Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

DNS Issues Windows Server 2012 R2

  • 22-07-2014 6:42pm
    #1
    Registered Users, Registered Users 2 Posts: 110 ✭✭


    Hi,

    I have a domain controller which is also a DNS server. There are no other DC's or DNS servers on the network. I am having a problem with machines taking 15mins to logon and I have traced this back to a DNS problem on the server. This server has only been installed a week. In the TCP IP Configuration of the NIC i have set the Primary DNS to 192.168.0.100 the servers own IP. The machine has two nic's one of which I have disabled at the min to see if that helps solve this problem.

    In event viewer I'm seeing

    Event 4015
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

    Event 4013
    The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

    Dcdiag /test:D NS

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = Server
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\SERVER
    Starting test: Connectivity
    ......................... SERVER passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\SERVER

    Starting test: DNS

    DNS Tests are running and not hung. Please wait a few minutes...
    ......................... SERVER passed test DNS

    Running partition tests on : ForestDnsZones

    Running partition tests on : DomainDnsZones

    Running partition tests on : Schema

    Running partition tests on : Configuration

    Running partition tests on : MPM

    Running enterprise tests on : MPM.local
    Starting test: DNS
    Summary of test results for DNS servers used by the above domain
    controllers:

    DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

    DNS server: 2001:500:2::c (c.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

    DNS server: 2001:500:2d::D (d.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::D

    DNS server: 2001:500:2f::f (f.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

    DNS server: 2001:500:3::42 (l.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

    DNS server: 2001:500:84::b (b.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

    DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

    DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

    DNS server: 2001:7fd::1 (k.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

    DNS server: 2001:7fe::53 (i.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

    DNS server: 2001:D c3::35 (m.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:D c3::35

    ......................... MPM.local passed test DNS
    Tagged:


Comments

  • Registered Users, Registered Users 2 Posts: 6,163 ✭✭✭ZENER


    Has the disabled NIC got anything connected to it ? Is it possible that RRAS is installed and the machine is also a router for your network ?

    Are the clients getting their IP configurations from this server via DHCP or from another DHCP server in perhaps a ADSL router ? In the DNS tool > forward zones are there records of your clients in the list ? If the server is offering out DHCP then DNS should register the clients making it possible to ping the clients by name, can you do this ?

    Forgive the basic questions but connectivity is probably the best place to start.

    In the Server Manager > Tools > DHCP settings is the DHCP server showing Authorised and active ?
    Ken


  • Registered Users, Registered Users 2 Posts: 110 ✭✭amallon


    The disabled NIC hasn't anything connected. I had routing and remote access installed but I removed the role. The server isn't doing DHCP, the broadband router is providing DHCP. Yes all the PC's are listed in forward zones.

    Today I have noticed event 5781

    Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.MPM.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

    Possible causes of failure include:
    - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
    - Specified preferred and alternate DNS servers are not running
    - DNS server(s) primary for the records to be registered is not running
    - Preferred or alternate DNS servers are configured with wrong root hints
    - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

    USER ACTION
    Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.


  • Closed Accounts Posts: 1,837 ✭✭✭same ol sh1te


    Is the broadband router giving out the server ip as one and only Dns server in the dhcp leases, not the router ip?

    Edit, disregard, I didn't read your last post


  • Registered Users, Registered Users 2 Posts: 110 ✭✭amallon


    The Server has a static IP.


  • Registered Users, Registered Users 2 Posts: 357 ✭✭Ctrl Alt Del


    Is IPv6 enabled on the active NIC ?
    Is the active NIC listed as "primary" adapter in the advanced network properties ?
    Is the DNS listening to the live NIC,in the DNS interface properties?
    Can you telnet in the server IP addresss port 53 !?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 110 ✭✭amallon


    IPV6 is disabled on each network adapter
    The disabled adapter was top of the list. I replaced this with the connected NIC. I've restarted DNS but it doesn't seem to have helped. I might try a reboot to see if this makes any difference.
    DNS is listening on all adapaters
    I will get telnet installed on a workstation and check port 53


  • Registered Users, Registered Users 2 Posts: 6,163 ✭✭✭ZENER


    Have you edited the forward zones manually to add the clients A records ? How are the clients details getting into DNS on the server ?

    Dynamic Registration is performed when a DHCP server running in the domain provides an IP to an authorised client and then creates an "A" or "AAAA" record in the DNS Forward zone for that client. The failure mentioned in the last error event above might be to do with this.

    If your clients are getting addresses from a different (unauthorised) DHCP server then they won't be entered by the server into DNS. If you've entered them manually then those entries will become invalid each time a client restarts and gets possibly a different IP from the DHCP.

    Another thing, if your clients are getting their IP settings from the broadband router then won't they be getting the routers IP as DNS and DGW which will forward to the ISPs DNS for resolution of addresses outside your network ? When they try to logon to AD they'll be using the routers DNS.

    Some of the errors you've mentioned suggest that the server is forwarding DNS to another server, i.e. the router.

    Enabling DHCP on the Server and connecting your router to the enabled second NIC with routing enabled would be a better solution here. AD won't work without DNS.

    Ken


  • Registered Users, Registered Users 2 Posts: 110 ✭✭amallon


    Thanks for the reply. I disabled DHCP on the router and added the role to the server. I set all workstations to obtain automatically. Still having the problem. I haven't tried connecting the router to the second NIC, the router is just connected to the network switch. In forward lookup zones all the workstations are listed with their correct IP's as assigned by DHCP.

    In eventviewer I'm also getting

    Unable to update the IP address on Isatap interface isatap.{877B4FC8-C2FA-49BA-9038-637D3A184AE5}. Update Type: 1. Error Code: 0x490.


  • Registered Users, Registered Users 2 Posts: 110 ✭✭amallon


    Ok got to the source of the problem. Its was the antivirus I had installed on the server. I hadn't configured exclusions as documented here http://support.microsoft.com/kb/822158


Advertisement