Domain Controller Causing Delays on Network?

I am running MS Windows Server 2003 as a domain controller, and it also acts as my DNS and DHCP server.  STarting last week several users have noticed delays on the network in the form of Outlook losing conenction to Excahnge and reconnecting in 10 - 20 seconds, slow network printing, telnet sesions to the AS400 disconnecting, etc...  The server was way behind on patches so I downloaded and installed what was needed on Sunday and the delays were first reported on Wednesday.  I don't see anything out of the ordinary in the event viewer and the network connection appears normal (100mb, full duplex).  Could there be something happening on my domain controller to cause intermittent delays on the network?  It seems to affect different people at different times.
LVL 1
DarrinZuroffAsked:
Who is Participating?
 
Darius GhassemConnect With a Mentor Commented:
Make sure your server is pointing to itself for DNS in the TCP\IP properties and the clients only point to it in their TCP\IP properties.

Run dcdiag post results from domain controller
0
 
OxygenITSolutionsCommented:
Can you confirm all you network settings on the server and server ports on the switches are set to Auto-Negotiate. Also ensure the client machines are also set to Auto-negotiate.
0
 
DarrinZuroffAuthor Commented:
The servers and the switch ports they are connected to are all statically configured for 100mb, Full Duplex.  This was at the recommendation of the vendor that originally helped configure the network.  Is it better to use Auto-Negotiate?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
chqshaitanCommented:
hi, since you mention about an issue connecting from the pc's to your as400 i would say in the first instance that it is not related to the server.

Check the event logs and also performance monitor on the server
0
 
DarrinZuroffAuthor Commented:
The server does point to itself for DNS.  Here is the output of DCDiag:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Replications
         ......................... HQ-APG2 passed test Replications
      Starting test: NCSecDesc
         ......................... HQ-APG2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... HQ-APG2 passed test NetLogons
      Starting test: Advertising
         ......................... HQ-APG2 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... HQ-APG2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... HQ-APG2 passed test RidManager
      Starting test: MachineAccount
         ......................... HQ-APG2 passed test MachineAccount
      Starting test: Services
         ......................... HQ-APG2 passed test Services
      Starting test: ObjectsReplicated
         ......................... HQ-APG2 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... HQ-APG2 passed test frssysvol
      Starting test: frsevent
         ......................... HQ-APG2 passed test frsevent
      Starting test: kccevent
         ......................... HQ-APG2 passed test kccevent
      Starting test: systemlog
         ......................... HQ-APG2 passed test systemlog
      Starting test: VerifyReferences
         ......................... HQ-APG2 passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : APG
      Starting test: CrossRefValidation
         ......................... APG passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... APG passed test CheckSDRefDom
   
   Running enterprise tests on : APG.LOCAL
      Starting test: Intersite
         ......................... APG.LOCAL passed test Intersite
      Starting test: FsmoCheck
         ......................... APG.LOCAL passed test FsmoCheck
0
 
Darius GhassemCommented:
Run dcdiag /test:dns

Everything so far looks good. Could be a network switch issue
0
 
DarrinZuroffAuthor Commented:
Seeing some inmteresting things...  Here are the results of dcdiag /test:dns:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : APG
   
   Running enterprise tests on : APG.LOCAL
      Starting test: DNS
         Test results for domain controllers:
           
            DC: HQ-APG2.apg.local
            Domain: APG.LOCAL

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error:b.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:c.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:d.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:e.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:f.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure APG.LOCAL.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 8.8.4.4 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4
               
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: APG.LOCAL
               HQ-APG2                      PASS PASS FAIL PASS WARN PASS n/a  
         
         ......................... APG.LOCAL failed test DNS
0
 
Darius GhassemCommented:
Go into the properties of your DNS zone go to the forwarders tab remove any Forwarders listed and use 4.2.2.1 and 4.2.2.2
0
 
OxygenITSolutionsConnect With a Mentor Commented:
Hard set network ports will produce the symptoms you have described. Auto negotiate is recommended.
0
 
Darius GhassemCommented:
Auto-Negotiate is better but not required I have seen the issues like Oxygen has seen as well but not as much. I would start with enabling Auto-Negotiate on switch but it does seem like a switch issue
0
 
DarrinZuroffAuthor Commented:
Out of all my servers it appears that my domain controller was the only one not set to Auto for Speed & Duplex.  I have changed the server nic and switch port to Auto and the server reconnected at 100/Full so I will see if that makes a difference.  I also changed my DNS forwarders as suggested and here is an updated "dcdiag /test:dns" output.  What does "DEL" mean?  If I run the same test on my backup DNS server everything passes (except for the WARN on DYN).



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : APG
   
   Running enterprise tests on : APG.LOCAL
      Starting test: DNS
         Test results for domain controllers:
           
            DC: HQ-APG2.apg.local
            Domain: APG.LOCAL

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 4.2.2.1 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 4.2.2.2 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error:b.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:c.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:d.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:e.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:f.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error:j.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:k.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:l.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:m.root-servers.net. IP: <Unavailabe> Status:A record not found
                 
               TEST: Delegations (Del)
                  Warning: DNS server: testbox.apg.local. IP: <Unavailable> Failure:Missing glue A record
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure APG.LOCAL.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.1
               
            DNS server: 4.2.2.2 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.2
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: APG.LOCAL
               HQ-APG2                      PASS PASS FAIL FAIL WARN PASS n/a  
         
         ......................... APG.LOCAL failed test DNS
0
 
DarrinZuroffAuthor Commented:
I found out what DEL is... delegation.  There was an old entry called "testbox.apg.local" in there from an upgrade that took place several years ago.  I removed the entry and DEL passes now, so the only failed test is on "Forw"

One other thing I should mention is we are currently runnin in mixed mode because at one time there was one NT server still active.  The NT server has since been removed and all of the servers are running Server 2003, and my Exchange server is running Exchange 2003.  Could this possibly create issues?  Should I change to Native mode?  What considerations should I take before changing from mixed to native mode?
0
 
Darius GhassemCommented:
As long as you don't have anymore NT servers running as Domain Controllers you can move forward and up your levels
0
 
DarrinZuroffAuthor Commented:
As it turns out, someone plugged in a rogue machine that was causing all of the problems.  In the process I was able to change a couple settings that were not optimal so I have split the points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.