Solved

Windows Server 2008 R2 DNS issues website browsing is slow or hangs

Posted on 2011-03-18
9
1,951 Views
Last Modified: 2015-10-19
Hi all and thank you for all your help.

We have a 2 domain controller network. The primary domain controller is running Windows Server 2008 R2 Enterprise (IPv4 - 10.1.1.250 and IPv6 2001:db8:8765:4321::2) and the other domain controller is running Windows Server 2008 R2 Standard (IPv4 - 10.1.1.251 and IPv6 2001:db8:8765:4321::3). I have setup a VPN and NAT on the Enterprise server with RRAS and it is currently being used as a router. Because I have Exchange 2010 running on the primary Domain Controller, I had to setup both servers using IPv6. I also configured the NIC IP settings for each server as follows, for the IPv4 DNS settings, the Preferred DNS server is set to 10.1.1.250 and Alternate DNS server is set to 10.1.1.251) For the IPv6 settings, the Preferred DNS server is set to 2001:db8:8765:4321::2 and the alternate DNS server is set to 2001:db8:8765:4321::3). I setup the DNS server type to Active Directory-Integrated and also configured the proper Reverse Lookup Zones within DNS (at least I believe so). I also have forwarders configured which are the DNS servers given by the ISP.

Now that you know the configuration, here is the issue: When browsing the internet, most of the time, not always though, websites hang or take an extremely long time to load when you're browsing. But, if you hit refresh, the page will load immediately and there's no delay.

What is strange is that if I try to ping a website from a workstation on the network, it seems that DNS can resolve very quickly so it seems really weird for it to be a DNS problem.
I know that it is not an Internet problem because we do not have any issues with people remoting in through RDP.

I tried doing some research on the problem and find out that it may have to do with EDNS and so I ran the following command but I still have the problem: "dnscmd /Config /EnableEDnsProbes 0"

Thank you for all your help!
0
Comment
Question by:philpre
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 24

Expert Comment

by:Awinish
ID: 35164227
Even though you can run Exchange on domain controller its not recommended, reason AD & exchange is a very heavy application, the use of memory,processor will load the server.

Technically, you can install Exchange 2010 on DC but its not recommended due to various constraint involved like, if you need to demote dc due to any issue, you need to remove exchange first than DC.
Even though article is for 2007, its applicable for Exchange 2010.
http://theessentialexchange.com/blogs/michael/archive/2008/03/29/exchange-server-2007-and-domain-controllers-a-summary.aspx

Ok, regarding your issue, see to it you apply windows 2008 SP1(test in a lab first). It can be bad nIC trying updating its drivers.
Take a look at article for fix in windows 2008 R2 SP1.
http://awinish.wordpress.com/2011/03/13/windows-2008-r2-sp1-and-directory-services-what%E2%80%99s-new/

Take a look at below article.
http://support.microsoft.com/kb/832223

Configure the DNS as posted in the link.
http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/
0
 

Author Comment

by:philpre
ID: 35164259
Awinish:

This server running as a domain controller and Exchange 2010 is extremely powerful, eg, 2 physical processors each with a 6-core intel xeon processors, 48 GB of RAM, so I know that is not what is causing the issue.

I know that it is not a bad NIC driver as I have the latest version of the NIC drivers loaded.

The server is currently running Windows Server 2008 R2 SP1 but it was happening before SP1.

I already performed that command,  "dnscmd /Config /EnableEDnsProbes 0" but the problem still persists.

As stated in the question, the DNS server addresses within the IP address configuration are set to point to both the primary and secondary domain controllers.

Thanks for the suggestions.
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 250 total points
ID: 35164347
Is DC is multihomed DC, means multiple active NIC, if yes try to disable all except one used for production.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a1583d7f-fa59-4497-89de-666d683e53a0/
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 19

Expert Comment

by:bevhost
ID: 35165455
Are you sure that you don't have problems with your IPv6 stack?  Do you have IPv6 Internet connectivity?

2001:db8 is not a real IPv6 address, so I assume you have substituted it for your real address for privacy reasons.

Sounds a bit like it is trying IPv6 first, failling and then falling back to IPv4, caching the answers and making it respond normally until the cache expires.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35166058
Configure your DNS servers to use DNS Forwarders and make sure your dns forwarders are updated.

http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx

You should not have your DNS servers multihomed
0
 

Author Comment

by:philpre
ID: 35168292
I am not multihoming the DC. It has 1 NIC because that is the internet facing NIC and then I have the 1 NIC which is internal. From what I understood about RRAS, in order to setup a VPN, I need 2 NICs which the only way I knew how to set it up would be to configure it with NAT as well to be used as the router. As far as IPv6 being the problem, from the IPv6 address that I used, I made sure that was an internalized IPv6 address so that there wouldn't be any problem. I do know that exchange REQUIRES IPv6 because if you disable it, Exchange 2010 does not start up and the Exchange Management Console will not connect to the Exchange services. I already configured the DNS forwarders properly and that they are updated. I believe this issue has something to do with being an Active-Directory Integrated mode because on another Server 2008 R2 that I was playing it, I was having the same issue, and once I disabled this inside of DNS, the internet browsing was quick afterwards. Thanks again for all the help.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 35168732
If you have two NICs enabled on a DC you can multihoming even if one is internal and external.

AD integration has nothing to do with this.

http://technet.microsoft.com/en-us/library/cc740071(WS.10).aspx

I would disable the second NIC for testing.

Go to your network binding make sure your internal NIC is listed first

http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/
1
 
LVL 19

Expert Comment

by:bevhost
ID: 35169255
So you're just using Link Local IPv6 Addresses then? fe80::bla
0
 
LVL 1

Expert Comment

by:softecsolutions
ID: 41059526
HI Dariusg:
I read your answer of not having a multihomed DNS server.  I think you may have solved an ongoing issue for me.  I have a client with about 80 computers.  They are a single server environment.  The server is a DC, file server, DNS server, DHCP server and SharePoint server. (I know, not recommended, and they no longer use SharePoint right now, but they won't let me remove it, "just in case")

DNS has been an ongoing issue for the clients.  The Server has two network cards, one internal, one external.  The external NIC goes through a UTM appliance and separate internet feed and is used only for RDP access to the server for ourselves.  The internal NIC has it's own UTM/Gateway and internet feed which is common to all the clients.

I am assuming from your comment about multihomed dns servers, that my issue is probably the two NIC's and that I should disable the external one.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question