Server DNS Dependancies

Posted on 2014-02-07
Last Modified: 2014-02-24
My company recently deployed a domain controller/DFS/DNS server to what will be our second location added to the our domain. We had to reboot our primary domain controller today and it caused our second location to lose DNS services. The error in server manager reads

"The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error."

Obviously having the successful networking operation of our company be contingent upon the status of one machine is not acceptable. The network settings on the non-primary domain controller (we'll call it DC2) point to it's own local IP address for Preferred, and then to for Alternate. It's my understanding that is a 'loopback' IP that would also be pointing to the server. Do these settings imply that DC2's successful DNS resolution is dependent on the primary DC?

Truth be told I'm not a networking guru, I don't understand how our primary domain controller resolves DNS requests as it only points to itself for DNS in network settings, but if you could give me a few sentences that explain the means by which my server pointing to itself for name resolution is somehow finding the IPs it needs and how I can make DC2 not dependent on the primary DC I would greatly appreciate it. We will soon have DC3 and DC4 and I can't have 4 sites go down at the same time.
Question by:botsadmins
  • 4
  • 3
LVL 36

Expert Comment

ID: 39842833
Your primary DC should point to itself for preferred DNS entry (Not loop back address) and should point to second DNS server in same site \ remote site if do not have another DC in same site as alternate DNS entry

Like wise your remote DC point to itself for preferred DNS entry (Not loop back address) and should point to primary DNS server in main site as alternate DNS entry in order to work properly

LVL 36

Expert Comment

ID: 39842923
In case of DNS on domain controllers, it is AD integrated DNS zones, and should never get down even if primary server gone down.
For any query DNS receives 1st check with own zone data, cache and if record not found then it will start searching conditional forwarders, default forwarders (for internet queries)

In reality all Domain controllers DNS is keep replicating DNS changes with each other

Once you make change as suggested above, you can check DNS servers will never crash even if primary server gone down


Author Comment

ID: 39843021
The non primary domain controller does point to itself and only itself for DNS settings, the only difference between your suggestions and our configuration is that my DCs only point to themselves and not to each other. This is why I'm so confused as to why my DNS resolution would fail at another site precisely when rebooting the primary controller when the other sites DC isn't even pointing to the primary for DNS.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 36

Expert Comment

ID: 39843058
have you added alternate DNS entries on both servers

The DNS crash is just co-incidence, The reason behind it must be some thing else
Can you please check both dns servers for error event id 4015 ?

Can you please post output of below commands here for further troubleshooting
dcdiag /q
repadmin /showrepl
dcdiag /test:dns

Please run command on both DCs


Author Comment

ID: 39843190
My non-primary DC controller is getting 5ish minute separated 4015 errors but they come in batches, like I'll get it 3 or 4 times in close to 5 minute intervals, and then it will be fine for a little while, and then I'll get another run of 3 to 4 4015s

Author Comment

ID: 39843230

the repadmin /showrepl command on DC2 yields the following error reports (several of them) "The RPG server is unavailable" and showing the last success being several hours ago but after we had finished rebooting everything.

the dcdiag /q command shows error 1256 "The remote system is not available"

the dcdiag /test:dns passed connectivity, failed test DNS, says "warning: no DNS RPC connectivity (error or non MIcrosoft DNS server is running) but at the end says "passed test DNS"
LVL 36

Accepted Solution

Mahesh earned 500 total points
ID: 39843830
You need to check both DCs thoroughly for above errors
1st of all download Portqueryui tool from MS and check if AD ports are opened as appropriate, if its not opened, you need to start from here.
If already opened, then proceed with below steps

Check Host (A) records and PTR records for all domain controllers if exists
Check CNAME records for DCs under zone if exists
Check if SRV records are exists in DNS on both domain controllers
Check NS records for both DCs are present in both domain controllers in both zones
Also point primary DNS server on both DCs to itself and have alternate entry pointing to each other on both DCs and then restart netlogon service and DNS service on both domain controllers
Then check event ID 1394 exists in directory services event logs on both Domain controllers
Check the DFS Replication log in Event Viewer for Event ID 4602 (or File Replication Service event ID 13516), which indicates SYSVOL has been initialized.
Type net share in command prompt on both DCs and check if netlogon and Sysvol is shared
Go to Ad sites and services and trigger replication manually and check if it works
If required delete old connection objects from AD sites and services and create manual connection objects
Also check if any stale DC object is present in AD sites and services, in domain system volume under domain directory partition \ system \ dfs OR FRS container in adsiedit.msc, that need to be removed


Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2012 R2 Evaluation 4 28
A Scheduled backup did not finish successfully 1 36
Windows 2012 R2 Terminal Server 3 34
SCSM reports export 1 19
This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question