Glenn Barnes
asked on
DNS Issues
Hello,
Every few weeks we have a DNS issue where users cannot remote to their PC's by name but can connect via IP address.
Running the following commands on all the servers fixes this.
ipconfig /flushdns
ipconfig /registerdns
Does anyone know what could be causing this?
Thanks,
Every few weeks we have a DNS issue where users cannot remote to their PC's by name but can connect via IP address.
Running the following commands on all the servers fixes this.
ipconfig /flushdns
ipconfig /registerdns
Does anyone know what could be causing this?
Thanks,
Hayes Jupe
check who owns the DNS record on the DNS server.... it may be owned by your DHCP server and not be allowing the computer to update it.
ASKER
We have a number of DNS servers as there are offices around the world and we also have servers in various AWS Regions as well. How would i check who owns the DNS Record?
go to the DNS record in DNS admin, right click, properties, security tab, advanced
owner will be shown at the top
if its the DHCP server - and another DHCP server tries to update it (or the client) - it wont be able to.
You'll need to add all DHCP servers to "DNSUpdateProxy" - or stop using DHCP to register on behalf of clients
owner will be shown at the top
if its the DHCP server - and another DHCP server tries to update it (or the client) - it wont be able to.
You'll need to add all DHCP servers to "DNSUpdateProxy" - or stop using DHCP to register on behalf of clients
ASKER
I have checked a number of PC's across various offices and servers and in all cases the Owner is the PC itself.
ok... that's a good thing! its not the DHCP server-ownership of record issue.
as far as why the client is not updating its record when moving between offices/VLANs.... if the machine is simply slept, as opposed to turned off/moved/turned on, it wont try to re-register its DNS record... it will only try once every 24 hours... so that could be your issue ?
you can look at modifying
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
in order to change that timeframe on the local machine....
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/enable-disable-dns-dynamic-registration
as far as why the client is not updating its record when moving between offices/VLANs.... if the machine is simply slept, as opposed to turned off/moved/turned on, it wont try to re-register its DNS record... it will only try once every 24 hours... so that could be your issue ?
you can look at modifying
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
in order to change that timeframe on the local machine....
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/enable-disable-dns-dynamic-registration
ASKER
With everyone working from home the PC's are not switched off.
I think its more than just a PC DNS issue. For example some internal web servers also cannot be connected to via the FQDN names from a PC on the local network. I am not an expert but i think there maybe a DNS issue as a whole across all sites rather than just a few PC's not being able to be connected to via their names.
I think its more than just a PC DNS issue. For example some internal web servers also cannot be connected to via the FQDN names from a PC on the local network. I am not an expert but i think there maybe a DNS issue as a whole across all sites rather than just a few PC's not being able to be connected to via their names.
yep... if the PC's are not moving between sites.... and not changing IPs.... and their DNS is wrong... well, that's odd... you'll need to have a look through some event logs and try to work out why they are no registering or re-registering their correct details. They should be trying once a day.
When you run into the issue, look to see if it's because the DNS record is incorrect or if the DNS record isn't there.
If you have DNS scavenging configured (you should), what are the refresh and no-fresh intervals?
If you have DNS scavenging configured (you should), what are the refresh and no-fresh intervals?
"remote to their PC's "
Where is the host and client? That is, are they remoting from home (or elsewhere) to the office or are they trying to remote to a computer at home?
What do you get when you run NSLookup <host computer name> in the cases where it does and does not work?
Where is the host and client? That is, are they remoting from home (or elsewhere) to the office or are they trying to remote to a computer at home?
What do you get when you run NSLookup <host computer name> in the cases where it does and does not work?
ASKER
Footech - From recollection the DNS record is not there. I have checked DNS and scavenging is not enabled. What would be the best refresh and no-refresh intervals?
CompProbSolv - We have 2 types for remoting. 1) FortiClient and 2) RDP to AWS. For EMEA the users in Paris, Singapore and London either connect to RDP Server in AWS London and then RDP to their PC's in their offices. Or they connect to the Forticlient SSLVPN in the London office and then RDP to their PC's. All sites are connected with Forticlient IPSEC VPN's. AWS London, London, Paris and Singapore all have DC's.
For the US its the same, the users either connect to AWS North Virginia RDP server and then connect to their PC's in NYC, Washington etc... or they connect to FortiClient in the NYC office and then connect to their PC's via RDP.
It doesn't matter how you connect in you still get the same DNS issue. For example a Paris User can tell me they can't get to their PC and they are connected to AWS London. I will be on my PC in the London office via FortiClient and i won't be able to ping it by name. At the same time i will have people in NYC and Singapore with the same issue and i won't be able to ping their PC's either. However, we can ping and RPD with the IP Address.
To rectify, i will RDP to the DC's in AWS, London, Paris, Singapore, NYC etc... and i will run ipconfig /flushdns and /registerdns. about 15 mins later the problem will be resolved.
I haven't tried nslookup so don't know the answer to that question.
CompProbSolv - We have 2 types for remoting. 1) FortiClient and 2) RDP to AWS. For EMEA the users in Paris, Singapore and London either connect to RDP Server in AWS London and then RDP to their PC's in their offices. Or they connect to the Forticlient SSLVPN in the London office and then RDP to their PC's. All sites are connected with Forticlient IPSEC VPN's. AWS London, London, Paris and Singapore all have DC's.
For the US its the same, the users either connect to AWS North Virginia RDP server and then connect to their PC's in NYC, Washington etc... or they connect to FortiClient in the NYC office and then connect to their PC's via RDP.
It doesn't matter how you connect in you still get the same DNS issue. For example a Paris User can tell me they can't get to their PC and they are connected to AWS London. I will be on my PC in the London office via FortiClient and i won't be able to ping it by name. At the same time i will have people in NYC and Singapore with the same issue and i won't be able to ping their PC's either. However, we can ping and RPD with the IP Address.
To rectify, i will RDP to the DC's in AWS, London, Paris, Singapore, NYC etc... and i will run ipconfig /flushdns and /registerdns. about 15 mins later the problem will be resolved.
I haven't tried nslookup so don't know the answer to that question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.