Certbot

Dashrender

yep, there are your problems!!

Look at your DNS entries. You can only use Windows DNS servers for DNS to have this problem solved.

It also appears that you are not using DHCP - why not?

Also, why is 127.0.0.1 in that list? that is basically saying, use myself to find DNS information, but non of your PCs have a DNS sever installed on them, I hope.

wirestyle22

@Dashrender said in Certbot:

yep, there are your problems!!

Look at your DNS entries. You can only use Windows DNS servers for DNS to have this problem solved.

It also appears that you are not using DHCP - why not?

Also, why is 127.0.0.1 in that list? that is basically saying, use myself to find DNS information, but non of your PCs have a DNS sever installed on them, I hope.

What is that ::1 in DNS servers?

Dashrender

The only DNS IPs that should be listed in any PC that lives on your network should be the IPs of these machines

JaredBusch

@wirestyle22 said in Certbot:

@Dashrender said in Certbot:

yep, there are your problems!!

Look at your DNS entries. You can only use Windows DNS servers for DNS to have this problem solved.

It also appears that you are not using DHCP - why not?

Also, why is 127.0.0.1 in that list? that is basically saying, use myself to find DNS information, but non of your PCs have a DNS sever installed on them, I hope.

What is that ::1 in DNS servers?

That is IPv6 loopback

wirestyle22

@JaredBusch said in Certbot:

@wirestyle22 said in Certbot:

@Dashrender said in Certbot:

yep, there are your problems!!

Look at your DNS entries. You can only use Windows DNS servers for DNS to have this problem solved.

It also appears that you are not using DHCP - why not?

Also, why is 127.0.0.1 in that list? that is basically saying, use myself to find DNS information, but non of your PCs have a DNS sever installed on them, I hope.

What is that ::1 in DNS servers?

That is IPv6 loopback

Oh I see. Thanks

Dashrender

This post is deleted!

Dashrender

@alex-olynyk

Do you have someone else in the company who is a senior IT person? Or are you the one currently in charge of the network?

alex.olynyk

@Dashrender said in Certbot:

@alex-olynyk

Do you have someone else in the company who is a senior IT person? Or are you the one currently in charge of the network?

there is a senior IT person. But he is at the same level as me when it comes to DNS

alex.olynyk

@Dashrender said in Certbot:

The only DNS IPs that should be listed in any PC that lives on your network should be the IPs of these machines

Im aware of that

Dashrender

Hold the phone here -

JB pointed out to me that the ipconfig you posted is from your DC.

THAT majorly changes things.

You can point to yourself for DNS on a DC - in your case you don't need to, because have 6 DNS servers.

You need to change the Domain Controller's DNS to all point to other DNS servers on your network. The primary one should point to another Local DNS server if there is one, the secondary can be local or remote. If there are no other local DNS, you have no choice but to have the primary point to another DNS that is remote.

wirestyle22

@Dashrender said in Certbot:

Hold the phone here -

JB pointed out to me that the ipconfig you posted is from your DC.

THAT majorly changes things.

You can point to yourself for DNS on a DC - in your case you don't need to, because have 6 DNS servers.

You need to change the Domain Controller's DNS to all point to other DNS servers on your network. The primary one should point to another Local DNS server if there is one, the secondary can be local or remote. If there are no other local DNS, you have no choice but to have the primary point to another DNS that is remote.

Yeah I was literally just typing that out in a post. Rose-DC1 so it would refer to itself for DNS

Dashrender

@alex.olynyk said in Certbot:

@Dashrender said in Certbot:

@alex-olynyk

Do you have someone else in the company who is a senior IT person? Or are you the one currently in charge of the network?

there is a senior IT person. But he is at the same level as me when it comes to DNS

I'm really thinking JB is right, you need to hire someone to either remotely assist you or come onsite and give your network a good once over. it will be well worth the spend.

alex.olynyk

@Dashrender said in Certbot:

Hold the phone here -

JB pointed out to me that the ipconfig you posted is from your DC.

THAT majorly changes things.

You can point to yourself for DNS on a DC - in your case you don't need to, because have 6 DNS servers.

You need to change the Domain Controller's DNS to all point to other DNS servers on your network. The primary one should point to another Local DNS server if there is one, the secondary can be local or remote. If there are no other local DNS, you have no choice but to have the primary point to another DNS that is remote.

128.1 is the only DC/DNS on site so its pointing to 118.5 which is a DC/DNS server at a remote site.

Dashrender

what is the name of that server at that site?

alex.olynyk

@Dashrender said in Certbot:

what is the name of that server at that site?

TRI-DC1A

JaredBusch

@alex.olynyk said in Certbot:

@Dashrender said in Certbot:

Hold the phone here -

JB pointed out to me that the ipconfig you posted is from your DC.

THAT majorly changes things.

You can point to yourself for DNS on a DC - in your case you don't need to, because have 6 DNS servers.

You need to change the Domain Controller's DNS to all point to other DNS servers on your network. The primary one should point to another Local DNS server if there is one, the secondary can be local or remote. If there are no other local DNS, you have no choice but to have the primary point to another DNS that is remote.

128.1 is the only DC/DNS on site so its pointing to 118.5 which is a DC/DNS server at a remote site.

Gods, what a train wreck, but I keep coming back...

The DNS setting in the NIC for a DC (assuming it is also a DNS server) should ALWAYS point to itself first.

It should never point to anything else first.

DNS 1: 127.0.0.1
DNS 2: Some other INTERNAL DNS server

JaredBusch

@JaredBusch said in Certbot:

@alex.olynyk said in Certbot:

@Dashrender said in Certbot:

Hold the phone here -

JB pointed out to me that the ipconfig you posted is from your DC.

THAT majorly changes things.

You can point to yourself for DNS on a DC - in your case you don't need to, because have 6 DNS servers.

You need to change the Domain Controller's DNS to all point to other DNS servers on your network. The primary one should point to another Local DNS server if there is one, the secondary can be local or remote. If there are no other local DNS, you have no choice but to have the primary point to another DNS that is remote.

128.1 is the only DC/DNS on site so its pointing to 118.5 which is a DC/DNS server at a remote site.

Gods, what a train wreck, but I keep coming back...

The DNS setting in the NIC for a DC (assuming it is also a DNS server) should ALWAYS point to itself first.

It should never point to anything else first.

DNS 1: 127.0.0.1
DNS 2: Some other INTERNAL DNS server

Once you have that setup right, everything in the local office will immediately start working right.

Next, you need to look into your DNS configuration, because in theory, you should have still been working if your DNS was properly replicating between all of your servers.

Alex Sage

What DNS addresses are your clients getting from DHCP?

alex.olynyk

@aaronstuder said in Certbot:

What DNS addresses are your clients getting from DHCP?

we dont use DHCP. Clients are statically assigned 118.5

Alex Sage

@alex.olynyk said in Certbot:

we dont use DHCP. Clients are statically assigned 118.5

It just gets better, and better.....