Re: Scavenging question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Pete (sistemas_at_aspro-ocio.es)
Date: 04/16/04 

Date: Fri, 16 Apr 2004 09:22:14 +0200

Herb,

Thank you so much for your good advice.

The DCs in Madrid pont to themselves for DNS and use forwarders for Internet
use. Clients recieve all DNS information via DHCP so in that way XP clients
and Win2k clients use the same configuration yet behave dfiferently. This is
what puzzles me.

NSLOOKUPs funtion as they should on all clients once they get logged on.

I inherited this setup and so what was done to the default domain policy is
still a mystery. But my gut is telling me this is the real problem I have a
Microsoft tool that sets the default domain GPO back to its original setting
but have never heard of anyone using it before. It is called DCGPOFIX. Ever
heard of it? Sounds too good to be true and God knows what it might do.

You mentioned DCpromo cycling my two DCs here. What do you mean by that? You
mean like in the NT days when you promoted and demoted DCs? Wouldn´t they
always grab a copy of AD from another DC anyway?

As soon as I get a hub I will do my packet capture and let you now how this
all pans out.

All the best,

Pedro

"Herb Martin" <news@LearnQuick.com> wrote in message
news:uYMaHn2IEHA.2988@TK2MSFTNGP12.phx.gbl...
> "Pete" <sistemas@aspro-ocio.es> wrote in message
> news:#rTnGytIEHA.3512@TK2MSFTNGP10.phx.gbl...
> > Herb,
> >
> > Thank you for your help. I have confirmed that:
> >
> > 1) DNS is dynamic
> > 2) All DNS servers are replicating
> > 3) All clients specify ONLY the internal (dynamic) DNS servers on their
> NIC
> > properties.
>
> Clients include DCs, right? (ALL have ONLY the internal DNS.)
>
> Double check any machines with two NICs (sometimes DHCP or someone
> puts a wrong value there.)
>
> > I have since disabled scavenging because the XP clients that are shut
off
> > for more than a day (which is the TTL for DNS correct?)
>
> First, the TTL for DNS is settable on each zone as a default and can
> be overwritten by the DNS server on each resource record, but it has
> nothing to do with scavenging periods. It's about how long "others"
> should cache this zone's records..... (like other DNS servers and
> clients -- as of Win2000, clients do DNS caching too by default.)
>
> This also implies (but doesn't mean or prove) that you might have
> been making one of those mistakes with scavenging that concerned
> me -- default is 7 days "NO-refresh" PLUS 7 days "refresh" PLUS
> the scavenging "period" is 7 days so records usually get scavenged
> after 14+(0 to 7) days.
>
> You definitely don't want the clients getting scavenged between
> normal disappearances on the net with a reappearance. So set it
> longer than that if you ever use it again.
>
> > are still taking a very long time to log on.
> > Even after the cleaning up of the DNS database. So
>
> This is NOT related to a need to scavenge.
>
> Think about it, even with a LOT of records the DNS server probably
> caches the whole list anyway.
>
> What happens when you use NSLookup or another DNS test tool?
>
> Both implicitly (letting it pick the 'default' DNS server) and explicitly
> where you pick the "correct" or another DNS server...?
>
> If DNS is really the problem due to slow response you would need
> to add MORE SERVERS.
>
> (There are only about 13 backbone Internet serves -- the most
> heavily hit servers in the world in terms of REQUESTS (not data
> size) -- and they do just fine. They're really HOT machines but
> the Internet is really big too.)
>
> > my next step will be to do a packet capture of a machine with the
problem
> > during login. Why would this only affect XP clients? Win2k clients have
no
> > problems.
>
> Sounds good. Most people wait TOO LONG before doing that.
>
> Why? I still think you have them pointed at the wrong or a misconfigured
> DNS server (really.)
>
> > I ran DCdiag on the two domain controllers in the Madrid offices (where
we
> > are having problems). Here is the error on the first one:
> >
>
> The one's that worry me are the Sysvol ones -- that might account
> for slow logons if the GPOs cannot be fetched. You might have
> to "DCPromo cycle" that DC if you cannot fix it.
>
> Those LaserJet errors are likely irrelevant, but you should maybe
> LOOK at the System, DNS, and AD logs on each DC or DNS
> server.
>
> Also a LOT of GPOs (more than 10) will make logon slow.
> Also a GPO that installs software (or tries to) each time.
>
> --
> Herb Martin
> >
> > There are errors after the SYSVOL has been shared.
> > The SYSVOL can prevent the AD from starting.
> > ......................... MADAODC01 passed test frssysvol
> > Starting test: systemlog
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 04/15/2004 13:19:28
> > Event String: Driver HP LaserJet 1200 Series PCL 6 required for
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 04/15/2004 13:19:28
> > Event String: The printer could not be installed.
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 04/15/2004 13:19:29
> > Event String: Driver Xerox WorkCentre 24 PCL 6 required for
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 04/15/2004 13:19:29
> > Event String: The printer could not be installed.
> > ......................... MADAODC01 failed test systemlog
> >
> > and this on the other DC:
> >
> >
> > Starting test: systemlog
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 04/15/2004 13:22:21
> > Event String: Driver HP LaserJet 1200 Series PCL 6 required for
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 04/15/2004 13:22:21
> > Event String: The printer could not be installed.
> > An Error Event occured. EventID: 0x00000457
> > Time Generated: 04/15/2004 13:22:23
> > Event String: Driver HP LaserJet 4050 Series PCL 6 required for
> > An Error Event occured. EventID: 0x00000452
> > Time Generated: 04/15/2004 13:22:23
> > Event String: The printer could not be installed.
> > ......................... MADRID2AS failed test systemlog
> >
> >
> > Other than that they passed all the other tests.This is driving me nuts
> but
> > I really appreciate your help.
> >
> >
> > Pedro
> >
> >
>
>

Relevant Pages

  • Re: Can I Round Robin DCs?
    ... To make sure that everything is setup correctly rin dcdiag and netdiag on ... Assuming that both DCs are also DNS servers, ... clients have them both in NIC DNS settings. ... DCs in the clients site. ...
    (microsoft.public.windows.server.dns)
  • Re: NTDS Replication Event ID 1083/1955
    ... PASS - All the DNS entries for DC are registered on DNS server ... '10.96.1.41' and other DCs also have some of the names registered. ... List of NetBt transports currently bound to the Redir ...
    (microsoft.public.windows.server.active_directory)
  • Re: Correct hosts for _msdcs?
    ... There are currently 3 DCs and 2 DNS Servers in the network. ... The DNS server has encountered a critical error from the Active Directory. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS dfs issue
    ... You say that some clients are OK. ... The domain controllers for SiteA are named: ... No matter which dns server I use on clientB1 its %logonserver% is always ...
    (microsoft.public.windows.server.dns)
  • Re: newbie lost in trying to setup NAT
    ... That is what you have DHCP for. ... You set the clients to obtain an IP ... address automatically and to obtain their DNS server automatically. ...
    (microsoft.public.windows.server.networking)