Re: sys vol check
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 23:05:05 +0100
ahh.. Ok
Let's recap, if something is wrong please let me know...
- You've 3 DC DNS servers one in each Site with different subnets.
- You've A forward lookup Zone named CORP.DLECINC.COM and a reverse lookup
zone.
- All DNS zones are AD Integrated and each DC has one read/writte copy in
their DNS console.
- You've only one domain.
- You have the DCs in their correct Site with the correct subnet assigned.
Is this all OK?
Next step is:
Each server should point to itself under NIC Preferred DNS.
Each client should have under NIC Preferred DNS the LOCAL SITE DNS DC
server.
Forwarding in this case is ONLY TO Resolve public (Internet) Names. You can
check the link that I provided you.
Another thing that I reviewed was your tests, that are given RPC server
errors. Check if you have any FW between them not allowing RPC traffic.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:1B3DBC70-F32C-48CD-B47A-0C176E6215A9@xxxxxxxxxxxxxxxx
Yes there is only one folder under the forward list (corp.dlecinc.com) or
domain name is CORP.
"Jorge Silva" wrote:
Only 1 folder???
Ok couple of options:
-You can check DNS:
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/kb/241515/EN-US/
How to verify that SRV DNS records have been created for a domain
controller
http://support.microsoft.com/kb/816587/en-us
- You can run Dcdiag and netdiag and check if configurations are Ok.
Or you can rebuild DNS follow these steps carefuly:
Assuming AD Integrated Zones. Point all existent DCs to the Main DC
(Windows
2003), Point the Main DC to itself, then:
*Also make sure that you have sites and related subnets properly
configured,
and that the Correct servers are in the correct site, this is important
because allows windows clients and servers to reach and authenticate with
the correct DC and for GC contact, DFS, etc.
*Now it's time to reconfigure the DNS: Point all existent servers in
their
NIC TCP/IP configuration - Preferred DNS - Pointing to the server where
you
are going to recreate the DNS Forward and Reverse Zones.
For example: Assuming DC1,DC2 and DC3, DC1 is where we're going to
recreate
the zones.
DC1 - IpAddress -> 10.0.0.1
DC1 - Preferred DNS -> 10.0.0.1
DC2 - IpAddress -> 10.0.0.2
DC2 - Preferred DNS -> 10.0.0.1
DC3 - IpAddress -> 10.0.0.3
DC3 - Preferred DNS -> 10.0.0.1
*Delete the forward zone and the reverse lookup zone on DC1.
*Wait for replication and make sure that the zones are automatically
removed
from the other servers.
*You can also force replication using Active Directory Sites and Services
or
any other Tool.
*Clear the DNS cache
- rightclick the DNS server and clear the cache.
- run from cmd: ipconfig /flushdns
*Go to the %systemroot%\system32\dns - delete any old zone that you might
have there.
*delete the files netlogon.dnb and netlogon.dns from
%systemroot%\system32\config
*create the forward lookup zone and the reverse lookup zone on DC1 and
make
them AD integrated, for security purposes make sure that the zones only
accept secure only - updates.
*run ipconfig /registerdns
*restart the netlogon service, confirm the creation of the files
netlogon.dnb and netlogon.dns on %systemroot%\system32\config
*run netdiag /fix
*Run REPADMIN /SYNCALL and wait a little bit (some times this can take
awhile), You can also force replication using Active Directory Sites and
Services or any other Tool. Then go to the others servers and if the zone
was already transferred, then point these servers to itself again.
The Configuration after the Zone(s) have been transferred should be:
DC1 - IpAddress -> 10.0.0.1
DC1 - Preferred DNS -> 10.0.0.1
DC2 - IpAddress -> 10.0.0.2
DC2 - Preferred DNS -> 10.0.0.2
DC3 - IpAddress -> 10.0.0.3
DC3 - Preferred DNS -> 10.0.0.3
*run dcdiag and netdiag and make sure that everything is ok.
Make sure that each client uses the correct DNS server in their Preferred
DNS settings in their local site.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:C169CF88-CEE5-43CB-A680-C29E9465C88F@xxxxxxxxxxxxxxxx
Each SITE has its own IP address and DNS server. There is only one
folder
under the DNS forward lookup zones. There are three folders under the
reverse
look up zone, 1 for each site/subnet. All three DNS servers has the
same
setup.
"Jorge Silva" wrote:
How sites and subnets are configured?
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:0049D664-5C8F-457F-B725-34FDB068C7B9@xxxxxxxxxxxxxxxx
Yes the servers have the local DNS server listed as the
first(primary
DNS
server) under the NIC properties. Then I removed the ISP DNS and
added
the
other two DNS server addresses.
Yes, the DNS is AD integrated.
The DNS server addresses is being populated by a network
appliance/firewall
that is handing out DHCP address. I made the Phoenix DNS server
primary,
Las
vegas second and California last.
I think there is a DNS issue and I believe that replication is
working.
How
can I test both to see if they are setup correctly?
"Jorge Silva" wrote:
Are the users NIC DNS configuration pointing only to their local
DNS
servers?
You have DNS AD Integrated right?
Are the servers pointing to itself under their NIC DNS Preferred
server?
You must had something wrong, because if you follow those links the
Logon
must work.
Check if replication is working.
Another thing, you said that you undo everything, so how is it
configured
now?
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message news:14F5AE16-61C8-4E4B-BE08-39C9BFF10489@xxxxxxxxxxxxxxxx
I modified the forwarders tab on the DNS AD list like the
intructions
listed,
and then I changed the DNS servers list on all three DNS server
to
point
to
each other rather then the ISP DNS servers.
When I got in this morning, no one was able to log on and see the
network.
I
had to undo everything I did yesterday afternoon and it seems to
be
working
fine now.
I am not sure what I did wrong. I followed the instructions
listed
in
the
microsoft link you sent me earlier.
"Jorge Silva" wrote:
how?
The DNS server should point to itself in NIC Preferred
DNSserver.
The clients should use only their local DNSserver in ther NIC
Preferred
DNSserver.
How clients and servers are configured now?
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Scott Sendelbach" <ScottSendelbach@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message
news:2016BC8A-6A8F-4113-9D34-C07E3DD73A3B@xxxxxxxxxxxxxxxx
I have done as you instructed and it crashed our network. No
one
is
able
to
log on this morning and see any local resources.
"Jorge Silva" wrote:
Inline
1. How do I know when it will be safe to remove them from- Remove what?
the
DHCP
device
that is handing out licenses?
- If you're referring to network clients, make sure that each
client
only
uses their local DNS server, DON'T Place ISP DNS server on
clients
NIC
Preferred DNS or secondary.
2. Why don't I want the ISP DNS servers listed? We have aOnly local DNS servers should handle Internet name
hard
time
accessing the internet without them there.
resolution,
trust
me,
you
don't want your clients and member servers trying to register
on
external
DNS servers, or trying to resolve public address in public
domain,
remember,
the AD is DNS dependent and all clients need DNS resolution
to
reach
AD
Servers,etc... That's why they must use only internal DNS
servers,
and,
if
the clients need Public resolution then internal DNS servers
should
handle
that. You may think of internal DNS like something of this
way...
Internal
DNS servers are maestros of Internal and External
resolution...
If
the
clients need to access AD servers the Internal DNS provide
the
correct
address, if the clients need to access to public domain, the
internal
DNS
should also provide them the correct address. What would
happen
if
you
configured ISP DNS servers on clients??? Well, First the ISP
DNS
Servers
don't allow your clients to register on their DNS servers,
Second,
the
ISP
DNS Servers don't know where your internal DCs are, Third, if
your
clients
go outside trying to resolve DNS queries they're exposing to
public
network
which represents security issues.
3. All three offices are serviced by COX, but each officeWhy? If you have Internal DNS in each location (site),
has
their
own
ISP
DNS server addresses because of their geographic location.
Will
doing
this
step ruin the connection to the internet?
configure
Forwarding
in each DNS server to point to the correct ISP/DNS Server,
you
can
.
- Follow-Ups:
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- References:
- sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- Re: sys vol check
- From: Jorge Silva
- Re: sys vol check
- From: Scott Sendelbach
- sys vol check
- Prev by Date: Re: sys vol check
- Next by Date: Re: GPO Issue: Deny 'Apply Group Policy' doesn't work.
- Previous by thread: Re: sys vol check
- Next by thread: Re: sys vol check
- Index(es):
Relevant Pages
|
|
