Tech Support Forum banner

DNS problem I think

2726 Views 21 Replies 4 Participants Last post by  Troy_Jollimore
Hi all,

This problem started on Monday. I am thinking it is a DNS issue or maybe file sharing issue but probably DNS.
This first started with just new PC’s that I got “Dell optiplex 380 with Win 7 pro." I just recently installed around 15 new ones. I also have around 40 optiplex with Win XP pro.” I have had the XP pro for years and the Win 7 a couple months.
What is happing is when a link to a shared file on the server “Win 2003” is selected an error message appears. “The name specified in the target box is not valid, make sure the path and file name are correct.” These are links to a folder that is on the server shared. The computer where working at 10am but a couple hours later this error was appearing. This only happened on 5 Win 7 PC’s, all at different times. This was when I was thinking maybe a firewall or security. So I shut all the firewalls off and changed the security bit from 128 to 40-50. I tried many different things. Then I restarted a couple times and it started working. So I do not know how I fixed it. This then happened on a couple more but the 50 or so other ones where working fine. The later in the day this happened on one Win XP machine. Since yesterday it has happened on 2 XP ones.
I did find a fix. When I type \\server IP\folder I am able to access the share. But if I type \\server name\folder it does not work.
When I was not able to connect to the folder using the server name I was still able to connect to all other PC’s on the network by their computer name, just not the server. They would start working At random times and also stop at random times. I did not make any changes at all to the server or any settings anywhere.
The only error in the DNS event log on the server is a error 6702. “Below” My backup server is replicating. It did have two network cards before and I did just now go into the properties and remove the IP of the old network card that I am not using anymore. I think that will fix the problem. I do have .local after my domain name. Both servers DNS are up to date and correct with all new PC’s.
I do not know what to do from here. I don’t have a lot of time today to keep working so I am just telling people to use the IP to connect to the server for right now. I will research this more later of tomorrow.
But any help will be great if anyone has ever heard of this happening before to them or someone else.
……………………………………………………………………………………………………………………
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6702
Description:
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

If this DNS server does not have any DS-integrated peers, then this error should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

……………………………………………………………………………………………………………………………………………………………………..
See less See more
Status
Not open for further replies.
1 - 20 of 22 Posts
"DNS server has updated its own host (A) records."

lets see a ipconfig /all from this server.
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : alaska
Primary Dns Suffix . . . . . . . : nyeauto.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : nyeauto.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1D-09-EF-AC-FC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.242.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.242.6
DNS Servers . . . . . . . . . . . : 10.14.242.200
6.6.208.22

The 2nd DNS is from my ISP. Should that be listed in there?
No changes have been made this just started happing. that is what is weird.

Thanks

I am not sure if the error has anything to do with the problem. I would still like to know if it is something I need to fix. The error started on 1/19/11 and the problem with accessing the server by name started 2 days ago
See less See more
You have routing enabled yet you only show one nic.
You have win proxy enabled which indicates you are using this server to relay wins requests.

Doesn't make much sense if there is only one nic.

Usually you don't list the isp dns server in the servers or workstations dns settings. You have those ips in the forwarder in dns server

Is dns AD intergrated?
Do you have a second AD intergrated dns server?
How many server attached devices and what is your license count of CALs?
You have routing enabled yet you only show one nic.
You have win proxy enabled which indicates you are using this server to relay wins requests.

Doesn't make much sense if there is only one nic.

Usually you don't list the isp dns server in the servers or workstations dns settings. You have those ips in the forwarder in dns server

Is dns AD intergrated?
Do you have a second AD intergrated dns server?
How many server attached devices and what is your license count of CALs?


I dont have all the anwsers to your questions "not sure what some are or how to find out but I will research"
What I do know
I do have 2 nic's but one is disable. I was trying to setup the server so that it can be accessed from my home but I did not figure it all out. I ended up having to connect to my sonic wall the just Remote desktop to the server.

I am not sure about what win proxy is or if I need it. I am guessing I dont since I dont have a WINs server setup from what I can tell. So I dont know what to do about that being enabled. If I should disable it or just leave it alone. I do know that when I set my static IP's I do not put anything for the WINs. That is how it was setup before I got here.

I will then take out the ISP dns from the setup their.

I am guessing the DNS and AD are intergrated because when I add a PC to the domain it shows up in the DNS managment and also under computers in the AD.
In AD there is a group "A folder that is in the left column, I am not sure if that is called a group or what the term for it is" that says "computers" and also one that says "nye computers" nye being my company name. If I try to move a computer from the computers group to the Nye computers group it tells me "Moving objects in AD can prevent your system from working the way it was designed". So all the new ones go into the computers group. The ones that are listed in the Nye computers group where there from before I got here, and I have not added any to it since. I did not setup AD all done before I got here.


I do have a second AD and DNS on another server. It does replicate the main server. For the main server I have the second servers IP and the DNS setting and not sure what to put for the alternative. On the server what should I have for the DNS settings. I do have my ISP IP's within DNS managment for the forwarders.

Do you mean total amount of computers connected to the network when you say how many attached devices? I have about 60 total computers connected to my domain in the network. 5 CALs but dont use any.

Thanks for reply.
See less See more
You are required by law to have 60 Cals. With only 5 you are way out of compliance.

Who setup the two nics and routing? Who disabled the 2nd nic?

Seeing computers in AD or DNS does not mean your dns in AD intergrated. It just means dhcp server is set to update dns and AD is simply doing what it does.

To determine if Ad intergrated go into dns management.
drill down to your domain name and do a right mouse click and choose properties
on the General tab you will see Status and below that Type
What type are you showing?

I suspect you need to move those new pcs into the nye computers since that is a OU and perhaps there are group policies being applied to the OU/computers.
You are required by law to have 60 Cals. With only 5 you are way out of compliance.

Who setup the two nics and routing? Who disabled the 2nd nic?

Seeing computers in AD or DNS does not mean your dns in AD intergrated. It just means dhcp server is set to update dns and AD is simply doing what it does.

To determine if Ad intergrated go into dns management.
drill down to your domain name and do a right mouse click and choose properties
on the General tab you will see Status and below that Type
What type are you showing?

I suspect you need to move those new pcs into the nye computers since that is a OU and perhaps there are group policies being applied to the OU/computers.
I always thought CALs where used for when a person connects from outside the domain to the domain. So CALs are the amount of users that you have created within AD? Or the amount of computers that are connected to the Domain? So when you buy an OS like server 2003 and you get the one that does not come with any CAL's you are not allowed to have any computers joined to the Domain?

I remember when I installed the OS on one of the servers it ask what way you want to install. Do you want the CALs to be device or user. If I pick user then I can have as many devices but just 5 users?

My CALs could be for the amount of users. Then I can have 5 users and as many devices as I want. I am looking at a site now and that is what I am understanding. Correct?

I thought when you get a OS it always has 5 CAL's. I was not the one to purchase it, how can I check for sure on how many CALs I have?

I have been on the phone with Dell for awhile today. I am going to be getting a new server soon with 2008 on it. Now I know that I will be needing to get alot of CALs. So if I have 60 computers connected to the domain I need 60 CALs? That can get to be alot of money I think. I am not sure, I have never priced out CAL's but I will be going to look right now. So that I know what I want to order when I get the new OS's. Since I have a backup server do I also need the same amount of CALs on the second server? My current backup server is around 8 years old, that is why I am getting ride of that one and making the current main server the new backup server. I will then make the new server the DC. That is why I am getting a new one.

I am worried about getting 2008 becuase I have never used it before. Is there a big difference? Will it be ok if I have 2008 on the new server but leave 2003 on the old one. Will the two be able to work that way? Or will I need to downgrade the new one in order for the two to be compatible?


Yes it does say AD is intergrated. DHCP is not enabled.

There are no group policys aplied to the computers OU. There where none at all when I get here. I have since created GP but I asign them to the users name rather than PC.
See less See more
joeny0706 you have serious issues starting with your training.

Server licensing is one of the first lessons you are taught in a MS training course or going through a MS Server book.

You have per user, per device, external licensing and now per CPU licensing.
see here:
Microsoft Volume Licensing - Client Access License (CAL) Guide

"how can I check for sure on how many CALs I have?"
you look at license manager on the server but the most accurate way of knowing it talk to purchasing and have them pull the software/hardware invoices. It should say on there for sure what you have.

"My current backup server..."

We don't speak about Active Directory in those terms. There are no backup servers or PDC's or BDC's. Those were NT4.0 terms which went obsolete 10 years ago.

With Active Directory we speak in terms of what roles the servers hold like file and printer sharing role for example.

All DCs are peer to peers. If talking about multiple DCs we tend to speak about what FSMO roles they may be holding.

2008 is different than 2003. It is green in comparison and has Core Services. You would need to run ADPREP [google it] on the 2003 DC holding the Schema FSMO role before you could bring 2008 in as a DC.

Adding a server right now would be kind of crazy though since you clearly do not have a stable network.

I would suggest the following;

run chkdsk /f on the server drives to make sure drive integraty and file system is good
make sure the servers are uptodate on patches
both present AD DCs should be DNS servers and be holders of the global catalog
you need to identify which is holding the FSMO roles.
run disk cleanup and defrag the drives.

Do this before any major changes or installs. Backup before you install server apps [always include system state which is your backup of AD] or make major config changes.

On a different topic concerning the two nics:
uninsall RRAs and disable the 2nd nic. This most likely is one of the issue contributing to your file share issue.
Make sure all workstations are pointed to the ms dns server and nothing else. Any servers should be pointing to the ms dns servers.
See less See more
We've informed you again and again. I think that it's really time for you to take this very serious before another big catastrophe happened in your company's network.
joeny0706 you have serious issues starting with your training.

Server licensing is one of the first lessons you are taught in a MS training course or going through a MS Server book.
I dont want to go through the process of a new server. But one I have is 8 years old just had a drive fail. It has raid 5 but with only 3 drives when normally has 4 if another dies I am in trouble. I do keep backup of it all. I did just put a new drive in it about 6 months ago. They are not easy to find for that Server.
About the CAL's, I have talked with alot of people, Dell, there was also an outside IT help when I first started and nothing was ever mentioned to me about this. Maybe they do have the correct amount of CAL's. I will be finding out today for sure. I dont not want any trouble. Since all of our stuff is from Dell they will be a good place to start.
I have never taken any MS training course and they only book I have is a Server 2003 Admin pocket consultant book. That does not say anything about CAL's. I am now looking at the website to learn about it.
I dont want to go through the process of a new server. But one I have is 8 years old just had a drive fail. It has raid 5 but with only 3 drives when normally has 4 if another dies I am in trouble. I do keep backup of it all. I did just put a new drive in it about 6 months ago. They are not easy to find for that Server.
About the CAL's, I have talked with alot of people, Dell, there was also an outside IT help when I first started and nothing was ever mentioned to me about this. Maybe they do have the correct amount of CAL's. I will be finding out today for sure. I dont not want any trouble. Since all of our stuff is from Dell they will be a good place to start.
I have never taken any MS training course and they only book I have is a Server 2003 Admin pocket consultant book. That does not say anything about CAL's. I am now looking at the website to learn about it.
I did contact dell and was told the amount of CAL’s we have. Since I have been here I have installed 3 new computers. I have now found out I need to get 3 more CALs. I thought I only had five because on the sticker on the side of the server it says “Windows Svr Std 2003 R2 1-4 CPU 5cal”. I figured we had 5 cals from that. I do not need any bad history associated with my name and will be ordering the correct amount of cals.
"My current backup server..."

We don't speak about Active Directory in those terms. There are no backup servers or PDC's or BDC's. Those were NT4.0 terms which went obsolete 10 years ago.

With Active Directory we speak in terms of what roles the servers hold like file and printer sharing role for example.

All DCs are peer to peers. If talking about multiple DCs we tend to speak about what FSMO roles they may be holding.

.
I called it backup sever because I know it is not BDC, but they both mean the same thing.. HAHA

Within DNS managment there is a folder called PDC that contains the record that list my server. The properties of that record say "pdc._msdcs.nyeauto.local" for the domain. That is one reason why I was refering to them as PDC BDC, also that was a way for me to explain what server I am talking about, but I will use the correct terms now that I am learning what they are.
I have seen where online it does say that those terms are not used and they are referd to as FSMO roles. I just do not know the best way to explain what server I am talking about when I use FSMO terms and two servers hold the same role. I have been looking online for the correct way to speak about what server I am talking about and make sense. I do not want to sound like I do not know what I am talking about if I go for a job interview. And I need to know for personal knowledge.

I do need to learn alot more about DNS, I only know basic task that it does. I need to learn what all the settings are for and how to make sure they are all correct. I need to learn alot about everything in detail "All microsoft OS's and alot more". I want a much better job but that will not happen if I do not learn alot of stuff.


I have derailed alot from my original question "problem". With the temperaly fix "using the IP/folder name to access the servers" it has made it possible for people to access what they need and work. But I still need the problem corrected. The good part is that learning anything that can help me is what I want.

New Details about the issue
Something new that started happening today was

I have a software program that is licesend for the amount of computers it is installed on and the link "The shortcuts URL" to access the software includeds the computer name. The software was running very slow. Not even able to use it so slow. When I went into the sortcut URL and replaced the computer name with the IP the software is now running normal. It took me a very long time to figure out how to fix that software problem.

I am now getting ready to sleep so I am ready for another day of learning tomorrow. There is still alot of details I need to included within so if anyone who wants to help knows everything that is happening

I do want to thank everyone in helping me fix my problem and also helping me learn. This is how I will better my life.
See less See more
Two servers can not contain the same FSMO role.

Your "fixes" are only complicating the issue you are not addressing which is what got messed up on the dns servers.

Did you remove the RRAS role and disable the 2nd nic as advised?
Are all workstation and servers pointing to the ms dns servers?
Do the dns servers point to each other in their tcp/ip properties dns entries?
Are there errors in the dns logs?

Not sure how anyone can help you Joe. You are missing the foundation to build upon.
Ok, I did say the fixs that I have are only temperaly. I have them setup so that people can still do their job while I try to figure out the problem. That is the only option for me to use right now rather than have the employees not able to access the data they need. I do know it is not the best thing to do but I will do what I need to so that the bussiness can keep going.

As I did say when I first mentioned that I had a second Nic, yes it is disabled. I did remove the RRAS role. The workstations have always pointed to both the servers.
The server have always pointed to each other also I just did not know if there should be something to put in the alternative DNS server section in the TCP/IP settings on server. The only error that in is the DNS logs is listed in my first post. It is 6702. The two are replicating but I am still looking into the error. I have found the reason why the 6702 error was being loged and that problem is solved.

I have been looking in to the FSMO roles more and understanding them. I was thinking the roles we AD and DNS, but they are all a bigger part.

I have never had the chance to take any classes besides my BA in school. I took CS and did not like the programing at all. I never took any classes about Microsoft and applications, etc.. I iwll probably never have the chance to. So I try to teach my self as best I can. I can only work with what I have and what I am able to do.
See less See more
from a workstation do a nslookup alaska and post the output for review.
I have been very busy but I am also not sure if the problem has stoped or just hidden. At firist it was only happening to a couple people. Firist on 2 then 4 and around 5 total that I heard about. There are many people who do not access anything from the server so I am not sure if their workstatioons are having the same problem. It was also at random times. So I had to set there link with the IP rather than the server name for them to access what they need. I had to do something so then can contunie to do thier job. And that works fine when I do that.

But I want to fix the problem not hide it. I am not sure if it fixed or not. It has been 5 days without one problem that I have been told about.

But I did the nslookup again from 2 different workstations, and what I see does not seem it should on one. I will go see about researching this as soon as I can.
The results from one workststaion are below.
.......................................................................
C:\>nslookup alaska
*** Can't find server name for address 10.14.242.200: Non-existent domain
*** Can't find server name for address 10.14.242.191: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 10.14.242.200

Name: alaska.nyeauto.local
Address: 10.14.242.200
......................................................................


I have 2 servers. One it at 10.14.242.191 "call this nye" and the other is 10.14.242.200

The second workstation says
..............................................................
c:\>nslookup alaska

server: unknown
address: alaska

name: alaska.auto.local
address: 10.14.242.200
...............................................................


I am able to access the server share from both work stations as of right now. So from these to they are no problems
See less See more
Your dns is clearly screwed up.

Does not appear either dns server lists itself with a host or ptr record.
Appears your dns servers don't know they are in a domain

No proper dns name resolution means resolution resorts to that of last resort: broadcasts which slow everything down.

You can't be looking that the DNS logs if you think everything appears to be OK.
Yes you are correct,, there is an error. I listed the error in the first post when I firist started this conversation. I do look at all event logs daily.

This error is only happening on one of the servers. This is on the alaska server.

--------------------------------------------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6702
Description:
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

If this DNS server does not have any DS-integrated peers, then this error should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

------------------------------------------------------------------------


I did at one time have to network cards on the server. When I go to DNS managment the expand forward lookup, and click on my domain name and then right click and go to properties. On the name server tab it list both servers in the box. For my main server it had both IPs of both network cards. I have disabled one network card a long time ago, but the IP of the disabled card and also the IP of the enabled card where both listed for the main server. I did remove the IP of the card that is not in use "4/1/11". Since then 4/1 I have not recived any DNS error within my event viewer.

That made me think that what I did fixed the problem.
I still have to wait to know for sure. There was times this would happen 10 days in a row then take a week break and start again. So that may be the case right now, I will know in time.


I did attach a .txt file with the DNS log of the last year. If you would like to see.


""Does not appear either dns server lists itself with a host or ptr record.
Appears your dns servers don't know they are in a domain""

I am not sure about what PTR record is. "will look into PTR soon"
In active directory both servers are listed in the domain controlers folder in my domain tree. I am not sure on all the tech terms. That may not mean they know they are in a domain as you say, i am just trying to provide information.
I would think they would have to be in the domain to be a domain controller, but maybe you mean something different "dont "KNOW" they are in a domain rather than there are"


I have alot of reseach to do about all of this. I wish very much I was able to go somewhere to learn rather than figure it out as I go but I do not have a choice as of now.



Note. The servers are on different gateways. I dont know if that could matter just wanted to state that



Below are ipconfig /all from each server


Windows IP Configuration

Host Name . . . . . . . . . . . . : nye
Primary Dns Suffix . . . . . . . : auto.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : auto.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connection
Physical Address. . . . . . . . . : 00-0D-56-FD-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.242.191
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.242.101
DNS Servers . . . . . . . . . . . : 10.14.242.200
10.14.242.191





---------------------------------------------------------------------------------------------
Windows IP Configuration

Host Name . . . . . . . . . . . . : alaska
Primary Dns Suffix . . . . . . . : auto.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : auto.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1D-09-EF-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.242.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.242.6
DNS Servers . . . . . . . . . . . : 10.14.242.191
10.14.242.200


I do have to disable IP routing and also WINS proxy from alaska. I have not yet because I need to look into the process of doing so. I do not want to miss anything that I will need to do in the process.
WOW

Attachments

See less See more
Who setup one or both of these dns servers?
Different gateways doesn't matter

from the MS article on the event id
"If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it. "

have you checked nye dns server for a host entry for alaska?
I have checked all properties of both DNS servers and can not find any errors. I have researched into setting the DNS and everything looks correct. Yes the nye server does host alaska, also there has not been any DNS errors on the nye since 3/28 when I restarted the server "It is a normal error that can be cause from restating the server. I looked into it.".
Both DNS do replicate with no problem.
1 - 20 of 22 Posts
Status
Not open for further replies.
Top