DNS issue in Server 2012

Running a SBS 2012 Essentials server with 5 users, users are experiencing issues, one computer will not resolve names user has to browse the LAN using an ip address. When he tries to select the shared drive on the SBS 2012 server it cannot resolve but if he uses the SBS 2012 server Ip address it's fine. other users when they try to get to the share on the SBS 2012 server it takes along time. Also when printing sometimes it works sometimes it does not. I found this warning in event viewer DNS:

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

I checked the router/firewall DNS and DHCP is turned off
SBS 2012 server is running DHCP and DNS for the LAN

Help
LVL 1
jsarinanaI.T. ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hypercat (Deb)Commented:
Check the properties of the NIC on the server and workstations, and make sure ALL of them are set to use the server IP address as the ONLY DNS server address.  If the server is running DHCP (and the workstations are using DHCP), you may have to check there if is a scope or server option in the DHCP settings that specifies the DNS server address and make sure that it's correct.
Zephyr ICTCloud ArchitectCommented:
Can you post outcome of following:

- Ipconfig /all
- dcdiag /c
jsarinanaI.T. ManagerAuthor Commented:
The Properties on the server's NIC is:
IP address: 192.168.4.23
Sub Mask: 255.255.255.0
Gateway: 192.168.4.1
DNS server: 192.168.4.23
On the PCs it's using DHCP obtain an IP address automatically
If I do a config /all on the PCs it looks ok
here is cddiag:


Directory Server Diagnosis Performing initial setup:  Trying to find home server...    Home Server = ABC-SERVER    * Identified AD Forest.
   Done gathering initial info. Doing initial required tests  Testing server: Default-First-Site-Name\ABC-SERVER       Starting test: Connectivity          ......................... ABC-SERVER passed test Connectivity Doing primary tests  Testing server: Default-First-Site-Name\ABC-SERVER       Starting test: Advertising          ......................... ABC-SERVER passed test Advertising       Starting test: CheckSecurityError             [ABC-SERVER] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with             error 8453,             [ABC-SERVER] Unable to query the list of KCC connection failures.             Continuing...          [ABC-SERVER] No security related replication errors were found on this          DC!  To target the connection to a specific source DC use          /ReplSource:<DC>.          ......................... ABC-SERVER passed test CheckSecurityError       Starting test: CutoffServers          ......................... ABC-SERVER passed test CutoffServers       Starting test: FrsEvent          ......................... ABC-SERVER passed test FrsEvent       Starting test: DFSREvent          There are warning or error events within the last 24 hours after the          SYSVOL has been shared.  Failing SYSVOL replication problems may cause          Group Policy problems.
         ......................... ABC-SERVER passed test DFSREvent       Starting test: SysVolCheck          ......................... ABC-SERVER passed test SysVolCheck       Starting test: FrsSysVol          ......................... ABC-SERVER passed test FrsSysVol       Starting test: KccEvent          ......................... ABC-SERVER passed test KccEvent       Starting test: KnowsOfRoleHolders          ......................... ABC-SERVER passed test KnowsOfRoleHolders       Starting test: MachineAccount          ......................... ABC-SERVER passed test MachineAccount       Starting test: NCSecDesc          ......................... ABC-SERVER passed test NCSecDesc       Starting test: NetLogons          [ABC-SERVER] User credentials does not have permission to perform this          operation.          The account used for this test must have network logon privileges          for this machine's domain.          ......................... ABC-SERVER failed test NetLogons       Starting test: ObjectsReplicated          ......................... ABC-SERVER passed test ObjectsReplicated       Starting test: OutboundSecureChannels          ** Did not run Outbound Secure Channels test because /testdomain: was          not entered        ......................... ABC-SERVER passed test          OutboundSecureChannels       Starting test: Replications          [Replications Check,ABC-SERVER] DsReplicaGetInfo(PENDING_OPS, NULL)          failed, error 0x2105 "Replication access was denied."          ......................... ABC-SERVER failed test Replications       Starting test: RidManager          ......................... ABC-SERVER passed test RidManager       Starting test: Services             Could not open NTDS Service on ABC-SERVER, error 0x5             "Access is denied."          ......................... ABC-SERVER failed test Services       Starting test: SystemLog          An error event occurred.  EventID: 0x00000457             Time Generated: 04/29/2015   08:56:03             Event String:             Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.          An error event occurred.  EventID: 0x0000900A             Time Generated: 04/29/2015   08:56:35             Event String:             An TLS 1.1 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.          An error event occurred.  EventID: 0x00009018             Time Generated: 04/29/2015   08:56:35             Event String:             A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.          ......................... ABC-SERVER failed test SystemLog       Starting test: Topology          ......................... ABC-SERVER passed test Topology       Starting test: VerifyEnterpriseReferences          ......................... ABC-SERVER passed test
         VerifyEnterpriseReferences       Starting test: VerifyReferences          ......................... ABC-SERVER passed test VerifyReferences       Starting test: VerifyReplicas          ......................... ABC-SERVER passed test VerifyReplicas       Starting test: DNS          DNS Tests are running and not hung. Please wait a few minutes...          ......................... ABC-SERVER failed test DNS      Running partition tests on : ForestDnsZones       Starting test: CheckSDRefDom          ......................... ForestDnsZones passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... ForestDnsZones passed test          CrossRefValidation    Running partition tests on : DomainDnsZones       Starting test: CheckSDRefDom          ......................... DomainDnsZones passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... DomainDnsZones passed test          CrossRefValidation    Running partition tests on : Schema       Starting test: CheckSDRefDom          ......................... Schema passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... Schema passed test CrossRefValidation  Running partition tests on : Configuration       Starting test: CheckSDRefDom     ......................... Configuration passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... Configuration passed test CrossRefValidation    Running partition tests on : ABCINC       Starting test: CheckSDRefDom          ......................... ABCINC passed test CheckSDRefDom       Starting test: CrossRefValidation          ......................... ABCINC passed test CrossRefValidation    Running enterprise tests on : ABCINC.local       Starting test: DNS          Test results for domain controllers:             DC: ABC-SERVER.ABCINC.local             Domain: ABCINC.local                 TEST: Basic (Basc)
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
                        ABC-SERVER                   PASS WARN n/a  n/a  n/a  n/a  n/a  
         ......................... ABCINC.local passed test DNS       Starting test: LocatorCheck          ......................... ABCINC.local passed test LocatorCheck       Starting test: FsmoCheck          ......................... ABCINC.local passed test FsmoCheck       Starting test: Intersite          ......................... ABCINC.local passed test Intersite
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Zephyr ICTCloud ArchitectCommented:
Apparently there are some security issues on either NETLOGON or something is not correctly set on certain directories, this is quite a task to troubleshoot but Microsoft has a nice KB to get you started... I'd check out this site first ... Please ask questions if something is not clear.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jsarinanaI.T. ManagerAuthor Commented:
the security issue is probably my SSL, it stopped working for some reason. it broke twice already. Not sure why
compdigit44Commented:
Any changes to your environment lately?
Is DNS set to allow dynamic updates?
Have you tried to stop and start the netlogon servers to all of the server DNS records are re-registered?
Why any change do you have DNS scavenging enabled?
jsarinanaI.T. ManagerAuthor Commented:
I found that they had a Comcast router swapped out, it was suppose to be in Bridge mode our router would do the routing. Well they left DHCP on the LAN on. I turned it off and also fixed the SSL on oyr server. So far so good, I'm going to give it a couple days
compdigit44Commented:
Nice find....
jsarinanaI.T. ManagerAuthor Commented:
After turning off the Comcast DHCP service things worked excluding one PC. On this PC I had to go to Control Panel/Users/Credential manager and edit a credential for the domain, I changed the user and password on it was domain\admin I changed it to domain\username and password. Then this PC worked properly
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.