DNS Error Received Windows Small Business Server R2

mmed810132 used Ask the Experts™
We have a Windows 2003 Small Business server R2. Friday Oct. 4 2019, we were unable to connect to one of our clearing house sites that had been working previously with no problems. The Friday mentioned above, users were getting the following error message:


Calling the clearing house tech support, I was told the problem was not on their end & they had no problems or complaints from anyone else. I cleared the cache on one of the computers, released and renewed the IP config, but nothing worked.

I then went to the server and did an nslookup on both a known working site and the one that gave us the error and I came up with the following:


To get us working again, I went to each of the user's computers and manually entered the address of our ISP's DNS server instead of the IP address of our in-house server. Everything is working as it should. This was the only site we had a problem with - all other websites loaded correctly and we were able to access files on the server.

I also noticed that our tape backup failed twice while using new tapes. The previous 5 new tapes worked properly on the previous 5 days. The message I got from Symantec Backup Exec 12.0 was to put in Tape Number 000000016, even though these are new tapes and we have never had to use a full tape for the daily backups. I'm not sure if the 2 problems are related, but I figure I'd better post this in case there could be some correlation.

I have updated and run both Malwarebytes and Eset Endpoint Antivirus on the server and both
came up clean.

Any help would be greatly appreciated. I am the IT guy who is expected to fix all of these problems with no proper training, so please bare with me.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

For easier maintenance, you should keep your SBS's DNS server for everyone. That makes troubleshooting and solving other DNS proiblems easier. In your case, you could've added this entry to yoru DNS server. Or you could have check the forwarding DNS server, and added your ISP's one as an extra.
Also instead of going to every PC's, you could've adjusted the DHCP server settings (but as I said, changing the DNS server wasn't the ideal solution).


So how do I add this entry to my DNS server? I agree it would be better to keep the SBS's DNS server, but I had to get everyone working again.
Top Expert 2016

restore from your last working backup Hopefully the customer is fully aware that SBS2003 is out of support and Server 2008R2 will be out of support Jan 14th
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Adding a domain is nothing more than rightclicking on the forward lookup zone, add the name, then add an IP number.
You can choose to add the full hostname. a.b.c.x.y.z, and add a root entry with the IP nr., or add one level higher (b.c.x.y.z), and add an a record for a. It would mean, if you're not aware of needing d.b.c.x.y.z (or even more), clients might still complain. If there are too many to keep track, use the first method.
First thing I would try is to cycle the DNS server service on the SBS box.

Using the ISPs DNS server is a bad idea.


@Mal Osborne - I already tried stopping & starting both the DNS Client & DNS Server services  - it did not work. Until I get this issue resolved, I need to use the ISP's DNS server to continue doing business.

@David Johnson - We are aware of the end of support for both versions. Unfortunately the funds are not there for any upgrades, so I am stuck with what I have now. Is there anything in particular I should be restoring from a backup - file(s), etc? Please remember I am new to the server realm and I need specific instructions on what to do so that I don't totally screw up our server and business!

@ Kimputer - When I right click on the "Forward Lookup Zones", I select "New Zone",
click "Next" on the "New Zone Wizard",
click "Next" for the Zone Type, leaving Primary Zone and Store the zone in Active Directory checked,
click Next for the Active Directory Zone Replication Scope leaving To all domain controllers in the Active Directory domain "OurServerName.local" checked (We only have one server and it is the domain controller; we only have this office - no remote's),
then I enter the address casaccess.glb.rbcvpn.com in the Zone name box and click Next
and in Dynamic Update , leave Allow only secure dynamic updates (recommended for Active Directory) checked and then click Next
and finally click Finish to complete the Wizard. Should that be all I need to do?

assuming you want an IP for casaccess.glb.rbcvpn.com and not for xxx.casaccess.glb.rbcvpn.com, you now, UNDER the casaccess.glb.rbcvpn.com tree, on the right, empty space right mouse click > New host (A  or AAAA)
Leave the first field EMPTY
fill in IP nr underneath. Done.
Now casaccess.glb.rbcvpn.com points to that IP.
Just in case you DID want xxx.casaccess.glb.rbcvpn.com to have an IP nr, then where I said leave empty, fill in xxx, then fill in IP nr. Done.


@Kimputer - I will be back in the office Friday and I will follow your instructions.

By the way, I noticed that the first error message I got said to make sure that my DNS server is aware of CASACCESS.RBCVPN.COM and not casaccess.glb.rbcvpn.com. This last one is what came up when I ran the nslookup to get the IP address for casaccess.rbcvpn.com. Does it matter which one I enter when I enter the new zone?

You enter the new zone what you actually need. So make sure what you EXACTLY need, and input that. (in this case it seems it' s CASACCESS.RBCVPN.COM, if the error message is to be believed)


The wizard did not like CASACCESS.RBCVPN.COM or CASACCESS.GLB.RBCVPN.COM in the Zone Name box, but it did accept RBCVPN.COM. I continued on using your instructions, but it still is not working.

I wonder if the IP address I got from the nslookup on the server needs to be changed to something different since the nslookup was for the CASACCESS.GLB.RBCVPN.COM address and not the CASACCESS.RBCVPN.COM address?

In the mean time, I have added the local server's IP address as the alternate DNS server and that seems to be working for now. This workaround is being done only on the computers that need the connection to this one site. All other computers are using our local server's DNS and working fine.

What's the error when you added it then?

It should look like attached pic.

To make sure it works, add BOTH (same IP)


@Kimputer - I will be back in the office tomorrow & hopefully I will be able to check this out.
Thanks for your patience.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial