DNS malfunction on WinSrv08
Posted on 2011-02-22
Boy, oh, boy. I've done *something* and now DNS is not working. I'm convinced that the recent FTP7.5 patch had something to do with it, but I'm not equipped to find out how right (or not) I am.
First, the environment. We have a single-server domain running Windows Server 2008 (NOT R2). It is all things to the network - DC, DNS, and IIS server, and it does file and print sharing. All IP addressing is static (192.168.x.y), so we aren't using DHCP. The ISP, Qwest, gave us an M1000 modem and we are not using its built-in firewall, but we are using NAT and some of its port forwarding features. The Windows firewall is up and running on the server. Both have allowed traffic on 135 for DNS purposes.
The problems... Port 135 was opened because two of the original problems were that the root hints all showed "not available" for IP addresses and that one of the DNS tools reported that COM+ wasn't able to communicate with my ISP's DNS servers using any available protocol. Research on that problem indicated that traffic needs to pass on port 135 for DNS. The server's IP stack locally was configured to point to itself for DNS, and the DNS service was pointing to the ISP's DNS servers using forwarders. I tried turning Root Hints on AND off, but the IP addresses remained blank.
I've followed many of the suggestions here at EE to no avail. While clients on the network were able to resolve new addresses just fine, the DC itself could not resolve addresses that weren't in the local cache. From the server, I could ping any name successfully, but when it came to actually going to that site in a browser, it would just sit at "attempting to connect" unless the site was in the local cache. After trying a bunch of things, I came to the point that I felt removing and reinstalling DNS should resolve my problems. My first remove-and-reinstall didn't resolve anything, so after more tinkering, I removed again. This time, upon reinstallation, I now see that the DNS server has the red-circle-white-X over it. The new error is, "Active Director Domain Services was unable to establish a connection with the global catalog." In Server Manager, DNS is stuck in a situation where I have the message, "This DNS server has not been configured. [...] To configure the DNS server, on the Action menu, click Configure a DNS server." The problem is...that option is greyed out, even after two reboots. So, I fear that DNS is broken and tomorrow, it will be much worse (requiring me to reconfigure each person's DNS settings so they can get to the 'net...NOT the way to make a good impression on a client!)
Now, dcdiag /fix and dcdiag /test:dns both tell me that "There are no more endpoints available from the endpoint mapper....SERVER (my DC name) failed test Connectivity." The /test option also says that there is no RPC connectivity, but RPC is running... I've stopped and restarted netlogon. I've rebooted again. I still get errors with AD and DNS, both referring back to RPC not working.
I really don't want to have to rip out AD and rebuild the domain, and at this point, I don't know if that will even help. (WHY couldn't this have happened on a Friday???)
Does anyone have ideas for me? Feel free to ask me for additional information and I'll post as much as I can. I TRULY appreciate all assistance anyone can provide.