Re: NS and domain A record affecting AD
- From: Recovery Needed <RecoveryNeeded@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 06:13:03 -0700
Clients are pointing to the local dc for both WINS and DNS, and ALL IP
subnets that we use are properly added and attached to our site in AD/Sites
and Services.
"Recovery Needed" wrote:
Thanks for the reply,.
Maybe i wasn't very clear. This is part of an Int'l domain. our company is
one site in AD, and we have one DC. there are a lot other sites and domains.
Our AD domain is a child domain, child.company.org.
our dc is dc11.child.company.org.
dc11.child.company.org resolves fine on all DNS servers. it registers it's
hostname/gc/dc/ldap in DNS fine, AD replication is also OK, Group Policy is
also replicating fine.
My concern is that child.company.org in nslookup resolves to about five IP
addresses, all those IP's are for remote Domain Contollers.
Could that be the cause for slow logons, are there other known issues with
the domain name not resolving to a local IP address (of the local DC).
"Paul Bergson" wrote:
Well there should be concern if the remote machines can't replicate AD or
the sysvol. Any errors should be resolved.
If a client can't resolve a local DC name then you probably have dns
problems.
If the remote dc's are on a slow link you may not even get your gpo's
applied.
After a user that has a slow authentication key the following from a command
prompt:
set logonserver
This will provide you with the DC the user authenticated to.
Do you have sites and services defined with ip subnets defined for each
site?
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Recovery Needed" <RecoveryNeeded@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:FCE88D9C-4145-46D7-A76B-9052995273E6@xxxxxxxxxxxxxxxx
Hi,
i ran the tests,
i got some errors in dcdiag when testing two of the remote DC's that our
site does not have direct communication with, (routing or replication) so
i
don's see those as a big concern or cuase for alarm. everything else in
dcdiag checked out ok.
netdiag was ok, except for this WINS related error (on a teamed network
card, with only one card active)
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger
Service', <20> 'WINS' names is missing.
My question re-phrased: If local clients can not resolve AD domain name to
the IP address of the local DC, does it cause any issues, slow logons, or
having to connect to remote DC's to get and apply group policies.
any insight would be greatly appreciated.
"Paul Bergson" wrote:
If you decide you want to place this post in two Newsgroups seperate the
groups via a semi-colon and place both in the Newgroups field.
This is probably something that you have already covered but have you
loaded the DNS service on this DC?
Run diagnostics against your Active Directory domain.
If you don't have the tools installed, install them from your server
install
disk.
d:\support\tools\setup.exe
Run dcdiag and netdiag in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log
If you download a gui script I wrote it should be simple to set and run.
It
also has the option to run individual tests without having to learn all
the
switch options. The details will be output in notepad text files that
pop
up automagically.
The script is located in the download section on my website at
http://www.pbbergs.com
Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Recovery Needed" <RecoveryNeeded@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:023698D7-A21F-4BA2-BC83-55DC338DC9D6@xxxxxxxxxxxxxxxx
Hi,
We are expeiencing slow logon time, after our domain was upgraded to
Win
2003 R2.
My troubleshooting has led me to see that our new DC is not registered
as
a
NS, and it's not registering it IP address to the fqdn of the domain.
However
it is registering everything else (gc, dc, all other srv records).
while
other 2003 R2 DC's are registering. (so that if i ping the domain name,
i
resolve other dc's but not the new DC)
A consultant said that is best practice to hide the server, however I
believe that clients are resolving the domain name to remote IP's of
other
non local Domain Controllers (over VPN) and having to read Group Policy
from
remote DC's.
Is my reasoning sound, or is the consultant right?
Basically if DNS doesn't resolve the AD domain name to a local DC, but
to
remote DC's does that cause slow logons for clients to apply Group
Policy.
I might double post this to DNS group as well, sorry about that, but
it's
truely a double issue i think.
Thank you.
- References:
- Re: NS and domain A record affecting AD
- From: Paul Bergson
- Re: NS and domain A record affecting AD
- From: Recovery Needed
- Re: NS and domain A record affecting AD
- From: Paul Bergson
- Re: NS and domain A record affecting AD
- From: Recovery Needed
- Re: NS and domain A record affecting AD
- Prev by Date: Re: NS and domain A record affecting AD
- Next by Date: Re: Event ID 5807 / Netlogon
- Previous by thread: Re: NS and domain A record affecting AD
- Next by thread: Re: group policies not applied
- Index(es):
Relevant Pages
|
Loading
