Solved

DNS issues, GPO errors

Posted on 2014-07-25
2
164 Views
Last Modified: 2015-01-06
Good day

I have the following scenario:

I had a unknown name service record in my company DNS Forward lookup zone under the _msdcs (greyed out) folder. The record was in a unknown computer name format. I have attached the DCdiag results while the the rouge entry was present. During this time computers started giving problems with logging on. PC's where taking too long to present the user with the logon screen. I have attached log files with error codes recorded on the PC's in the event logs.

After i removed the entry, PC's seemed to be fine but this was only temporary as more users started to complain. I did some more research and discovered i was not supposed to delete the rouge entry but rather point it to the correct GC on our LAN. I did this and tested again, this seems to have solved the issue. I am still however getting calls from users who are complaining about slow PC's at logon and these PCs are complaining about DNS and GPOs in their event logs.

I have substituted the actual server name in the files as follows:

Actual DC name = Servername
Actual Domain name = Domainname
DCDiagFailed.txt
DCdiagPass.txt
Eventlogerrors.txt
0
Comment
Question by:Helao Mwapangasha
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Expert Comment

by:tolinrome
ID: 40220468
Running this command on your DC would give more insight - dcdiag /e /v >>c:\dcdiag.txt - you can post the commands here if you like.

I'm not sure how your network is configured with DNS and AD, but you should have in AD sites and services your location(s) and its IP subnet range and all its physical DC's in that site.

All DC's should point to themselves and\or another domain controller IP address on their network card properties ipv4 ip address.
In DNS on the properties of your domain under the forward lookup zone on each tab make sure you have the right settings. Name server should list all the DC's and allow zone transfers.

Clients should have in their network card properties for ipv4 th eip addresses listed for the domain controllers for DNS. This is most likely given out with dhcp scope settings.

The more you tell us about your environment we can help.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40221051
Do you have _msdcs.domain.com AD integrated zone present on domain controllers ?

If you have above zone in place (Its replicated to all DCs in forest), then you should have _msdcs greyed folder (its actually not greyed out, it is delegation to _msdcs.domain.com zone) and on every domain controller, it should point to NS record of that domain controller only)

However if you have deleted _msdcs.domain.com zone, you can simply delete that _msdcs delegation (greyed out folder) from domain.com and restart netlogon service on any one DC
What it will do, it will delete _msdcs delegation from all DCs as part of AD replication and create _msdcs folder under domain.com and it will get replicated to all domain controllers and you will be just fine.

U need to ensure that whatever changes you make on one DC should get replicated to all DCs in domain.
Check below thread for more details
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28415910.html
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question