there from an upgrade that took place several years ago.  I removed the entry and DEL passes now, so the only failed test is on "Forw"

One other thing I should mention is we are currently runnin in mixed mode because at one time there was one NT server still active.  The NT server has since been removed and all of the servers are running Server 2003, and my Exchange server is running Exchange 2003.  Could this possibly create issues?  Should I change to Native mode?  What considerations should I take before changing from mixed to native mode?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140853
As long as you don't have anymore NT servers running as Domain Controllers you can move forward and up your levels
0
 
LVL 1

Author Closing Comment

by:DarrinZuroff
ID: 34175932
As it turns out, someone plugged in a rogue machine that was causing all of the problems.  In the process I was able to change a couple settings that were not optimal so I have split the points.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now