Weird DNS Issues
-
I started having weird DNS issues today. Those who have helped me here know that I went through a solo migration recently. Due to my time needed on other projects, I've yet to complete the final steps on our Domain Controller / DNS server migration. But I do plan on accelerating that to later this week or weekend.
Here's what is going on. I get calls this morning about users who could log in, get POP3 email and internet but all of their drive mappings were dead. Several users were able to reconnect after a few reboots.
When I got to the office, I went to someone who was yet reconnected. He was able to go to the IP address of the server but not the DNS name. I went into his network settings and set his preferred DNS server to the new Domain Controller / DNS Server, rebooted and he was fine.
Keep in mind on this next step that we do not currently use DHCP (but plan to.) Some users have static IP's due to some past frequent IP conflicts. And much of those users had this problem today. Their preferred DNS server was the old server. So I changed it to the new server and rebooted. Still no drive connections, so I am guessing replication hadn't taken place? (I assuming they replicate in their current shared state (though the new DC is the primary DC now.) So, on these users and I took them off a static, set the DNS to the new server, rebooted and they were fine.
So, what is going on at the moment? I've never had a DNS issue of this magnitude. I am assuming it is because the old server is still the primary DNS server.
Thanks everyone...
-
Did you power off the old DNS server?
-
Yes. Having the old machine as the DNS primary could introduce fragility if replication had an issue.
-
@garak0410 said:
So, on these users and I took them off a static, set the DNS to the new server, rebooted and they were fine.
So, what is going on at the moment? I've never had a DNS issue of this magnitude. I am assuming it is because the old server is still the primary DNS server.
You took them off Static IPs, but then put them back on a static DNS ? why? isn't your DHCP server giving out the new DNS server as the primary?
If you powered down the old server, and your client machines that were statically assigned did not have a secondary address of a working DNS server, then yes, those clients would have problems.
-
@garak0410 said:
When I got to the office, I went to someone who was yet reconnected. He was able to go to the IP address of the server but not the DNS name. I went into his network settings and set his preferred DNS server to the new Domain Controller / DNS Server, rebooted and he was fine.
That's good news
... Their preferred DNS server was the old server. So I changed it to the new server and rebooted.
When you say no drive connections, did you try pinging the name of the server and see if you received any resolution?
Also, how are the drives mapped? GPO, logon script, manually? -
really i'm facing your very same problem exactly, before everything was fine (no DNS issues), but as soon as i add new DC into domain in my branch office, i start having those kind of problem as you mentioned, these days i'm having difficult time, the domain is not stable at all, i neither get additional working nor the domain stability i got before,
i hope these problems come to an end
-
Quick update...seems to be isolated to our file server...it has a physical name and a CNAME and when these certain users have the problems, they can only get to the server by IP Address. Like right now, I can access the file sever by both names. I have a single user (currently) who can only access it by IP address.
-
and you've tried ipconfig /release /renew /flushdns /registerdns on these that you were having probs with?
-
@Hubtech said:
and you've tried ipconfig /release /renew /flushdns /registerdns on these that you were having probs with?
All but RegisterDNS...I will try that. Currently, I have three users I cannot resatore.
And on my new DC/DNS server, this is what it shows under DNS Events:
From Yesterday: SERVERNAME 4015 Error Microsoft-Windows-DNS-Server-Service DNS Server 5/20/2014 7:39:14 AM The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
From Today: SERVERNAME 4013 Warning Microsoft-Windows-DNS-Server-Service DNS Server 5/21/2014 6:38:37 AM - The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
And Again, this is only happening to the DNS (CNAME) of our FILESERVER...all other DNS name resolutions are working fine. I wanted to avoid rebooting the file server but wonder if it could help?
-
So on a user's system when it is failing, what is an nslookup of the A and CNAMEs returning?
-
@scottalanmiller said:
So on a user's system when it is failing, what is an nslookup of the A and CNAMEs returning?
What is the preferred syntax to check the A and CNAME with NSLOOKUP? Thanks....
-
Even more simple than an NSLookup... what does IPconifg /all return on a computer that is having problems?
-
@Dashrender said:
Even more simple than an NSLookup... what does IPconifg /all return on a computer that is having problems?
Even though DHCP is off on old and new DC/DNS server, it does contain info there...
One of the PC's that cannot resolve the name to the FILESERVER shows:
DHCP Server: Old DC
DNS Server: New DC
Primary WINS Server: Old PCOn my PC (Which is on Windows 8.1), doesn't return DHCP or WINS server info...and I've never had the DNS problem.
Keep in mind, this PC and resolve all other server and PC names EXCEPT the FILESERVER.
-
@garak0410 said:
@Dashrender said:
Even more simple than an NSLookup... what does IPconifg /all return on a computer that is having problems?
Even though DHCP is off on old and new DC/DNS server, it does contain info there...
One of the PC's that cannot resolve the name to the FILESERVER shows:
DHCP Server: Old DC
DNS Server: New DC
Primary WINS Server: Old PCOn my PC (Which is on Windows 8.1), doesn't return DHCP or WINS server info...and I've never had the DNS problem.
Keep in mind, this PC and resolve all other server and PC names EXCEPT the FILESERVER.
Also, on a PC that is working and where I manually set the preferred DNS to the new DC and made the alternate the old DC, he also shows DHCP from the OLD DC.
I've really had no real solutions...just Band-Aids to get people up.
-
@garak0410 said:
@scottalanmiller said:
So on a user's system when it is failing, what is an nslookup of the A and CNAMEs returning?
What is the preferred syntax to check the A and CNAME with NSLOOKUP? Thanks....
Just....
nslookup aname
nslookup CNAMEWhere aname and CNAME are the host names. There is no further syntax.
-
Did I see that you have two DHCP servers running? There should be only one.
-
@scottalanmiller said:
@garak0410 said:
@scottalanmiller said:
So on a user's system when it is failing, what is an nslookup of the A and CNAMEs returning?
What is the preferred syntax to check the A and CNAME with NSLOOKUP? Thanks....
Just....
nslookup aname
nslookup CNAMEWhere aname and CNAME are the host names. There is no further syntax.
On PC's that had no problem or had a problem, they either NSLOOKUP ANAME or CNAME to the old or new DNS server...and they all end with can't find cname: Non-existent domain (same with aname)
-
I noticed on the new DC/DNS server, under the reverse lookup ZONE properties, under NAME SERVERS, the new DC/DNS server shows UNKNOWN...OK to update it?
-
@garak0410 said:
@scottalanmiller said:
@garak0410 said:
@scottalanmiller said:
So on a user's system when it is failing, what is an nslookup of the A and CNAMEs returning?
What is the preferred syntax to check the A and CNAME with NSLOOKUP? Thanks....
Just....
nslookup aname
nslookup CNAMEWhere aname and CNAME are the host names. There is no further syntax.
On PC's that had no problem or had a problem, they either NSLOOKUP ANAME or CNAME to the old or new DNS server...and they all end with can't find cname: Non-existent domain (same with aname)
Sounds like you don't have your search domains defined and you are skipping the FQDN and are trying to use short names.
-
I agree with Scott, you're using short name instead of FQDN (Fully Qualified Domain Names). It's something that started back in the NT days with NetBIOS. You really should replace all \servername\sharename with \severname.domainname.com\sharename
for your nslookup try 'nslookup olddc.domainname.com' or nslookup newdc.domainname.com
