Solved

AD DNS Replication issues across sites

Posted on 2015-02-24
6
81 Views
Last Modified: 2015-02-26
Hi MS team,

I have a customer who  just discovered a problem with replication between their ADs.  They have 2 DCs at the main office (New York) and 1 at Atlanta.

They reported DNS issues on Friday – devices at Atlanta were not accessible by DNS name from New York.   Today a user from Atlanta reported that they changed their PWD at Atlanta and when they tried to log into a system at New York they had to use the old pwd

Environment

New york Site

2 DC/DNS Windows 2008 R2

Atlanta

1 DC /DNS Windows 2008 R2

Domain and forest functional level 2008

Any thoughts?
0
Comment
Question by:Jerry Seinfield
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:Sarat ch
ID: 40629888
Have you checked replication between sites!

If you share the results if will be helpful.  Go through below article.

https://technet.microsoft.com/en-us/library/cc794749(v=ws.10).aspx
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40630262
run below commands on any one DC (PDC) and post result here

dcdiag /v

U also having name resolution problem at NewYork
Most probably your Atlanta have DHCP server and its unable to register records in DNS
You would probably face same issue at Atlanta as well.
0
 

Author Comment

by:Jerry Seinfield
ID: 40631257
Hi Everyone,

I RDP into all DC/DNS servers, and I found :

From servers in New York, DNS settings, it seems like the IP address for the DC/DNS server in Atlanta is gone or missing[state unknown]. At the same time, I RDP into the DC/DNS server in Atlanta and the IP address appears to be OK. this is definitely a DNS misconfiguration that causes replication issues. Please, check the screenshots, and let me know how can i resolve this issue

Note:

From the DC in Atlanta, I did check TCP IP properties and it has 3 network connections. One for the LAN, and two for SAN. For the two SAN connections, it seems like the same server was added as DNS server, should not be leave the DNS settings for the 2 SAN connections in blank and no values?
EEDNSERROR.jpg
EEDNSERROR2.jpg
EEDNSERROR3.jpg
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 36

Expert Comment

by:Mahesh
ID: 40631306
It seems that name server entry is missing

U need to add it manually

on each DC at each location ensure that primary dns IP is point to itself and another DC IP is defined as secondary dns
Then restart netlogon and dns server service on each DC

On each DC, navigate to C:\windows\system32\config folder and rename netlogon.dns file to netlogon.dnsold and then restart Netlogon and dns server service on that DC
This will ensure that all DNS records will get registered correctly and then check if name resolution is working or not

Also in network card properties of each DC ensure advance network settings should be as below
DNS Settings
Lastly the DC where multiple network cards available for SAN, ensure that network card belongs to for DC communication is listed 1st in network binding
Network binding can be visible once you are in network connection window and press left ALT button
0
 

Author Comment

by:Jerry Seinfield
ID: 40631361
thanks Mahesh, when you said add manually is from DNS server console where the state is unknown? or from TCP/IP protocol properties?

Should I remove the DNS server IP from the SAN adaptors? if you see the third screnshot, the 2 SAN adapters are using same DNS server. Is this even correct?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40631443
1st add proper dns entry in tcp/ip

then add it from dns console where its showing unknown

From san adapters just untick "register this connection addresses in DNS" check box
also delete its host record from domain controller
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question