Solved

Win.2013 DNS Screwed UP

Posted on 2014-11-25
15
151 Views
Last Modified: 2014-11-26
I have now a Windows 2013 Server that someone built a long time ago, it has been in use as a file server, it is an OLD, OLD Server but the owners do not want to go with a new one, so my task:
Repair the DNS on the server
Login all accounts to the server.
EASY?, not so fast..
The person that created the server had the brilliant Idea to name the server as:
my.first.server.com (name just changed for safety but XXXX.XXXX.XXXX.COM is real)
I have tried a few things but so far:
from a windows 7 pro:
Uder Computer Properties/ Change Settings
Either using Network ID or Change.
Trying the full domain name:
An active directory domain controller for the domain my.first.server.com could not be contacted.. etc.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Dir. Domain Contrlr. for Domain my.first.server.com
The error was DNS name does not exist
error code 0x0000232B RCODE_NAME_ERROR
etc.

STRANGE ENOUGH, if I try with the WORKGROUP NAME: OurOFFICE
The computer is able to find the domain, asks for an account with admin rights then:
I enter my Admin Name and Password for the domain, then:
Message:
Computer Name/Domain Changes
The following error occurred attempting to join the domain "OurOFFICE"
An attempt to resolve the DNS name of a domain controller in the domain being Joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain. etc....

Now the server nslookup results:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Maurice>nslookup
Default Server:  localhost
Address:  127.0.0.1

> nslookup my.first.server.com
DNS request timed out.
    timeout was 2 seconds.
Server: my.first.server.com
Addresses:  10.194.117.250, 10.194.117.251

> nslookup OurOFFICE
Server: servername.my.first.server.com
Addresses:  10.194.117.251, 10.194.117.250
Aliases:  OurOFFICE.my.first.server.com

DNS request timed out.
    timeout was 2 seconds.
*** Request to zacoalco timed-out
>

The computer is pointing to 10.194.117.251 as DNS (which of course closes the internet unless I add a secondary DNS after)

So my choices are:
- anyone that can help me guiding me to repair this mess.
- Maybe create a new zone?

Major issue is the domain name: my.first.server.com that I think is a mess trying to change, demoting/promoting etc. so is there a more viable solution top this mess...

Thanks for any insight.
0
Comment
Question by:Maurice Loucel
  • 7
  • 3
  • 3
  • +1
15 Comments
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 40465057
How many users and computers do you have?

Try below

1st of all replace 127.0.0.1 IP with server own IP
I don't know why server is pointing to public IP in dns directly
If that IP is DNS server, you can add it to forwarders

Now navigate to %systemroot%\system32\config and rename netlogon.dns to netlogon.dnsold
Then restart netlogon service
Then run below command on DC from command prompt

netdiag /fix
In order to execute above command you must install 2003 support tools on server, you will get it from MS site free.

Then run cmd on server and then run
nslookup
It should resolve to proper fqdn and IP

After that check if server NS record, Host(A) record and CNMAE record is intact
 Then try to join workgroup computer to this single domain

If this is small environment without MS exchange and without any AD dependent applications, one alternative could be just uninstall AD and DNS from this server and build new AD
In order to remove AD, you might need to run DCPromo /forceremoval command on DC followed by uninstall dns role
Then join all computers to new domain one by one
and create new users as well
0
 

Author Comment

by:Maurice Loucel
ID: 40465081
Thanks Mahesh, but 127.0.0.1 is not a public ip, that's called the localhost so is just pointing back to itself same as using the server IP.
0
 
LVL 2

Assisted Solution

by:FinServCo
FinServCo earned 125 total points
ID: 40465131
His point is that you shouldn't be using the localhost IP, but the server's actual assigned IP.

E.g., if your AD DNS server is 192.168.1.1, then in the IP settings of the NIC, the first DNS server should be 192.168.1.1, not 127.0.0.1.  You may think there's no difference, but it sometimes does make a difference.

Additionally, as he said, one or more forwarders should be set up in the DNS service pointing to your ISP's DNS servers.

Then the client should have it's DNS pointing to (in this example) 192.168.1.1.  

If you have multiple DCs (which you should have at least two) and multiple DNS servers (I recommend it), then each of the DNS servers should have their NIC set to point to it's own IP address and should have forwarders set.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 40

Assisted Solution

by:footech
footech earned 125 total points
ID: 40465222
You should also run the following to check for errors.
dcdiag /test:dns /v
dcdiag /v
0
 

Author Comment

by:Maurice Loucel
ID: 40465242
Yes that is a good point.. My apologies, I'll try tonight and I'll create those forwarders to the current DNS.
Will post my results later.

Many thanks to you gurus..
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40465459
The detailed explanations given by FinservCo are absolutely perfect and worth.
0
 

Author Comment

by:Maurice Loucel
ID: 40465908
I did all the steps as advised but I guess my only choice is as Mahesh advise to remove the problem and reinstall, unless you guys have a better Idea, I have attached all TXT files of the 3 tests requiered:
NSLOOKUP
DCDIAG /TEST:DNS /V
DCDIAG /V

I hope not to have to redo, just restarting this OLD monster is a pain on the neck.
ALSO
- This is the ONLY server DC, DNS, etc. NO EXCHANGE, NO IIS.
- Used only as a File Server
about 120 users 80 constant, contains some folders that are ADMIN ONLY, and other bells and whistles that has taken me a few hairs to figure out permissions and security.

Thank you.
DNS-Error.txt
dcdiag-test-v.txt
dcdiag-v.txt
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 250 total points
ID: 40466244
The tests are OK
You need to remove 64.60.0.17 entry from DNS, network cards and from every where
Also I guess you have given TWO adapters to domain controller which are not required.
I am not sure why there are TWO adapters to domain controller with same IP range?

Just keep one adapter and ensure that IP will be kept on client machines as preferred dns server
Then restart dns and netlogon service and check if it works

Better you could just add ADC after your issue gets resolved.

If you build new DC, for 80 computers you will take much time to rejoin those machines to new domain and also you need to tackle profile migration as well as new users will get new user profiles and this will leads to user dissatisfaction.
0
 
LVL 2

Expert Comment

by:FinServCo
ID: 40466927
About the dual adapters.  Domain controllers should never be multi-homed (have more than 1 IP address).  If your adapters support teaming, then they could be teamed with the one IP address.  That way if one gets disconnected the other will still work.
0
 

Author Comment

by:Maurice Loucel
ID: 40467157
Thank you Mahesh and FinServCo, this is my nightmare Legacy, this server was untouched for the last 10 years working with XP machines, when I took over (about a week ago) I thought it was going to be a walk in the park, boy I was wrong.
Once I start the migration to windows 7 Hell broke loose with DNS, so I use the back door and simply avoid joining the domain and simply using the account name and password so the server would at least provide access to the users, it worked.
I have no Idea why it has 2 nics but I will disable 250 since it seems is the one unused, and adding an Application DC, I don't thing the owner will allow me, but thanks for the insight.
Also I weighted moving to Virtual but no can do, and the more I dig into the folders and documents the more I believe I should stick with this and fix the DNS, thankfully the backup somehow works I've check that every single file is accounted for, they use a NAS backup and SOS in the cloud, so files even if the server goes down are protected.
I'm going to check that dns entry, since is part of the dns from the provider.
I'll keep you posted.
0
 

Author Comment

by:Maurice Loucel
ID: 40467352
I added the forwarder and got rid of the extra DNS, disabled the NIC, tested Internet in the server and the DNS is now working Hoorah, not so fast..
I'll close and give you guys the points because the DNS is finally working in this server but I will open another post since the windows pc's still dont like the server, so I guess is a different task.
Thank you for your help to both.
0
 
LVL 40

Expert Comment

by:footech
ID: 40467353
Just make sure if you're using DHCP for all the workstation computers that they're being assigned the correct IP from the DC (the one you don't remove) to use as a DNS server, and no other.
0
 

Author Closing Comment

by:Maurice Loucel
ID: 40467364
Thank you, it has been a nightmare for me but thanks to Mahesh and FinServCo, I solve 1 of my issues, now I need to tackle the other one.
0
 

Author Comment

by:Maurice Loucel
ID: 40467392
Thanks also footech but DHCP does not come from the DC, and even though the DNS on the computers is pointing to the server once I do that the Internet goes off, (but it works in the server after setting up the forwarders, I'll create another thread and explain better.
Thanks for your concern.
0
 
LVL 40

Expert Comment

by:footech
ID: 40467645
The setting should be the same whether you're using DHCP on the server or on some other device.  The DNS IP handed out should only be that of the server (otherwise you're likely to experience problems).  The server should resolve DNS queries on behalf of the workstations in order to reach resources on either the internal network or the internet.  But as you said, you can open another question if you need more assistance.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
inactive users 13 82
Need MS Windows 2003 R2 (32) support tools 3 84
ost file to pst 10 165
How to set IPSec under Server 2008 R2 and Server 2012 R2 3 42
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question