?
Solved

DNS Issues

Posted on 2012-09-20
36
Medium Priority
?
691 Views
Last Modified: 2012-09-28
We have server 2008 with about 50 clients.We use IE8. Our server address "using an example" is 192.168.0.1....On our DNS server I have this set as the primary address for DNS, as a alternative I have  8.8.8.8 as the Alternative DNS address. This is actually Google's Public DNS server. I'm having the oddest issue..

For some reason only on random sites, the users cannot pull them up. Either it will say the page cannot not be displayed or will give errors. 95% of sites work great however. For example Paypal can't show up for users. Also some other websites may show up, but with errors such as:

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 1.0.0.40; MAAR; .NET4.0C; MS-RTC LM 8; .NET4.0E)
Timestamp: Thu, 20 Sep 2012 16:27:10 UTC


Message: Object expected
Line: 1
Char: 2
Code: 0
URI: http://exclusions.oig.hhs.gov/js/functions.js 


For some reason they will get that error message, or even one user will get it ONLY when replying to a message via wwebmail randomly. Odd right?

All of these issues go away when I change the DNS state state 8.8.8.8 as the Primary DNS and our's 192.168.0.1 as a alternative. The problem with keeping that however is, sometimes the users drives/file share scripts and stuff won't load when logging in, because it's pointing at Google, not our DNS.

OR the issue also goes away if they use Chrome or Firefox, regardless of DNS settings. Again making it very odd.

Any ideas?
0
Comment
Question by:Pancake_Effect
  • 13
  • 11
  • 9
  • +2
36 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38419246
What IP address(es) does 192.168.0.1 forward unknown zones to?
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38419292
Sorry it's been a while since I set up the DNS server and my memory escapes me, where do you find that setting at again in DNS? I see my forwarders, but not seeing it for unknown zones.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38419302
never mind, I found it xD it's pointing to 8.8.8.8 and 8.8.4.4...both Google DNS servers
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 24

Expert Comment

by:smckeown777
ID: 38419313
Ok your settings are incorrect

On an SBS server the primary DNS should be the server itself(since its a DNS server)
Secondary should be blank

Within the DNS console Control panel, Admin tools you then need to setup Forwarders, in there you put Google's DNS server IP's...

Right click the server name in DNS Console, properties - Forwarders tab
Enter Google's servers in there

Then things should start to work properly
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38419347
Hmm I think I already have that, sorry if I explained it wrong, here's Screenshots of what I have:

SS
SS2
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38419391
Ok sorry, yes you have settings as per normal...

On the client machines - what is there primary and secondary dns servers?
Should only have a primary as well, no secondary...
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38419432
We have them all set up to automatic, after doing a IP config it shows that 192.1680.1 is the DNS server it's pointing at, no secondary. However if I change it to 8.8.8.8 those sites work wonderfully, but if you reboot the machine with those settings, all the mapped drives etc. fails because it's not using the local DNS.

So why would the server not be using it's fowarders for a few sites like that? Or the better question is, why does it work just fine with other browsers? I set all the security settings on IE back to default as a test, and yet it doesn't help. I even grabbed a new out of box machine, and only used the local admin account, and it still had issues. SO it has to be something server/network related and not with the browser I imagine.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38419462
There is a known DNS issue where the server cannot resolve some top level domain names and requires a registry edit.  You might want to look at that:
http://blogs.technet.com/b/sbs/archive/2009/01/29/cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38419466
there is a bug in the forwarders section of Server 2008 (not r2)
http://support.microsoft.com/kb/2001154
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38419512
We actually have SBS 2011, would that kb pertain to that?
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 960 total points
ID: 38419531
'We have server 2008'
'We actually have SBS 2011'

Moving goalposts are hard to hit...

I'd personally use OpenDNS's servers rather than Google's
208.67.222.222
208.67.220.220

Also maybe try your ISP's DNS server's to see if it helps any

The sites that aren't working - on multiple machines?
One last thing - run the Fix My Network wizard in SBS Console, Network section to see if it finds any other issues...
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38419547
I would agree that ideally you should use your ISP's DNS servers.  Also as smckeown777 suggested if it's SBS definitely run the Fix My Network Wizard.

The DNS "bug" won't affect SBS 2011, but the top level domain issue will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38419884
This is my results of the Fix my Network Tool, the results look promising to finding the issue. I kind of wanted to post this before I did anything. The IPv6 error is probably because I just unchecked the box for the IPv6 on the network adapter..dont know of the "proper" way that it states in the hints. But the most intriguing thing are the ones in the screenshot about DNS.

Problems
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 960 total points
ID: 38419899
'The DNS server is not listening to the IP address of the primary adapter' - thats an issue

Let it fix the issues, disregard the DNS forwarders thing, its only a warning
Why have you disabled IPv6? SBS requires IPv6 to work, least that's what I've been told over the years...

Proper way to disable IPv6 in my opinion is to uncheck the 'Listen to adapter' option under the DNS console, that way the client machines will always use the IPv4 adapter...
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1040 total points
ID: 38419907
>>"The IPv6 error is probably because I just unchecked the box for the IPv6 on the network adapter."
Never do that! There is never a reason to disable IPv6, but if you must iy has to be done in the registry. Disabling as you have done causes all sorts of problems. Pease see:
http://blogs.technet.com/b/sbs/archive/2008/10/24/issues-after-disabling-ipv6-on-your-nic-on-sbs-2008.aspx

The DNS not listening can be dure to having 127.0.0.1 in the DNS config of the NIC.  Also open the DNS management console, right click on the server and choose properties, click interfaces.  Only the Server's IP and 2 IPv6 addresses should be checked.
Also, again make sure only 1 NIC is enabled (not just disconnected)

Using forwarders is fine

Internet domain name is not configured means you have not run the "configure your internet address" wizard. Please see:
http://blogs.technet.com/b/sbs/archive/2008/10/15/introducing-the-internet-address-management-wizard-part-1-of-3.aspx
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 960 total points
ID: 38419925
Adding to what RobWill has said, SBS is a special product, its wizards are your friend, and should be run when you first installed to get it up and running

They are the 'glue' that keep things working right, manually changing settings is where things get broken...

Also as mentioned, disabling IPv6 isn't recommended, its required to make SBS function properly...
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38422466
Okay well here's a small update. I only disabled IPv6 recently , because I was thinking maybe it was causing some of these issues. So I simply re-enabled it. (Didn't break or fix anything)

As for the multiple IP Address. This was a result of a server migration. Our old sbs server 2003 was failing so we migrated it over to this new SBS 2011 machine.This DNS server is also our Domain Controller/Print/and File Share server. (We are just a small facility) We had to move the 2003 IP Address from 192.168.0.2 to the new address 192.168.0.1. We set up DNS to move anything that points at 192.168.0.2 to point at 192.168.0.1 instead. But we also have a third address 192.168.90.3 that is used for copiers (don't ask me why, there was a reason, but I'm not sure of) I personally didn't set a lot of this up, I've been here about a year, so I've just become quite knowledgeable of the setup.

So the IPs are like this (examples of course):
192.168.0.1 – SBS 2011
192.168.0.2 - Old SBS 2003 (pointing at 192.168.90.1)
192.168.0.3 - Copiers

(it also looks like there is a IPv6 addrress on the DNS interface)

DNS Interface Addresses
When I use the fix tool for the pointers or IP Addresses it uncheks them all except for our main 192.168.0.1 address. I imaigne this can be a problem, because any of the mapped drives or computers still using 192.168.0.2..will not be able to resolve addresses.

What's it's showing after I re-enabled IPv6 and what it currently looks like:

Fix my Network
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1040 total points
ID: 38422491
You cannot have multi-homing (multiple IP's) on an SBS !! You need to remove all but the primary and run the wizards to repair.  Otherwise you will have a DNS nightmare and in some cases DHCP stops assigning addresses.

If present, you also can only have 1 NIC adapter. all others must be disabled not just disconnected.

DNS is the backbone of a Windows domain and MUST be properly configured.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38422499
Bit lost as to what you are saying here, but I'll try and play along ;)

What does this mean - 192.168.0.2 - Old SBS 2003 (pointing at 192.168.90.1)
'Pointing at' bit - what exactly does this mean sorry?

Also, are you saying you have multiple NIC's in this server? If so you are in trouble, as SBS needs only 1, and can lead to more issues than you can fix...

As for the 192.168.90.1 thing - sounds like the printers are in a different subnet for some reason(can't see why)
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38422558
As I kind of mentioned earlier, they have the 2003 old address pointing at the new 2011 address. They have an A-host record in there accomplishing that. So my question is why do they even have those on the DNS interface as shown in the screenshot above? Is there any reason? I don't want to break those connections if they're needed (but I know you can't be 100% sure it won’t break anything, but just your opinion)

What do you recommend I do for the other addresses, do I disable them all (including the IPv6) as shown in the screenshot besides the 192.168.0.1 for the DNS interfaces?
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38422565
@smckeown777

They are using A-host records in DNS, and we only have one NIC enabled. For the print thing I can only guess it's for authentication reason for scanners and e-mail possibly?
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 960 total points
ID: 38422578
Right, cool, but you have a DNS console that is showing 3 IPv4 addresses - what are those addresses? That doesn't make sense, if you only have 1 NIC enabled then where are the 3 IPv4 addresses coming from?

Also, I assume you are using internal IP's on your LAN yes? If so you don't have to blank out the screenshots like you've done, since internal IP's aren't going to reveal anything to us

On other hand if you have a public IP address range internally, then ok I'll leave as is...

Reason i mention that is, what are the 3 IP addresses that are listed in DNS console as the 'listening' addresses? Shouldn't be 3 there, least not that I know of...
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1040 total points
ID: 38422581
In the interfaces tab you need to uncheck the extras.  It should only have 1 IPv4 server address and 2 IPv6 addresses.  I don't know where the others came from but I suspect you added multipe IP's to the one NIC (multi-homing)
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38422582
By 'internal IP's' I am of course referring to the standard private IP range which is used by default on most lan's...

192.168.x.x/16
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38422586
SBS uses /24

You should also run the BPA:
http://www.sbslinks.com/sbsbpa.htm
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38422594
Sorry, yes SBS uses /24, but was referring to the standard internal IP range which can be '192.168.anything.anything' bit, sorry if I confused ;)
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38422613
Correct. Sorry misunderstood.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38422628
We have standard private IP Address. Those "extra' addresses are what I state before:

192.168.0.1 – SBS 2011
192.168.0.2 - Old SBS 2003 (pointing at 192.168.90.1)
192.168.0.3 - Copiers
And there is one IPv6 address.

We only have on nic with one IP address on the server. The extra ones are multi-homing addresses. I know why those extra addresses exist, as shown a few sentences above, but I'm not sure why they exist in the DNS interfaces...unless those are just automatically added and checked by default.

So Rob your thinking I should disable them all besides the one IPv4 and two IPv6 addresses. One question though, it only shows one IPv6 address on there..is that a problem, or should I just again leave only the 1 IPv4 and 1 IPv6 address.

Sorry I'm reverse engineering all of this like you guys too :P
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1040 total points
ID: 38422648
>>"unless those are just automatically added and checked by default."
They are and not only should not be checked but need to be removed from the NIC.  SBS is not the same as server standard.

>>"So Rob your thinking I should disable them all besides the one IPv4 and two IPv6 addresses. "
Yes.  As for the 1 IPv6, leave that and the second may appear after a reboot. I have never understood why 2 but every SBS I have seen has the two.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38423002
Okay I will give that a try after hours tonight, and I'll report back.

 Out of curiosity you mention there is a difference between server standard and SBS in regards to using the muli-homing. What is that difference for these scenarios?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38423018
192.168.0.1 – SBS 2011
192.168.0.2 - Old SBS 2003 (pointing at 192.168.90.1)


Hopefully they are not using the same domain name!
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 38423054
They are using the same domain name, but 192.168.0.2 (old server) was decommissioned and not on the network anymore. The only reason why we kept 192.168.0.2 to point at 192.168.0.1 was so that all of our scripts and stuff wouldn't have to be tediously changed to match the new IP. Again by pointing all I mean is a DNS a record translating it to the new server name instead of the old one. There is no "old server" still running and literally routing to the new server.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38423079
One last thing if you can...can you post the result of

ipconfig /all

from your server so we can check a few things?
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1040 total points
ID: 38423144
>>"Out of curiosity you mention there is a difference between server standard and SBS in regards to using the muli-homing. What is that difference for these scenarios?"
SBS has many integrated services on one box.  You cannot manually add all these services to server standard.  Microsoft has customized SBS so that all will work nicely, and because when you change one configuration, such as NIC IP and it affects DNS, Exchange, IIS, AD, Sharepoint and much more, you HAVE to use the wizards.  The wizards are designed for specific configurations. thus it only supports specific configurations.  

Unfortunately many very talented server experts do not appreciate the differences.  As a result every "expert" here will admit they destroyed their first SBS because they felt they did not need to use the wizards and follow guide lines.  

On top of that any DNS server does not like mulit-homing.  It has not been popular since NT4, but is sometimes used in situations like web servers.

The following is the only supported SBS 2008/2011 network topology.
http://blogs.technet.com/b/sbs/archive/2008/09/16/sbs-2008-supported-networking-topology.aspx

Is the SBS your DHCP server?  It should be, but if so I would be surprised it is working in your configuration.

>>"the only reason why we kept 192.168.0.2 to point at 192.168.0.1 was so that all of our scripts and stuff wouldn't have to be tediously changed to match the new IP. "
Sorry that is a basic requirement, to update your scripts.
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 38437982
Thanks for the help everyone! That was able to solve all of our issues. I did what you guys said and took off those extra IP addresses off the interface and DNS and va la! Our network is working better than ever. I'm not sure why those were on the interface to begin with, but they're gone now. I even learned a lot, specially about the Fix My Network tool, and about how SBS works in general. Again thanks for the help everyone for solving our issues.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38438572
Good to hear, thanks for the points, yes SBS is a different animal compared to standard Windows 2008 for sure...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question