Solved

Windows Server 2008 R2 DNS issues website browsing is slow or hangs

Posted on 2011-03-18
9
1,939 Views
Last Modified: 2015-10-19
Hi all and thank you for all your help.

We have a 2 domain controller network. The primary domain controller is running Windows Server 2008 R2 Enterprise (IPv4 - 10.1.1.250 and IPv6 2001:db8:8765:4321::2) and the other domain controller is running Windows Server 2008 R2 Standard (IPv4 - 10.1.1.251 and IPv6 2001:db8:8765:4321::3). I have setup a VPN and NAT on the Enterprise server with RRAS and it is currently being used as a router. Because I have Exchange 2010 running on the primary Domain Controller, I had to setup both servers using IPv6. I also configured the NIC IP settings for each server as follows, for the IPv4 DNS settings, the Preferred DNS server is set to 10.1.1.250 and Alternate DNS server is set to 10.1.1.251) For the IPv6 settings, the Preferred DNS server is set to 2001:db8:8765:4321::2 and the alternate DNS server is set to 2001:db8:8765:4321::3). I setup the DNS server type to Active Directory-Integrated and also configured the proper Reverse Lookup Zones within DNS (at least I believe so). I also have forwarders configured which are the DNS servers given by the ISP.

Now that you know the configuration, here is the issue: When browsing the internet, most of the time, not always though, websites hang or take an extremely long time to load when you're browsing. But, if you hit refresh, the page will load immediately and there's no delay.

What is strange is that if I try to ping a website from a workstation on the network, it seems that DNS can resolve very quickly so it seems really weird for it to be a DNS problem.
I know that it is not an Internet problem because we do not have any issues with people remoting in through RDP.

I tried doing some research on the problem and find out that it may have to do with EDNS and so I ran the following command but I still have the problem: "dnscmd /Config /EnableEDnsProbes 0"

Thank you for all your help!
0
Comment
Question by:philpre
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 24

Expert Comment

by:Awinish
ID: 35164227
Even though you can run Exchange on domain controller its not recommended, reason AD & exchange is a very heavy application, the use of memory,processor will load the server.

Technically, you can install Exchange 2010 on DC but its not recommended due to various constraint involved like, if you need to demote dc due to any issue, you need to remove exchange first than DC.
Even though article is for 2007, its applicable for Exchange 2010.
http://theessentialexchange.com/blogs/michael/archive/2008/03/29/exchange-server-2007-and-domain-controllers-a-summary.aspx

Ok, regarding your issue, see to it you apply windows 2008 SP1(test in a lab first). It can be bad nIC trying updating its drivers.
Take a look at article for fix in windows 2008 R2 SP1.
http://awinish.wordpress.com/2011/03/13/windows-2008-r2-sp1-and-directory-services-what%E2%80%99s-new/

Take a look at below article.
http://support.microsoft.com/kb/832223

Configure the DNS as posted in the link.
http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/
0
 

Author Comment

by:philpre
ID: 35164259
Awinish:

This server running as a domain controller and Exchange 2010 is extremely powerful, eg, 2 physical processors each with a 6-core intel xeon processors, 48 GB of RAM, so I know that is not what is causing the issue.

I know that it is not a bad NIC driver as I have the latest version of the NIC drivers loaded.

The server is currently running Windows Server 2008 R2 SP1 but it was happening before SP1.

I already performed that command,  "dnscmd /Config /EnableEDnsProbes 0" but the problem still persists.

As stated in the question, the DNS server addresses within the IP address configuration are set to point to both the primary and secondary domain controllers.

Thanks for the suggestions.
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 250 total points
ID: 35164347
Is DC is multihomed DC, means multiple active NIC, if yes try to disable all except one used for production.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a1583d7f-fa59-4497-89de-666d683e53a0/
0
 
LVL 19

Expert Comment

by:bevhost
ID: 35165455
Are you sure that you don't have problems with your IPv6 stack?  Do you have IPv6 Internet connectivity?

2001:db8 is not a real IPv6 address, so I assume you have substituted it for your real address for privacy reasons.

Sounds a bit like it is trying IPv6 first, failling and then falling back to IPv4, caching the answers and making it respond normally until the cache expires.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35166058
Configure your DNS servers to use DNS Forwarders and make sure your dns forwarders are updated.

http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx

You should not have your DNS servers multihomed
0
 

Author Comment

by:philpre
ID: 35168292
I am not multihoming the DC. It has 1 NIC because that is the internet facing NIC and then I have the 1 NIC which is internal. From what I understood about RRAS, in order to setup a VPN, I need 2 NICs which the only way I knew how to set it up would be to configure it with NAT as well to be used as the router. As far as IPv6 being the problem, from the IPv6 address that I used, I made sure that was an internalized IPv6 address so that there wouldn't be any problem. I do know that exchange REQUIRES IPv6 because if you disable it, Exchange 2010 does not start up and the Exchange Management Console will not connect to the Exchange services. I already configured the DNS forwarders properly and that they are updated. I believe this issue has something to do with being an Active-Directory Integrated mode because on another Server 2008 R2 that I was playing it, I was having the same issue, and once I disabled this inside of DNS, the internet browsing was quick afterwards. Thanks again for all the help.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 35168732
If you have two NICs enabled on a DC you can multihoming even if one is internal and external.

AD integration has nothing to do with this.

http://technet.microsoft.com/en-us/library/cc740071(WS.10).aspx

I would disable the second NIC for testing.

Go to your network binding make sure your internal NIC is listed first

http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/
1
 
LVL 19

Expert Comment

by:bevhost
ID: 35169255
So you're just using Link Local IPv6 Addresses then? fe80::bla
0
 
LVL 1

Expert Comment

by:softecsolutions
ID: 41059526
HI Dariusg:
I read your answer of not having a multihomed DNS server.  I think you may have solved an ongoing issue for me.  I have a client with about 80 computers.  They are a single server environment.  The server is a DC, file server, DNS server, DHCP server and SharePoint server. (I know, not recommended, and they no longer use SharePoint right now, but they won't let me remove it, "just in case")

DNS has been an ongoing issue for the clients.  The Server has two network cards, one internal, one external.  The external NIC goes through a UTM appliance and separate internet feed and is used only for RDP access to the server for ourselves.  The internal NIC has it's own UTM/Gateway and internet feed which is common to all the clients.

I am assuming from your comment about multihomed dns servers, that my issue is probably the two NIC's and that I should disable the external one.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now