SBS2011 DNS Issue - HELP!

This is a weird one.
We adopted a system with a single SBS2011 box.
This week it hung and we rebooted it, since then any PC that has restarted cannot log in to the network with the "no domain controller could be found to process your login request" error.
We have been working with Microsoft Tech for hours now and we need a fix, essentially from what i can see is the server is not advertising itself as a PDC properly even though all settings appear correct.
If i try and force DNS reg of the server using nltest /dsregdns i get the error that the server cannot dynamically update the DNS records which i believe to be a big part of the problem.
So, i dont know what to do next, pretty stuck and half the users shouting at me!

sparky1977Author Commented:
In addition i have removed and recreated the DNS _msdcs zone, disabled all firewalls, removed AV software.
David AtkinTechnical DirectorCommented:
If Microsoft are already working on it then the best thing to do would be to let them finish.  We could suggest a few things to try but it maybe counter-productive and conflict with Microsofts own diagnostics / fixes.
Nick RhodeIT DirectorCommented:
Did you by chance disable IPv6?  SBS2011 does act up quite a bit if this was disabled.
sparky1977Author Commented:
I didnt no, i suspect that the previous IT support people who were useless (hence why we are here) did it and then tried to rectify it again.
This has been my suspicion for a while.
Rob WilliamsCommented:
This is SBS, you should not be manually rebuilding features as so many components are integrate you may fix one and break another.  #1 rule with SBS is "Use the wizards".

Have you run the SBS "Fix my network wizard"?  in the SBS console, under Network | Connectivity?  I would try this first, and if still having problems run the "Set up your Internet address Wizard" which will repair DNS.  You can run these without changing any options, and also run them from the console, not remotely.  You will be cut off if doing so remotely.  It should reconnect, but you want to be at the console if not.

Can you confirm it is a DNS issue..........
From a problematic PC I assume
nslookup servername fails  as does  nslookup internalomain.local
If it does fail have you confirmed with IPconfig you have an IP in the same subnet, and the DNS server is your SBS and not a router or ISP.  It needs to be ONLY the server, no ISP or router as an alternate.

Try temporarily disabling the SBS firewall.  It can change blocked/open services after a dirty shutdown.

Also review IPv6.  It should be enabled on both but also if there is an IPv6 DNS server in the client IPconfig, is it correct.  I recently saw a similar issue where a multimedia device was responding to IPv6 DHCP request and IPv6 takes precedence over IPv4.  Thus DNS could not resolve.

On the DC you could run from an elevated command prompt DCDiag  which should reveal some errors if there are problems with the server.
sparky1977Author Commented:
Got it!

Well the 4th tier Microsoft Engineer did and I hope that my adding this may help anyone else in the future.

Someone from the previous provider had set the RPCSS services to manual startup and had changed permissions on the registry key to stop anyone from changing it back to automatic via the services control panel.

Now, the odd thing is that despite this RPCSS was still starting BUT out of sequence with other services that it relies on.

Also, the other odd thing is that the event log didn't indicate anything at all to do with this services, the only real symptom was the fact that clients could not see the PDC to log in to the domain and a couple of other DNS related errors in the event logs.

The MS engineer said that essentially someone as in a physical person would have had to have changed the settings and permissions and the problem would not have manifested itself until the next server reboot, which just happened to be on our watch :(

Anyway, everyone is all happy now :)
David AtkinTechnical DirectorCommented:
They always come through in the end.  Tend to take a while sometimes though.

Glad you're back up and running. Thanks for the solution as well.
When it hung did you choose "last known good" option on reboot? by any chance
Rob WilliamsCommented:
Very bizarre. Why would anyone do all of that that, and the server has not been restarted once since?  Also if they wanted it stopped they would have made sure it was stopped after they made the changes.  If that is the case, they must have been going to great lengths to fix another problem, they would not have randomly done so.  I am skeptical, but great to hear you are up and running.
sparky1977Author Commented:
Hi Insideview, no we didn't, that would have been even more exciting to deal with!

I know Rob, its also not a service that you would want to change, while its critical its not the kind of thing you would mess with in day to day admin etc.
But, when we took over there were over 200 updates and patches to be applied so it kind of shows you the level of maintenance they were doing... or not!
Rob WilliamsCommented:
Sounds like you had quite a mess to clean up.  However I guess that is my point; why would a neglectful, lazy, admin go to that much trouble to make an unusual change?  There is more to that story than we will likely ever know.  Ah, but if it was easy, this job wouldn't be any fun :-)  
All the best!

sparky1977Author Commented:
Thank you for your help, I shall accept multiple solutions as you were all helpful to some degree and beyond that you all took the time to assist.

Kind Regards
