• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 118
  • Last Modified:

Active Directory

Hello,

We are experiencing a strange problem with AD.

In our network, with 5 sites, one HQ, 4 other offices connected using VPN tunnels we use AD. At the HQ we have a primary DC/DNS Windows 2008 R2 server, at the sites we have Domain controllers aswell. DNS Sites and Services is setup with subnets connected to the remote office DCs and subnets.

Problem: when a computer tries to ping our domain.local from lets say Remote Office A sometimes a DC from Remote Office C for ex is resolved as the DC to respond - and as the sites are not all connected there is no response.

Is this possible to resolve in DNS, seems like a DNS problem?

Thanks,
josef
0
joebilek
Asked:
joebilek
  • 6
  • 2
  • 2
  • +4
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you have a DC/DNS in every site when you ping your domain from say "Site A" the DC in Site A should reply back with the results. If this is not working correctly I would be looking at your Sites and Services setup.

Make sure that in your Sites and Services each physical site (that has a DC present) has an IP Subnet associated with the Default Site Link or another Site Link in your environment.

AD Sites and Services guide - http://technet.microsoft.com/en-us/library/cc730868.aspx

Will.
0
 
joebilekAuthor Commented:
Hello Will,

I think this is whats been done. There it looks fine. But for ex looking at site A dc and dns, its also full of records referencing the other dcs, so any ip can be the one pointed out as supposed to respond on a domain ping.

Could it be anything else weve missed,?

Thanks, Josef
0
 
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
If you have DC at each site the local client should contact the DC at site.
During a search for a domain controller, the Locator attempts to find a domain controller in the site closest to the client.

As Spec01 said, there issue with your sites setup configuration and I would looking at that.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
What happens if you run the command..
Echo %logonserver%

From one of your clients that you are testing from?
0
 
elchermansCommented:
If you run "ipconfig /flushdns" and ping the domain again, do you receive different values each time?
0
 
SandeshdubeyCommented:
Ensure correct dns setting on DC and client as this:
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Do not set public DNS server in TCP/IP setting of client/member server.

Run set l command to check which dc is used for authentication.Ensure that IP subnet information is properly defined in Active Directory:http://technet.microsoft.com/en-in/magazine/2009.06.subnets(en-us).aspx
0
 
joebilekAuthor Commented:
Thanks everyone, will do some tests and get back!
0
 
joebilekAuthor Commented:
Still awaiting customer feedback, will update when we have final data.
0
 
joebilekAuthor Commented:
Hi all, appreciate all your help. I perhaps need to be a little bit more detailed.

The Client A sits at Site B. Site B has no DC, but a VPN tunnel to Site A where DC X is located.
Client As primary DNS server is DC X.

Site A and Site B have different subnets.

When client A pings the domain.local name we get different responses each time, I guess from DC X. What we would like is for DC X to always respond with its own IP so that client A when logging on to the network and AD can process GPO etc.

How can we accomplish this? Is there a way..

Thanks,
josef
0
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
If you have no DNS on the client side I would recommend the following.

Add the DNS server (DC X) and IP (of DC X) to your router on the client side so that you can use the router as DNS and Gateway for you clients on the client side.

or.

Install a DNS server on site

or.

Use your Windows Host file. Edit the file and add your server name and ip address to your host file.
0
 
joebilekAuthor Commented:
Hello,

I am trying to get the DNS records working in our router, not so easy though with our firewall. Is there no way that just giving the clients the DC IP on the other side of the tunnel can work?

regards,
josef
0
 
Brad HeldCommented:
So here is what is going on - When you ping the domain name - dns returns a round robin request of domain controllers listed as name servers for the domain - assuming all DC's are dns then it just returns one.

similarly when you originally login a random dc will redirect you back to a DC in your local site if one is available, if one is not available then based on the site layouts the next closest site.

So when you say a vpn tunnel, you mean dc to dc vpn or site to site vpn?

There is a branch office active directory guide that may be able to help you resolve the issue http://www.microsoft.com/en-us/download/details.aspx?id=5838 - its a free download but a little long winded
0
 
joebilekAuthor Commented:
Sorry about the delay, due to xmas I havent been able to test yet. Brb.
joe
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now