Solved

Windows 2008 R2 - Delayed startup

Posted on 2012-03-13
14
1,926 Views
Last Modified: 2012-03-21
Hello Experts!

I am creating a home lab with Windows Server 2008 R2. After installing AD DS, assigning a static IP and joining a few Windows 7 VMs to my test domain successfully, I decided to reboot my server. When the server started loading, it was taking about 10 minutes to load "applying computer settings".

I started troubleshooting and searching for answers, until I found that the issue was related to the DNS settings which are set as 127.0.0.1 so I tried the Server's IP and it was still having the same issue. The only way to resolve this is by changing the DNS to dynamic. I am hoping to resolve this since as far as I know, I need to configure my server with static IP & DNS.

I am new to this (my first home server ever) so I know there is probably something I am missing or doing wrong..Please help me move forward with my studies :)

Things I tried
dcdiag /test:dns - successful when DNS is configured with a static IP / unsuccessful when DNS is configured with dynamic IP.  

ipconfig /flushdns, ipconfig /registerdns, dcdiag /fix - did this every time I tried different DNS settings.

Below is the dcdiag /test:dns results with static DNS (127.0.0.1, server IP)

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = HSVM001
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\HSVM001
      Starting test: Connectivity
         ......................... HSVM001 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\HSVM001

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... HSVM001 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : contoso

   Running enterprise tests on : contoso.com
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... contoso.com passed test DNS



I also attached a screenshot of the event viewer system error....all is there but I just don't know what to do :S

Thanks!!
dns.png
0
Comment
Question by:valdezf
  • 6
  • 3
  • 2
  • +1
14 Comments
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37719182
You've got IP4 addresses configured, but your DNS is looking for IP6 addresses.
Disable the IP6 on the network card properties and see if it still takes long to login.
0
 

Author Comment

by:valdezf
ID: 37720734
making progress (5 minutes now lol) but I am still getting same results from dcdiag /test:dns....wouldn't ip6 bring me problems if turned off?

anything else I can do to fix this? Thanks!!
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37723735
Most people are not running IP6 yet, if you're not sure about IP6 then you're probably not using it at the moment.

Switching it off should be a fairly easy test if done outside your production hours.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 37723848
My router is on 192.168.1.1 so I set up my Server to 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 dns 192.168.1.2 (ONLY), set the router dhcp settings to use 192.168.1.2 for DNS for the clients.

also set up dns forwarding to 8.8.8.8/4.4.4.4 .. the ip6 addresses you are seeing are for the root servers.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37724901
Nothing too complicated here.

You point the TCP/IP specs to the IP# of the DC,...period,...end of story,...no mystery,...no magic there.

You can use 127.0.0.1 as a secondary.

Do NOT use anything else for DNS,...do NOT put anything else in the TCP/IP Specs,...do NOT use anything other than RFC Private Addresses in the VM Lab,...do NOT set anything in the TCP/IP Specs to "automatic".  There should never be any such address as 23..21.242.88 anywhere in this conversation,...that is owned by Amazon.com.

It will already use Root Hints for External Resolution,...you do not have to "do" anything for that to happen.   Using a Forwarder is optional, but it will not use a Forwarder and Root Hints at the same time,...it is either one or the other.
0
 

Author Comment

by:valdezf
ID: 37726910
All, thanks for your response.

IPv6 is disabled, and I have used 127.0.0.1 as secondary.

I have no problems with the Windows7 VMs as long as the Server is up and running, the issue here is with the DC

My configuration is as fallows;

DC = (Interface set as Bridge mode in VMWare)
IP 192.168.1.6
Subnet: 255.255.255.0
DG 192.168.1.1
DNS 192.168.1.6
DNS 127.0.0.1

All Clients DNS pointed to DC=192.168.1.6

"Applying Computer Settings" load time on DC is about 5 minutes or more.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 29

Expert Comment

by:pwindell
ID: 37727135
Usually it is waiting for the DNS Service to fully upstart and initialize.  That is why it is always better when there are two DCs to point them at each other "first" and themself "second".  This way there is already a "live" DNS Server running to respond to queries when it boots up.  Of course you can't do that when there is only one.

At this point I am not sure what is causing it,...but it certainly isn't the TCP/IP Settings,...so leave them alone.

"Applying Computer Settings" comes from when it is retrieving the AD Group Policy settings from the Machine portion of the Default Domain Policy and the Default Domain Controllers Policy.  

The Users portion of the Policies would say "Applying Personal Settings".
0
 

Author Comment

by:valdezf
ID: 37727255
I do have two DC1 & DC2, DC2 configured with DC1 IP as primary DNS and self IP as secondary DNS.

like this
DC2
IP 192.168.1.7
Sebnet 255.255.255.0
DG 192.168.1.1

Primary DNS 192.168.1.6 (DC1 IP)
Secondary DNS 192.168.1.7

you are saying that I should configure DC1 with secondary DNS as DC2 IP address?

like this?
DC1
IP 192.168.1.6
Subnet 255.255.255.0
DG 192.168.1.1

Primary DNS 192.168.1.6 or 127.0.0.1
Secondary DNS 192.168.1.7 (DC2 IP)
0
 

Author Comment

by:valdezf
ID: 37729217
this is what's in the event log

DNS-Server Service

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

ActiveDirectory_Domain Service

Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
 
Source domain controller:
 DC2
Failing DNS host name:
 fc486b0c-8c93-4cce-81d8-1e841f48a08c._msdcs.contosolab.com
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
 
  dcdiag /test:dns
 
 4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.

I tried the troubleshooting steps given above...honestly it's gotten better (about 2 minutes delay) but I guess there is still a problem since 1st I have no policies configured 2nd it takes 2-3 minutes and 3rd I get that error every time the DC is booted.

---------------------------------------------------------------------------------------------

I noticed that the AD DS Eventviewer displays that the DC1 is trying to resolve DC2 and DC3 at startup....These domains DC2 & DC3 are off, not sure why is trying to resolve the names. Any ideas??
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37729789
I noticed that the AD DS Eventviewer displays that the DC1 is trying to resolve DC2 and DC3 at startup....These domains DC2 & DC3 are off, not sure why is trying to resolve the names. Any ideas??

There is no DC3.  And there is no reason for there to be one

like this?
DC1
IP 192.168.1.6
Primary DNS 192.168.1.6 or 127.0.0.1
Secondary DNS 192.168.1.7 (DC2 IP)


No,..flip the things around so  *.7 is first.

I am creating a home lab with Windows Server 2008 R2.

This is a Home Lab.

Wipe it out.  Start over.  Do it right the first time out and it will work like it is supposed to.
0
 

Accepted Solution

by:
valdezf earned 0 total points
ID: 37729823
There is a DC3...I just did not posted the log because is too long (same as DC2)


Windows Firewall was the issue. I turned this off, now the "applying computer settings" stage is faster.
0
 

Author Closing Comment

by:valdezf
ID: 37746285
I resolved the issue by doing extensive research. comments by the experts advised to reinstall which was not an option to me.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now