DC freezing affects DNS
I'm using my home network as a test bed for running a Windows domain. Server A is a DC and has all FSMO roles and is running DNS. Server B is running DNS and DHCP. Each server is pointing to itself (in Network properties) as its primary DNS server with the secondary as the other DNS server. So I'm sure I have that all set up properly. The problem is this. When Server B freezes/locks up (that is a separate discussion that I won't go into now), no one on the network can get any internet resolution even though DHCP is telling the clients that Server A is the primary DNS and Server B is secondary. I can't even resolve a web page from Server A which is using itself as primary DNS. No resolution is possible until Server B is back online. There are no errors in the event logs to indicate why this is happening. I realize I can just remove DNS from Server B and that would fix the problem, but I want to know why this happens as I would like to have multiple DNS servers for DNS redundancy. This is driving me batty as I just can't see why DNS resolution would go down when Server B is offline. I haven't tried taking Server A offline to see if the same thing happens as when Server B is offline. Anyone have any ideas why this is happening? JL
October 8th, 2010 4:24pm

I'm using my home network as a test bed for running a Windows domain. Server A is a DC and has all FSMO roles and is running DNS. Server B is running DNS and DHCP. Each server is pointing to itself (in Network properties) as its primary DNS server with the secondary as the other DNS server. So I'm sure I have that all set up properly. The problem is this. When Server B freezes/locks up (that is a separate discussion that I won't go into now), no one on the network can get any internet resolution even though DHCP is telling the clients that Server A is the primary DNS and Server B is secondary. I can't even resolve a web page from Server A which is using itself as primary DNS. No resolution is possible until Server B is back online. hi, please can you post an ipconfig /all result launched from a client ?Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
October 11th, 2010 4:36am

Here's the ipconfig/all from one of the client PCs. Server A is 10.0.0.2 and Server B is 10.0.0.4. Windows IP Configuration Host Name . . . . . . . . . . . . : LAPTOP Primary Dns Suffix . . . . . . . : navret.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : navret.com Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : navret.com Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter Physical Address. . . . . . . . . : 00-1E-E2-BA-54-70 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.0.0.19(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, October 11, 2010 9:20:11 AM Lease Expires . . . . . . . . . . : Tuesday, October 19, 2010 9:20:11 AM Default Gateway . . . . . . . . . : 10.0.0.1 DHCP Server . . . . . . . . . . . : 10.0.0.4 DNS Servers . . . . . . . . . . . : 10.0.0.2 10.0.0.4 Primary WINS Server . . . . . . . : 10.0.0.4 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-1F-86-99-97-4D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes
October 11th, 2010 12:39pm

Hi Thanks for posting here. How you set the internet name resolution for internal clients right now? What I suggest you might like to configure both DNS servers to forwarders internet domain name query requests to your ISP's DNS servers. How to configure DNS for Internet access in Windows Server 2003 http://support.microsoft.com/kb/323380 Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2010 5:19am

Hi Thanks for posting here. How you set the internet name resolution for internal clients right now? What I suggest you might like to configure both DNS servers to forwarders internet domain name query requests to your ISP's DNS servers. Hi Tiger, Axenet has not the problem to navigate in internet from clients, his problem is that he can't authenticate in domain if server B is turned off.Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
October 12th, 2010 5:34am

Here's the ipconfig/all from one of the client PCs. Server A is 10.0.0.2 and Server B is 10.0.0.4. one of yours domain controllers is a multihomed server ?Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2010 5:35am

There seems to be some confusion as to what my problem is. I am -not- having a problem authenticating in the domain. The problem is with internet access. If server B is offline, when I open a browser, I cannot get to any websites because name resolution is not working. If I set my clients to look at Server A for DNS and Server B is offline, website name resolution works fine and I can get to any webste. But if I set my clients to look at Server A first and Server B second for internet website name resolution, and Server B is offline, then the clients cannot open any websites. This should not be happening. If clients are told to look at Server A first for name resolution, then they should be able to open any website, even if Server B is offline since Server A is handling the client's name resolution requests. Server B should only come into play if the clients cannot contact Server A. And no, neither server is multihomed. Each has only one NIC and Server A's IP is 10.0.0.2 and Server B's IP is 10.0.0.4.
October 12th, 2010 3:13pm

Sorry Axenet (and sorry Tiger), i have misunderstood. @ Axenet: Follow Tiger's suggestion and configure both internal DNS servers to use forwarders servers.Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
October 13th, 2010 2:09am

Sorry Axenet (and sorry Tiger), i have misunderstood. @ Axenet: Follow Tiger's suggestion and configure both internal DNS servers to use forwarders servers. Edoardo Benussi - Microsoft® MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org My turn to apologize. I should have initally stated that I have forwarders on both internal DNS servers set to a combinaton of my ISP's and OpenDNS DNS servers. So I'm sure that's not where the problem lies. There's something else going on here that I can't nail down. I just can't see any reason why dns resolution should fail with Server B offline when clients that are first looking at Server A for name resolution. It makes no sense at all to me. JL
October 13th, 2010 1:31pm

do the follow test: 1) stop DNS server on server B 2) open a command prompt on a client 3) write nslookup www.google.com and hit enter 4) post here the result.Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2010 3:48am

Hi, Please type nslookup at client side and check to which DNS server your cl;ients are communicating for name resolution. If they are pointing to DNS Server B , type google.com and see If you can get public IP's for Google. It will ensure that Server B reolves perfectly. Then stop DNS service at server B. Now restart your same client machine and then again run Nslookup. This time It should point to Server A only. Then again type Google.com and see If you resolve it successfuly or not. If it fails it means your Server A is unable to contact your ISP's DNS server. Please let me know of your result.
October 14th, 2010 4:52am

Hi, Please type nslookup at client side and check to which DNS server your cl;ients are communicating for name resolution. If they are pointing to DNS Server B , type google.com and see If you can get public IP's for Google. It will ensure that Server B reolves perfectly. Then stop DNS service at server B. Now restart your same client machine and then again run Nslookup. This time It should point to Server A only. Then again type Google.com and see If you resolve it successfuly or not. If it fails it means your Server A is unable to contact your ISP's DNS server. Please let me know of your result. Thank you for rewriting what I had already written an hour agoEdoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2010 5:01am

Hi, Thanks for update. Have you deployed any firewall devices to protect the internet connection ? If yes , please bypass two DCs on that and try again . Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
October 15th, 2010 2:22am

Sorry for not having replied in so long but I got distracted. Anyway I did the simple test that Edoardo suggested and I got a surprise! I stopped the DNS Server service on Server B and you know what, I could get to any web page I wanted from clients. It didn't stop web page access in the least. So apparently this is not a DNS problem when Server B goes offline. I even tried stopping the DHCP Server service on Server B to see if that is what is causing the problem (though I really doubted it) and still had full web access. So unless the cause comes from Server B being offline since it and Server A are both DCs, I don't know what to think. I really don't see how that could be the answer though since having multiple DCs is supposed to PREVENT LAN/WAN/Internet access problems due to the redundancy. JL p.s. Tiger, I haven't deployed any hardware firewall devices. Windows firewall is enabled on all clients but not on the servers since the Windows Firewall/ICS service isn't running which is standard on servers.
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2010 4:45pm

Server B acts as proxy server ?Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
October 27th, 2010 3:19am

Server B acts as proxy server ? Edoardo Benussi - Microsoft® MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org No, I have no proxy set up. I have just a simple, standard Windows 2003 domain setup. Both servers are DCs and DNS, Server B is DHCP. No DFS, no proxy, nothing else. JL
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 2:14pm

If they are both DC's whare are your FSMO roles held? This could be the real cause of the isse as your previous posts state dns is still working under previous tests. Im guesiing your main FSMO roles are held on server B.
November 2nd, 2010 5:43am

If they are both DC's whare are your FSMO roles held? This could be the real cause of the isse as your previous posts state dns is still working under previous tests. Im guesiing your main FSMO roles are held on server B. While it's a good guess and it would be something I would guess if our roles were reversed, it's not the case. They used to be on Server B but right after it started freezing up, I moved them all to Server A. However, that didn't seem to change things as I still can't open any websites when Server B freezes. JL
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2010 10:33am

If they are both DC's whare are your FSMO roles held? This could be the real cause of the isse as your previous posts state dns is still working under previous tests. Im guesiing your main FSMO roles are held on server B. FSMO roles affect only domain controllers and active directory replication but not dns resolution.Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
November 5th, 2010 11:17am

can you post an ipconfig /all result from a client in your LAN ?Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2010 11:21am

Hello Axenet, please post an unedited ipconfig /all form both servers here so we can verify all the settings. If Forwarders are configured on BOTH DNS server properties in the DNS management console, there must be another reason. As already mentioned FSMO roles are not needed for name resolution and alsomnot for authentication. This requires a GC, if UPN logon or universal groups are used, a DC and correct configured DNS.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
November 6th, 2010 9:49am

can you post an ipconfig /all result from a client in your LAN ? Edoardo Benussi - Microsoft® MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org Windows IP Configuration Host Name . . . . . . . . . . . . : EMERALD Primary Dns Suffix . . . . . . . : lindon.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lindon.com Ethernet adapter Local Area Connection 5: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TeamViewer VPN Adapter Physical Address. . . . . . . . . : 00-FF-B9-AC-35-E3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : lindon.com Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter Physical Address. . . . . . . . . : 00-1E-D2-BB-35-60 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.0.0.19(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, November 06, 2010 12:29:20 PM Lease Expires . . . . . . . . . . : Sunday, November 14, 2010 12:29:20 PM Default Gateway . . . . . . . . . : 10.0.0.1 DHCP Server . . . . . . . . . . . : 10.0.0.4 DNS Servers . . . . . . . . . . . : 10.0.0.2 10.0.0.4 Primary WINS Server . . . . . . . : 10.0.0.4 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-1E-68-99-79-4D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{D24E9D5A-7983-4895-9B43-12B02D7AD2A0}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.lindon.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : lindon.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{B9AC35E3-EDF2-45BA-900B-831DFA0D14B0}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes 10.0.0.2 is Server A and 10.0.0.4 is Server B JL
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2010 5:16pm

Windows IP Configuration (Server B) Host Name . . . . . . . . . . . . : gold Primary Dns Suffix . . . . . . . : lindon.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lindon.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : IBM Netfinity 10/100 Ethernet Adapter Physical Address. . . . . . . . . : 00-04-AC-15-58-02 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.0.0.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.1 DNS Servers . . . . . . . . . . . : 10.0.0.4 10.0.0.2 Primary WINS Server . . . . . . . : 10.0.0.4 Windows IP Configuration (Server A) Host Name . . . . . . . . . . . . : Silver Primary Dns Suffix . . . . . . . : lindon.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lindon.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 3Com 3C905TX-based Ethernet Adapter (Generic) Physical Address. . . . . . . . . : 00-60-08-5A-1C-B6 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.0.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.1 DNS Servers . . . . . . . . . . . : 10.0.0.2 10.0.0.4 Primary WINS Server . . . . . . . : 10.0.0.4 Sorry for the spacing, I don't know why it's doing it as it's spaced correctly in the text output file from the ipconfig/all command.
November 6th, 2010 5:29pm

i noticed that 10.0.0.4 is DNS Server but even DHCP server also when serverB is turned off your clients can't get a regular ip address. isn't that ? there is dhcp server installed on serverA ? Edoardo Benussi - Microsoft® MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2010 5:14am

i noticed that 10.0.0.4 is DNS Server but even DHCP server also when serverB is turned off your clients can't get a regular ip address. isn't that ? there is dhcp server installed on serverA ? Edoardo Benussi - Microsoft® MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org Server B is the only DHCP server. But that should not stop clients from resolving web pages. Clients don't stop having an IP address as soon as the DHCP server goes offline. They keep trying to contact one up until the lease expires which is 8 days. They can access my intranet all day with Server B offline, but they just can't resolve web pages. That's why I thought it was a DNS problem until I disabled DNS server service on Server B and clients still were able to open web pages. JL
November 8th, 2010 1:06pm

you can use wireshark or Network Monitor to intercept traffic on network and see what happen when serverb is turned off from client side.Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2010 6:04am

Thank you to all who have taken the time and effort of providing a solution to my problem. I still don't understand what was happening, but I'm closing the issue. For one thing, Server B has stabilized after updating the system BIOS so it hasn't frozen up in at least a couple of weeks. And I needed to move it physically, no network-wise, so I shut it down for the move. While it was shut down, I attempted web access from a couple of clients. I specifically tried websites I have not been to in a long, long, long time so they would not be cached at all. You know what? I had absolutely no problem resolving any of them from either client. So I fired the server back up and it's running fine in its new location. So like I said, I don't understand what was causing the original problem, but since I had no problem with website resolution while Server B was turned off, I'm considering this issue closed. Thanks again for all your support! JL
November 29th, 2010 3:12pm

thanks for your feedback, bye.Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2010 2:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics