• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

Windows 2008 R2, second dns doesn't take over?

Please see also question http://www.experts-exchange.com/Networking/Protocols/DNS/Q_27731156.html

I have the same situation: 1 domain controller/DNS-server is down, the second is online and mentioned in dns-settings of clients. However, they don't resolve any adddress. Please advise.

---
Output commands 192.168.44.65 is the server which is down 44.80 is the one which is up and running fine. Vcenter is just a test of a machine in my  domain.


C:\Users\administrator.mydomain>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  192.168.44.65

> vcenter
Server:  UnKnown
Address:  192.168.44.65

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
> set type=ns
> mydomain.local
Server:  UnKnown
Address:  192.168.44.65

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
>
0
janhoedt
Asked:
janhoedt
  • 17
  • 9
  • 4
  • +2
1 Solution
 
MPJHornerCommented:
Is DHCP set to give the 2nd DNS server to all the clients?

run a ipconfig /all to see?
0
 
jmanishbabuCommented:
The Clients or the  machines which you are trying to do nslookup should have the Primary DNS set to second which is online
0
 
jmanishbabuCommented:
I mean change the IP address of the old DNS server to the DNS server in the network properties of client this should work fine
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
janhoedtAuthor Commented:
???????????
Please do not comment if you don't have serious answers.
0
 
janhoedtAuthor Commented:
For the record:
-yes clients have 2 dns-servers since most of them are servers with fix ip addresses
-why on earth would I change the client settings to a different DNS as primary, 2 DNS-es means 2nd should take over, that's the whole idea behind a second dns-server
0
 
jmanishbabuCommented:
Yeah i know what you mean .. Its correct it should pick the 2nd DNS server on the client settings ..

On the Client Machine if u type set l in command prompt you can still see this is logon server is the 1st server which is down. So you may need to change the DNS realignment

In Active Directory, DNS database contain the information that will indicate where servers or workstations can obtain its logon information. This process is called DNS Site Coverage.
0
 
jmanishbabuCommented:
However, when the local site DC is not available, users’ workstations cannot locate it’s own DC and therefore users cannot logon except using their locally store proxy profiles. That’ll stop users from getting into MS Outlook due to the local Exchange server cannot verify the users’ usernames and passwords.

By modifying the DNS Site Coverage for that particular site, user workstations and servers will be able to locate a DC you specify in another site, normally the bridgehead server

Expand DNS from the snap-ins.
Expend the path Forward lookup zone\contoso.com
Then expand “\_msdcs\dc\sites\<your problem site name>\_tcp”      
right click on “_tcp” and select “Other New Records..”       
Select “Service Location” from the list and then click “Create Record”
Fill in the record as below and then click “Ok” to create the record.      
right click on “_tcp” again and then select “Other New Records…”      
select “Service Location” from the list and then click “Create Record”
Fill in the record as below and then click “Ok” to create the record.      

Note this record needs to be done for all  3 records

1. The service type is _gc for one record
2. The service type should be _kerberos
3- The last is _ldap

Host offering this service is the new domain controller name .
0
 
Leon FesterIT Project Change ManagerCommented:
Are your DNS zones configured as AD-integrated?
The fact that you're getting:
Default Server:  UnKnown
suggests that your reverse lookup zones for 192.168.44 does not exist on the DNS server 192.168.44.65

Run DCDIAG /test:dns and then repadmin /showrepl, post the results
0
 
janhoedtAuthor Commented:
Thanks & sorry for late reply. I have some urgent matters but wil check asap.
0
 
janhoedtAuthor Commented:
To jmanishbabu: not sure I understand you fully. I have a default domain setup for my lab. Why should the records be created suddenly? Did I did something wrong then?

Note that recently 1 DC died (10.158.1.65) and I transferred the roles to 10.158.1.80 (only DC left), I want to demote 192.168.1.40 from DC but there I had error messages (next issue to look at).

NOTE THAT I CHANGE IP ADDRESSES in my post at random, just for security.

To dvt_localboy, repadmin didn't give any errors. Not sure if it is AD intergrated or not.

C:\Users\Administrator>DCDIAG /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC02
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: site01\DC02
      Starting test: Connectivity
         ......................... DC02 passed test Connectivity

Doing primary tests

   Testing server: site01\DC02

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DC02 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : sb

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: DC02.mydomain.local
            Domain: mydomain.local


               TEST: Basic (Basc)
                  Warning: adapter [00000013] vmxnet3 Ethernet Adapter has
                  invalid DNS server: 10.158.1.65 (<name unavailable>)

               TEST: Delegations (Del)
                  Error: DNS server: vmwin2k8e64.mydomain.local. IP:<Unavailable>
                  [Missing glue A record]

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 10.158.1.65 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 10.158.1.65               Name resolution is not functional. _ldap._tc
p.mydomain.local. failed on the DNS server 10.158.1.65

            DNS server: 8.8.8.4 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 8.8.8.4
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: mydomain.local
               DC02                         PASS WARN PASS FAIL PASS PASS n/a

         ......................... mydomain.local failed test DNS
0
 
smckeown777Commented:
Don't want to hijack the thread from the other experts but there are a number of issues here...

1) DNS server: 8.8.8.4 (<name unavailable>) - why have you got Google's DNS server in your list? This is not correct(plus that's not actually the correct IP even at that - 8.8.4.4 is Google's DNS not 8.8.8.4
You should never have a public DNS server in the list of DNS servers assigned to a network card(they can be listed in Forwarders section in DNS Console yes, but not on the card itself)

2) DNS server: 10.158.1.65 (<name unavailable>) - this is the old server yes? If its removed from the domain you need to remove it from the list as well

What server have you run this dcdiag from? The new one?
If so you've got incorrect DNS settings on the network card based on the tests you've ran
On the new server you need
Primary DNS - the server's IP itself
Secondary - any other internal DNS servers you have(which in this case might be none) and therefore this is left blank

Check the network card assignments for DNS servers, it appears to be incorrect
0
 
janhoedtAuthor Commented:
I have google dns in forwarders, not on nic.
0
 
smckeown777Commented:
Well its showing up in dcdiag so its referenced somewhere...

What IP's have you on the NIC on the server itself? 1 or 2?
If its still pointing to the old server that needs to change

This is a virtual machine yes? Are there 2 network cards in it by chance?

'vmxnet3 Ethernet Adapter has invalid DNS server: 10.158.1.65 (<name unavailable>)
0
 
janhoedtAuthor Commented:
Removed the second dns from .65 from DNS list DC.

Ran dcdiag again, not sure what this means though:
TEST: Delegations (Del)
   Error: DNS server: vmwin2k8e64.mydomain.local. IP:<Unavailable>
   [Missing glue A record]

Note: I see now that there are some records pointing to died dc and another dc before that which died also. Can I remove them manually?
f.e. _gc, _ldap etc, entries weren't cleaned up apparently but not sure if I can just delete any entry from those died dc's/dns-es
0
 
janhoedtAuthor Commented:
0
 
smckeown777Commented:
This server - vmwin2k8e64.mydomain.local - i assume this was an old DC?

Yes remove those records from DNS that reference the old DC's

I can't access that video so not sure what it was for...
0
 
janhoedtAuthor Commented:
So you can't access dropbox? Just a video of my DNS-server.

So I have to clean out manually each referral to a died DNS (I don't want to use scavanging since it's a lab and I don't want to loose dns entries for old servers).

I have still some doubts about deleting some records (in red):
dns
0
 
janhoedtAuthor Commented:
Note: I have several forward lookup zones, some for testdomains, but 2 related to mydomain.local:
_msdcs.mydomain.local and mydomain.local. What is this _msdcs.mydomain.local for?
And where is the Default-First-Site-Name for, my actual site it is the other one (greyed out in screenshot)?
0
 
smckeown777Commented:
_msdcs.mydomain.local is the AD integrated DNS zone for the domain

No you don't want to delete anything in red!!!
I want you to change the IP's/records that point to the old DC's

Eg you say
Domain-Sites-Default-FirstName-tcp - contains records of your old DC - double click the record itself (it should be an _ldap record) - and point it to the new dc name

'And where is the Default-First-Site-Name for, my actual site it is the other one (greyed out in screenshot)? '

Not sure what this last line means?
0
 
janhoedtAuthor Commented:
Thanks, that's far more clear to me now! However, I don't understand why it kept on working when my authorative name server wasn't correct anymore(!) and all those settings were pointing to a non existing dns-server.
So, this process for cleaning up a died dns is always manual (can't be done automatically)?

My question related to the sites is: what is this "Default first site name"?
Location: my zone, then sites, then "Default first site name".
What's the use of it? I have another site below of it which is my actual site (in which I'm working), so I don't understand what the other one is doing.
0
 
smckeown777Commented:
First question - 'Default First site name' is the default name associated with your domain/site when you first built the domain

Open Active Directory Sites and Services and you'll see the Default first name thing...

As for the cleanup I'm not aware of any 'automated' way to do it, but some of the other experts will be sure to give you a heads up on this I think...

To do it right you need to(once you've dcpromo'd the old dc) give it time to replicate, and it should do the process automatically - this can take some time, so depends on how long you left the old dc online...
0
 
janhoedtAuthor Commented:
Ok, but where do I need the default first name for?
0
 
smckeown777Commented:
Did you open AD Sites and Services?
When you create a domain its part of the questions that are asked when you walk through the wizard - it always defaults to 'Default First Site Name' - so unless you changed it there, its always going to be called that...

Note this isn't an issue, this is normal
0
 
janhoedtAuthor Commented:
Ok, thanks. One more thing: I have a server on which I installed vmware workstation, the virutal adapters registered in dns, now I disabled this on the network adapter (register in dns) but the resolving still happens. I don't find any record for the second address but it still resolved to both addresses. Refreshed the cache, but it is still there. Any idea?

nslookoup of as
Name:    as.mydomain.local
Addresses:  10.158.137.1
          10.158.1.40

When I do again a lookup the result is opposite: 10.158.1.40 appears as first. Pretty anoying since this is also a DC/DNS

Note: I'd also need to change dns settings for all servers to point solely to the new DNS/DC (some servers have it as a second only). Any idea how to do this automatically?
0
 
smckeown777Commented:
No clue how to do the DNS change on the servers automatically, but yes if there is only 1 DC then make it primary DNS on all servers

Sorry bit confused as to what you are asking now - you have a VMWare workstation with a NIC that is part of the domain yes? You're trying to remove that? From AD? Or just the DNS record?
0
 
janhoedtAuthor Commented:
Ok.

No, I have a physical machine, called AS.mydomain.local, ip 10.158.1.40, which is a domain controller/DNS Windows 2008 R2. On that machine there is a VMWare Workstation installed, this software adds a virtual NIC, 10.158.137.1 which registered in the DNS as AS, so now I have two ip addresses for as.mydomain.local, only 10.158.1.40 should be there. No clue why nslookup still resolves the other ip since the record isn't there, I refreshed the cache and removed the records pointing to it.
0
 
smckeown777Commented:
Going to laugh here for a minute...you've installed VMWare workstation on a DC!!!
Never tried that before...

Ok, you need to remove the setting 'Register this connection in DNS' on the properties of that NIC, TCP/IP Properties that is

I've shown the screenshot from a sample - untick the bit at the bottom so the address isn't registered in DNS and you should be good to go
dns-reg.JPG
0
 
janhoedtAuthor Commented:
I know that and I did that and I mentioned that it didnt work. Also mentioned that it s a home lab, why wouldn t I install vmware workstation on the most powerfull hardware of my lab? Btw, if you want another laugh: it s a triple boot laptop and I only work wireless: so a wireless laptop dc.
0
 
smckeown777Commented:
Hehe, nice one!! Didn't realise it was a lab sorry, cool...

Ok the only thing I can think of is since the NIC is active its auto registering(as most do on a DC)

Is it being used? Can you not just disable it for testing to see?
0
 
janhoedtAuthor Commented:
I disabled the "register in DNS" as I mentioned. But it is still there.
Might remove vmware workstation, but still, it should not cause any issue.
0
 
janhoedtAuthor Commented:
Strange thing is, when I ping, it's the wrong address, when I do an nslookup, it's the correct address, there is only 1 DNS-server active on the machine I ping on (itself).
0
 
janhoedtAuthor Commented:
Yes I did a flush dns.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 17
  • 9
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now