DNS help

[4ycr]

I am having trouble with 2 servers in one company.

About 2 weeks ago they lost connectivity and their main server server 1 through a good few error. I got them up and running but it seems to be failing every day and I can't figure out why but I know it is something to do with DNS.

Can I delete their existing DNS server and start again?

I have ran DC diag and netdiag from the server but get no errors. I got some errors when I started but I first started but I fixed those. can't remember what they are now. I have attached recent logs from both tests

The only errors I get from the server are netbios for the conflicting names but it has 2 NIC on the same network.

The only error I get on their exchange server is for not having an SSL certificate. They do have one, I installed it but yesterday I noticed it had a red X on it and says

The Certificate is invalid for exchange server useage

This is an exchange cert that was working. If you use OWA the browser shows the Cert just fine (it's from Godaddy) and no one get any cert errors in outlook.

Today they call and say one person can get the internet radio but the rest can and no one can access the internet but I can remote access in to both servers just fine.
If anyone knows any other tests for DNS or anything I should try. Like I said above I am thinking of starting DNS from scratch, if it can be done.

Also does having a _msdcs in a separate folder make any difference in a single domain system?

 

[karloz]

Have you checked out any of the client machines DNS settings? NSLOOKUP etc. Just to make sure they are pointing at the correct DNS servers on your network.

Also, are your sure there isn't some rogue device with a DHCP server turned on plugged into the network somewhere?

The Server end may actually be fine, it might be the client side where the issue is.

 

[4ycr]

The internet is not working from the server but I can still remote access in.

 

[YeOldeStonecat]

OK so your TCP/IP settings on the servers appear to be OK, based on your zip file of logs.

What do you get in event viewer on each DC?
And what are the symptoms...in detail please.
When you say "lost connectivity"....in what way? Workstations could not access resources on the server? Or could not access the internet?
Did they (workstations) lose their IP lease?
When they did lose this connectivity....if they ping the server by netbios/host name....do they get replies? If no...if they ping the server by IP address, do they get replies? Same thing with the internet...while they've lost this connectivity...if they ping an internet resource like www.google.com by name, do they get replies? If no...if they ping something like 208.67.222.222 by IP address..do they get replies? (that's one of OpenDNS's servers).

What steps do you take to resolve this? Don't go jump in and just reboot the servers. I'd restart the DNS server service on them. Or if DHCP is what tanks on the server...restart that.

Since it appears you have 2x DCs on this network...what is your DHCP properties given out to the workstations?

Since you do have 2x DCs...if you go into AD Sites 'n Services..and replicate between the two DCs...appear successful? Check event logs after that?

 

[4ycr]

Hi YeOldeStonecat

The workstations and servers could not connect to the internet. In a browser you could get google.com but I think that is because it is cached. you can search and it brings back results but as soon as you try to click on a link it timed out.

Everything internal seemed to work as no one complained about that. Also you could not get OWA externally.

Their database designer uses logmein and that said it had no internet connection either.

This is the only DC (should I upgrade the exchange server to a DC?).

The workstations all showed on my remote access panel and I was able to renew it's lease with no problems

Errors

A duplicate name has been detected on the TCP network.

But I think this is because of the 2 network nic's on the same network but his has never stopped it before.

one warning

Dynamic registration or deregistration of one or more DNS records failed with the following error: 
No DNS servers configured for local system.

DomainDNSZones points to itself

Ipconfig /all shows DNS server

 

[YeOldeStonecat]

Question...you mention the server has 2x network cards...are they on the same network? Or are you multi-homing it...external and internal?

Antivirus on this server...have you excluded the DNS directory and all the other DC exclusions and file types? (see my thread about antivirus exclusions on a server).

In DNS MMC....forwarders, what do you have set for forwarders?

You said the workstations can't get to the internet....but what about the server itself...when this outage happens?

Broadcom NICs?

I won't focus on Exchange OWA yet...that could be an entirely different issue.

 

[karloz]

+1 for checking forwarders

 

[4ycr]

both are on the same network
The server itself cannot get on the internet
Compaq NC3162 Nic & Linksys EG1064 Nic
Antivirus is MAV from GFI, Vipre

After some more testing it seems more like port 80 is blocked.

Ping & tracert works for Cisco.com but the internet doesn't
No proxies are configured
I didn't have any forwarders but I have tried google's 8.8.8.8 but it still does not work.

 

[karloz]

What's the edge device on the network there?

 

[YeOldeStonecat]

both are on the same network

I would expect problems here unless you have them specifically setup in "teaming". (I'm talking about your DC here)

But if they're both setup standard....you'll end up with multiple records for the same host name...and DNS will get its panties in a bind. Server and Workstation services will have a traffic jam with those.

For single IP range networks (my typical setup for a small business....class C in size, same IP range, hide the whole network behind a NAT router)...when I'm building and deploying a server, I disable the 2nd NIC in device mangler. And then do DCPROMO and all that stuff. However since this one is after the case, I'd dig into which NIC has the most DC and infrastructure related services bound to it...and disable the 2nd NIC in Device Mangler. The remaining primary NIC should have all static entries..and ensure that DNS and DHCP and all other infrastructure related services are bound to it.

As for the Exchange box....I don't want to tear into that one yet if it has multiple NICs....need much more info on that one, although I still just do them single homed.

 

[4ycr]

thanks I will try that. Also I can get a web address through it's IP address so DNS looks like the problem

 

[4ycr]

well it's still not working and I don't know what else to try.

Thanks for the help

 

[YeOldeStonecat]

Event Viewer since then?

 

[karloz]

Do the root hints look OK? i.e do they exist?

 

[4ycr]

Got to the bottom of it, it was not the server but the broadband.

BT messed up their profile to stop it working (late payment) BT never told them they were halting the service either and all their phones still worked (same company and bill)

Anyway The server could ping and tracert to anywhere I wanted. the DNS tests simple and recursive worked fine. typing the IP address of a server into a browser also worked. Team viewer and screen connect worked but that was it.

Nothing else could connect including GFI Max

Thanks for the help everyone now to de-stress somewhere

 

[YeOldeStonecat]

If no...if they ping the server by IP address, do they get replies? Same thing with the internet...while they've lost this connectivity...if they ping an internet resource like www.google.com by name, do they get replies? If no...if they ping something like 208.67.222.222 by IP address..do they get replies? (that's one of OpenDNS's servers).

Ahh...see my earlier reply...pinging external resouces by IP...would have narrowed things down much earlier. In reviewing your replies...I don't see where you got to that test.

 

[Choppie]

both are on the same network
The server itself cannot get on the internet
Compaq NC3162 Nic & Linksys EG1064 Nic
Antivirus is MAV from GFI, Vipre

After some more testing it seems more like port 80 is blocked.

Ping & tracert works for Cisco.com but the internet doesn't
No proxies are configured
I didn't have any forwarders but I have tried google's 8.8.8.8 but it still does not work.

I am a complete newbee in this area, just reporting my 2cents in...

Have you got any Cisco Linksys V4200 Routers in there anywhere. There is a big stink going on regarding Cisco (without asking anyone) flashing the firmware and locking everyone out of the settings with no option other than setting up a cloud account to manage the router...pretty nasty stuff...