many DNS issues

[Jamal Mubarik]

Hi all:
We have three servers. A B C. Aonly has one NIC and an internal address only
(10.0.0.156). B is WIN2k Exchane 5.5 SP4 . It had two NIC. Since all mail
boxes are have been moved to Server C (WIN2K EXCH2k) I diabled the External
NIC. C has two NIC. One is inbound (10.0.0.30 and the other one
(64.30.XXX.XXX) is oin to ISP.
I was having many replication issues. Metbase was not being updated either.
SYStem Atendant will 9704 errors.


B is the First WIN2k Controller with FSMO repossibility.
All three are GC and DNS. B will evenentually be repleaced leaving with only
A & C.

When I Try to run DNS manager on A it could not see B & C (red X). B could
not see C. Server C could not see B and A.

All pinged fine and resolved to FQDN when I typed Ping A B or C. I will get
A.MyDomain.com.
After many hours I found that IPC$ share was missing on B & C. Same thing
happened when I launched AD Domain & Sites MMC.

I found IPC$ share missing on B & C. No wonder A could not see them both. AS
Soon As I created IPC$ share on both DNS worked fine and I was able to
force repliction of Ad from all servers.

Server C: is the only one with outside connection. When I ping it (I am
doing Pingin on Server C From Server C) it ives it outside 64.30.xxx.xxxx
address. It does same from other servers. Even thouh when I ping 10.0.0.3
(Server C's Internal IPaddress) I do et FQDN from all servers.

I ran NSlookup. I get Internal Adreeses with Non existant domain message. I
ran DNSLINT and it points all ISP DNS Servers as name resolvers.

Our Internal and WWW.Domain.net name is same.
Please provide detailed ( I am embarassed to say I am not a DNS Guru. I am
trying ahrd to be better) intructions. I have tried deleting external
addresses under DNS AD-Interated mydomain.net but they show up again. Should
I disable Dynamic registration for external card or use registry. Please be
explicit.
In External card I list first DNS as Server B's Address (10.0.0.1). Should
it be its own address(10.0.0.3).
DNS Server 2 & 3 are ISP Servers.

After readin many articles here I have concluded that I should remove the
ISP Servers and use forwaders. Server B has forwaders configured . Should I
also confiure them on A & C since they are domain Controllers also. Please
remember B is on its way out.
I need to tranfer FSMO. I will do that on A. It is not recommended on an
Exchane Server (C) with GC.

Could I be ettin Metabase update errors because of earlier problems I
discussed. I am heading to work I will find out. I am in Southren California
Area.


If it was not for these forums I would be very much behind. I apprecite any
assistance. I intend to help folks on these forums as soon as I get to
speed.

Thank you

Respectfully

Jamal
(e-mail address removed)
909-489-5557

 

[Herb Martin]

We have three servers. A B C. Aonly has one NIC and an internal address
only

(10.0.0.156). B is WIN2k Exchane 5.5 SP4 . It had two NIC. Since all mail
boxes are have been moved to Server C (WIN2K EXCH2k) I diabled the External
NIC. C has two NIC. One is inbound (10.0.0.30 and the other one
(64.30.XXX.XXX) is oin to ISP.
I was having many replication issues. Metbase was not being updated either.
SYStem Atendant will 9704 errors.


B is the First WIN2k Controller with FSMO repossibility.
All three are GC and DNS. B will evenentually be repleaced leaving with only
A & C.

When I Try to run DNS manager on A it could not see B & C (red X). B could
not see C. Server C could not see B and A.

All pinged fine and resolved to FQDN when I typed Ping A B or C. I will get

After many hours I found that IPC$ share was missing on B & C. Same thing
happened when I launched AD Domain & Sites MMC.

Your message is entirely confusing with mention of NICs that are not even
connected
and no clear indication of the linkage between machines.

You say "could not see..." instead of giving precise indication of where you
were
pinging, what name you were pinging. Who is the DNS etc.

I found IPC$ share missing on B & C. No wonder A could not see them both. AS
Soon As I created IPC$ share on both DNS worked fine and I was able to
force repliction of Ad from all servers.

Server C: is the only one with outside connection. When I ping it (I am
doing Pingin on Server C From Server C) it ives it outside 64.30.xxx.xxxx
address. It does same from other servers. Even thouh when I ping 10.0.0.3
(Server C's Internal IPaddress) I do et FQDN from all servers.

I ran NSlookup. I get Internal Adreeses with Non existant domain message. I
ran DNSLINT and it points all ISP DNS Servers as name resolvers.

Our Internal and WWW.Domain.net name is same.
Please provide detailed ( I am embarassed to say I am not a DNS Guru. I am
trying ahrd to be better) intructions. I have tried deleting external
addresses under DNS AD-Interated mydomain.net but they show up again. Should
I disable Dynamic registration for external card or use registry. Please be
explicit.
In External card I list first DNS as Server B's Address (10.0.0.1). Should
it be its own address(10.0.0.3).
DNS Server 2 & 3 are ISP Servers.

After readin many articles here I have concluded that I should remove the
ISP Servers and use forwaders. Server B has forwaders configured . Should I
also confiure them on A & C since they are domain Controllers also. Please
remember B is on its way out.
I need to tranfer FSMO. I will do that on A. It is not recommended on an
Exchane Server (C) with GC.

Could I be ettin Metabase update errors because of earlier problems I
discussed. I am heading to work I will find out. I am in Southren California
Area.


If it was not for these forums I would be very much behind. I apprecite any
assistance. I intend to help folks on these forums as soon as I get to
speed.

 

[Kevin D. Goodknecht]

In

Hi all:
We have three servers. A B C. Aonly has one NIC and an internal
address only (10.0.0.156). B is WIN2k Exchane 5.5 SP4 . It had two
NIC. Since all mail boxes are have been moved to Server C (WIN2K
EXCH2k) I diabled the External NIC. C has two NIC. One is inbound
(10.0.0.30 and the other one (64.30.XXX.XXX) is oin to ISP.
I was having many replication issues. Metbase was not being updated
either. SYStem Atendant will 9704 errors.


B is the First WIN2k Controller with FSMO repossibility.
All three are GC and DNS. B will evenentually be repleaced leaving
with only A & C.

When I Try to run DNS manager on A it could not see B & C (red X). B
could not see C. Server C could not see B and A.

All pinged fine and resolved to FQDN when I typed Ping A B or C. I
will get A.MyDomain.com.
After many hours I found that IPC$ share was missing on B & C. Same
thing happened when I launched AD Domain & Sites MMC.

I found IPC$ share missing on B & C. No wonder A could not see them
both. AS Soon As I created IPC$ share on both DNS worked fine and I
was able to force repliction of Ad from all servers.

Server C: is the only one with outside connection. When I ping it (I
am doing Pingin on Server C From Server C) it ives it outside
64.30.xxx.xxxx address. It does same from other servers. Even thouh
when I ping 10.0.0.3 (Server C's Internal IPaddress) I do et FQDN
from all servers.

I ran NSlookup. I get Internal Adreeses with Non existant domain
message. I ran DNSLINT and it points all ISP DNS Servers as name
resolvers.

Our Internal and WWW.Domain.net name is same.
Please provide detailed ( I am embarassed to say I am not a DNS Guru.
I am trying ahrd to be better) intructions. I have tried deleting
external addresses under DNS AD-Interated mydomain.net but they show
up again. Should I disable Dynamic registration for external card or
use registry. Please be explicit.
In External card I list first DNS as Server B's Address (10.0.0.1).
Should it be its own address(10.0.0.3).
DNS Server 2 & 3 are ISP Servers.

After readin many articles here I have concluded that I should remove
the ISP Servers and use forwaders. Server B has forwaders configured
. Should I also confiure them on A & C since they are domain
Controllers also. Please remember B is on its way out.
I need to tranfer FSMO. I will do that on A. It is not recommended on
an Exchane Server (C) with GC.

Could I be ettin Metabase update errors because of earlier problems I
discussed. I am heading to work I will find out. I am in Southren
California Area.


If it was not for these forums I would be very much behind. I
apprecite any assistance. I intend to help folks on these forums as
soon as I get to speed.

Thank you

Respectfully

Jamal
(e-mail address removed)
909-489-5557

Your post does not give much of a picture of your network setup.
If you will post back an unedited ipconfig /all for all your servers and the
actual name of your AD doamin in ADUC along with which machines have DNS
installed on them.
This information will help greatly to diagnose the problems of your setup.

 

[Ace Fekay [MVP]]

In

Hi all:
We have three servers. A B C. Aonly has one NIC and an internal
address only (10.0.0.156). B is WIN2k Exchane 5.5 SP4 . It had two
NIC. Since all mail boxes are have been moved to Server C (WIN2K
EXCH2k) I diabled the External NIC. C has two NIC. One is inbound
(10.0.0.30 and the other one (64.30.XXX.XXX) is oin to ISP.
I was having many replication issues. Metbase was not being updated
either. SYStem Atendant will 9704 errors.


B is the First WIN2k Controller with FSMO repossibility.
All three are GC and DNS. B will evenentually be repleaced leaving
with only A & C.

When I Try to run DNS manager on A it could not see B & C (red X). B
could not see C. Server C could not see B and A.

All pinged fine and resolved to FQDN when I typed Ping A B or C. I
will get A.MyDomain.com.
After many hours I found that IPC$ share was missing on B & C. Same
thing happened when I launched AD Domain & Sites MMC.

I found IPC$ share missing on B & C. No wonder A could not see them
both. AS Soon As I created IPC$ share on both DNS worked fine and I
was able to force repliction of Ad from all servers.

Server C: is the only one with outside connection. When I ping it (I
am doing Pingin on Server C From Server C) it ives it outside
64.30.xxx.xxxx address. It does same from other servers. Even thouh
when I ping 10.0.0.3 (Server C's Internal IPaddress) I do et FQDN
from all servers.

I ran NSlookup. I get Internal Adreeses with Non existant domain
message. I ran DNSLINT and it points all ISP DNS Servers as name
resolvers.

Our Internal and WWW.Domain.net name is same.
Please provide detailed ( I am embarassed to say I am not a DNS Guru.
I am trying ahrd to be better) intructions. I have tried deleting
external addresses under DNS AD-Interated mydomain.net but they show
up again. Should I disable Dynamic registration for external card or
use registry. Please be explicit.
In External card I list first DNS as Server B's Address (10.0.0.1).
Should it be its own address(10.0.0.3).
DNS Server 2 & 3 are ISP Servers.

After readin many articles here I have concluded that I should remove
the ISP Servers and use forwaders. Server B has forwaders configured
. Should I also confiure them on A & C since they are domain
Controllers also. Please remember B is on its way out.
I need to tranfer FSMO. I will do that on A. It is not recommended on
an Exchane Server (C) with GC.

Could I be ettin Metabase update errors because of earlier problems I
discussed. I am heading to work I will find out. I am in Southren
California Area.


If it was not for these forums I would be very much behind. I
apprecite any assistance. I intend to help folks on these forums as
soon as I get to speed.

Thank you

Respectfully

Jamal
(e-mail address removed)
909-489-5557

Please do post what Kevin asked.

Lost IPC$? Virus? Trojans? ANy services you may have turned off? What errors
are you getting in the Event log?

Remove your ISP's DNS.

Transfer FSMOs? Why? Just let dcpromo do it. Only thing to worry if B is a
GC.

Disable registration thru the registry. Better yet, don't have mutliple NICs
on a DC. NOt recommended. Use a stand alone.

Configure forwarding on all DNS server to your ISP's.

Metabase errors? From Exchange 2000?
99% of the time that's a DNS issue. Remove the ISP's DNS. Period. Use a
forwarder.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jamal Mubarik]

ACE:

I thank you. I need to remove B. It is old hardware and yes being the first
Domain Controller it is keeper of GC. I have configured both A & C with GC.
I think I should tyransfer FSMO role to A. Remeber C is running Exch 2k and
it has two NIC. Per you intructions I have configured forwaders on all three
servers.

We also have a Web site with same name as our domain. Please refer me to a
white paper or kindly give me detailed instrauction.

Thank you
"Ace Fekay [MVP]"

 

[Jamal Mubarik]

ACE:

I forgoit to metion thst todsy I was also getting a DCOM error. Any ideas.

Thank you
"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

ACE:

I forgoit to metion thst todsy I was also getting a DCOM error. Any
ideas.

Thank you

I need the Event error ID #. There are many DCOM errors that can occur.

You can also search on the Event ID # at this website:
www.eventid.net
Click on Search, type in the Event ID #.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

ACE:

I thank you. I need to remove B. It is old hardware and yes being the
first Domain Controller it is keeper of GC. I have configured both A
& C with GC. I think I should tyransfer FSMO role to A. Remeber C is
running Exch 2k and it has two NIC. Per you intructions I have
configured forwaders on all three servers.

We also have a Web site with same name as our domain. Please refer me
to a white paper or kindly give me detailed instrauction.

Thank you

Since you have Eccvhange 2000 on C, I would suggest to keep B, because it is
HIGHLY recommended that Exhange NOT be on a domain controller. Doesn't
matter if older hardware, it's an extra machine for a DC. Leave Exchange on
a member server.

Remove the extra NIC from Exchange.
Why is there two NICs on it? Are you offering Internet access thru NAT or is
it just for outside access for the Exchange server?
It kind of makes things complicated.

If you are offering NAT, I would suggest if you have an extra old machine,
use that, or purchase a LInksys, or any other name brand routers that will
perform the same function efficiently.

If you want to keep the two NICs on the machine, here are the instructions.
Keep in mind, this keeps the external IP out of DNS. If it is in your
internal DNS AD zone, it will cause problems. If you are hosting your public
domain name, then you need a separate DNS server just for that name.
================================================
1. Go into Network and Dialup COnnections, Advanced menu, Advanced settings.
In there you will see your two connections in the binding order list. Move
the internal one to the top.
2. Go into the external card's properties, TCP/IP properties, advanced, WINS
tab, and disable NetBIOS.
3. Go into DNS server properties, Interfaces tab, just allow it to listen to
the Internal network connection IP address. (such as 10.0.0.x).
4. While still in DNS properties, goto the Forwarders tab, click on forward
checkbox, then type the IP address of your ISP's DNS server.
5. Make sure that the internal card's properties only has itself for the DNS
IP address. With the steps I'm outlining, you won't have to worry about the
external card configuration because it will be using the internal one
"first" (because of the binding order in step 1).
================================================




If the two NICs are registering and it is interfering with AD, follow this
to clean it up:
================================================

This is good especially if you have a Split Horizon environment where the
internal and external domain names are the same and the users need to get to
their external name by http://theirdomain.com but their DC/DNS server
responds and not the actual external website.

This one is done on the netlogon service parameters in the registry. This
will stop netlogon registering the blank FQDN with the internal private IP.

Here's two steps to clean that up. 1st step stops the netlogon service from
registering that "Blank Domain FQDN" IP address. Those IPs are actually
called the LdapIPAddress. The 2nd step publishes the IP that you do want to
publish, whether a local private IP or some public IP, any or mutliple IPs,
if you want.

Disabling the Same As Parent LdapIpAddress blank FQDN and auto Publishing a
Blank Domain FQDN IP:
[Taken from http://support.microsoft.com/?id=295328]

To disable only the registration of the local IP addresses, set the
following registry value, then reboot the machine for it to take effect:

1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress

2) Do this on all DCs and restart netlogon or restart machine.
This will prevent the DC from adding the domain A records from netlogon.
And you can add multiple Blank Domain A records as you need.

After you set this value, you must manually register your publicly available
IP addresses for your domain to appear as:
Same as parent folder Host "publicIP"

==============================================


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jonathan de Boyne Pollard]

JM> I ran DNSLINT and it points all ISP DNS Servers as name resolvers.

That's wrong, given what else you have said about your situation.
Correct it. Your DNS Clients should be configured to talk to a
server that provides your "internal" view of the DNS namespace.

<URL:http://homepages.tesco.net./~J.deBo...nt-all-proxies-must-provide-same-service.html>

JM> After readin many articles here I have concluded that I should
JM> remove the ISP Servers and use forwaders.

You must do the former. The latter is optional, and whether you
do it depends from your circumstances.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-monolithic-server-as-proxy.html>

JM> Our Internal and WWW.Domain.net name is same.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-common-server-names.html>

JM> I have tried deleting external addresses under
JM> DNS AD-Interated mydomain.net but they show up again.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-ms-dcs-overwrite-domain-name.html>