Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Server DNS Dependancies

My company recently deployed a domain controller/DFS/DNS server to what will be our second location added to the our domain. We had to reboot our primary domain controller today and it caused our second location to lose DNS services. The error in server manager reads

"The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error."

Obviously having the successful networking operation of our company be contingent upon the status of one machine is not acceptable. The network settings on the non-primary domain controller (we'll call it DC2) point to it's own local IP address for Preferred, and then to for Alternate. It's my understanding that is a 'loopback' IP that would also be pointing to the server. Do these settings imply that DC2's successful DNS resolution is dependent on the primary DC?

Truth be told I'm not a networking guru, I don't understand how our primary domain controller resolves DNS requests as it only points to itself for DNS in network settings, but if you could give me a few sentences that explain the means by which my server pointing to itself for name resolution is somehow finding the IPs it needs and how I can make DC2 not dependent on the primary DC I would greatly appreciate it. We will soon have DC3 and DC4 and I can't have 4 sites go down at the same time.
  • 4
  • 3
1 Solution
Your primary DC should point to itself for preferred DNS entry (Not loop back address) and should point to second DNS server in same site \ remote site if do not have another DC in same site as alternate DNS entry

Like wise your remote DC point to itself for preferred DNS entry (Not loop back address) and should point to primary DNS server in main site as alternate DNS entry in order to work properly

In case of DNS on domain controllers, it is AD integrated DNS zones, and should never get down even if primary server gone down.
For any query DNS receives 1st check with own zone data, cache and if record not found then it will start searching conditional forwarders, default forwarders (for internet queries)

In reality all Domain controllers DNS is keep replicating DNS changes with each other

Once you make change as suggested above, you can check DNS servers will never crash even if primary server gone down

botsadminsAuthor Commented:
The non primary domain controller does point to itself and only itself for DNS settings, the only difference between your suggestions and our configuration is that my DCs only point to themselves and not to each other. This is why I'm so confused as to why my DNS resolution would fail at another site precisely when rebooting the primary controller when the other sites DC isn't even pointing to the primary for DNS.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

have you added alternate DNS entries on both servers

The DNS crash is just co-incidence, The reason behind it must be some thing else
Can you please check both dns servers for error event id 4015 ?

Can you please post output of below commands here for further troubleshooting
dcdiag /q
repadmin /showrepl
dcdiag /test:dns

Please run command on both DCs

botsadminsAuthor Commented:
My non-primary DC controller is getting 5ish minute separated 4015 errors but they come in batches, like I'll get it 3 or 4 times in close to 5 minute intervals, and then it will be fine for a little while, and then I'll get another run of 3 to 4 4015s
botsadminsAuthor Commented:

the repadmin /showrepl command on DC2 yields the following error reports (several of them) "The RPG server is unavailable" and showing the last success being several hours ago but after we had finished rebooting everything.

the dcdiag /q command shows error 1256 "The remote system is not available"

the dcdiag /test:dns passed connectivity, failed test DNS, says "warning: no DNS RPC connectivity (error or non MIcrosoft DNS server is running) but at the end says "passed test DNS"
You need to check both DCs thoroughly for above errors
1st of all download Portqueryui tool from MS and check if AD ports are opened as appropriate, if its not opened, you need to start from here.
If already opened, then proceed with below steps

Check Host (A) records and PTR records for all domain controllers if exists
Check CNAME records for DCs under zone if exists
Check if SRV records are exists in DNS on both domain controllers
Check NS records for both DCs are present in both domain controllers in both zones
Also point primary DNS server on both DCs to itself and have alternate entry pointing to each other on both DCs and then restart netlogon service and DNS service on both domain controllers
Then check event ID 1394 exists in directory services event logs on both Domain controllers
Check the DFS Replication log in Event Viewer for Event ID 4602 (or File Replication Service event ID 13516), which indicates SYSVOL has been initialized.
Type net share in command prompt on both DCs and check if netlogon and Sysvol is shared
Go to Ad sites and services and trigger replication manually and check if it works
If required delete old connection objects from AD sites and services and create manual connection objects
Also check if any stale DC object is present in AD sites and services, in domain system volume under domain directory partition \ system \ dfs OR FRS container in adsiedit.msc, that need to be removed

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now