crossrider

Hi Matt, sorry for the delay in answering your last post, but I was on a short trip this weekend and only came back this morning. I already suspected that reinstalling DNS with AD already running was a bad idea, so I'm glad I didn't try. The _msdcs folder I was talking about is kind of strange as I have two of them. One is situated directly under the forward lookup zone node, thus on the same level as the domain. Another one, however, with a grey icon instead of a yellow one, is located under the domain node and contains a Nameserver entry pointing to my server. I'll try and make it clear with a graph: S2008 |- Forward Lookup Zones |- _msdcs.domain.tld |- domain.tld |- _msdcs (grey icon) This is kind of weird, and I didn't notice the existence of a similar folder on my old Server 2003. Surprisingly, I'm never experiencing slow logins or similar issues. Rather, logins work very fast and apart from not being able to access a computer through its domain name I have never had any other issues. I will try and deactivate the second NIC in the next few days, but I suspect this won't change anything since I had these issues already before, when my old server only had one NIC. Well meanwhile I also got to the point that there could be some other network problem that I'm not aware of. I've posted a copy of the ipconfig command taken from the client I'm using and who is showing irregularities in name resolution just as the other clients. I'm sorry I could only post it in German. If it's too difficult for you to decipher the meaning of the log then let me know and I will try and provide an English log from a VM I will set up for this purpose. Microsoft Windows [Version 6.1.7600] Copyright © 2009 Microsoft Corporation. Alle Rechte vorbehalten. C:\Users\admin>ipconfig /all Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : Admin-PC Primres DNS-Suffix . . . . . . . : domain.tld Knotentyp . . . . . . . . . . . . : Hybrid IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein DNS-Suffixsuchliste . . . . . . . : domain.tld Ethernet-Adapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller Physikalische Adresse . . . . . . : 00-1D-92-34-4F-3B DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Verbindungslokale IPv6-Adresse . : fe80::9ea:c2cf:b375:87aa%11(Bevorzugt) IPv4-Adresse . . . . . . . . . . : 192.168.1.20(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : 192.168.1.1 DHCPv6-IAID . . . . . . . . . . . : 234888594 DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-12-98-46-15-00-1D-92-34-4F-3 DNS-Server . . . . . . . . . . . : 192.168.1.11 192.168.1.1 Primrer WINS-Server. . . . . . . : 192.168.1.11 NetBIOS ber TCP/IP . . . . . . . : Aktiviert Tunneladapter LAN-Verbindung* 2: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Tunneladapter isatap.{100B2501-2378-47F5-AC80-05E1AC7346A8}: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2 Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Verbindungslokale IPv6-Adresse . : fe80::5efe:192.168.1.20%15(Bevorzugt) Standardgateway . . . . . . . . . : DNS-Server . . . . . . . . . . . : 192.168.1.11 192.168.1.1 NetBIOS ber TCP/IP . . . . . . . : Deaktiviert C:\Users\admin>

Hi Matt, thanks for the hint with dcdiag. Unfortunately, there is nothing that points to the behaviour I've been experiencing. The only error detected is this one: the server does not pass the test NCSecDesc. The error is: NT-Authority\Domain Controller of Organisation does not possess Replicating Directory Changes In Filtered Set access rights for the name context: DC=ForestDnsZones,DC=domain,DC=tld However, it seems that this is connected to the Read Only Domain Controller Feature. As to the forward lookup zone, I can confirm that all my computer are listed with their correct IP addresses. The server is listed twice, with one entry for each IP. I hope it is no problem to have both NICs connected to the LAN? I'm using the second NIC for the Virtual machines that are running on Hyper-V. Also The SOA and NS records are in there and pointing to the server. Before I set up this Server 2008 R2, I had a Server 2003 running for about two years, which showed the same symptoms of sometimes resolving names correctly and sometimes not. Therefore the problem is not new, but I has started bothering me only recently when I began setting up several virtual machines. Since the error occurs only sporadically I'm really wondering what causes it since the environment has been the same for several years now. Can you imagine anything else causing this error? It is so strange that name resolution won't even work reliably on the server itself (as I had reported earlier). Can there maybe be any superfluous entries that interfere with the DNS? I've seen a gray _msdcs folder in the forward lookup zone and was wondering what it was doing there. **Edit** I just saw that in the client's event log an event id 1014 (DNS Client Events) appears every time I start the machine. It says: timeout resolving the name 168.192.in-addr.arpa, after none of the configured DNS server has responded. Again, this is translated from German, but I hope you understand the content. Another idea has come to my mind: Couldn't I simply uninstall the DNS role from the server and reinstall it right afterwards? Maybe this would clean up any inconcistencies that cause the errors I'm having. Or is it impossible to uninstall DNS with AD already running?

Yeah I know that 127.0.0.1 is the address of localhost. Still I'm wondering why clients won't show me the FQDN even though they know its IP. I don't have a reverse lookup zone in my DNS. I thought it wasn't necessary for a small network. Or is there any big advantage to setting up a reverse lookup zone, i.e. would it improve name resolution? As far as I can remember, the wizard didn't require a reverse lookup zone to be set up, so I just left it the way it was. I just did some lookups of internet names. Both on the server and the client it gives me the following results: nslookup > google.com Server: localhost (+ "UnKnown" on the client) Address: 127.0.0.1 (+ 192.168.1.11 on the client) Non authorizing response (I've translated this from German but I guess you know how it reads in English): Name: google.com Addresses: 74.125.87.105 74.125.87.103 74.125.87.99 and so on... While this seems to work, I've just discovered something very weird: When I do lookups of local computers, say server1.domain.tld and client2.domain.tld, on both machines (server and client) the names are resolved without any problem. However, when I try to ping the same machines, I get responses that are different from each other: On the server, ping works correctly, so if I enter server2.domain.tld the name is resolved correctly and i get the responses from the IPs they've been assigned in the LAN On the client, ping doesn't work correctly: When I request the same names as above, ping will answer with responses from the server where my domain is hosted. Apparently it resolves the names using another DNS server, since it responds with an external IP (81.28.232.71). I really can't see why the client is doing this if everything else works fine. Do you have any further suggestions? It seems that the clients are not contacting the DNS server they are supposed to contact. **Edit**: I've just discovered that also the server has started resolving the wrong names when doing pings inside the LAN. So therefore probably not only a client problem. What is even more awkward is that sometimes it works, and sometimes it doesn't.

Hi Matt, thank you very much for your answer. As to the forwarder: Where do I set the forwarder? In the properties of the domain in the DNS snap-in? I just took a look and there is already an entry pointing towards the router/local gateway (the way I wanted it to be if the forwarder is set in the right place?) I've checked again the DNS event log of the but it doesn't seem that any errors have occurred recently. There is just some information about invalid packets coming from somewhere on the web, but just once a day or so. The log is rather empty. Anyway I think you could be right about me having some other issue with the name resolution. When I type nslookup on the command line, my own PC (one of the clients) returns: nslookup DNS request timed out. timeout was 2 seconds. Standardserver: UnKnown Address: 192.168.1.11 The timeout is bad, but at least it returns the correct IP of the server (192.168.1.11) Whereas when I execute nslookup on the server it returns: nslookup Standardserver: localhost Address: 127.0.0.1 However, if I try to look up other devices in the LAN from my client PC it seems to work correctly. For example, if I execute nslookup typing "wlan" in order to resolve the name of the WLAN access point the command line returns nslookup > wlan Server: UnKnown Address: 192.168.1.11 Name: wlan.domain.tld Address: 192.168.1.5 Can you see where I can adjust my configuration or are the responses I am getting normal? As you said, I should be getting the same results on both client and server, which is not the case, however.

Hi everybody, I've recently set up Server 2008 R2 as the PDC of an AD. Everything went well so far, but there is one problem I could not solve yet: In the clients' network settings I've entered the IP of the local 2008 R2 server as preferred DNS server. In the alternative DNS server field I've entered the IP of router that connects to the internet. What happens now is that whenever I try to connect to another client or even the server through its domain name, say "s2008.home.tld", the request apparently is handled by the router's DNS server (which forwards to the ISP's DNS server), which obviously returns an "unknown address - no website is configured to this address" answer (the local domain is identical to a toplevel domain I registered). When I remove the alternative DNS entry from the clients, domain name resolution works fine inside the local network. However, I'm getting another problem: When I try to access external pages, such as youtube or whatever, the connection is extremely slow. In addition, some contents like videos or flash won't play at all. I've read, yet not quite understood, several articles saying that the local DNS server tries to resolve the external address in a complicated manner which subsequently leads to low speeds. Now this is my question: How can I speed up the name resolution? Is there a setting/a rule for the server to immediately forward all requests that do not concern the local domain directly to the router's DNS server? I've read something about settings in the forward lookup zone but I'm not quite sure how it works. Any suggestions are appreciated! Thank you