Solved

SBS 2011 DNS Issue

Posted on 2013-10-31
28
517 Views
Last Modified: 2015-08-05
We have SBS2011. If we set the internal NIC to point to itself the server cannot get out to the internet. Can only get out to the internet if we set it to google DNS or something like that. Also, we have issues with clients getting out to the internet using the internal DNS server. Doing some nslookup stuff made it seem like the server IP was being blocked, so we changed the IP on the server and it worked for a bit, but now the same things are happening. Also we can't add machines to the domain as it can't find the .local domain name by pinging. Wondering if we need to reinstall DNS on this box. Suggestions first?
0
Comment
Question by:James Parsons
  • 14
  • 5
  • 5
  • +2
28 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39615461
Very much doubt you need to reinstall DNS. And yes, changing the NIC settings will cause problems adding machines to the domain (and a plethora of other issues.)

Without the details of the nslookup tests you've done, it is tough to be precise. But if root hints arent' working for you, I'd set up forwarders on the DNS server service. Also do some testing to see if your ISP is doing any filtering. This is particularly common with residential connections. They limit the number of DNS queries and may restrict access to root hints or even 3rd-party DNS providers.

-Cliff
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39615536
All machines on the domain including the server must point the server's IP an the ONLY DNS server - don't be tempted to point any machines to the internet either as the preferred or alternate DNS server.

Open the DNS console and make sure that you have a forwarder set to point either to your router or the ISPs designated DNS server - that the ONLY place an external DNS server should EVER be listed.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39615608
The server must only look to its own IP address and not anything else.

Set the IP back to what it was and run the Fix My Network and Setup My Internet Address wizards and that should fix your problems.

Alan
0
 

Author Comment

by:James Parsons
ID: 39616925
Hi KCTS - How you have descirbed it is how we have it setup. However, if we only point machines to the SBS box for DNS they cannot connect to the internet, so we've had to put Google DNS in the DHCP scope that these computers get in order to get out. Currently their DNS settings are:

192.168.1.4 (SBS Box)
8.8.8.8

As for the server, the only IP specified on its internal NIC is its own (192.168.1.4)

We've run the Fix My Network before and it hasnt' found any issues.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39616929
Add Forwarders to the forwarders tab on the DNS Server Properties.  That should resolve the problem.

http://technet.microsoft.com/en-us/library/cc754941.aspx

Alan
0
 

Author Comment

by:James Parsons
ID: 39616938
We do have the ISP DNS IP addresses in the forwarding tab. It shows the IP's. but says 'Unable To Resolve' for the server FQDN. This may be normal?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39616961
Forget the ISP - use 8.8.8.8 ans 8.8.4.4 (Google's), they usually work happily.

Alternatively try 158.43.240.4 and 158.43.240.3 (Pipex) - I've had success with those before.

Alan
0
 

Author Comment

by:James Parsons
ID: 39617053
Ok, changed the forwarders to Googles. NSLookup isn't resolving anything locally on that SBS box though. Timing out.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39617058
Restart the DNS Server Service and try again.
0
 

Author Comment

by:James Parsons
ID: 39617148
Restarted DNS Server services. See attached NSLookup.
nslookup.JPG
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39617207
Perfect!!!!

Is that a client or the server?

Can you show me an ipconfig  /all from both the server and client please.

Thanks

Alan
0
 

Author Comment

by:James Parsons
ID: 39622297
That is nslookup from the server.  I've attached ipconfig / all for both server and client.
server-ipconfig-all.JPG
desktop-ipconfig-all.JPG
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39622327
You have 192.168.1.1
and 8.8.8.8

listed in the clients as DNS server - REMOVE THESE

The only place these should be as forwarders as per my previous comment - having these listed will cause errors!!!

Because of the way DNS works if the SBS server does no respond in a timely manor to a client (maybe it is busy for a faction of a second), then the client will permanently switch to the next DNS server in the list - from that point onwards it won't be able to locate computers and services in its own domain.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39622379
While I absolutely agree, as I've read it, 8.8.8.8 is being added as a workaround. Further, nslookup isn't working *from* the server, and a client ipconfig wouldn't impact that. I'd like to get DNS working on the server, from the server first, then we can revisit the desktop.

In looking at the ipconfig from the server, I can't help but notice that there are two IPv6 link-local addresses on one NIC. That isn't a default configuration, even with windows' various auto-discovery methods. And while IPv6 in general would not interfere, if it has been misconfigured (and I suspect it has) then that *would* cause problems.

Can you tell me how that configuration came to exist?

-Cliff
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:James Parsons
ID: 39622404
Cliff - you're absolutely right. If i remove 192.168.1.1 and 8.8.8.8 from the DHCP scope (and subsequently from the desktops), then those devices cannot connect to the internet.

As far as the IPv6 on the server is concerned, not sure. This server was setup as  migration from SBS 2003. We do have two NICs on there, both enabled. We've left IPv6 enabled since we've heard of issues with slow boot times on SBS - but maybe that got fixed in 2011.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39622428
SBS does not support two NICs. Full stop. You can leave IPv6 enables, THAT is fine. But even in a migration, NIC settings are not pulled over, and one NIC would not receive two IPv6 addresses. The only way that happens is if it was set manually or IPv6 were *badly* misconfigured.

So here is what I'd do. First, have a backup.

Then. Have a backup.

And if you need to, make a backup.


From there, disable the NIC not in use (and don't tell me they are both in use!)  Then go into the adapter settings for the NIC that is still enabled, and if you are sure you aren't using IPv6, reset the IPv6 network settings to default...which is autoconfiguration only. No manually assigned IP addresses.

Then run the Fix My Network Wizard and see if it needs to rebind any services to the one NIC (probably the DNS service at the very least, which explains the DNS issue.)

And then you should be back in business.
0
 

Author Comment

by:James Parsons
ID: 39622601
Hi Cliff. We've disabled the secondary NIC. We also set the IPv6 on the primary adapter to obtain automatically - i'm not sure how those settings got there. Ran the 'Fix May Network' Wizard. Here:s what our results are. Not sure how to proceed at this point:

- Static IP address for IPv6 is not configured
- No internet connection found
- Could not configure the router
- The DNS server is not listening to the IP address of the primary network adapter
- DNS is using a DNS forwarder
- A DNS resource record is missing
- A internet DNS record is missing
- Exchange SMTP connectors are invalid


I'm not worried about the Exchange message as we're not using Exchange on this SBS box. However, i'm wondering which of these issues we should apply fixes too now.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39622619
The DNS issues, at least...except the forwarders one if you want to use forwarders. But missing records (the resource record and the internet record at least) and the DNs service listening on the wrong network adapter are all pretty big issues and will definitely cause problems.

The static IP issue is not significant.

The internet connection of course can't be found because it relies on DNS to test...and that is broken.

Not being able to configure the router is not uncommon. That uses UPnP to configure port forwarding for RWA and mail, but can be skipped and many people prefer not to rely on UPnP anyways.

And theSMTP connector, as you said, you don't care about. Long term that could be a problem...

So that leaves the other tests.

-Cliff
0
 

Author Comment

by:James Parsons
ID: 39622671
Alright. Fixed all of the DNS record issues, however that server still will not connect to the internet.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39622841
Is the server pointing to ITSELF as the DNS server - with no other DNS servers listed ?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39622849
Are you sure the errors are fixed? You've rebooted the server and rerun the fix my network wizard? You've tested this with nslookup?  The whole "will not connect to the internet" thing is just too vague. The internet is a vast network with many protocols and paths. Unless you unplugged the ethernet cable, I'm sure your server is connected to the internet. Just the appropriate and necessary traffic isn't being routed right, and we haven't verified that this was fixed....
0
 

Author Comment

by:James Parsons
ID: 39622850
KCTS - Correct. See attached screenshot of current IPv4 settings.
IPSettings.JPG
0
 

Author Comment

by:James Parsons
ID: 39663410
Update: It looks like the DNS on the server is the issue. Is there any way to reinstall DNS on SBS 2011?
0
 

Author Comment

by:James Parsons
ID: 39779538
We are going to try a new NIC in the box, but it looks like a DNS issue on the server and i think we need to reinstall DNS but we  have no experience with that.
0
 

Author Comment

by:James Parsons
ID: 39938299
As of now we have not been able to install and test on a new NIC.  So the troubleshooting continues.

Update to where we are at right now:

BPA: only shows warnings on things we aren't using

nslookup on the server in question:

nslookup 75.153.176.1
Server:    sbserver.sportsconnection.local
Address:    192.168.1.4

DNS request timed out.
        timeout was 2 seconds.

ipconfig of server in question:

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSERVER
   Primary Dns Suffix  . . . . . . . : SportsConnection.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : SportsConnection.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #34
   Physical Address. . . . . . . . . : D4-AE-52-66-D9-A7
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1099:7128:b929:dccd%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248819282
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-C4-7D-01-D4-AE-52-66-D9-A7
   DNS Servers . . . . . . . . . . . : 192.168.1.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C0A28462-0059-4782-A616-A07BEBE4D9D9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Forward lookup zone delegations appear to be correct
No conditional forwarders are configured
Reverse lookup zones appear to be correct
Forwarders are set as ISP currently (only way I could get them to resolve was by adding them to a fresh hosts file manually)
Root Hints are only used if forwarders are not available.

Any and all continued help with this issue will be greatly appreciated.
0
 

Author Comment

by:James Parsons
ID: 39944006
Any ideas based on the updated information provided?  I have a server that is not connecting to the internet and cannot figure out why.
0
 

Expert Comment

by:VASyncaddSA
ID: 40532036
Any final resolution to this? We're running into similar issues.
0
 

Author Closing Comment

by:James Parsons
ID: 40915528
Fix my network solved the issue.  Thanks.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Know what services you can and cannot, should and should not combine on your server.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now