Possible DNS configuration error.

[jshepherd]

We have a small number of W2K servers running various applications and all workstations are running XP Pro. Two of our Servers are AD while the others, although in the same domain, are just stand along servers.

Originally we had only one AD server and the plan was to add a second for domain resilience when we implemented Exchange 2K3. This has been done now and Exchange 2K3 sits on a second AD server and all works well until I bring the original AD Server offline for maintenance or restarts. When this happens all workstations lose communication with Exchange.

I can’t seem to find out why. DNS appears fine on both AD servers and all workstations are configured via DHCP to use both AD servers for DNS lookups. The added problem is that it’s far from easy to test things when I make any configuration change because it means brining offline our original AD server which runs too many vital services for users.

I have exhausted my ability to resolve this problem and hope someone out there can help.

 

[wdoellefeld]

Hi jshepherd,

Your noticing this only happening with exchange or are other things such as access to shares on other servers also affected?

How is DNS configured on the orginal and added domain controllers? Do the configurations between the two match?



FRCP

http://www.frcp.net

 

[jshepherd]

I can't test it at the moment but I'm pretty sure it also affects other services from other servers too.

I don't know too much about this area, but the DNS on both servers as an integrated AD DNS service so it's meant to replicate between the two AD servers and add resilience. The second DNS list is identical to the first and if I make any changes to either, it's replicated without any problems.

 

[aftertaf]

try nslookup and test both servers separately.
get your 2nd server to reply to queries you test it with via nslookup.

what you could try doing, without necessarily killing your whole network, it stopping the dns service on your first sevrer and seeing if the 2nd one is resolving queries.



Aftertaf
__________________
squiggle squiggle

 

[jshepherd]

By stopping both the DNS Client and DNS Server services on the original AD server I can still ping DNS names and get the correct IP resolution. So the second DNS server must be working correctly, unless my workstation has cached the details.

I don't know how to use nslookup correctly. When I use this command I seem to get strange results but that's probably my lack of understanding for the command.

Any nslookup examples I should try?

 

[pavloc30]

go to a cmd prompt and type "nslookup" you will get back you default server details and the cmd prompt will change as you are noe in NSLOOKUP "mode" type ? for all the options. As below - the server cmd will let you set the server to do the NSLOOKUP on meaning you can test each server with out stopping any of the services.
output of ? follows.
> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X - same as type
class=X - set query class (ex. IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program

 

[aftertaf]

take you server's names.
lets say server1.mydomain.local & server2.mydomain.local

you type nslookup on your workstation.
then type server server1.mydomain.local
-or-
server2.mydomain.local

this will make you use the specified server to run your dns tests with.

then you type whateverPCinmydomain.mydomain.local
see if both are resolving...
however, seeing as when you stop DNS on one, it works still means that local resolution may not be a problem.

1st thing to check!!!
Make sure your new DC is a global catalog
(check in sites & services)

2nd thing:
get hold of info regarding any FSMO roles exch2003 needs to have available at all times to work (more of a long shot...)


What exactly goes haywire when the 1st DC is down?
name different servers and their roles, the software they have running that misbehaves...


Aftertaf
__________________
squiggle squiggle

 

[jshepherd]

I flushed the DNS on my workstation and ran nslookup on both AD servers.

When I first run nslookup, I get the following:

*** Can’t find server name for address xxx.xxx.xxx.xxx (1st server ip address): Non-existent domain
*** Can’t find server name for address xxx.xxx.xxx.xxx(2nd server ip address): Non-existent domain
*** Default servers are not available
Default Server: Unknown
Adress: correct ip address for 1st AD server.


Result from first AD server:

1st line: Server: Unknown
2nd line: correct IP address
3rd line: correct full DNS name.domain.co.uk
4th line: correct IP address

Result from second AD server:

1st line: Server: Unknown
2nd line: correct IP address
3rd line: DNS request timed out.
4th line: timeout was two seconds
5th line: *** Request to pcname.domain.co.uk timed-out


The 2nd AD server wasn’t selected for global catalog. I’ve done this but I’m not sure what this feature actually does.

 

[aftertaf]

exch2003 might need a global catalog server available...
however, that it dies on you when one isnt, it a bit harsh though not entirely surprising from and MS-is-the-best point of view...

can you give us the results of your ipconfig /all on both servers and of your workstation...
david

Aftertaf
__________________
squiggle squiggle

 

[wdoellefeld]

Exchange definitely needs a global catalog online at all times, and that could be related to the OHTER issues you are seeing when DC1 is offline.

Sounds like you enabled DC2 to be a global catalog as well which is absolutley what you want to do. Without it there is no redundancy on the core services the DC provides.

After some replication look in ESM to make sure Exchange recognizes the presence of another global catalog server. It should auto detect it by default but the setting can be changed. You can add it if it is not listed.

Global catalog does quite a few things, look here to read them all.

http://www.microsoft.com/resources/.../2003/all/techref/en-us/w2k3tr_gcatg_what.asp

Plainly and most importantly the global catalog (or GC) provides logon services for the organization, no one can log on without one.




FRCP

http://www.frcp.net