Solved

sbs 2011  dns issues

Posted on 2011-09-24
17
926 Views
Last Modified: 2012-05-14
I have a newly migrated SBS 2011 server.  I used the swing migration method and am having intermittent DNS issues.

I have a Dell 2970 Dual Quad with 32gig of memory.  The DNS entry for the server NIC is the SBS server itself.  My firewall is open out going.  

I disabled one NIC so I'm using only one Nic as instructed.  I can use the nslookup and resolve internal & external dns.  The problem I have it when I browse to web sites, they come up sometimes, other times the same site doesn't load.  I may get a time out, not found, partial site displayed with no graphics.  If I click reload many times it usually comes up.

Before I decommissioned my swing tempdc, I was having the same issue, but changed the primary DNS server to the temp DC and the internet was fine.  After the decommission, I am not able to reliably browse from the server or workstations.  When using the DNS on the temp browser for the workstations, I still could not surf from the SBS server.  I did change the IE restrictions for administrators, and I'm logged in as the domain administrator.

I've run dcdiag and it looks good.  I've flushed DNS and registered dns.  I've tried putting in valid forwarders in the dns.  Just when I think it is working fine on 5-8 sites, it then seems to lose the ability to resolve and may display page not found or a partial web page.  It could be on a page that was loaded many times like www.msn,com.  The last time I tested, it only loaded a partial page of MSN, and I immediately ran an nslookup on the server and it resolved.

Help.
0
Comment
Question by:JackAitken
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 2
17 Comments
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 36594911
Have you tried this solution, which is known to affect Server 2008 and SBS sitting on it?

http://support.microsoft.com/kb/968372
Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains
0
 

Author Comment

by:JackAitken
ID: 36595395
I have not, and will test it shortly, and will let you know.
0
 

Author Comment

by:JackAitken
ID: 36595656
I just followed the article, and it had no effect.  It brings up a few web sites then times out.  Right after a time out, I ran nslookup, and is timed out, and said timeout was 2 seconds.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36596409
I'm guessing you have larger network issues, and this is just a symptom. Try a different network cable. A different swith or port, update your NIC drivers (Broadcom is really bad about buggy drivers) and disable advanced NIC features such as offloading features.

-Cliff
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 36598187
Thinking specifically about the partial web pages, I would be looking at overall connectivity too.

Can you do a "ping www.yahoo.com -t" and see if you are getting lost packets over a 5-10 minute period?
0
 

Author Comment

by:JackAitken
ID: 36598982
When I introduced the new SBS 2011 & a tempDC, the DNS wasn't working on the SBS 2011, so I changed it to the tempDC, I made the tempDC as the primary DNS server, and it worked fine for 2 days.  Once i decommissioned the tempDC, the problem came back.  Don't believe it is connectivity due to that.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36599700
That is because the tempDC was handling DNS. connectivity on the SBS server would not cause DNS failures. Now that DNS is back on SBS, they will. Not sure why you'd think otherwise.

-Cliff
0
 

Author Comment

by:JackAitken
ID: 36599766
I assume you were talking about connectivity to the internet, which the tempDC shows was fine.  If I ping www.yahoo.com, doesn't it require DNS to resolve?  I could try pinging the IP for www.yahoo.com to take the DNS out of the request.  I'll give that a shot.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36599784
No, I'm talking about the NIC connectivity itself. Flaky drivers and poor .NC settings, as well as cables or a failing switch (where one port works and another intermittently drops packets) could all cause the symptoms you describe. Pinging will likely be intermittent as well.
0
 

Author Comment

by:JackAitken
ID: 36599788
I'm pinging now, and so far no time outs.
0
 

Author Comment

by:JackAitken
ID: 36601318
I just finished working with Microsoft.  After testing all the things I did previously, they tried adding my firewall (192.168.1.1) as a forwarder, and that worked!  First time I ever added an internal address as a forwarder.  Internet is as fast as ever, and sites are resolving.
0
 

Author Comment

by:JackAitken
ID: 36707741
Just spent 5 more hours with microsoft.  What a beating.  They can't figure out why the dns is working the way it was designed.  We are still using the internal gateway address as a forwarder.  Does this pose any security risk?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36707759
No more so than using any other forwarder. The reliability of its replies and susceptibility to DNS poisoning is dependent in the DNS implementation if the gateway. Could be rock solid. Or could have been coded by chimpanzees. So the question is, do you trust your gateway manufacturer/vendor from a security perspective?
0
 

Author Comment

by:JackAitken
ID: 36707779
I need to figure this out, but didn't want to expose ourselves.  Funny thing is I can browse find with my laptop hard codeing ip & DNS, just not the SBS 2011 server.
0
 

Accepted Solution

by:
JackAitken earned 0 total points
ID: 37361594
Turns out to be the firewall.  The Netgear was set to use itself as a proxy.  Strange thing was the setting was not changed and existed when the SBS 2003 server was in place.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question