?
Solved

Domain FQDN name being resolved to the wrong Domain Controller's IP

Posted on 2011-09-23
5
Medium Priority
?
724 Views
Last Modified: 2012-05-12
Hi Experts,

Our domain has 8 DC's. One of them had some problems with sysvol replication so, by the time we were working on fixing this issue, we stopped netlogon and ntfrs services to guarantee no user logons on it and no replication traffic occurs.

The problem is, even when users logs on othere DC's, sometimes the UNC Path \\domain dns name\sysvol was resolved to the IP of this domain controllers that was out for maintenance.

Since this DC has no sysvol share on it yet, the GPO's failed to be applied and many errors was raised at user's computers.

I know this may be related to DNS round robin feature. Is this correct? Souldn't \\domain dns name be resolved to the DC where user logged on? How do I workaround of this problem?

Tks!

Rodrigo Garcone

How
0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36591321
You can change the dns setting on the client PC to point to other DC.
Also in Active directory sites and service map the subnet to other site.
But if the sysvol issue on the server can be fixed early you can ignore this error on the client end.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36592192
nslookup <domain FQDN> should return all your DCs, so what you see is normal.

If the problem DC is not holding SYSVOL, you should try to reinitialize it with setting the Burflags registry key to "D2" (hex).

http://adfordummiez.com/?p=61

0
 

Author Comment

by:garconer
ID: 36592394
Dns on clients is already pointing to others dcs. If i type in \\domain name at the workstation with the problem, it resolves to the server with error, even when user is authenticated on other dc. Why the domain dns name is not being resolved to the user' logon dc?
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 2000 total points
ID: 36592606
It is not given that the client will use the authenticating DC. It will most likely send DNS requests to the DC that is set on the clients NIC. But the authenticating DC may answer the client to use another DC to access resources.

You can authenticate towards DC1 but the client can be routed to DC3 for SYSVOL. DCs are multi-masters, so you can't be sure which DC the client use for accessing resources.
0
 

Author Comment

by:garconer
ID: 36592613
Tks! That's what I expected.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question