Helao Mwapangasha
asked on
DNS issues, GPO errors
Good day
I have the following scenario:
I had a unknown name service record in my company DNS Forward lookup zone under the _msdcs (greyed out) folder. The record was in a unknown computer name format. I have attached the DCdiag results while the the rouge entry was present. During this time computers started giving problems with logging on. PC's where taking too long to present the user with the logon screen. I have attached log files with error codes recorded on the PC's in the event logs.
After i removed the entry, PC's seemed to be fine but this was only temporary as more users started to complain. I did some more research and discovered i was not supposed to delete the rouge entry but rather point it to the correct GC on our LAN. I did this and tested again, this seems to have solved the issue. I am still however getting calls from users who are complaining about slow PC's at logon and these PCs are complaining about DNS and GPOs in their event logs.
I have substituted the actual server name in the files as follows:
Actual DC name = Servername
Actual Domain name = Domainname
DCDiagFailed.txt
DCdiagPass.txt
Eventlogerrors.txt
I have the following scenario:
I had a unknown name service record in my company DNS Forward lookup zone under the _msdcs (greyed out) folder. The record was in a unknown computer name format. I have attached the DCdiag results while the the rouge entry was present. During this time computers started giving problems with logging on. PC's where taking too long to present the user with the logon screen. I have attached log files with error codes recorded on the PC's in the event logs.
After i removed the entry, PC's seemed to be fine but this was only temporary as more users started to complain. I did some more research and discovered i was not supposed to delete the rouge entry but rather point it to the correct GC on our LAN. I did this and tested again, this seems to have solved the issue. I am still however getting calls from users who are complaining about slow PC's at logon and these PCs are complaining about DNS and GPOs in their event logs.
I have substituted the actual server name in the files as follows:
Actual DC name = Servername
Actual Domain name = Domainname
DCDiagFailed.txt
DCdiagPass.txt
Eventlogerrors.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm not sure how your network is configured with DNS and AD, but you should have in AD sites and services your location(s) and its IP subnet range and all its physical DC's in that site.
All DC's should point to themselves and\or another domain controller IP address on their network card properties ipv4 ip address.
In DNS on the properties of your domain under the forward lookup zone on each tab make sure you have the right settings. Name server should list all the DC's and allow zone transfers.
Clients should have in their network card properties for ipv4 th eip addresses listed for the domain controllers for DNS. This is most likely given out with dhcp scope settings.
The more you tell us about your environment we can help.