Solved

Domain FQDN name being resolved to the wrong Domain Controller's IP

Posted on 2011-09-23
5
693 Views
Last Modified: 2012-05-12
Hi Experts,

Our domain has 8 DC's. One of them had some problems with sysvol replication so, by the time we were working on fixing this issue, we stopped netlogon and ntfrs services to guarantee no user logons on it and no replication traffic occurs.

The problem is, even when users logs on othere DC's, sometimes the UNC Path \\domain dns name\sysvol was resolved to the IP of this domain controllers that was out for maintenance.

Since this DC has no sysvol share on it yet, the GPO's failed to be applied and many errors was raised at user's computers.

I know this may be related to DNS round robin feature. Is this correct? Souldn't \\domain dns name be resolved to the DC where user logged on? How do I workaround of this problem?

Tks!

Rodrigo Garcone

How
0
Comment
Question by:garconer
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
You can change the dns setting on the client PC to point to other DC.
Also in Active directory sites and service map the subnet to other site.
But if the sysvol issue on the server can be fixed early you can ignore this error on the client end.
0
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
nslookup <domain FQDN> should return all your DCs, so what you see is normal.

If the problem DC is not holding SYSVOL, you should try to reinitialize it with setting the Burflags registry key to "D2" (hex).

http://adfordummiez.com/?p=61

0
 

Author Comment

by:garconer
Comment Utility
Dns on clients is already pointing to others dcs. If i type in \\domain name at the workstation with the problem, it resolves to the server with error, even when user is authenticated on other dc. Why the domain dns name is not being resolved to the user' logon dc?
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
Comment Utility
It is not given that the client will use the authenticating DC. It will most likely send DNS requests to the DC that is set on the clients NIC. But the authenticating DC may answer the client to use another DC to access resources.

You can authenticate towards DC1 but the client can be routed to DC3 for SYSVOL. DCs are multi-masters, so you can't be sure which DC the client use for accessing resources.
0
 

Author Comment

by:garconer
Comment Utility
Tks! That's what I expected.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now