Solved

AD DNS Replication issues across sites

Posted on 2015-02-24
6
84 Views
Last Modified: 2015-02-26
Hi MS team,

I have a customer who  just discovered a problem with replication between their ADs.  They have 2 DCs at the main office (New York) and 1 at Atlanta.

They reported DNS issues on Friday – devices at Atlanta were not accessible by DNS name from New York.   Today a user from Atlanta reported that they changed their PWD at Atlanta and when they tried to log into a system at New York they had to use the old pwd

Environment

New york Site

2 DC/DNS Windows 2008 R2

Atlanta

1 DC /DNS Windows 2008 R2

Domain and forest functional level 2008

Any thoughts?
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Sarat ch
ID: 40629888
Have you checked replication between sites!

If you share the results if will be helpful.  Go through below article.

https://technet.microsoft.com/en-us/library/cc794749(v=ws.10).aspx
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40630262
run below commands on any one DC (PDC) and post result here

dcdiag /v

U also having name resolution problem at NewYork
Most probably your Atlanta have DHCP server and its unable to register records in DNS
You would probably face same issue at Atlanta as well.
0
 

Author Comment

by:Jerry Seinfield
ID: 40631257
Hi Everyone,

I RDP into all DC/DNS servers, and I found :

From servers in New York, DNS settings, it seems like the IP address for the DC/DNS server in Atlanta is gone or missing[state unknown]. At the same time, I RDP into the DC/DNS server in Atlanta and the IP address appears to be OK. this is definitely a DNS misconfiguration that causes replication issues. Please, check the screenshots, and let me know how can i resolve this issue

Note:

From the DC in Atlanta, I did check TCP IP properties and it has 3 network connections. One for the LAN, and two for SAN. For the two SAN connections, it seems like the same server was added as DNS server, should not be leave the DNS settings for the 2 SAN connections in blank and no values?
EEDNSERROR.jpg
EEDNSERROR2.jpg
EEDNSERROR3.jpg
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 37

Expert Comment

by:Mahesh
ID: 40631306
It seems that name server entry is missing

U need to add it manually

on each DC at each location ensure that primary dns IP is point to itself and another DC IP is defined as secondary dns
Then restart netlogon and dns server service on each DC

On each DC, navigate to C:\windows\system32\config folder and rename netlogon.dns file to netlogon.dnsold and then restart Netlogon and dns server service on that DC
This will ensure that all DNS records will get registered correctly and then check if name resolution is working or not

Also in network card properties of each DC ensure advance network settings should be as below
DNS Settings
Lastly the DC where multiple network cards available for SAN, ensure that network card belongs to for DC communication is listed 1st in network binding
Network binding can be visible once you are in network connection window and press left ALT button
0
 

Author Comment

by:Jerry Seinfield
ID: 40631361
thanks Mahesh, when you said add manually is from DNS server console where the state is unknown? or from TCP/IP protocol properties?

Should I remove the DNS server IP from the SAN adaptors? if you see the third screnshot, the 2 SAN adapters are using same DNS server. Is this even correct?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40631443
1st add proper dns entry in tcp/ip

then add it from dns console where its showing unknown

From san adapters just untick "register this connection addresses in DNS" check box
also delete its host record from domain controller
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question