Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Emergency: How to re-route network through other domain controller? 5

Status
Not open for further replies.

1LUV1T

IS-IT--Management
Nov 6, 2006
231
US
Hey all, i'm in a pickle here... I have two domain controllers on my Windows network. Server A is Windows 2000 and Server B is Windows 2003. Over the weekend Server A (Win2000) crashed. Now, it is taking users an unusually long time to authenticate to network and Internet traffic is intermittent. I checked on the cause using 'gpresult' and find that my Domain Type is: Windows 2000 and overall it seems that Server B (Win2000) is regarded as the 'primary' DC. Furthermore, Internet traffic is intermittent. Although I removed DNS 2 (which listed Server B) and left DNS 1 (Server A), web browsing is still an issue. Any advice?

Thank you in advance.
 
Okay, you're in a panic - I'm not sure which server is which... let me try to clean it up:

Server A (Andy) is running Win2000, and it crashed.
Server B (Brenda) is running Win2003, and is working fine.

The network is running at the Win2000 functional level.

DNS was running on Andy and Brenda, and they were both DCs.

Web browsing and Internet functionality is poor.

Hope I got all that right.......

It sounds like the DNS requests are being sent to Andy first, timing out, then being sent to Brenda (the secondary DNS server). Although both Andy and Brenda are DCs, they are still DNS servers, with all the baggage that comes with it.

Here's what you can try:

* Check DHCP and make sure all references to Andy are gone - point all DNS requests to Brenda only. You may need to remove the DHCP leases on your DHCP server, and refresh the clients in order to get it to work properly.
* Check Brenda's DNS settings, and make sure it does not point to Andy at all. This includes both the DNS server and the NIC settings.
* Check the network speed itself, just to rule out any other issues. Run a ping test to 8.8.8.8 (Google's DNS server) as a baseline, and test internal/external IPs and DNS entries.
* Try using nslookup to check for DNS responsiveness against another DNS server (8.8.8.8)

Hope that points you in the right direction....

Mike Molenda - TAC Analyst

RSA Corp - Houston, TX
Technical Assistance Center
 
In rsacorp's words:
"Server A (Andy) is running Win2000, and it crashed.
Server B (Brenda) is running Win2003, and is working fine.
The network is running at the Win2000 functional level.
DNS was running on Andy and Brenda, and they were both DCs.
Web browsing and Internet functionality is poor.

It sounds like the DNS requests are being sent to Andy first, timing out, then being sent to Brenda (the secondary DNS server). Although both Andy and Brenda are DCs, they are still DNS servers, with all the baggage that comes with it."

This is my exact situation, so thanks for clarifying.


This seems to be the scenario: All users are setup with the DNS server of Andy and Brenda. If I remove reference to Andy in workstation's TCP/IP properties, then the workstations still point to Brenda. But since Brenda is a DNS Server/Domain Controller that replicates with Andy, then that is why the timeouts still take place, correct?

In other words, I think I've pinpointed my problem to be in the DNS Management portion of Win2003 DC (Brenda). Looking in the Forward Lookup Zones, there are equal amount of entries for Andy and Brenda. Since Andy is down for the moment, I need to figure out how to remove all references to Andy for the time being.
 
No. If both Andy and Brenda are DCs, and Andy is offline, as long as machines point to Brenda, you should be good.

Do not remove references in DNS to the offline DC.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
@58sniper, I understand what you're saying but how do you explain the intermittent connection issues that persist? Specifically, I removed references to DNS 2 (Andy) in TCP/IP properties on workstations. I removed references to DNS 2 (Andy) in network router. I removed references to DNS 2 (Andy) on Brenda's TCP/IP properties in Windows 2003. Yet, all my users are still experience intermittent connection problems. Sometimes, browsing to yahoo.com will not load, other times the site will. That means that they are still being routed through Andy and Brenda somehow, even though Andy is completely offline. What can I do to stop pointing @Andy?
 
No - it means nothing like that.

If you have a workstation who's DHCP properties configure it to use DNS from Brenda (the good DNS server), then the fact that there are pointers in AD are irrelevant.

If a workstation is logged in, and the DC it connected to is Brenda (from a command prompt, type "set" and see what the logon server is), then look at Brenda, make sure that it's pointing to itself for DNS, and that you correctly have forwards configured in DNS to look at your ISP's DNS servers.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
@58sniper... Ok typing 'set' I see that the logon server is Andy and not Brenda. In fact, the underlying issue in all these problems (slow domain login, intermittent connections) seems to be that the logonserver = andy (windows 2000) and not brenda (windows 2003). So what is my next step?

(thanks for the help)
 
My entire network has been offline/unplugged the entire weekend (emergency building power shut off). Last night, I came in to turn on ONLY the servers. All turned on except DC Andy. This morning, all the workstations were turned on by the employees while DC Andy was completely shut off (blown power supply). So there was no way that Andy was on while logons were taking place YET all the workstations have intermittent connection problems connecting to the web (Outlook, Remote desktop, network files are not effected). Just browsing Internet and slow logon.
 
From one of the machines that says the logon server is Andy, try to ping both \\andy and \\yourdomain and see where those resolve to.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
so here is the issue that persists;
Internet (only) browsing is intermittent. Sometimes webpages load, sometimes they do not. Everything else such as Outlook is connected to an outside Exchange server and all network files are readily available.

I already rebooted the router, removed any mentions of DNS 2 (Andy) from DC Brenda and all workstations on domain. Typing 'set' shows Brenda as DC now. Still, some websites load while others do not for everyone which makes me think that something, somewhere is pointing to Andy which has been offline for the last few days.
 
I already cleared ARP and flushdns on Brenda, problem with browsing persists. Ran a dcdiag test on Brenda and received this;

Running enterprise tests on : MYDOMAIN.COM
Starting test: Intersite
......................... MYDOMAIN.COM passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
A Good Time Server could not be located.
......................... MYDOMAIN.COM failed test FsmoCheck
 
If all of your servers are withing 5 minutes of each other, that's not that big of a deal right now. How long before the original DC is back online?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
OK.
I have to wait on HP support. It's costing me an arm and a leg to get next-business support on site assistance + parts (Andy is an old server). It will probably be up by Wednesday at the latest. But I just wish I could figure out what the heck is going on?
 
No longer relevant because the issue persists even when the logon server is Brenda. Granted,it probably would be a good test for another time, but right now, priority is to figure out whats causing intermittent connection issues.
 
Does "brenda" hold all FSMO roles.
Is it a GC server.


MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP
 
This issue was resolved.
Here is the recap and solution;
Andy went down which left Brenda for domain name resolutions. Yet all the workstations were unable to browse the web most of the time, although, some times websites would load. Turns out, Brenda had the wrong forwarders set in DNS management. I was not the original IT guy to setup the DNS server and wasn't comfortable mucking around in Forward Lookup Zones so I didn't double-check the settings. Once I removed forwarders (which were invalid), Brenda started acting like the good DNS server that she should be :)

FYI, as I later found out, forwarders usually have the ISPs DNS but its not a requirement so that is why I left it blank going forward.
 
If you dont have forwarders assigned it will resort to root hints which could be slower than your ISP DNS servers. I would put the correct ISP DNS servers in as forwarders and not rely on root hints. Just my opinion.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top