The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

Lately we have been dealing with increasing amounts of workstations and servers that are losing trust relationship with our domain. Our Functional Forest level is Server 2012, and all of the affected machines range from Windows Server 2008 to Windows Server 2016, as well as Windows 10 on the workstations. I know that the Computer Machine Password gets reset every 30 days, but I have deployed a computer to a new user ( no image used to create the PC, it was a barebones windows install with the whole setup done manually) and within 1 week of that user starting, she received a domain trust relationship error. This recently happened to our Exchange server which is Server 2008 and the Reset-ComputerMachinePassword command did not work and we had to remove and re-add to the domain, so part of me thinks that it is the machine password and part of me thinks its an issue with some other networking component. We have three sites and so far the main site that I am located in is the only one to have these types of trust relationship issues. When speaking with Microsoft they said it is because the machine cannot find the domain controller, but they gave no evidence or a process to follow to try and pinpoint why this is the case. Is anyone else dealing with a similar issue?
SBS 2011  ---  AD (--> DNS / Exchange) ...

Kinda looks like a bad/corrupted password to access the AD??

Microsoft Baseline Analyser results are a mess!  (see attached xml)

Full story:

About a month ago rekeyed the public cert (was only using 1 domain of SAN upgraded to accommodate AcitiveSync - new mobile worker coming onboard).
Cert didn't import properly - had to manually bind to IMAP (used by an internal Mac user).  Probably irrelevant.

Ran Windows BPA at that time and fixed a few things up, applied updates etc - **looked generally ok** - a few warnings AD/DNS/Exchange all working well.  Few issues I could live with were left unattended (Sharepoint, Windows SBS Manager & SQL - none of which are used) .

Purchased and installed a new Pulbic Certificate (old one was running out).

Server failed to import a new public certificate (godaddy - may have done something wrong in the import process?  I didn't import the intermediate certificate first - would that be an issue?)   Wasn't stressed by this (have seen this before), so...

I did a couple of updates (normal security rollups etc, since uninstalled to no effect) and rebooted the machine.  

*****Problems were after reboot.

Noticed Exchange issues first (EMC wouldn't open).  MS Exchange Address Book and Information Store stuck in 'Starting' state.    IMAP4, EdgeSync, Forms-Based Authentication not started.

Lots of Exchange Events - seem to stem from not being able to talk to AD.

** DNS …
We are experiencing a problem with a particular Windows 10 laptop computer on our network.  When traveling and using wireless networks, everything is fine.  However, when the user of the laptop tries to log into the office domain network (wired Ethernet, Windows Server Essentials Login error message.2102 R2), the mapped drives to the server are often marked with red Xs and the user receives this message:

"The system cannot contact a domain controller to service the authentication requests.  Please try again later."

No one else has complained of this problem, although most of the workstations on the network use Windows 7, if that could be a factor.  Also, with the problem Win 10 laptop, the server does not show up at all under "Network" in Explorer.  With the Windows 7 machines, it does.  Network discovery is activated on the server.  However, on the Win 10 workstation, the default "Shared Folders" desktop icon works in that it is possible to open and save files on the server from the workstation.

Thanks very much for any suggestions or assistance anyone can offer.
I have 2 dns servers on our network
       windows server 2008 R2
       windows server 2008 R2

server13 is our primary dns server and everything is working normally
server18 has the following problem

1. PING www.google.com works normally =
2. nslookup www.google.com works normally
3. nslookup www.google.com returns

          Server:  server18.jbcnet.loc

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to server18.jbcnet.loc timed-out

4. forwarders are
       local isp dns
       local isp dns # 2

5. root hints are enabled and working

6. it has a static ip address pointing to itself as the primary dns
7. it also points to server13 as its secondary dns address

nslookup degug out follows

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

Default Server:  server18.jbcnet.loc

> set debug
Server:  server18.jbcnet.loc

Got answer:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

        www.google.com.jbcnet.loc, type = A, class = IN
I read somewhere that you could do the following hybrid deployment.

1) Two dedicated Exchange 2016 "hybrid servers" that are F5 load balanced

2) Create a new namespace called hybrid.contoso.com. (Why would we need a new namespace?)

3) Create internal and external DNS A record for hybrid.contoso.com (same IP addresses?)

4) Publish hybrid.contoso.com through the F5 load balancer. (Is this done on the external F5 or both the internal and external F5. We also have BlueCoat device)

4) Point the existing autodiscover record to hybrid.contoso.com (external). (Again why would we do this? Will that mean clients need to be re-configured?). Can we just use a CNAME to redirect autodiscover to hybrid?

5) Point the existing EWS services to hybrid.contoso.com (external). (I supposed this is used for mailbox migration path?)

6) Create two A records called smtp1.contoso.com and smtp2.contoso.com and configure send and receive connectors in Exchange online to send contoso.com mails to these smart host addresses. (I don't know why this is needed cause we are enabling centralised transport and I though this would be created automatically)

Thank you.
i installed Cisco Umbrella Roaming client and now i am unable to access my internal sites

all home users are unable to access internal site once they connect to VPN, for VPN we use Cisco Anyconnect

after i uninstall Cisco Umbrella roaming client i can access

please help
I have a few questions about Office 365 migration best practices:

1) if we use an existing mailbox server as the hybrid server. Will this mean only one server in the org is the hybrid server?
2) Do you only get one "hybrid" licence for running the HCW?
3) Is the mailbox migration route the same as the email flow route?
4) Does a migration endpoint require a a) SSL certificate b) public DNS record c) internet facing
5) Someone suggested 'NATing EXO and EOL' directly to bypass 3rd party devices between EOL and EXO, How can this be done?
6) We have an existing F5 load balancer for external email and internal email. Will this cause any issue during a migration?

We are investigating the option of implementing an SPF record for our email environment. Due to it being a DNS specific record, I was wondering if there are any capabilities to monitor email that is blocked as a result of implementing the SPF record?

For example:
Scenario 1 - We want to see the email that is actually being blocked/spoofed
Scenario 2 - We implemented the SPF record, and we missed one legit IP. We want to be able to monitor if we miss a critical email from a customer/vendor.

Are there options/tools to monitor SPF records?

We are using Exchange 2013 and we have 2 sites (office and DR site) .Each site got 1CAS and 1 Mailbox.

Recently after some changes in management, the new management would like to change the domain name from mail.olddomain.com to mail.newdomain.com.

Basically management wants to change everything to newdomain.com/ newdomain.local for Outlook/ OWA and mobile access.

For above requirement, do we need to setup new Exchange environment and do mailboxes migration from existing server to new server with new domain?
Or we can just unjoin from old domain and join to new domain? What should be proper plan to follow?

First of all I apologize for the inconvenience, I would be happy if you found the time to answer me.
I have a problem in CURL, complicated: the time: starttransfer_time: 10s +
and redirect_time: 10s +

- with easyphp (php version 5.5.8) the total time does not exceed one second. (no problem)
- locally on a vmware: debian 9 and php 7.0 (no problem too)

On the server:
on a dedicated server debian 9 php 7.0: starttransfer_time = 10 s +
on a debian 8 php 5.6 dedicated server: starttransfer_time = 10 s +

On a shared hosting 1and1:
(php 5.6 (no problem the time does not exceed a second) but for a week, the problem happened starttransfer_time = 10 s)

that's why I changed the hosting to a dedicated server (but it does not solve the problem)
-------------------------------------------------- --------------------------
it's the same code (same algo)
I can not understand, locally everything works fine but on the server 10 s +,
i think this is not a problem related to the version of php or system, i think this is a problem related to network configuration or SSL or something in the data transport and hostname resolution .

 (NB: the server is very powerful compared to my local configuration,
in server: 4 core and 8GB RAM and the bandwidth: 1000 mb+ / s)
locally: 1GB RAM and 1 core: bandwidth: 8mb / s)

when i run in curl command line the page is load very quickly

My code in PHP CURL


Open in new window


We have 3 local servers and those servers not have internet access , and we need to deployment new SMTP Exchange to received notification from those local 3 servers and send to the local Exchange server that must connecting to our external mail system O365 .

So how we can deployment this new Exchange server to make it received notification message from local servers our server the send to the external O365.

The local exchange domain name is : Mydomainname.com ,  and the Public domain name is: mydomainname.com.lb , so what are the public DNS records that I needs and how to configure my local Exchange server and my Public O365 server ? and do I need Public IP address for local my Exchange Server ?

DNS Name Server question.  Go Daddy is hosting our domain, but we are using name servers from one of our Internet providers.  My question is this; When a domain has 2 Name Servers specified such as NS1.somedns.com, and NS2.somedns.com  Do queries always go to the NS1 server, and if it is not reachable, go to the NS2 server?  Or is it a roll of the dice so to speak of which one responds?

The reason I ask is this.  We have a multiwan router that can act as a Name Server, and I can set short TTL's of a few seconds for records such as our Mail Server, or Webservers, that if a WAN connection goes down, it will return the IP of one of the other WAN connections IP's.  Basically a fail over route.

This is great and all except if power is lost to our facility if I have NS1 be the multiwan router, then NS2 would need to be a different name server such as GoDaddy with the same DNS records as NS1.

If Name Server queries are a roll of the dice, then if a WAN connection does go down, it is a crap shoot of which IP will be returned because NS1 will give the IP of an UP WAN, where NS2 would give the IP of the down one.

Any insight would be greatly appreciated!

I keep getting event id 5719 and 1055 errors. Below is the detailed message.  Keeps getting message that logon server not available but it is.  We have 3 different domain controller/dns servers. I have tried the dns ip on the server with the issue still did not solve the problem.  I also tried adding the domain name with ip on the host file with or without it am able to ping the domain name domain.local with no issues.

I also removed the server from the domain made sure it was removed from all the domain controller rejoined it to the domain with no issues.  Still keep getting the errors.

Event id  message
event 5719
This computer was not able to set up a secure session with a domain controller in domain GPROULX due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

event 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
I am finally getting back to trying to migrate a 2012 DC to 2016. SYSVOL/NETLOGON is not replicating and DCDiag is showing errors.

DCdiag is failing SystemLog showing the new AD server as well 4 entries for public google DNS. I have checked both DC's nic settings of which they point to themselves else the other DC. There is no reference to a public DNS from either DC. I checked DNS on both servers and neither have records for or

Out of a last ditch effort I ran ipconfig /flushdns and dnscmd /clearcache in hopes of resolving this but the problem remains.

I am still receiving an FrsEvent in DCDiag which i was attempting to use FRSDiag to figure out why. It fails repeatedly with NTFRSUTL ERROR - Cannot RPC to computer, mydc; 000006d9 (1753)... Make sure you are logged on as a Domain Admin! Skipping!
The user is the domain admin and I have tried other users with domain/enterprise admin roles with the same result.

This is the DCDiag output

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = MyDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MyDC
      Starting test: Connectivity
         ......................... MyDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MyDC
      Starting test: Advertising

Open in new window

Alright im in a dumb situation. One of my customers has had  their main software provider install a new fiber connection at their office and this company has installed their own router on site. we have removed our sonicwall firewall and pointed our PDC to this as the new gateway as well as all the static machines. this software company which is now their new ISP also firewalls and filters traffic on their end in the cloud.

we have changed the DNS forwarders to point to the new ISP DNS servers, which interestingly, i cant point to any others like google or cloudflare as they dont resolve. im sure thats because of the way they are locked down by the ISP.

Essentially, we point to them for dns now and theres no weird entries in dns for them. im under almost no control of the rest. my customer is now experiencing slow resolution on at least one website which happens to be their own site unfortunately. the new ISP is pointing fingers at me now as the problem. where else can i look to make sure that dns is working as efficiently as it can on my end???

now that we have changed so much on the network, do i need to like delete the roothints and let it rebuild or anything like that to flush dns. since we changed paths to everything on the internet as far as its path through the internet, it seems like we need to flush something.

Server 2011 SBS
Workstations are all windows 7 Pro

Any help is greatly appreciated!
we are moving to Server 2016 from Server 2012- we have 2 domain controllers both running DNS DHCP AD etc- one of them is configured as a radius server for VPN connectivity

Can both of them be configured so that they both can be listed in Cisco ASA as radius servers? or is this one of those there can only be one?
Hi all,

We've built a new Domain Controller on a WS 2016 server - old DC's are 2008R2.

Everything appears to be healthy, however, I've noticed that there are some duplicate SRV records on the DNS server of the Domain Controllers - usually one in upper case and one in lower case.

Has anyone come accross this, do you know what the issue is, the resolution and does it cause any problems. I want to make the new server the FSMO role holder and want to ensure that it's a healthy server and domain before I do so.

Thanks for your time
Exchange 2016 was throwing an autodiscover cert error every time someone logged in. I had a new cert issued and got it installed. Support had me remove the domain.local as it's no longer supported. Users are still getting the cert error but instead of autodiscover it's showing exchange.domain.local as not being recognized.

Logging in externally shows no errors. Only internally. Do i need to check DNS, an exchange setting, something else?
Is it possible to configure Azure to resolve DNS hostname of local PC that is connected to Azure via Point-To-Site VPN

1. Windows 10 Laptop connects to Point-To-Site VPN using the Azure VPN client
2. Windows 10 user then connects to an Azure VM via RDP from their laptop
3. User then opens a program from their RDP session.

To be able to print to Local Printer connected via USB port on the laptop whilst in RDP session.

The software uses the RDP Server printers only and is not compatible with using redirected printers.

How can i map local printer that is connected via USB on laptop into RDP Server via hostname instead of private vpn IP Address so they can print.

What does work is if I share the printer on the laptop, install the printer drivers on the server and map the local port to the private ip address it works fine. However the VPN private IP Address changes everytime user logs in using the VPN Client.

Any suggestions ?
Migrating from On-Prem Exchange to O365.
Using MigrationWizz to migrate to O365 from On-prem Excahnge.
Have done this before several times. But one issue is that domain joined pc's will allways try local Exhange first if one have existed (listed in global catalog \ schema?)
We have solved this by adding a reg key (HKEY_CURRENT_USER\Software\Microsoft\Office\(version Number)\Outlook\AutoDiscove adding  a ExcludeScpLookup with value 1)
This time it's 200 pc's so looking for a more "central" solution.
vageuly recalling doing it with ADSI on the Domain Controller, deleting the SCP record (ServiceConnectionPoint)

Any other \ better way og forcing the clients using the AutoDiscover DNS record?

Thanx alot
We get calls from people who cannot get to a website, say cnn.com.  The cursor will just spin and the request will time out.  This happens intermittently.  We called level 2 support, and they claim that the requests are not hitting their gateway, but I am not sure this is the case.  I'd like to provide some hard data to level 2 support with a tool like wireshark, but I don't know how to interpret wireshark.

Is there a tool that is a bit simpler than wireshark that can tell me where exactly where the hold up is?  I have looked at a tool called DNSQuerySniffer, but it looks like it stops at my internal DNS server.  I have also tried a simple tracert, but tracert hops timeout on sites that are working, so they are not reliable.  

We do have company internet filters in place (fortinet), but they are managed at level 2 so I don't have access to their logs.  I am also told that there are a few old DNS server records in my forward lookup zones, but they have been there long before this problem began.  

Thank you!!
Let me explain our server setup first .we have three domain controller in our Head office and one Read-only domain controller at each site office. All DC and RODC servers are also Global Catalog server, DNS server and DFSR namespace server. There is VPN connection between site office and head office.
Active directory sites and subnets are configured. Each Active directory site is configured with that particular site RODC.  Namespace folders are configured with multiple folder targets. Employees are getting access to local targets automatically as they move from HQ to site or site to site
My problem is, When VPN is connected if I type our active directory  domain in ”run” from any site office client pc or  from server (\\XXX.XXX.local) I can see SYSVOL, NETLOGON, DFSR namespace, ETC . If VPN is not connected domain name doesn’t resolve and I don’t see anything .If I ping to AD domain from site office when VPN is connected I am getting reply from head office DC, without VPN I am not getting reply, I am not sure if it is supposed to be like this.
Recently we started to use domain based namespace for file sharing, so whenever VPN gets disconnected all mapped network drive becomes unavailable.

I understand that there is  HealthMailbox in Exchange 2013.

Based on the message logs, there are a lot of email coming from contoso.com. I don't know why domain shows as consoso.com.

Would there be any issue if we delete HealthMailbox ?
What would be the impact on mailbox of the user if we delete?

Dear Experts.

Need help on firewall ports requirment.

I have two different forest tbd.nal.nl and nsk.pwd.uk entity within same organization (no child domain).
Request experts help to suggest what are the ports minimally required for forest trust to work.

1. List of ports to be open in firewalls for forest trust.
2. Ports to open between forest domain controllers tbd.nal.nl and nsk.pwd.uk.
3. Do we require to ports to open tbd.nal.nl clients to forest nsk.pwd.uk domain controllers and viseversa, if yes can help us list of ports to open.

As part of a local football club, I email out newsletters through Campaigner from our club's email address to subscribers of newsletter which details news for the club.

There are 250 people who receive the newsletters and they had subscribed to the newsletters themselves.

Until recently, these newsletters were delivered successfully each week.

For the last few weeks, these newsletters have been sending to the subscribers' spam folders.

To fix this problem, we set up or DKIM and SPF records correctly for Campaigner.

This week 4 out of 250 people received the newsletters correctly.

Mostly all of the subscribers use Gmail.

If all subscribers put in the club's email address, where newsletters are sent from, into their contacts in Gmail would that solve anything?

What are your thoughts on this matter?







The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.