Solved

AD DNS Replication issues across sites

Posted on 2015-02-24
6
82 Views
Last Modified: 2015-02-26
Hi MS team,

I have a customer who  just discovered a problem with replication between their ADs.  They have 2 DCs at the main office (New York) and 1 at Atlanta.

They reported DNS issues on Friday – devices at Atlanta were not accessible by DNS name from New York.   Today a user from Atlanta reported that they changed their PWD at Atlanta and when they tried to log into a system at New York they had to use the old pwd

Environment

New york Site

2 DC/DNS Windows 2008 R2

Atlanta

1 DC /DNS Windows 2008 R2

Domain and forest functional level 2008

Any thoughts?
0
Comment
Question by:Jerry Seinfield
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Sarat ch
ID: 40629888
Have you checked replication between sites!

If you share the results if will be helpful.  Go through below article.

https://technet.microsoft.com/en-us/library/cc794749(v=ws.10).aspx
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40630262
run below commands on any one DC (PDC) and post result here

dcdiag /v

U also having name resolution problem at NewYork
Most probably your Atlanta have DHCP server and its unable to register records in DNS
You would probably face same issue at Atlanta as well.
0
 

Author Comment

by:Jerry Seinfield
ID: 40631257
Hi Everyone,

I RDP into all DC/DNS servers, and I found :

From servers in New York, DNS settings, it seems like the IP address for the DC/DNS server in Atlanta is gone or missing[state unknown]. At the same time, I RDP into the DC/DNS server in Atlanta and the IP address appears to be OK. this is definitely a DNS misconfiguration that causes replication issues. Please, check the screenshots, and let me know how can i resolve this issue

Note:

From the DC in Atlanta, I did check TCP IP properties and it has 3 network connections. One for the LAN, and two for SAN. For the two SAN connections, it seems like the same server was added as DNS server, should not be leave the DNS settings for the 2 SAN connections in blank and no values?
EEDNSERROR.jpg
EEDNSERROR2.jpg
EEDNSERROR3.jpg
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 37

Expert Comment

by:Mahesh
ID: 40631306
It seems that name server entry is missing

U need to add it manually

on each DC at each location ensure that primary dns IP is point to itself and another DC IP is defined as secondary dns
Then restart netlogon and dns server service on each DC

On each DC, navigate to C:\windows\system32\config folder and rename netlogon.dns file to netlogon.dnsold and then restart Netlogon and dns server service on that DC
This will ensure that all DNS records will get registered correctly and then check if name resolution is working or not

Also in network card properties of each DC ensure advance network settings should be as below
DNS Settings
Lastly the DC where multiple network cards available for SAN, ensure that network card belongs to for DC communication is listed 1st in network binding
Network binding can be visible once you are in network connection window and press left ALT button
0
 

Author Comment

by:Jerry Seinfield
ID: 40631361
thanks Mahesh, when you said add manually is from DNS server console where the state is unknown? or from TCP/IP protocol properties?

Should I remove the DNS server IP from the SAN adaptors? if you see the third screnshot, the 2 SAN adapters are using same DNS server. Is this even correct?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40631443
1st add proper dns entry in tcp/ip

then add it from dns console where its showing unknown

From san adapters just untick "register this connection addresses in DNS" check box
also delete its host record from domain controller
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DSRM password 5 41
rds question 5 36
Setting up a Windows Server 2008 R2 to allow file sharing to a MAC (Apple) 4 48
Multiple Errors from DCDIAG 2 20
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question