BPA Highlights DNS Error and appears to be incorrect - help needed.

Hi,
BPA got installed on my newly installed SBS 2011 Standard box and started moaning about DNS errors namely:

DNS Client Not Configured - "The DNS client is not configured to point to the internal IP Address of the server."

This is the screen grab of the properties page of the single network adapter I have on this server:
Advanced TCP/IP Settings DNS Tab?Can you explain to me why BPA is having a problem with this 192.168.50.5 is the fixed IP Address of the SBS box 192.168.50.1 is the Router.

The next BPA Error is:

DNS: A resource record points to an incorrect IP Address.
This is the page from the DNS manager in forward lookup zones in the section that relates to the .local domain:
Forward Lookup Zones of .local domain.
Finally the next BPA error is:

Issue: The Internal network adapter is not configured to register its IP address in DNS.

If you look at the first image above you will see that it clearly IS ticked in the TCP IP V4 Advanced Settings?

Can anyone tell me why this is complaining especially as I have not done anything "custom" just installed SBS 2011 straight out of the box and used all the internal wizards to set this server up??

Siv
SivAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btassureCommented:
Sadly it is a known issue for SBS:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_28025881.html

General advice is to accept the BPA errors and carry on. You can try removing and reconfiguring your adapter(s) as per the information in that link but it does have risks and possibly won't make any difference to the BPA report.
0
SivAuthor Commented:
btassure,

Yes it was me the expert was conversing with the last time, I was hoping that MS had at least fixed the stupid thing so that it doesn't pollute the daily reports with its erroneous error messages.

Is there anything I can do to disconnect the BPA from the daily reports.  I don't mind the BPA being wrong as long as it doesn't alarm the clients who occasionally see the red warnings on the server when they are safely removing the backup disks and go into a panic assuming I am not doing my job fixing all the red errors they see!!??

I have found if I uninstall it, it still leaves a red error in the reports, presumably there is a registry hack that you can do to stop the reports paying any attention to it? If so do you know what that is to kick it out of the daily reports.

Siv
0
btassureCommented:
Ah. Perhaps the suggestion here:

http://social.technet.microsoft.com/Forums/en-US/396320b7-4586-4d9b-9289-9e0a0e952e6d/sbs-2011-detailed-report-bpa?forum=smallbusinessserver

about changing the powershell script that BPA uses would work?

I don't have an SBS one to hand to look up the exact line numbers but you should be able to find them with the error text?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Cris HannaSr IT Support EngineerCommented:
Did you run the Fix IT tool from Microsoft for this?
http://support.microsoft.com/kb/269155 ....Make sure you scroll to get the correct one
If you uninstall the BPA it should remove it from the daily report
Which version of the BPA are you running?
0
SivAuthor Commented:
btassure,
I found the PowerShell script but I cannot find anything that looks like any of the error messages using find in Notepad.

I tried searching for "The host (A) resource record points to an incorrect IP address" for instance and it is not found in the file.  I also looked for the source in this case "Source: 7" and again it is not present in the WSSGBPA.ps1 file?

Siv
0
SivAuthor Commented:
CrisHanna_MVP,

I ran the fixit, but it wants to re-boot the server, so I said I'll do it later as I have staff in the office using it at the moment so don't want to re-boot right now.

I re-ran the BPA and it still pulls out the same set of 3 errors.

I will try again this evening when staff have gone home and see if the re-boot makes a difference?

Siv
0
btassureCommented:
Can you attach the WSSGBPA.ps1 file so I can take a look please?
0
SivAuthor Commented:
btassure,
Attached.

I had to rename it to a TXT file before Experts Exchange would allow me to upload it.
Siv
WSSGBPA.txt
0
btassureCommented:
OK, I'm going through it now, I'll post each bit as I find them so you can test them out. Make sure you take a backup of the ps1 and just comment the changes :)

Search for this section:

Check-DNSAforInternal

And comment out the lot. That looks like your resource record checks.
0
btassureCommented:
Immediately followed by

Check-DNSRegEnabled
0
btassureCommented:
And finally:

Check-NotSBSDNS

You could work around that one by adding 127.0.0.1 as one of your DNS servers on the SBS and it should validate as true and skip the check. But since it should do that anyway it might not work.

Can you check in the server's network adapter settings to see if there are any other IP enabled adapters that it might be checking against?

It will flag an error if ANY of them aren't configured exactly the way it expects...
0
SivAuthor Commented:
btassure,
OK I remmed the functions out by adding "# " before each line in the script, e.g. the last one looks like this:

# function Check-NotSBSDNS
# {
#
#   $var = $null
#   $var2 = $null
#   $status = $Disabled
#
#
#   $var = get-wmiobject -query "select * from win32_networkadapterconfiguration where IPEnabled = 'True'"
#   foreach($var2 in $var)
#   {
#     if (($var2.DNSServerSearchOrder -ne $global:ipv4_address) -and ($var2.DNSServerSearchOrder -ne '127.0.0.1'))
#     {
#       $status = $Enabled
#     }
#
#
#   }
#
#   $var = $null
#   $var2 = $null
# @"
# <NotSBSDNSSection>
#     <NotSBSDNSStatus>$status</NotSBSDNSStatus>
# </NotSBSDNSSection>
# "@
# }

Or should I use the semi colon (don't do much PowerShell stuff)?
0
SivAuthor Commented:
Had to change the permissions on the file so that I could save it as it kept saying it wanted me to save it under another name.  I just added "write" capability to the "Users" permission.  Will change this back once I have finished editing the script and have saved it for one last time.

Siv
0
btassureCommented:
Yes, # is the comment character but in PS v2 they introduced block comments:

<#
comment block
runs
over several
lines
#>

http://blogs.msdn.com/b/powershell/archive/2008/06/14/block-comments-in-v2.aspx

Also bear in mind that it will break the signature block at the end so running the ps1 manually will give a security error. It should still scan fine though.
0
SivAuthor Commented:
btassure,

Thanks for the block comment tip that will save time in future.
OK I'll try running the BPA again now that those have been remmed out.

Siv
0
SivAuthor Commented:
btassure,

Hurrah!

Hurrah - No Noncompliant items!!
At last the errors are gone!

Siv
0
SivAuthor Commented:
The PowerShell script changes appear to be the only way to stop the erroneous messages from BPA polluting your daily reports.

Thanks for your time and trouble identifying the functions in the script that were causing the spurious results from the BPA.

Siv
0
SivAuthor Commented:
CrisHanna_MVP,

I rebooted the server after your fix and before I made changes to the BPA PowerShell script and the BPA results were still appearing in the daily report.

The PowerShell fix hasn't decoupled the BPA from the reports but at least now the results are not polluting the daily and weekly reports.

Thanks for your help.

Siv
0
btassureCommented:
Splendid!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.