Home network and DNS problems

  • Thread starter Thread starter Mytest
  • Start date Start date
M

Mytest

Hello,
I have a small home/office network. The server and domain controller is
win2k sp4+isa2000+exchange2000.
I had many errors in system log with regards to to dns, netlogin etc...

By reading this newsgroup, I managed to correct them all.
Both the ADSL PCI modem and the network adaopter "Register this connection's
addresses in dns" are checked.

The problem today is even though no error is shown in the log files, I have
intermittent problem of network connection loss and delay that can take 3 to
30 minutes. During this time, I lose the server, and other programs like ISA
Client will lose connection with the ISA server; Outlook will not be able to
contact the Exchange server and no Internet will be available.
After this time, things will be back to normal and no error will show up in
the log files on the server nor on the client side.

Here is a Netdiag output which shows some errors that I don't know where to
look for correction.

Thanks for you help


Computer Name: cabal
DNS Host Name: cabal.ventura.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 6 Stepping 0, GenuineIntel
List of installed hotfixes :
KB820888
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
Q147222
Q828026


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Alcatel Speed Touch PC #3' may not be working
because it has not received any packets.



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 10.10.1.1
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.10.1.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : {D63C5ADD-A36E-46EC-81AF-E6BF09B744FF}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 80.1.36.217
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . : 80.238.1.136
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 217.136.10.22
217.136.10.21

IpConfig results . . . . . : Failed

[WARNING] Your default gateway is not on the same subnet as your
IP address.

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{38C9C4DC-A94E-48FB-A0CD-53DDCC4FCF38}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'cabal.ventura.local.'. [RCODE_SERVER_FAILURE]
The name 'cabal.ventura.local.' may not be registered in DNS.
[FATAL]: The DNS registration for 'cabal.ventura.local' is
incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'10.10.1.1'.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '217.136.10.22'. Please wait for 30 minutes for DNS server
replication.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '217.136.10.21'. Please wait for 30 minutes for DNS server
replication.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{38C9C4DC-A94E-48FB-A0CD-53DDCC4FCF38}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{38C9C4DC-A94E-48FB-A0CD-53DDCC4FCF38}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Passed
Entry Name: telnet
Device Type: Framing protocol : PPP
LCP Extensions : Disabled
Software Compression : Enabled
Network protocols :
NetBEUI
IPX
TCP/IP
IP Address : Specified
Name Server: Specified
IP Header compression : Enabled
Use default gateway on remote network : Enabled

Connection Statistics:
Bytes Transmitted : 3854623
Bytes Received : 27304610
Frames Transmitted : 28945
Frames Received : 68090
CRC Errors : 68090
Timeout Errors : 0
Alignment Errors : 0
H/W Overrun Errors : 0
Framing Errors : 0
Buffer Overrun Errors : 0
Compression Ratio In : 0
Compression Ratio Out : 0
Baud Rate ( Bps ) : 3360000
Connection Duration : 51832451


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully
 
In
Mytest said:
Hello,
I have a small home/office network. The server and domain controller
is win2k sp4+isa2000+exchange2000.
I had many errors in system log with regards to to dns, netlogin
etc...
<snip>

I assume this is Mich? This must be a double post. You posted in an earlier
thread and Kevin and I responded to it. Take a look at it for us and let us
know if it helped you out.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Thanks for responding. I used another machine on my network to resend this
again as I have not seen my previous post.
Regards


"Ace Fekay [MVP]"
 
I can see why you didn't see it because your original subject:
Cannot find a primary authoritative DNS server

was also someone else's subject and it fell under that thread. Happens
sometimes. You can look back for that thread with the other person's name it
for it. For your convenience I reposted below Kevin's response and my
response below that.

Ace

In
Mich said:
Hello,

I had many DNS problems that I have corrected by reding
tis newsgroup. Eventhough I have no errors logged on the
server nor on the client side; I experience each couples
hours a loss of the server connection. It start to be
very slow, ISA Client will loose the ISA server
connection, MS Outlook will not be able to contact the
Exchange server and no Internet will be available.
This could take 3 to 30 minutes. I have run a NETDIAG on
the server and here is the output.
Both the Internal ADSL modem and the Network Adapter have
the "Register this connection's addresses in DNS" checked.

Here is the output of NETDIAG.

Thanks for you help

Computer Name: cabal
DNS Host Name: cabal.ventura.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 6 Stepping 0,
GenuineIntel List of installed hotfixes :
KB820888
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
Q147222
Q828026


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Alcatel Speed Touch PC #3'
may not be working because it has not received any
packets.



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 10.10.1.1
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.10.1.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Adapter : {D63C5ADD-A36E-46EC-81AF-E6BF09B744FF}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : cabal
IP Address . . . . . . . . : 80.1.36.217
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . : 80.238.1.136
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 217.136.10.22
217.136.10.21

IpConfig results . . . . . : Failed

[WARNING] Your default gateway is not on the
same subnet as your IP address.

Here is your biggest problem, you cannot use any external DNS in TCP
properties on any interface, you must use only the local DNS address on
all interfaces. Configure this interface with IP of the internal interface
for DNS.

You can configure these DNS addresses as a Forwarder for your local DNS
server as per this KB article:
300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

Another problem is this DC is multi-homed, multi-homing a DC requires
additional configuration to prevent the public interface addresses from
being registered in DNS. This creates a problem for file sharing and the
SYSVOL DFS share and can cause userenv 1000 events to be logged.

Please follow these steps.
1. In the DNS management console, on the properties of the DNS server,
interfaces tab, set DNS to only listen on the private IP you want in DNS for
the server.

2. Add this registry entry with regedt32 to stop the (same as parent folder)
records.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress

(If the DC is also a Global Catalog see note below)

3. Create a new host in DNS, leave the name field blank, give it the IP of
the internal interface. Win2k barks at you saying (same as parent folder) is
not a valid host name, click OK to create the record anyway.

4. Right click on Network places, choose properties, in the Advanced menu
select Advanced settings. Make sure the internal interface is at the top of
the connections pane and File sharing is enabled on the internal interface.


Note-

If the DC is also a Global Catalog use this registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress

And in addition to the (same as parent folder) record in the domain zone for
the domain name, expand _msdcs, open gc create new host with name field
blank and give it the IP of the internal interface. This resolves as
gc._msdcs.forestroot.








+++++++++++++++++++++++++++++++++++++

In
Mich said:
Hello,

I had many DNS problems that I have corrected by reding tis newsgroup.
Eventhough I have no errors logged on the server nor on the client
side; I experience each couples hours a loss of the server
connection. It start to be very slow, ISA Client will loose the ISA
server connection, MS Outlook will not be able to contact the
Exchange server and no Internet will be available.
This could take 3 to 30 minutes. I have run a NETDIAG on the server
and here is the output.
Both the Internal ADSL modem and the Network Adapter have the
"Register this connection's addresses in DNS" checked.

Here is the output of NETDIAG.
<snip>

Hi Mich,

Whenever it comes down to a multihomed DNS/DC, especially with the PPPoE
software (WinPoet), we see this alot in here and in the AD groups. Kevin's
suggestions are right on the mark, that is if you want to go thru all of
that, which even with folks like Kevin, William, and the others that post
and help out here and as long as we've been in the business, we would rather
not change our default system settings, but have done so for many a client.
Usually the easiest way to circumvent all of this is to purchase a USD
$39.00 Linksys DSL/Cable router (there's a rebate going on for them) that
will securely connect your network to the Internet. Then you can connect the
LAN side to the ISA box without the PPPoE software that is required for
ADSL, which is overhead and causes issues.

If you can, ideally, ISA should be installed on a member server or
standalone, depending on what mode its in. Part of the issue is the fact its
a multihomed DNS/AD machine, which causes issues with AD and DNS, as you're
experiencing. If you can get another machine for this function, (depending
on the number of users, a decent desktop will do the trick) unless of course
this is SBS, (which you can't separate ISA and other features), that would
improve performance, especially withoput the PPPoE software.

Unless of coures, you can follow Kevin's suggestions, which is what we
normally suggest for this sort of scenario.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top