Clients not resolving with DNS Server (Network Steve Forum)

Clients not resolving with DNS Server

I have 2 DCs running Server 2012 R2. I added another due to a problem I'm having. DC1 is a physical server. DC2 and DC3 are VMs. All DCs replicate, ping, and do nslookup between themselves fine. When a client does an nslookup with DC1 it works fine. The records in DNS for all DCs are fine and are in the reverse lookup. I did registrar/dns and its fine. I checked AD replication and no errors. When the client is forced to do a nslookup with DC2 or DC3 it does not resolve. this is what I get below. What am I missing?:

C:\Users\user>nslookup PC1 192.168.xxx.xxx (DC2 or DC3)
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.xxx.xxx (DC1 or DC2)

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

August 26th, 2015 3:52pm

I ran this to check things out:

C:\Users\user>nslookup
Default Server: DC1.domain.local
Address: 192.168.xxx.xxx

> set type=srv
> _ldap._tcp.dc_msdcs.domain.name
Server: DC1.domain.local
Address: 192.168.xxx.xxx

*** DC1.domain.local can't find _ldap._tcp.dc_msdcs.domain.name: Non-existe
nt domain
>

OK what does this mean?

Free Windows Admin Tool Kit Click here and download it now

August 26th, 2015 3:59pm

can you ping the server from the client?

August 26th, 2015 8:55pm

Yes. I cannot resolve any servers or computers from the client.

When I do an nslookup from the client it does not resolve.

I can ping everything on the network.

this is what I get when trying to resolve an IP from any client:

C:\Users\user>nslookup PC1 192.168.xxx.xxx (DC2 or DC3)
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.xxx.xxx (DC1 or DC2)

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

Free Windows Admin Tool Kit Click here and download it now

August 27th, 2015 3:16pm

I ran this to check things out:

C:\Users\user>nslookup
Default Server: DC1.domain.local
Address: 192.168.xxx.xxx

> set type=srv
> _ldap._tcp.dc_msdcs.domain.name
Server: DC1.domain.local
Address: 192.168.xxx.xxx

*** DC1.domain.local can't find _ldap._tcp.dc_msdcs.domain.name: Non-existe
nt domain
>

OK what does this mean?

I think you typed the command slightly wrong.

Should be looking up _ldap._tcp.dc._msdcs.domain.name .. You missed the dot after the server name.

August 27th, 2015 4:15pm

on DC2 and DC3 what are the primary DNS and secondary DNS ip addresses set to in the ipv4 configuration?

is the primary set to itself ? 127.0.0.1

also what is the status of DNS on DC2 and DC3 if you open the DNS mmc?

Free Windows Admin Tool Kit Click here and download it now

August 27th, 2015 4:18pm

Yes. I cannot resolve any servers or computers from the client.

When I do an nslookup from the client it does not resolve.

I can ping everything on the network.

this is what I get when trying to resolve an IP from any client:

C:\Users\user>nslookup PC1 192.168.xxx.xxx (DC2 or DC3)
DNS request timed out.
    timeout was 2 seconds.
Server: UnKnown
Address: 192.168.xxx.xxx (DC1 or DC2)

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

Check the inbound firewall rules on DC2 and DC3 to ensure they are enabled for the relevant profile (Domain Network) and also verify there are no customisations limiting access to a specific range of IP addresses.

Best regards,
Simon.

August 27th, 2015 4:18pm

On DC1 its pointing to itself and to DC2

On DC2 it is pointing to itself and to DC1

On DC3 its pointing to itself and to DC1

None of these have 127.0.0.1 on the DNS tab.

All DNS services have started on all of the DCs.

Receiving error 4015

Free Windows Admin Tool Kit Click here and download it now

August 28th, 2015 10:27am

The firewall rules on all DCs are fine for TCP and UDP. they are allowing profiles for domain, private, and public inbound and outbound. I discovered an error 4015 and trying to figure out what is the next step?

August 28th, 2015 10:37am

OK, I did some further testing:

1. Created a brand new VM and installed a fresh copy of Server 2012 R2

2. Installed a new forest and domain controller. No Errors. Did all the updates.

3. I attempted to add a client to the new fresh domain and it would not do it. Could not resolve DNS server. Remember this is a brand new VM and forest with a new DC.

4. The client can ping the server fine. All FW rules in place as a basic AD Domain.

5. I have one VM switch (NIC no. 2) on the host thinking that this is the problem. I changed IPs on this VM switch no effect still cannot resolve any Clients to DCs. However, All DCs can resolve each other since they have DNS.

6. The host is a secondary DC and it resolves everything fine every time. It is using NIC 1 and is not a VM Switch. All settings were checked and doubled checked on the Host NICs (No. 1 and No. 2)

7. I an stuck please assist.

Free Windows Admin Tool Kit Click here and download it now

August 28th, 2015 6:29pm

More info for above.

I can get to the Internet just fine on all servers, Host and VMs.

I did check my forwarders and one of my ISP IPs would not resolve on any VMs. However, all ISP IPs resolved on NIC no. 1 which is a physical NIC for the host and not a VM switch. I added google's DNS IP 8.8.8.8 and it resolved every time on the VMs so I left it.

There seems to be a collation between the VM switch and the Host NIC. Not sure was is going on here.

August 28th, 2015 6:37pm

Hi Jackie,

How many NICs are there on DC1? DC is not recommended to be multihomed, it may cause unexpected errors.

According to your description, my understanding is that DC1 could resolve queries for client, but DC2 and DC3 could not. Am I right?

1. Disable the firewalls on DC2 and DC3 temporarily.

2. Manually check if the DNS records that you are querying exist on DC2 and DC3 .

3. ISP DNS or Google DNS should be configured as forwarder on internal DNS server.

4. Open DNS Manager on DC2 and DC3, right click on DNS server and click Properties. Choose Interfaces tab and ensure it is listening on All IP addresses.

Then we could perform a network capture to analyze the problem.

Install Network Monitor on DC2 or DC3, start a new capture and perform a query on client. We could check if the queries are received and responded.

Here is the guide for Network Monitor:
https://technet.microsoft.com/en-us/library/cc938655.aspx

Best Regards,

Leo

Free Windows Admin Tool Kit Click here and download it now

August 30th, 2015 11:12pm

The host which is also DC1, has two physical NICs. One for the Host and one for the virtual switch.
DC2 and DC3 only have one IP each.

DC1 can make queries for the clients, but DC2 and DC3 cannot. DC2 and DC3 are VMs.
Also DC2 is the FSMO holder for all services.

I disabled the firewalls on DC2 and DC3. All DNS records are available to all DCs.
The DNS record for all clients and servers are on all three DCs. This had no effect. I turned the FW back on.

I added Google DNS 8.8.8.8 on all DNS server forwarders.
The ISP DNS IPs were added previously.
What is is strange is that the google IP resolves and the ISP IPs do not resolove on the VMs were the problem is.
The Host, DC1, resolves all IPs with no problem.

I checked to ensure that the listening interfaces was for all IP addresses.

I'm stumped.

August 31st, 2015 1:32pm

Missing from this whole string are the IP configurations of the servers involved. That is generally the first thing that needs to be looked at.

What is the output from ipconfig /all on DC1, DC2, and one of the clients that is not working? You can cut the tunnel adapters from the output when you post here. It looks like you are using 192.168.*.* as your addresses, so you don't have to worry about the security of posting those in a public forum - Nobody can reach them across the internet because those addresses are not routed to the internet.

Free Windows Admin Tool Kit Click here and download it now

August 31st, 2015 5:24pm

DC1:

C:\Users\btasadmin>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DC1
   Primary Dns Suffix . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter vEthernet (Broadcom NetXtreme Gigabit Ethernet #2 - Virtual Swi
tch):

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 74-86-7A-D9-2A-E4
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.39(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 192.168.50.30
                                       192.168.50.40
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter NIC1:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 74-86-7A-D9-2A-E2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 192.168.50.30
                                       192.168.50.40
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{74081993-05A4-40D1-AEB7-257B47D89F60}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C4134FE4-0982-4725-85C8-CEDE612757CF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

DC2:

C:\Windows\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DC2
   Primary Dns Suffix . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-32-1F-02
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.40(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 192.168.50.30
                                       192.168.50.40
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B01DF6D1-F56A-4B6D-9A79-58D3C8D4A43E}:

DC3:

C:\Users\btasadmin>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DC3
   Primary Dns Suffix . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-32-1F-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.60(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 192.168.50.60
                                       192.168.50.30
   NetBIOS over Tcpip. . . . . . . . : Enabled

Client:

C:\Users\btasadmin>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Client
   Primary Dns Suffix . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) WiMAX 6250
   Physical Address. . . . . . . . . : 64-D4-DA-07-81-21
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . : domain.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 1C-C1-DE-B0-4E-27
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.161(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, August 31, 2015 12:44:24 PM
   Lease Expires . . . . . . . . . . : Tuesday, September 08, 2015 12:44:23 PM
   Default Gateway . . . . . . . . . : 192.168.50.1
   DHCP Server . . . . . . . . . . . : 192.168.50.40
   DNS Servers . . . . . . . . . . . : 192.168.50.30
                                       192.168.50.40
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.bcderm.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . : domain.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8E252273-7990-451A-A36C-A89F9CE44DEA}:

Tunnel adapter Teredo Tunneling Pseudo-Interface:

When I do an nslookup from the client to the DC2 this is what I get:

C:\Users\btasadmin>nslookup office1 192.168.50.40
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.50.40

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

when I do it from DC1 (192.168.50.30) it works.

Edited by jackie.butler 9 hours 29 minutes ago

August 31st, 2015 5:40pm

This topic is archived. No further replies will be accepted.