is this a DNS Problem???

[astull]

we have two DC's at this site. DC 1 is configured for AD integrated DNS, this one seems to be pretty accurate. However DC 2 says it is not configured as a DNS server. but why can i see the exact same zones that are on the DC 1? Secondly, why are some of the IP's different between the DC's. for instance on DC 1 it might say that computer BOB has ip 192.168.3.25. well if i look on DC 2 it might say that computer BOB has IP 192.168.3.56. It is completely sporadic, no rhyme or reason, sometimes they are exactly in sync and other times there are a few differences.

The way i discovered this is through our backups. We run Veritas backup, but we use a perl script to dynamically fullback and diffback client desktops/laptops. One day i noticed that the script was not picking up some of the clients admin share's correctly. In fact it misses all admin shares on one PC. Come to find out that its looking at the wrong IP. makes sense right? DNS is pointing veritas to a wrong ip? BTW our backups are running on DC 2, the one not configured for DNS!

A second problem we have on backups is that the perl script does not pull the netbios name from the PC correctly. its almost as if DNS is not associating the PC BOB with its FQDN BOB.COMPANYNAME.LOCAL could this be DNS also?

another possibly related problem is that if we pull a laptop from the docking station, and replace it with another laptop, GET THIS... we can ping both laptops and they both have the same IP address!! what is going on?

I guess my final question is, should i configure the DC 2, and how should i do this.

thanks for your help!!

 

[GlenJohnson]

1)Check event logs
2)You running dhcp?
3)Ipconfig /all on the servers and compare them
3)route print on both and compare
4)Have they ever replicated?
Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[astull]

Event logs look good, however i did find something interesting.....this is from DC 2 DNS log, from about a year and a half ago...

"The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. "

does this mean that DC 2 is configured?

yes we are running DHCP it is on DC 1

IP configs are identical on the 2 machines except each one is pointing to themselves for DNS.

I did a route print on both but im not sure what im looking for, there is one extra line in DC 1, an outside ip of some sort.

yes they replicate, we have 3 other sites that also replicate with our site ... i found this event

"The File Replication Service has enabled replication from DC 2 to DC 1 for d:\winnt.srv\sysvol\domain after repeated retries. " this message occurred right after the servers crashed because of a power outage about a month ago.

 

[GlenJohnson]

The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code
Look into this, ad and dns go hand in hand. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[astull]

Actually i only received this message once, and that was 18 months ago, about the same time the servers were installed.

i just included that because it infers that the DNS server for DC 2 is configured. but when i look at the DNS admin tool it says it is not configured. (if you right click on the server it gives the option to configure this server). on DC 1 it does not give this option.

i just have this hunch that DC 2 has never been configured for DNS becaus our site is the only one with 2 DC's. So i will probably have to run through the DNS wizard to configure it.

 

[Sidus]

Did you do a crosscheck of you DNS server settings on each machine?

Off the top of my head it sounds like the AD domain zone on DC1 is an AD integrated zone configured for dynamic updates and the zone on DC2 is a Standard Primary not configured for dynamic or vice versa.

Does the zone on DC1 know about DC2?

Give me a more accurate picture of your zones. My reccomendation for AD zones is (2 DC Example):

DC1 - Active Directory Integrated zone with dynamic updates and the default 15min TTL.

DC2 - Standard Secondary zone replicating from DC1

Doublecheck that DC1 has both DC.bla.bla and DC2.bla.bla in the nameservers tab, and that allow zone transfer to servers listed in the nameservers tab is selected in the Zone Transfers tab. Also set notify to "Servers Listed in Nameservers Tab".

-Sidus

 

[astull]

just a little info about our zones:

we run both forward and reverse.
Forward zones are broken down into different domains (including our own) that we are affiliated with.
Reverse Zones are broken down by subnet (just for our domain). The subnets are also the different physical sites of our company. there are 6 subnets listed in the zones, but 2 of our sites are currently down (only servers listed in that zone).

As i have said before, both DC's have the same exact zones.

comparing the setup of the servers (the properties sheet of a zone) i see that both servers are of type "Active directory integrated." The aging on both is set for 7 days (no-refresh and refresh intervals).

Under the SOA tab ( dont know if this means anything) DC1 had a SN of 1391, but DC2 had a SN of 8? I just checked it again and DC2 now has a SN of 1395? This is interesting, as the primary server, each has its self listed respectively. refresh interval 15 min. Min TTL is (0:1:0:0).

all of the servers from all active sites are listed in the name servers tab for both DC's.

Currently zone transfers are unchecked for both DC's. If i were to turn this on what would it do for me?

 

[Sidus]

SOA is Start of Authority. Start of Authority simply put is the server where the zone originates. The SN is essentially zone versioning. Ever time a zone is changed the SN increments by one. Then when refreshes occur across the name servers the SNs are compared and the zone with the highest SN replicates info to all of the other name servers. You may have noticed that your standard zones do not have this feature. This is because the SN system only exists for AD zones that have no true primary or secondary and can be updated from any hosting name server. It ensures that changes on all host name servers is disseminated.

As for zone transfers, if all you host are AD zones, zone transfers won't do anything for you. If you host standard zones you will have to allow zone transfers on any zone you wish to second on another server. I try to have a standard secondary copy of my AD zones in case I lose the AD zone. In this case I can set the secondary to primary, transfer it back to my main name server and the set the secondary zone to an AD zone, replacing my lost AD zone.

Just curious, are any of your name servers multi-homed, and if yes, did you check to see that they are listening on the correct interfaces?

 

[astull]

no, none are multihomed. they do however have 2 NIC's but we are only using one. The second card is for redundancy, and also speed. the internal card was only 10Mbit.