Solved

SBS 2011 DNS Issue

Posted on 2013-10-31
28
863 Views
Last Modified: 2015-08-05
We have SBS2011. If we set the internal NIC to point to itself the server cannot get out to the internet. Can only get out to the internet if we set it to google DNS or something like that. Also, we have issues with clients getting out to the internet using the internal DNS server. Doing some nslookup stuff made it seem like the server IP was being blocked, so we changed the IP on the server and it worked for a bit, but now the same things are happening. Also we can't add machines to the domain as it can't find the .local domain name by pinging. Wondering if we need to reinstall DNS on this box. Suggestions first?
0
Comment
Question by:James Parsons
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 5
  • 5
  • +2
28 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39615461
Very much doubt you need to reinstall DNS. And yes, changing the NIC settings will cause problems adding machines to the domain (and a plethora of other issues.)

Without the details of the nslookup tests you've done, it is tough to be precise. But if root hints arent' working for you, I'd set up forwarders on the DNS server service. Also do some testing to see if your ISP is doing any filtering. This is particularly common with residential connections. They limit the number of DNS queries and may restrict access to root hints or even 3rd-party DNS providers.

-Cliff
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39615536
All machines on the domain including the server must point the server's IP an the ONLY DNS server - don't be tempted to point any machines to the internet either as the preferred or alternate DNS server.

Open the DNS console and make sure that you have a forwarder set to point either to your router or the ISPs designated DNS server - that the ONLY place an external DNS server should EVER be listed.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39615608
The server must only look to its own IP address and not anything else.

Set the IP back to what it was and run the Fix My Network and Setup My Internet Address wizards and that should fix your problems.

Alan
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 

Author Comment

by:James Parsons
ID: 39616925
Hi KCTS - How you have descirbed it is how we have it setup. However, if we only point machines to the SBS box for DNS they cannot connect to the internet, so we've had to put Google DNS in the DHCP scope that these computers get in order to get out. Currently their DNS settings are:

192.168.1.4 (SBS Box)
8.8.8.8

As for the server, the only IP specified on its internal NIC is its own (192.168.1.4)

We've run the Fix My Network before and it hasnt' found any issues.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39616929
Add Forwarders to the forwarders tab on the DNS Server Properties.  That should resolve the problem.

http://technet.microsoft.com/en-us/library/cc754941.aspx

Alan
0
 

Author Comment

by:James Parsons
ID: 39616938
We do have the ISP DNS IP addresses in the forwarding tab. It shows the IP's. but says 'Unable To Resolve' for the server FQDN. This may be normal?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39616961
Forget the ISP - use 8.8.8.8 ans 8.8.4.4 (Google's), they usually work happily.

Alternatively try 158.43.240.4 and 158.43.240.3 (Pipex) - I've had success with those before.

Alan
0
 

Author Comment

by:James Parsons
ID: 39617053
Ok, changed the forwarders to Googles. NSLookup isn't resolving anything locally on that SBS box though. Timing out.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39617058
Restart the DNS Server Service and try again.
0
 

Author Comment

by:James Parsons
ID: 39617148
Restarted DNS Server services. See attached NSLookup.
nslookup.JPG
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39617207
Perfect!!!!

Is that a client or the server?

Can you show me an ipconfig  /all from both the server and client please.

Thanks

Alan
0
 

Author Comment

by:James Parsons
ID: 39622297
That is nslookup from the server.  I've attached ipconfig / all for both server and client.
server-ipconfig-all.JPG
desktop-ipconfig-all.JPG
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39622327
You have 192.168.1.1
and 8.8.8.8

listed in the clients as DNS server - REMOVE THESE

The only place these should be as forwarders as per my previous comment - having these listed will cause errors!!!

Because of the way DNS works if the SBS server does no respond in a timely manor to a client (maybe it is busy for a faction of a second), then the client will permanently switch to the next DNS server in the list - from that point onwards it won't be able to locate computers and services in its own domain.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39622379
While I absolutely agree, as I've read it, 8.8.8.8 is being added as a workaround. Further, nslookup isn't working *from* the server, and a client ipconfig wouldn't impact that. I'd like to get DNS working on the server, from the server first, then we can revisit the desktop.

In looking at the ipconfig from the server, I can't help but notice that there are two IPv6 link-local addresses on one NIC. That isn't a default configuration, even with windows' various auto-discovery methods. And while IPv6 in general would not interfere, if it has been misconfigured (and I suspect it has) then that *would* cause problems.

Can you tell me how that configuration came to exist?

-Cliff
0
 

Author Comment

by:James Parsons
ID: 39622404
Cliff - you're absolutely right. If i remove 192.168.1.1 and 8.8.8.8 from the DHCP scope (and subsequently from the desktops), then those devices cannot connect to the internet.

As far as the IPv6 on the server is concerned, not sure. This server was setup as  migration from SBS 2003. We do have two NICs on there, both enabled. We've left IPv6 enabled since we've heard of issues with slow boot times on SBS - but maybe that got fixed in 2011.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39622428
SBS does not support two NICs. Full stop. You can leave IPv6 enables, THAT is fine. But even in a migration, NIC settings are not pulled over, and one NIC would not receive two IPv6 addresses. The only way that happens is if it was set manually or IPv6 were *badly* misconfigured.

So here is what I'd do. First, have a backup.

Then. Have a backup.

And if you need to, make a backup.


From there, disable the NIC not in use (and don't tell me they are both in use!)  Then go into the adapter settings for the NIC that is still enabled, and if you are sure you aren't using IPv6, reset the IPv6 network settings to default...which is autoconfiguration only. No manually assigned IP addresses.

Then run the Fix My Network Wizard and see if it needs to rebind any services to the one NIC (probably the DNS service at the very least, which explains the DNS issue.)

And then you should be back in business.
0
 

Author Comment

by:James Parsons
ID: 39622601
Hi Cliff. We've disabled the secondary NIC. We also set the IPv6 on the primary adapter to obtain automatically - i'm not sure how those settings got there. Ran the 'Fix May Network' Wizard. Here:s what our results are. Not sure how to proceed at this point:

- Static IP address for IPv6 is not configured
- No internet connection found
- Could not configure the router
- The DNS server is not listening to the IP address of the primary network adapter
- DNS is using a DNS forwarder
- A DNS resource record is missing
- A internet DNS record is missing
- Exchange SMTP connectors are invalid


I'm not worried about the Exchange message as we're not using Exchange on this SBS box. However, i'm wondering which of these issues we should apply fixes too now.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39622619
The DNS issues, at least...except the forwarders one if you want to use forwarders. But missing records (the resource record and the internet record at least) and the DNs service listening on the wrong network adapter are all pretty big issues and will definitely cause problems.

The static IP issue is not significant.

The internet connection of course can't be found because it relies on DNS to test...and that is broken.

Not being able to configure the router is not uncommon. That uses UPnP to configure port forwarding for RWA and mail, but can be skipped and many people prefer not to rely on UPnP anyways.

And theSMTP connector, as you said, you don't care about. Long term that could be a problem...

So that leaves the other tests.

-Cliff
0
 

Author Comment

by:James Parsons
ID: 39622671
Alright. Fixed all of the DNS record issues, however that server still will not connect to the internet.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39622841
Is the server pointing to ITSELF as the DNS server - with no other DNS servers listed ?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39622849
Are you sure the errors are fixed? You've rebooted the server and rerun the fix my network wizard? You've tested this with nslookup?  The whole "will not connect to the internet" thing is just too vague. The internet is a vast network with many protocols and paths. Unless you unplugged the ethernet cable, I'm sure your server is connected to the internet. Just the appropriate and necessary traffic isn't being routed right, and we haven't verified that this was fixed....
0
 

Author Comment

by:James Parsons
ID: 39622850
KCTS - Correct. See attached screenshot of current IPv4 settings.
IPSettings.JPG
0
 

Author Comment

by:James Parsons
ID: 39663410
Update: It looks like the DNS on the server is the issue. Is there any way to reinstall DNS on SBS 2011?
0
 

Author Comment

by:James Parsons
ID: 39779538
We are going to try a new NIC in the box, but it looks like a DNS issue on the server and i think we need to reinstall DNS but we  have no experience with that.
0
 

Author Comment

by:James Parsons
ID: 39938299
As of now we have not been able to install and test on a new NIC.  So the troubleshooting continues.

Update to where we are at right now:

BPA: only shows warnings on things we aren't using

nslookup on the server in question:

nslookup 75.153.176.1
Server:    sbserver.sportsconnection.local
Address:    192.168.1.4

DNS request timed out.
        timeout was 2 seconds.

ipconfig of server in question:

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSERVER
   Primary Dns Suffix  . . . . . . . : SportsConnection.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : SportsConnection.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #34
   Physical Address. . . . . . . . . : D4-AE-52-66-D9-A7
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1099:7128:b929:dccd%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248819282
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-C4-7D-01-D4-AE-52-66-D9-A7
   DNS Servers . . . . . . . . . . . : 192.168.1.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C0A28462-0059-4782-A616-A07BEBE4D9D9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Forward lookup zone delegations appear to be correct
No conditional forwarders are configured
Reverse lookup zones appear to be correct
Forwarders are set as ISP currently (only way I could get them to resolve was by adding them to a fresh hosts file manually)
Root Hints are only used if forwarders are not available.

Any and all continued help with this issue will be greatly appreciated.
0
 

Author Comment

by:James Parsons
ID: 39944006
Any ideas based on the updated information provided?  I have a server that is not connecting to the internet and cannot figure out why.
0
 

Expert Comment

by:VASyncaddSA
ID: 40532036
Any final resolution to this? We're running into similar issues.
0
 

Author Closing Comment

by:James Parsons
ID: 40915528
Fix my network solved the issue.  Thanks.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question