RE: suddenly strange DNS/Active Directory related symptoms

Thanks for that info Terence. We discovered the reason we couldn't browse the
web was because of a partial outage at SBCGlobal.net, our DSL provider. Our
Firewall techs at SonicWall noticed the actual MTU size the TZ170 was seeing
was 1492 instead of the standard 1500. Once we adjusted the setting in the
router and enabled fragments the http started working again. I learned from
another client who was also experiencing the outage that SBCGlobal corrected
the issue last night, some 12 hours later.

This workaround obviously doesn't address the Active Directory error but
made it possible for my clients local PCs to browse websites again. and
remote VPN access works again. I'll address the AD issues next time I visit
my client.

Thanks again.

Michael

"Terence Liu [MSFT]" wrote:

Hello Customer,

Thank you for posting here.

According to your description, I understand that the client take long time
to load web page, VPN client can not work and get DNS 4015 error. If I have
misunderstood the problem, please don't hesitate to let me know.

Based on my research, I suggest we try the following steps to see if we can
resolve this issue:

Method 1: Please install the following hotfix:
The DNS service does not load all its zones on a DNS server that is running
Windows Server 2003
http://support.microsoft.com/?id=909249

Method 2: The DNS 4015 event logs in Windows Server 2003 can happen if the
NS record for the delegated folder _msdcs contains incorrect records.

Please perform the following steps to re-create the _msdcs zone
1. Make sure that the internal network adapter (and external network
adapter if there is one) point to its own server IP for DNS resolution in
the TCP/IP Properties dialog box.

2. Open the DNS MMC, expand the Forward Lookup Zones folder, expand your
Domain Zone.

3. Right-click the _msdcs zone and click Delete. Close the DNS MMC.

4. At a command prompt, restart the Netlogon service by using the following
command line:

net stop netlogon

net start netlogon

ipconfig /flushdns

ipconfig /registerdns

5. Wait for a few minutes. Open the DNS MMC again. Verify that the _msdcs
zone file now has the _msdcs zone re-created.

If we can not resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. Run command "ipconfig /all > c:\ipconfig_sbs.txt" on SBS, send the files
c:\ipconfig_sbs.txt to me at v-terliu@xxxxxxxxxxxxx

2. Run command "ipconfig /all > c:\ipconfig_client.txt" on client, send the
files c:\ipconfig_client.txt to me at v-terliu@xxxxxxxxxxxxx

3. Which web site the client takes long time to load, internal web site or
external web site or all web sites?

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: suddenly strange DNS/Active Directory related symptoms
| thread-index: AcetDIzj5fAaNFC7QOSJePEkx1Rp9w==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?RGFiYmxlcg==?= <Dabbler@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: suddenly strange DNS/Active Directory related symptoms
| Date: Tue, 12 Jun 2007 09:13:01 -0700
| Lines: 29
| Message-ID: <6446C07A-0E64-4C4C-829C-63A33150F6E3@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:43383
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Our server has been up and running fine but today we are suddenly seeing
| strange symptoms.
|
| 1. local clients take up to a minute to load a web page
| 2. some remote VPN clients have trouble seeing the server.
| 3. can't ping the server by name e.g. ping myserver but can reach it with
| full URLping myserver.mydomain.com. We used to be able to map drives to
| \\myserver\myshare but now have to use the full URL to reach the share.
|
| Errors in DNS Events log:
| Event 4015 Data Bytes 51 00 00 00
| The DNS server has encountered a critical error from the Active
Directory.
| Check that the Active Directory is functioning properly. The extended
error
| debug information (which may be empty) is "". The event data contains the
| error.
|
| I have a 2 NIC setup as specified in:
http://www.smallbizserver.net/Default.aspx?tabid=266&articleType=ArticleView
&articleId=76
| Although we don't have ISA we do have SonicWall TZ170
|
| Router 192.168.1.1
| SBS 192.168.16.2
| WINS 192.168.16.2
|
| Any ideas on how to diagnose this would be appreciated!
|
| Thanks.
|
|
|


.

Relevant Pages

  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: exchange server cannot mount mailbox store
    ... Microsoft Support professionals. ... On the Domain Controller, start DNS management tool. ... Specify Primary Zone and use the Domain.Local as the Zone name. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
    ... Ultimately what I'm going to do is create a new VLAN for my engineers DHCP clients and keep the existing VLANas a static only subnet for all their servers... ... because any client that re-visits will retain their lease.. ... regarding the DNS registrations via DHCP.. ... What I'm planning on doing is taking the current primary zone(ionaglobal.com) and on the primary DCI'm going to remove the zone from being active directory integrated.. ...
    (microsoft.public.windows.server.dns)
  • Re: 5774 errors
    ... As long as you're pointing to the internal DNS servers on all interfaces... ... install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC" ... Microsoft Client Services enabled? ... Primary DNS suffix matches the zone name in DNS and the AD domain name? ...
    (microsoft.public.windows.server.dns)
  • Re: How to make a Host Record
    ... Often the sites ip address getting changed in Client end. ... > to have local dns where we can update the hostname and ip address. ... zone created for the AD domain. ... please direct all replies ONLY to the Microsoft public newsgroup ...
    (microsoft.public.win2000.dns)