Re: sys vol check

---

• From: Scott Sendelbach <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 29 Aug 2006 10:57:02 -0700

---

I modified the forwarders tab on the DNS AD list like the intructions listed,
and then I changed the DNS servers list on all three DNS server to point to
each other rather then the ISP DNS servers.

When I got in this morning, no one was able to log on and see the network. I
had to undo everything I did yesterday afternoon and it seems to be working
fine now.

I am not sure what I did wrong. I followed the instructions listed in the
microsoft link you sent me earlier.

"Jorge Silva" wrote:

how?

The DNS server should point to itself in NIC Preferred DNSserver.
The clients should use only their local DNSserver in ther NIC Preferred
DNSserver.

How clients and servers are configured now?

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:2016BC8A-6A8F-4113-9D34-C07E3DD73A3B@xxxxxxxxxxxxxxxx

I have done as you instructed and it crashed our network. No one is able to
log on this morning and see any local resources.

"Jorge Silva" wrote:

Inline

1. How do I know when it will be safe to remove them from the DHCP
device
that is handing out licenses?

- Remove what?
- If you're referring to network clients, make sure that each client only
uses their local DNS server, DON'T Place ISP DNS server on clients NIC
Preferred DNS or secondary.

2. Why don't I want the ISP DNS servers listed? We have a hard time
accessing the internet without them there.

Only local DNS servers should handle Internet name resolution, trust me,
you
don't want your clients and member servers trying to register on external
DNS servers, or trying to resolve public address in public domain,
remember,
the AD is DNS dependent and all clients need DNS resolution to reach AD
Servers,etc... That's why they must use only internal DNS servers, and,
if
the clients need Public resolution then internal DNS servers should
handle
that. You may think of internal DNS like something of this way...
Internal
DNS servers are maestros of Internal and External resolution... If the
clients need to access AD servers the Internal DNS provide the correct
address, if the clients need to access to public domain, the internal DNS
should also provide them the correct address. What would happen if you
configured ISP DNS servers on clients??? Well, First the ISP DNS Servers
don't allow your clients to register on their DNS servers, Second, the
ISP
DNS Servers don't know where your internal DCs are, Third, if your
clients
go outside trying to resolve DNS queries they're exposing to public
network
which represents security issues.

3. All three offices are serviced by COX, but each office has their own
ISP
DNS server addresses because of their geographic location. Will doing
this
step ruin the connection to the internet?

Why? If you have Internal DNS in each location (site), configure
Forwarding
in each DNS server to point to the correct ISP/DNS Server, you can even
increase security by point the Forwarding to router IPAddress.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:27A46733-6D06-4514-BAAC-2A15085686AA@xxxxxxxxxxxxxxxx

We have three different DNS servers, 1 in each office. I have modified
the
DNS FORWARDERS per your suggestion. I have several questions about
that.
1. How do I know when it will be safe to remove them from the DHCP
device
that is handing out licenses?

2. Why don't I want the ISP DNS servers listed? We have a hard time
accessing the internet without them there.

3. All three offices are serviced by COX, but each office has their own
ISP
DNS server addresses because of their geographic location. Will doing
this
step ruin the connection to the internet?


"Jorge Silva" wrote:

Hi

First remove the ISP DNS servers from your NIC configuration.
(68.2.16.30;68.1.208.30)
To resolve internet names configure Forwarding
http://support.microsoft.com/kb/323380/

Second sounds like your server isn't resolving the parent domain, to
solve
that make sure that your server can resolve the FQDN of the DCs at
Root
domain. You can configure Conditional forwarding, Secondary zones or
you
can
replicate the root DNS Zone at forest level. Attention the
_msdcs.domain.tld
contain information about Global catalog and other domain/forest
important
records and they only exist in parent (root) DNS server (this zone
contains
information that IS ONLY AVAILABLE IN THE ROOT), so is always a good
practice to replicate the root _msdcs.domain.tld across the forest.
How to Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain
http://support.microsoft.com/kb/255248/

Conditional Forwarding in Windows Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;304491

How to Delegate All Internet Top-Level Domains on an Internal Root DNS
Server

http://support.microsoft.com/default.aspx?scid=kb;en-us;294906&sd=RMVP






--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:94A1B9A9-6943-4A47-8CF3-ACA26F85AD86@xxxxxxxxxxxxxxxx

Here is the DCDIAG Test results. Yes this DC is a DNS server.

Doing initial required tests

Testing server: PHOENIX\ADMINSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
1ea9b77e-235f-470b-9dff-390786e1077d._msdcs.CORP.DLECINC.com c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
......................... ADMINSERVER failed test
Connectivity

Testing server: PHOENIX\SERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
857bd24b-6e5b-416f-9c15-912bd3767259._msdcs.CORP.DLECINC.com c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(857bd24b-6e5b-416f-9c15-912bd3767259._msdcs.CORP.DLECINC.com)
couldn't be resolved, the server name
(server.CORP.DLECINC.COM)
resolved to the IP address (192.168.168.5) and was pingable.
Check
that the IP address is registered correctly with the DNS
server.
......................... SERVER failed test Connectivity

Testing server: LASVEGAS\HENDERSON
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
480ce73a-6788-4c5b-9bd3-23978bf8245f._msdcs.CORP.DLECINC.com c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
......................... HENDERSON failed test Connectivity

Testing server: IRVINE\IRVINE
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
18633bd7-ee97-4eeb-a17b-a53a207df394._msdcs.CORP.DLECINC.com c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
......................... IRVINE failed test Connectivity

Testing server: PHOENIX\MESA
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
a0814bcc-59c0-4c09-9cc8-65b920bb9cad._msdcs.CORP.DLECINC.com c
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(a0814bcc-59c0-4c09-9cc8-65b920bb9cad._msdcs.CORP.DLECINC.com)
couldn't be resolved, the server name
(mesa.CORP.DLECINC.COM)
resolved
to the IP address (192.168.168.3) and was pingable. Check
that
the
IP
address is registered correctly with the DNS server.
......................... MESA failed test Connectivity

Doing primary tests

Testing server: PHOENIX\ADMINSERVER
Skipping all tests, because server ADMINSERVER is
not responding to directory service requests

Testing server: PHOENIX\SERVER
Skipping all tests, because server SERVER is
not responding to directory service requests

Testing server: LASVEGAS\HENDERSON
Skipping all tests, because server HENDERSON is
not responding to directory service requests

Testing server: IRVINE\IRVINE
Skipping all tests, because server IRVINE is
not responding to directory service requests

Testing server: PHOENIX\MESA
Skipping all tests, because server MESA is
not responding to directory service requests

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : Schema
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=CORP,DC=DLECINC,DC=com) we
encountered the following error retrieving the
cross-ref's
(CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=CORP,DC=DLEC
INC,DC=com)
information:
LDAP Error 0x3a (58).
......................... Schema failed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=CORP,DC=DLECINC,DC=com)
we
encountered the following error retrieving the
cross-ref's
(CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,DC=CORP,
DC=DLECINC,DC=com)
information:
LDAP Error 0x3a (58).
......................... Configuration failed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : CORP
Starting test: CrossRefValidation
For the partition (DC=CORP,DC=DLECINC,DC=com) we
encountered
the
following error retrieving the cross-ref's

(CN=CORP,CN=Partitions,CN=Configuration,DC=CORP,DC=DLECINC,DC=com)
information:
LDAP Error 0x3a (58).
......................... CORP failed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... CORP passed test CheckSDRefDom

Running enterprise tests on : CORP.DLECINC.com
Starting test: Intersite
Doing intersite inbound replication test on site PHOENIX:
Locating & Contacting Intersite Topology Generator (ISTG)
...

.

---

• Follow-Ups:
  • Re: sys vol check
    • From: Jorge Silva

• References:
  • sys vol check
    • From: Scott Sendelbach
  • Re: sys vol check
    • From: Jorge Silva
  • Re: sys vol check
    • From: Scott Sendelbach
  • Re: sys vol check
    • From: Jorge Silva
  • Re: sys vol check
    • From: Scott Sendelbach
  • Re: sys vol check
    • From: Jorge Silva
  • Re: sys vol check
    • From: Scott Sendelbach
  • Re: sys vol check
    • From: Jorge Silva

• Prev by Date: Re: DCDiag Directory Binding Error -2146892976:
• Next by Date: Re: AD question
• Previous by thread: Re: sys vol check
• Next by thread: Re: sys vol check
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Restrict Dynamic Updates ... outlined in the article "HOW TO Configure DNS for Internet Access in ... Windows Server 2003", realizing that that was not the initial intent ... internal DNS server host external public data. ... internal DNS server that hosts your internal AD infrastructure access from ... (microsoft.public.windows.server.dns) Re: Remote Workspace Connection Problem ... >>I don't think we are using ISA Server as the configuration runs through a ... >>connects via ADSL to the Internet through our ISP. ... >>The reason I think that ISA is not running is when I created the Internet ... >>I had to do this because her box wouldn't resolve Server01 to the VPN ... (microsoft.public.windows.server.sbs) Re: DNS resolving !! ... not resolve external addresses. ... And these will froward the answers to your internal dns server ... external DNSs to resolve it from the internet ... (microsoft.public.windows.server.networking) RE: OWA doesnt display sent items ... Thanks Brandy have flushed the IIS server file store and that has resolved ... > resolve this issue, please uninstall OfficeScan and reinstall it with the ... Open Internet Information Service Manager. ... Right-click the Default Web Site, ... (microsoft.public.windows.server.sbs) RE: http://companyweb /remote /backup /Monitoring HELP ... the solutions you provided did not resolve ... I reran the email and internet connection wizard. ... > server web publishing rules. ... On the "Web Server Certificate" page, choose to create a new Web server ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)