SBS2011 DNS Issue - HELP!

Hi All,

This is a weird one.
We adopted a system with a single SBS2011 box.
This week it hung and we rebooted it, since then any PC that has restarted cannot log in to the network with the "no domain controller could be found to process your login request" error.
We have been working with Microsoft Tech for hours now and we need a fix, essentially from what i can see is the server is not advertising itself as a PDC properly even though all settings appear correct.
If i try and force DNS reg of the server using nltest /dsregdns i get the error that the server cannot dynamically update the DNS records which i believe to be a big part of the problem.
So, i dont know what to do next, pretty stuck and half the users shouting at me!

TIA
Andy
LVL 1
sparky1977Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sparky1977Author Commented:
In addition i have removed and recreated the DNS _msdcs zone, disabled all firewalls, removed AV software.
0
David AtkinTechnical DirectorCommented:
Hi Andy,

If Microsoft are already working on it then the best thing to do would be to let them finish.  We could suggest a few things to try but it maybe counter-productive and conflict with Microsofts own diagnostics / fixes.
0
Nick RhodeIT DirectorCommented:
Did you by chance disable IPv6?  SBS2011 does act up quite a bit if this was disabled.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

sparky1977Author Commented:
I didnt no, i suspect that the previous IT support people who were useless (hence why we are here) did it and then tried to rectify it again.
This has been my suspicion for a while.
0
Rob WilliamsCommented:
This is SBS, you should not be manually rebuilding features as so many components are integrate you may fix one and break another.  #1 rule with SBS is "Use the wizards".

Have you run the SBS "Fix my network wizard"?  in the SBS console, under Network | Connectivity?  I would try this first, and if still having problems run the "Set up your Internet address Wizard" which will repair DNS.  You can run these without changing any options, and also run them from the console, not remotely.  You will be cut off if doing so remotely.  It should reconnect, but you want to be at the console if not.

Can you confirm it is a DNS issue..........
From a problematic PC I assume
nslookup servername fails  as does  nslookup internalomain.local
If it does fail have you confirmed with IPconfig you have an IP in the same subnet, and the DNS server is your SBS and not a router or ISP.  It needs to be ONLY the server, no ISP or router as an alternate.

Try temporarily disabling the SBS firewall.  It can change blocked/open services after a dirty shutdown.

Also review IPv6.  It should be enabled on both but also if there is an IPv6 DNS server in the client IPconfig, is it correct.  I recently saw a similar issue where a multimedia device was responding to IPv6 DHCP request and IPv6 takes precedence over IPv4.  Thus DNS could not resolve.

On the DC you could run from an elevated command prompt DCDiag  which should reveal some errors if there are problems with the server.
0
sparky1977Author Commented:
Got it!

Well the 4th tier Microsoft Engineer did and I hope that my adding this may help anyone else in the future.

Someone from the previous provider had set the RPCSS services to manual startup and had changed permissions on the registry key to stop anyone from changing it back to automatic via the services control panel.

Now, the odd thing is that despite this RPCSS was still starting BUT out of sequence with other services that it relies on.

Also, the other odd thing is that the event log didn't indicate anything at all to do with this services, the only real symptom was the fact that clients could not see the PDC to log in to the domain and a couple of other DNS related errors in the event logs.

The MS engineer said that essentially someone as in a physical person would have had to have changed the settings and permissions and the problem would not have manifested itself until the next server reboot, which just happened to be on our watch :(

Anyway, everyone is all happy now :)
0
David AtkinTechnical DirectorCommented:
They always come through in the end.  Tend to take a while sometimes though.

Glad you're back up and running. Thanks for the solution as well.
0
InsideviewM.D.Commented:
When it hung did you choose "last known good" option on reboot? by any chance
0
Rob WilliamsCommented:
Very bizarre. Why would anyone do all of that that, and the server has not been restarted once since?  Also if they wanted it stopped they would have made sure it was stopped after they made the changes.  If that is the case, they must have been going to great lengths to fix another problem, they would not have randomly done so.  I am skeptical, but great to hear you are up and running.
0
sparky1977Author Commented:
Hi Insideview, no we didn't, that would have been even more exciting to deal with!

I know Rob, its also not a service that you would want to change, while its critical its not the kind of thing you would mess with in day to day admin etc.
But, when we took over there were over 200 updates and patches to be applied so it kind of shows you the level of maintenance they were doing... or not!
0
Rob WilliamsCommented:
Sounds like you had quite a mess to clean up.  However I guess that is my point; why would a neglectful, lazy, admin go to that much trouble to make an unusual change?  There is more to that story than we will likely ever know.  Ah, but if it was easy, this job wouldn't be any fun :-)  
All the best!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sparky1977Author Commented:
Hi All,

Thank you for your help, I shall accept multiple solutions as you were all helpful to some degree and beyond that you all took the time to assist.

Kind Regards
Andy
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.