Solved

DNS issus

Posted on 2011-03-24
10
796 Views
Last Modified: 2012-05-11
We are experiencing some strange DNS issues with our network. We have 2008 Sever with Exchange 2010 running as a DC, GC, DNS and a Server 2003 running as a DC, GC, DNS. We occasionally get ‘Delivery is delayed to these recipients or groups:’ messages on emails and now we are getting ‘Delivery has failed to these recipients or groups’

To add to this some of the domain PC’s are unable to browse network shares \\winserver8 as they seem to be unable to resolve DNS but also if you enter the IP address of the share \\10.0.254.8 this still does not work. Are these problems related?


How can I resolve this problem?
0
Comment
Question by:Fubschuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35208202
yeah I'd say that unable to browse & unable to deliver email are realated. Sounds like you are dropping off the network.
0
 
LVL 11

Expert Comment

by:Patmac951
ID: 35208213
From the command prompt on the servers can you possibly run this command: c:>DCDIAG /TEST:DNS

Then post the results?

If you are unable to access network devices via IP address this is not a DNS issue.  DNS is used to resolve computer names back to IP addresses, if you are unable to access the devices via IP address you are having another network issue that is not DNS related.
0
 
LVL 11

Expert Comment

by:Patmac951
ID: 35208255
Secondly for the computers that are not able to communicate via IP addresses can you successfully ping the Domain controllers from these workstations?  For testing purposes have you tried to remove the computer from the domain to a workgroup, reboot the computer then try join the domain again?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 18

Expert Comment

by:Netflo
ID: 35208564
Fubschuk,

1. Can you please ensure that the local DNS servers configured on both servers are not set to external DNS or ISP DNS server, these need to be configured via forwarders in DNS.

2. If you review the DNS logs in Event Viewer does it point out any issues?

3. You can also enable the "use the external dns lookup settings on the transport" setting on your Exchange 2010 Send Connector which routes emails to the internet.
Please see the following article to enable this http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.connectivity/2009-02/msg00011.html

Hope this helps, let us know how you get on.
0
 

Author Comment

by:Fubschuk
ID: 35213434
Results from DCDIAG /TEST:DNS attached.

 DNS8-1.txt
 DNS13-1.txt
The DNS tests passed

I can ping the IP address of the machines on the network. I have removed one of the machines from the domain, then tried to re-connect but get the message the domain controller could not be found.
I'm guessing that because I can't browse any share from this machine

The DNS event logs on both machines have no errors.
Winserver8 does have a lot of information events with...
The DNS server encountered a bad packet from nn.nn.nn.nn.  Packet processing leads beyond packet length. The event data contains the DNS packet
0
 
LVL 18

Accepted Solution

by:
Netflo earned 500 total points
ID: 35215739
From your attached logs, it looks like your server is querying the root server, have you got DNS forwarders configured?

Go to DNS -> Right click on your server -> Properties -> Forwarders tab -> If the following list is empty, press Edit and type in either your ISPs DNS servers or Google DNS servers [8.8.8.8 and 8.8.4.4], the latter may be a preferred option if you have multiple ISP providers or just want a more resilient DNS network.

Also have you got a reverse DNS zone created in your DNS for  your local network, bearing in mind that it is not created by default.

Go to DNS -> Expand your server -> Right click on Reverse Lookup Zones -> New Zone -> Next -> Primary Zone -> Next -> To all DNS servers running on domain controllers in this domain -> Next -> IPv4 reverse lookup zone -> Next -> Network ID (e.g. 192.168.1) -> Next -> Allow only secure dynamic updates -> Finish

Let us know how you get on.
0
 

Author Comment

by:Fubschuk
ID: 35216006
I have made the changes as neither DNS had forwarders configured so added Googles DNS, and the reverselookup for my network.

I will see how this works over the weekend.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 35216322
One final point, can you please ensure the following is done, as listed previously:

3. You can also enable the "use the external dns lookup settings on the transport" setting on your Exchange 2010 Send Connector which routes emails to the internet.
Please see the following article to enable this http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.connectivity/2009-02/msg00011.html
0
 

Author Closing Comment

by:Fubschuk
ID: 35239409
The problem with the PC’s not being able to connect or see files shares was a red herring. I fixed that myself there was a driver problem caused by a windows update on some of the machines.

The Email retries and fails were the problem solved here.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 35239538
Glad to hear everything is okay.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question