Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain FQDN name being resolved to the wrong Domain Controller's IP

Posted on 2011-09-23
5
Medium Priority
?
731 Views
Last Modified: 2012-05-12
Hi Experts,

Our domain has 8 DC's. One of them had some problems with sysvol replication so, by the time we were working on fixing this issue, we stopped netlogon and ntfrs services to guarantee no user logons on it and no replication traffic occurs.

The problem is, even when users logs on othere DC's, sometimes the UNC Path \\domain dns name\sysvol was resolved to the IP of this domain controllers that was out for maintenance.

Since this DC has no sysvol share on it yet, the GPO's failed to be applied and many errors was raised at user's computers.

I know this may be related to DNS round robin feature. Is this correct? Souldn't \\domain dns name be resolved to the DC where user logged on? How do I workaround of this problem?

Tks!

Rodrigo Garcone

How
0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36591321
You can change the dns setting on the client PC to point to other DC.
Also in Active directory sites and service map the subnet to other site.
But if the sysvol issue on the server can be fixed early you can ignore this error on the client end.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36592192
nslookup <domain FQDN> should return all your DCs, so what you see is normal.

If the problem DC is not holding SYSVOL, you should try to reinitialize it with setting the Burflags registry key to "D2" (hex).

http://adfordummiez.com/?p=61

0
 

Author Comment

by:garconer
ID: 36592394
Dns on clients is already pointing to others dcs. If i type in \\domain name at the workstation with the problem, it resolves to the server with error, even when user is authenticated on other dc. Why the domain dns name is not being resolved to the user' logon dc?
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 2000 total points
ID: 36592606
It is not given that the client will use the authenticating DC. It will most likely send DNS requests to the DC that is set on the clients NIC. But the authenticating DC may answer the client to use another DC to access resources.

You can authenticate towards DC1 but the client can be routed to DC3 for SYSVOL. DCs are multi-masters, so you can't be sure which DC the client use for accessing resources.
0
 

Author Comment

by:garconer
ID: 36592613
Tks! That's what I expected.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question