Posts Tagged ‘DNS’

Upon restoring a domain controller to a new or isolated network in example a DR environment, the domain controller will lose access to its other domain controllers for replication. You might find you cannot start the DNS server and or Active directory services.

To force the server to start without checking for others modify the below key and reboot the server

 Add the Following reg Key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value name:  Repl Perform Initial Synchronizations
Value type:  REG_DWORD
Value data: 0

You should then go into Active Directory Sites and services and remove the old Domain Controllers and Also go into the DNS server and remove any references in the Nameserver tabs for the Zones

_msdcs.domain.local

domain.local

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

A new 2012 Domain controller rebooted after being promoted , however on restart DNS server would not start with the follow error

 The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Multiple sites online recommend a registry change to skip the initial replication , however this was production

Check the directory services event tab

This directory server has not completed a full synchronization of the following directory partition. This directory server will not available to clients until this task is completed.

Note , how big it your Sysvol + Netlogon + ntds.dit ? This will effect replication time!

The command will show this

repadmin /showrepl

 

In the end replication time won , it took 6 Hours!

VN:F [1.9.22_1171]
Rating: 1.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a colleague call me , after a mainboard switch over , the DNS server was not working

  1. Could ping the server from Remote Device
  2. Nslookup from the device would come back with (Request Timed Out)
  3. I could NSLOOKUP local host on the SBS Server
  • Restarted the DNS Server Service , enabled Logging could see Items 
  • DNS Server was listening on correct IP interfaces 

 

Found out during the main board swap out , the Subnet Mask of 255.255.255.255 had been set instead 255.255.255.0

What does this do? It sets a Single Device on the Subnet , which means it can’t route to the Default Gateway

If you did want to do this , it should be set to 255.255.255.252 ( two items on the Subnet ) for 192.168.0.1 and .2

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

mit-logo[1]To get Autodiscover working on a certificate that does not have any extra SAN’s available apart from it’s main Conical Name on the Certificate , you will need to use either a autodiscoer.xml file hosted on the companies main website or create a SRV record with the registrar.

The registrar was Melbourne IT , who for some reason don’t have valid DNS validation so records get stuck “Publishing”. After trial and error I finally got the records needed and beat their own Helpdesk by 2 Weeks to the fix.

Name : companydomain.com. ( remember dot on the end )

TTL : Can be left @ their default 86400 but should be 3600

Priority : 0

Port : 443

Weight : 0

Service : _autodiscover

Protocol :  _tcp

Target : mail.domain.com ( domain name on the CN Cert) ( remember dot on the end )

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: +2 (from 2 votes)