Solved

Domain Controller Causing Delays on Network?

Posted on 2010-11-15
14
516 Views
Last Modified: 2012-05-10
I am running MS Windows Server 2003 as a domain controller, and it also acts as my DNS and DHCP server.  STarting last week several users have noticed delays on the network in the form of Outlook losing conenction to Excahnge and reconnecting in 10 - 20 seconds, slow network printing, telnet sesions to the AS400 disconnecting, etc...  The server was way behind on patches so I downloaded and installed what was needed on Sunday and the delays were first reported on Wednesday.  I don't see anything out of the ordinary in the event viewer and the network connection appears normal (100mb, full duplex).  Could there be something happening on my domain controller to cause intermittent delays on the network?  It seems to affect different people at different times.
0
Comment
Question by:DarrinZuroff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 34139465
Can you confirm all you network settings on the server and server ports on the switches are set to Auto-Negotiate. Also ensure the client machines are also set to Auto-negotiate.
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34139487
The servers and the switch ports they are connected to are all statically configured for 100mb, Full Duplex.  This was at the recommendation of the vendor that originally helped configure the network.  Is it better to use Auto-Negotiate?
0
 
LVL 5

Expert Comment

by:chqshaitan
ID: 34139489
hi, since you mention about an issue connecting from the pc's to your as400 i would say in the first instance that it is not related to the server.

Check the event logs and also performance monitor on the server
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 34139787
Make sure your server is pointing to itself for DNS in the TCP\IP properties and the clients only point to it in their TCP\IP properties.

Run dcdiag post results from domain controller
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140012
The server does point to itself for DNS.  Here is the output of DCDiag:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Replications
         ......................... HQ-APG2 passed test Replications
      Starting test: NCSecDesc
         ......................... HQ-APG2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... HQ-APG2 passed test NetLogons
      Starting test: Advertising
         ......................... HQ-APG2 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... HQ-APG2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... HQ-APG2 passed test RidManager
      Starting test: MachineAccount
         ......................... HQ-APG2 passed test MachineAccount
      Starting test: Services
         ......................... HQ-APG2 passed test Services
      Starting test: ObjectsReplicated
         ......................... HQ-APG2 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... HQ-APG2 passed test frssysvol
      Starting test: frsevent
         ......................... HQ-APG2 passed test frsevent
      Starting test: kccevent
         ......................... HQ-APG2 passed test kccevent
      Starting test: systemlog
         ......................... HQ-APG2 passed test systemlog
      Starting test: VerifyReferences
         ......................... HQ-APG2 passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : APG
      Starting test: CrossRefValidation
         ......................... APG passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... APG passed test CheckSDRefDom
   
   Running enterprise tests on : APG.LOCAL
      Starting test: Intersite
         ......................... APG.LOCAL passed test Intersite
      Starting test: FsmoCheck
         ......................... APG.LOCAL passed test FsmoCheck
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140139
Run dcdiag /test:dns

Everything so far looks good. Could be a network switch issue
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140300
Seeing some inmteresting things...  Here are the results of dcdiag /test:dns:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : APG
   
   Running enterprise tests on : APG.LOCAL
      Starting test: DNS
         Test results for domain controllers:
           
            DC: HQ-APG2.apg.local
            Domain: APG.LOCAL

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error:b.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:c.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:d.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:e.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:f.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure APG.LOCAL.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 8.8.4.4 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4
               
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: APG.LOCAL
               HQ-APG2                      PASS PASS FAIL PASS WARN PASS n/a  
         
         ......................... APG.LOCAL failed test DNS
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140341
Go into the properties of your DNS zone go to the forwarders tab remove any Forwarders listed and use 4.2.2.1 and 4.2.2.2
0
 
LVL 7

Assisted Solution

by:OxygenITSolutions
OxygenITSolutions earned 250 total points
ID: 34140375
Hard set network ports will produce the symptoms you have described. Auto negotiate is recommended.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140387
Auto-Negotiate is better but not required I have seen the issues like Oxygen has seen as well but not as much. I would start with enabling Auto-Negotiate on switch but it does seem like a switch issue
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140514
Out of all my servers it appears that my domain controller was the only one not set to Auto for Speed & Duplex.  I have changed the server nic and switch port to Auto and the server reconnected at 100/Full so I will see if that makes a difference.  I also changed my DNS forwarders as suggested and here is an updated "dcdiag /test:dns" output.  What does "DEL" mean?  If I run the same test on my backup DNS server everything passes (except for the WARN on DYN).



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\HQ-APG2
      Starting test: Connectivity
         ......................... HQ-APG2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\HQ-APG2

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : APG
   
   Running enterprise tests on : APG.LOCAL
      Starting test: DNS
         Test results for domain controllers:
           
            DC: HQ-APG2.apg.local
            Domain: APG.LOCAL

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 4.2.2.1 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 4.2.2.2 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error:b.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:c.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:d.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:e.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:f.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error:j.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:k.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:l.root-servers.net. IP: <Unavailabe> Status:A record not found
                  Error:m.root-servers.net. IP: <Unavailabe> Status:A record not found
                 
               TEST: Delegations (Del)
                  Warning: DNS server: testbox.apg.local. IP: <Unavailable> Failure:Missing glue A record
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure APG.LOCAL.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.1
               
            DNS server: 4.2.2.2 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.2
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: APG.LOCAL
               HQ-APG2                      PASS PASS FAIL FAIL WARN PASS n/a  
         
         ......................... APG.LOCAL failed test DNS
0
 
LVL 1

Author Comment

by:DarrinZuroff
ID: 34140611
I found out what DEL is... delegation.  There was an old entry called "testbox.apg.local" in there from an upgrade that took place several years ago.  I removed the entry and DEL passes now, so the only failed test is on "Forw"

One other thing I should mention is we are currently runnin in mixed mode because at one time there was one NT server still active.  The NT server has since been removed and all of the servers are running Server 2003, and my Exchange server is running Exchange 2003.  Could this possibly create issues?  Should I change to Native mode?  What considerations should I take before changing from mixed to native mode?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140853
As long as you don't have anymore NT servers running as Domain Controllers you can move forward and up your levels
0
 
LVL 1

Author Closing Comment

by:DarrinZuroff
ID: 34175932
As it turns out, someone plugged in a rogue machine that was causing all of the problems.  In the process I was able to change a couple settings that were not optimal so I have split the points.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question