Re: Replication issues

From: "Herb Martin" <news@xxxxxxxxxxxxxx>
Date: Mon, 18 Sep 2006 15:49:01 -0500

"George" <George@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:73032244-FE21-4C6D-99A5-600E0C0F9F6A@xxxxxxxxxxxxxxxx

Hello all!

Got couple of problems and some strange DNS resolution happening and can
not
find the cause or resolution of/for the issue. Anyways, we are 1 forest, 2
domains. Domains are abc.local and def.local.

How do DNS servers in abc resolve def and vice versa?
(e.g., Hold the other zone, use conditional forwarding?)

abc is in Chicago and Reno and
def is in Shanghai. Users and admins in def.local have no administrative
permissions to abc while abc has all permissions to def. def is not in
enterprise group.

None of the above much matters to DNS or general
authentication.

All 3 sites are connected via VPN tunnels (CISCO PIX) and
DNS is AD integrated with Secure selected for update. I am seeing event id
1925, 1926, 1865, 1311 and 1566 in Reno server but nowhere else. This
server
is resolving servers in def.local as server1.abc.local instead of
server1.def.local for what ever reason and I can't figure out why.

No it is not. DNS servers ONLY resolve the precise names
that they contain or can reach on other DNS servers.

If someone on a def.local domain CLIENT types merely "server1"
then their WORKSTATION resolver will append their own DNS
suffix and thus resolve server1.def.local IF it exists.

That is, such is a CLIENT side effect due to default suffix addition.

Other
servers are resolving ok. I am doing simple ping to server1 in def.local
from
Reno with out specifying the domain prefix

Do you mean SUFFIX?

You client machine will append it's own suffix, and perhaps parent
suffixes and any custom suffixes you added.

Ping is NOT the best choice for troubleshooting a problem once
you determine (or strongly suspect) a DNS problem.

Use NSLookup, with full domain names, and even supply the
specific DNS server to test each separate:

nslookup name.domain.com IP.DNS.Each.Server

Do you by any chance have BOTH DNS servers defined
on the clients but no way for the two SETS of DNS servers
to reach the other set?

and it is resolving it again as
server1.abc.local instead of server1.def.local. Strange. Anyone has any
ideas. Please ask questions as I could have missed some important details.

DNS CLIENTS must be set to use ONLY the DNS server set
which can resolve EVERY NAME they will (ever legitimately)
need.

When you have two separate DNS server sets then each set much
have some way to find the 'other' set if clients are to find those
names.

Repadmin /showism shows good results. I have no bridgehead servers
defaulting

One would hope you do have bridgeheads servers (being chosen
by the KCC usually) since replication will not work across Sites
without this.

[Unless you have such a WAN with no sites which is a poor idea
in almost all cases. Cross domain bridgehead may not show in the
Sites and services however even though technically some info is
replicated across Domains.]

Usually the best way to check DCs and DNS quickly is to use
DCDiag on each DC.

and use KCC to figure out the replication. IP is being used and there is
only
one site link and all 3 sites are members. Please help.

Although many people don't realize that one SiteLink for three
(or more) Sites is legal it may make perfect sense: Essentially
it means that you are declaring all Sites to replicate with each
other directly (same as three separate SiteLinks) AND that each
will use the same Frequency, Schedule, and Cost without having
to create three of them to get these same settings.

Perfectly reasonable.

My vote is you have some issue with DNS from one set not resolving
the other domain and/or vice versa.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

.

Follow-Ups:
- Re: Replication issues
  - From: George

Prev by Date: Re: Using ADAM (Active Directory Application Mode) to athentecate at w
Next by Date: Re: Trust between 2 2003 forests
Previous by thread: Re: Using ADAM (Active Directory Application Mode) to athentecate at w
Next by thread: Re: Replication issues
Index(es):
- Date
- Thread

Relevant Pages

Re: DNS-Netlogon error 5789 on one computer in the domain
... Attempt to update DNS Host Name of the computer object in Active Directory ... >> Suffix which allows the machine to connect directly to the internet. ... Provide a forwarder for efficient external ... > infrastructure to resolve a single NetBIOS name in that alternate zone. ...
(microsoft.public.windows.server.dns)
Re: sys vol check
... instead of the local DNS server and two ISP DNS servers. ... I need to configure the DHCP to use all three internal DNS servers ... If DNS zones are AD Integrated are writtable. ...
(microsoft.public.windows.server.active_directory)
Re: DNS re-structure
... > internal entries so that all requests for externally facing sites ... Internal clients should not access external DNS servers for resources on the ... You need to add records to the internal domain to resolve names ...
(microsoft.public.windows.server.dns)
Re: upgrade to win2000 adv server and DNS
... Causing all those DNS queries ... Actually it gets the name to register into from the Primary DNS Suffix. ... > resolve, only the first time. ...
(microsoft.public.win2000.dns)
Re: DNS Disappears- Intermittently
... > not resolve some DNS names on the network. ... The default search suffix is the Primary DNS Suffix. ...
(microsoft.public.windows.server.dns)