DNS problem
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Quick summary of the lab I got:
server01 (first DC in the forest, DHCP server, DNS server)
IP:192.168.100.100
Pref. DNS: 192.168.100.101
server03 (also a DC, DNS server)
IP: 192.168.100.101
Pref. DNS: 192.168.100.100
server05 (exchange server 2003)
IP: 192.168.100.103
Pref. DNS: 192.168.100.100
client02
IP:assigned by server01, 192.168.100.102
Pref. DNS: from scope options (192.168.100.100)
Till yesterday, all 3 servers could resolve client02. It's suddenly stopped working. I just did not make any changes, so I dont know what's causing this.
By the way, I know I should be able to tackle this myself but am out of ideas.
I manually deleted the glue record for client02 on both DNS servers, and did a ipconfig/registerdns on the client. It registered the record on server01 but not on server03. I did a zone reload on server03, it gave the following error:
Zone could not be loaded. The process could not complete because the file is being used by another process.
I went into the zone properties on server01, and zone transfer was set to any server. Security is also set properly. The replication was set to all DNS servers in the domain, I changed it to all DNS servers in the forest. I did a repadmin /syncall and also forced replication from AD Sites and Services. But no
If I go into the zone's properties' security tab on server03, it says "Could not load security information". If I try changing the zone replication properties on server03, it gives me a similar error:
Process could not complete as the file is being used by another process.
The exchange server is powered off. I havent done anything apart from installing it 2 days ago. There are no RRAS servers. Windows firewall is off and there are no AV software on the machines.
The one error on both server01 and 03 that's of concern is : There was a problem with zone enumeration because DNS encountered a critical error from AD. Check that AD is running.
Edit: Just noticed another error -- The DHCP server could not locate a directory server.
But it still renewed the lease for client02.
Wonder why I get all the weird errors
server01 (first DC in the forest, DHCP server, DNS server)
IP:192.168.100.100
Pref. DNS: 192.168.100.101
server03 (also a DC, DNS server)
IP: 192.168.100.101
Pref. DNS: 192.168.100.100
server05 (exchange server 2003)
IP: 192.168.100.103
Pref. DNS: 192.168.100.100
client02
IP:assigned by server01, 192.168.100.102
Pref. DNS: from scope options (192.168.100.100)
Till yesterday, all 3 servers could resolve client02. It's suddenly stopped working. I just did not make any changes, so I dont know what's causing this.
By the way, I know I should be able to tackle this myself but am out of ideas.
I manually deleted the glue record for client02 on both DNS servers, and did a ipconfig/registerdns on the client. It registered the record on server01 but not on server03. I did a zone reload on server03, it gave the following error:
Zone could not be loaded. The process could not complete because the file is being used by another process.
I went into the zone properties on server01, and zone transfer was set to any server. Security is also set properly. The replication was set to all DNS servers in the domain, I changed it to all DNS servers in the forest. I did a repadmin /syncall and also forced replication from AD Sites and Services. But no
If I go into the zone's properties' security tab on server03, it says "Could not load security information". If I try changing the zone replication properties on server03, it gives me a similar error:
Process could not complete as the file is being used by another process.
The exchange server is powered off. I havent done anything apart from installing it 2 days ago. There are no RRAS servers. Windows firewall is off and there are no AV software on the machines.
The one error on both server01 and 03 that's of concern is : There was a problem with zone enumeration because DNS encountered a critical error from AD. Check that AD is running.
Edit: Just noticed another error -- The DHCP server could not locate a directory server.
But it still renewed the lease for client02.
Wonder why I get all the weird errors Comments
-
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Try restarting the netlogon service on 1 DC at a time, or simply reboot them. It may be that the SRV records are messed up.All things are possible, only believe. -
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Well, Mark, I did a reboot before I posted. I did thiink of the netlogon service and did a net share on the 2 DC's and the service was there. Showed as started in services too.
-
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
I doubt this will come as a shock, and it may not even be the answer, but in real life I have had to restart the netlogon service as many as 4 times before it corrects the issue.
Try this from a command prompt:
nslookup
set type=srv
_ldap._tcp.dc._msdcs.your.domain.com
You should see your DCs listed. If not, the srv records are not there.All things are possible, only believe. -
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Both servers show up in that command and with the right IP's.
And I restarted the freaking netlogon service a few times on both DC's, one at a time, still same thing. Wonder WTF is wrong. It's almost midnight here, need to catch some sleep, studied my bottom off last night too. I was thinking, 2x shots of scotch is not a bad idea...
-
dales
Member Posts: 225
Is it just me but I think the pref dns server on server01 should be the localhost address, just wondered if dns is getting its knickers in a twist.
You will also need to see if the option to update dns records are enabled in the DHCP management console.Kind Regards
Dale Scriven
Twitter:dscriven
Blog: vhorizon.co.uk -
Essendon
Member Posts: 4,546 ■■■■■■■■■■
dales wrote:Is it just me but I think the pref dns server on server01 should be the localhost address, just wondered if dns is getting its knickers in a twist.
You will also need to see if the option to update dns records are enabled in the DHCP management console.
Initially when there was only 1 DNS server (server01) it did point to itself. But after I created a new DC and DNS server, pointing it to that provides for better name resolution (atleast till yesterday it did ). By doing this, you'll see that if server03 was already up then server01 goes through the "creating network connections" quicker when booting up.
Yeah, that option is enabled, that's why client02 updated its record on server01. It's replication ,it seems, is screwed -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Seems like you have a problem with AD. Have you run the dcdiag and netdiag support tools? -
gojericho0
Member Posts: 1,059 ■■■□□□□□□□
do all your services have the correct correct permissions as well? -
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Dont know what happened, but it's mysteriously fixed itself. I just had a hunch that perhaps rejoining client02 to the domain could jolt DNS into action, well, it DID. It's working now.
BTW, I should have posted before that I did the netdiag and dcdiag tests on both servers and both passed.
I also reinstalled the client's NIC as I discovered it couldnt ping itself. Something was screwy, dont know what, but I'll take it since it's fixed.
There are no more zone ennumeration errors, AD is being updated, we are back on track. All'g good. Thanks for your help people.
