This is my first Post to this Blog -

I have a client who calls every other day saying that they cant access the
internet or send email and once I restart the DNS server Service all is well.
I have a scheduled task running that restarts this every 4 hours and I am at
a loss on this one. Any would be appreciated.

They have two locations connected over a VPN - both locations are Global
Catalog Domain Controllers - Both locations are in the default first site and
are replicating after hours as the WAN link is slow - This issue only seems
to happen in one location. Both servers are pointing to themselves as DNS
servers and using forwarders to the ISP. The location where it happens is a
SBS 2003 server so Exchange can't send email when this happens as well but as
son as I restart the DNS service all is well. There are no event logs as well
saying that there is a DNS issue.
--
Thanks in Advance - Marcus

Hello mcrow7,

Please post an iopconfig /all from the server. Is the machine multihomed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> This is my first Post to this Blog -
>
> I have a client who calls every other day saying that they cant access
> the internet or send email and once I restart the DNS server Service
> all is well. I have a scheduled task running that restarts this every
> 4 hours and I am at a loss on this one. Any would be appreciated.
>
> They have two locations connected over a VPN - both locations are
> Global Catalog Domain Controllers - Both locations are in the default
> first site and are replicating after hours as the WAN link is slow -
> This issue only seems to happen in one location. Both servers are
> pointing to themselves as DNS servers and using forwarders to the ISP.
> The location where it happens is a SBS 2003 server so Exchange can't
> send email when this happens as well but as son as I restart the DNS
> service all is well. There are no event logs as well saying that there
> is a DNS issue.
>

Windows IP Configuration



Host Name . . . . . . . . . . . . : SCVB-FS1

Primary Dns Suffix . . . . . . . : scvb.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : scvb.local



Ethernet adapter Server Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-13-72-3D-38-E6

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.0.150

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.254

DNS Servers . . . . . . . . . . . : 10.0.0.150

Primary WINS Server . . . . . . . : 10.0.0.150

Here is the ipconfig /all from the server that is a SBS 2003 server and the
main everything. (All Roles, DNS, Exchange) All clients point to the server
for DNS and I have the scheduled tast running every three hours to restart
DNS Server Service.

This only started to happen when I brought the Domain Controller in the
Branch Office online over the VPN connection. Both DC's point to themselves
and have forwarders to the internet ISP's. They are both in the Default First
Site and are both GC's. I setup replication only to occur during non-business
hours.

I have two other clients that this is happening two and they both have 2 DNS
servers and they both point to themselves. These two locations don't happen
as often but I have a scheduled task to restart the service twice a day. At
these two locations - both DNS servers a AD integrated and are in the same
building (No branch offices).

Any would be great. They all only have one NIC and are not multihomed.
--
Thanks in Advance - Marcus


"Meinolf Weber" wrote:

> Hello mcrow7,
>
> Please post an iopconfig /all from the server. Is the machine multihomed?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > This is my first Post to this Blog -
> >
> > I have a client who calls every other day saying that they cant access
> > the internet or send email and once I restart the DNS server Service
> > all is well. I have a scheduled task running that restarts this every
> > 4 hours and I am at a loss on this one. Any would be appreciated.
> >
> > They have two locations connected over a VPN - both locations are
> > Global Catalog Domain Controllers - Both locations are in the default
> > first site and are replicating after hours as the WAN link is slow -
> > This issue only seems to happen in one location. Both servers are
> > pointing to themselves as DNS servers and using forwarders to the ISP.
> > The location where it happens is a SBS 2003 server so Exchange can't
> > send email when this happens as well but as son as I restart the DNS
> > service all is well. There are no event logs as well saying that there
> > is a DNS issue.
> >
>
>
>

Hello mcrow7,

Do i understand you right, 2 sites, one subnet and one SBS and one additional
DC/DNS in the other site?

Then you have to configure Active directory Sites and services for the subnets
and also check that both DC's are replicating correctly which also is based
on DNS settings.

Did you run dcdiag /v and netdiag /v and replmon to check for errors?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : SCVB-FS1
>
> Primary Dns Suffix . . . . . . . : scvb.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : Yes
>
> WINS Proxy Enabled. . . . . . . . : Yes
>
> DNS Suffix Search List. . . . . . : scvb.local
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet
>
> Physical Address. . . . . . . . . : 00-13-72-3D-38-E6
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 10.0.0.150
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 10.0.0.254
>
> DNS Servers . . . . . . . . . . . : 10.0.0.150
>
> Primary WINS Server . . . . . . . : 10.0.0.150
>
> Here is the ipconfig /all from the server that is a SBS 2003 server
> and the main everything. (All Roles, DNS, Exchange) All clients point
> to the server for DNS and I have the scheduled tast running every
> three hours to restart DNS Server Service.
>
> This only started to happen when I brought the Domain Controller in
> the Branch Office online over the VPN connection. Both DC's point to
> themselves and have forwarders to the internet ISP's. They are both in
> the Default First Site and are both GC's. I setup replication only to
> occur during non-business hours.
>
> I have two other clients that this is happening two and they both have
> 2 DNS servers and they both point to themselves. These two locations
> don't happen as often but I have a scheduled task to restart the
> service twice a day. At these two locations - both DNS servers a AD
> integrated and are in the same building (No branch offices).
>
> Any would be great. They all only have one NIC and are not
> multihomed.
>
> "Meinolf Weber" wrote:
>
>> Hello mcrow7,
>>
>> Please post an iopconfig /all from the server. Is the machine
>> multihomed?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> This is my first Post to this Blog -
>>>
>>> I have a client who calls every other day saying that they cant
>>> access the internet or send email and once I restart the DNS server
>>> Service all is well. I have a scheduled task running that restarts
>>> this every 4 hours and I am at a loss on this one. Any would be
>>> appreciated.
>>>
>>> They have two locations connected over a VPN - both locations are
>>> Global Catalog Domain Controllers - Both locations are in the
>>> default first site and are replicating after hours as the WAN link
>>> is slow - This issue only seems to happen in one location. Both
>>> servers are pointing to themselves as DNS servers and using
>>> forwarders to the ISP. The location where it happens is a SBS 2003
>>> server so Exchange can't send email when this happens as well but as
>>> son as I restart the DNS service all is well. There are no event
>>> logs as well saying that there is a DNS issue.
>>>

In news:7DB74F5A-8970-4AF1-9EAB-2018C5BE6AFD@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> This is my first Post to this Blog -
>
> I have a client who calls every other day saying that they cant
> access the internet or send email and once I restart the DNS server
> Service all is well. I have a scheduled task running that restarts
> this every 4 hours and I am at a loss on this one. Any would be
> appreciated.
>
> They have two locations connected over a VPN - both locations are
> Global Catalog Domain Controllers - Both locations are in the default
> first site and are replicating after hours as the WAN link is slow -
> This issue only seems to happen in one location. Both servers are
> pointing to themselves as DNS servers and using forwarders to the
> ISP. The location where it happens is a SBS 2003 server so Exchange
> can't send email when this happens as well but as son as I restart
> the DNS service all is well. There are no event logs as well saying
> that there is a DNS issue.

What type of WAN connection is in place? ADSL, SDLS, cable, T1?

Ace

There is only one site (Default First Site) and there are two network
addresses 10.0.0.0/24 and 10.0.1.0/24 as they are connected by a router to
router VPN.

I will check the replication - but I did run dcdiag and netdiag and returned
fine.

I also had this same issue in two other places that have only one location
but two AD DNS servers right next to each other. This is why I suspect DNS
corruption in the service. At those two other locations once I started DNS
service everything was fine. Possible a update corrupted the service.
--
Thanks in Advance - Marcus


"Meinolf Weber" wrote:

> Hello mcrow7,
>
> Do i understand you right, 2 sites, one subnet and one SBS and one additional
> DC/DNS in the other site?
>
> Then you have to configure Active directory Sites and services for the subnets
> and also check that both DC's are replicating correctly which also is based
> on DNS settings.
>
> Did you run dcdiag /v and netdiag /v and replmon to check for errors?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : SCVB-FS1
> >
> > Primary Dns Suffix . . . . . . . : scvb.local
> >
> > Node Type . . . . . . . . . . . . : Unknown
> >
> > IP Routing Enabled. . . . . . . . : Yes
> >
> > WINS Proxy Enabled. . . . . . . . : Yes
> >
> > DNS Suffix Search List. . . . . . : scvb.local
> >
> > Ethernet adapter Server Local Area Connection:
> >
> > Connection-specific DNS Suffix . :
> >
> > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> > Ethernet
> >
> > Physical Address. . . . . . . . . : 00-13-72-3D-38-E6
> >
> > DHCP Enabled. . . . . . . . . . . : No
> >
> > IP Address. . . . . . . . . . . . : 10.0.0.150
> >
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >
> > Default Gateway . . . . . . . . . : 10.0.0.254
> >
> > DNS Servers . . . . . . . . . . . : 10.0.0.150
> >
> > Primary WINS Server . . . . . . . : 10.0.0.150
> >
> > Here is the ipconfig /all from the server that is a SBS 2003 server
> > and the main everything. (All Roles, DNS, Exchange) All clients point
> > to the server for DNS and I have the scheduled tast running every
> > three hours to restart DNS Server Service.
> >
> > This only started to happen when I brought the Domain Controller in
> > the Branch Office online over the VPN connection. Both DC's point to
> > themselves and have forwarders to the internet ISP's. They are both in
> > the Default First Site and are both GC's. I setup replication only to
> > occur during non-business hours.
> >
> > I have two other clients that this is happening two and they both have
> > 2 DNS servers and they both point to themselves. These two locations
> > don't happen as often but I have a scheduled task to restart the
> > service twice a day. At these two locations - both DNS servers a AD
> > integrated and are in the same building (No branch offices).
> >
> > Any would be great. They all only have one NIC and are not
> > multihomed.
> >
> > "Meinolf Weber" wrote:
> >
> >> Hello mcrow7,
> >>
> >> Please post an iopconfig /all from the server. Is the machine
> >> multihomed?
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> This is my first Post to this Blog -
> >>>
> >>> I have a client who calls every other day saying that they cant
> >>> access the internet or send email and once I restart the DNS server
> >>> Service all is well. I have a scheduled task running that restarts
> >>> this every 4 hours and I am at a loss on this one. Any would be
> >>> appreciated.
> >>>
> >>> They have two locations connected over a VPN - both locations are
> >>> Global Catalog Domain Controllers - Both locations are in the
> >>> default first site and are replicating after hours as the WAN link
> >>> is slow - This issue only seems to happen in one location. Both
> >>> servers are pointing to themselves as DNS servers and using
> >>> forwarders to the ISP. The location where it happens is a SBS 2003
> >>> server so Exchange can't send email when this happens as well but as
> >>> son as I restart the DNS service all is well. There are no event
> >>> logs as well saying that there is a DNS issue.
> >>>
>
>
>

ADSL at both locations on Verizon. This is why I scheduled replication for
after hours as they don't have any traveling employees from place to place
that need to login both locations. The new location is really only using
Exchange from the other location.
--
Thanks in Advance - Marcus


"Ace Fekay [MVP]" wrote:

> In news:7DB74F5A-8970-4AF1-9EAB-2018C5BE6AFD@microsoft.com,
> mcrow7 <mcrow7@discussions.microsoft.com> typed:
> > This is my first Post to this Blog -
> >
> > I have a client who calls every other day saying that they cant
> > access the internet or send email and once I restart the DNS server
> > Service all is well. I have a scheduled task running that restarts
> > this every 4 hours and I am at a loss on this one. Any would be
> > appreciated.
> >
> > They have two locations connected over a VPN - both locations are
> > Global Catalog Domain Controllers - Both locations are in the default
> > first site and are replicating after hours as the WAN link is slow -
> > This issue only seems to happen in one location. Both servers are
> > pointing to themselves as DNS servers and using forwarders to the
> > ISP. The location where it happens is a SBS 2003 server so Exchange
> > can't send email when this happens as well but as son as I restart
> > the DNS service all is well. There are no event logs as well saying
> > that there is a DNS issue.
>
> What type of WAN connection is in place? ADSL, SDLS, cable, T1?
>
> Ace
>
>
>

In news:1084E4BF-C9BC-4F6B-B246-C5D12DC87956@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> ADSL at both locations on Verizon. This is why I scheduled
> replication for after hours as they don't have any traveling
> employees from place to place that need to login both locations. The
> new location is really only using Exchange from the other location.

ADSL? What are the modems connected to? The switch or directly to the
server? What is your VPN server? Windows or a third party device?

There are certain issues caused by PPPoE (which I know Verizon uses with
ADSL) due to it;s lower MTU of 1492 due to the 8 byte overhead it uses
robbing from the default TCP MTU of 1500. Errors from not being to access
certain sites, to AD replication issues across PPPoE connections. Also the
ADSL router may be set to go to sleep and will cause DNS issues, especially
if the modem is directly connected to the server.

Ace

The modems are directly connected to a Watchguard router/firewall. Then into
a switch - this is the same on both sides of the locations.

If it is a sleep issue on the modem then why when I restart the DNS server
service I can access the internet? When this does not work - if I go to the
monitoring tab of the DNS server and run a simple and recursive test they
both fail - but once I restart the DNS server service all is well and they
pass. I can still ping out by IP but no name resolutuion when the problem
happens. If the modem goes to sleep then would I be able to ping out by IP or
once I did this would it wake up and allow name resolution?

This is only seems to be affecting places with more than one AD DNS server.
I have this issue at three locations but the one thats the worse is the one
with site to site VPN's.
--
Thanks in Advance - Marcus


"Ace Fekay [MVP]" wrote:

> In news:1084E4BF-C9BC-4F6B-B246-C5D12DC87956@microsoft.com,
> mcrow7 <mcrow7@discussions.microsoft.com> typed:
> > ADSL at both locations on Verizon. This is why I scheduled
> > replication for after hours as they don't have any traveling
> > employees from place to place that need to login both locations. The
> > new location is really only using Exchange from the other location.
>
> ADSL? What are the modems connected to? The switch or directly to the
> server? What is your VPN server? Windows or a third party device?
>
> There are certain issues caused by PPPoE (which I know Verizon uses with
> ADSL) due to it;s lower MTU of 1492 due to the 8 byte overhead it uses
> robbing from the default TCP MTU of 1500. Errors from not being to access
> certain sites, to AD replication issues across PPPoE connections. Also the
> ADSL router may be set to go to sleep and will cause DNS issues, especially
> if the modem is directly connected to the server.
>
> Ace
>
>
>

"mcrow7" <mcrow7@discussions.microsoft.com> wrote in message
news:0C22C337-FDF4-4989-B9EF-A826CF34C0BB@microsoft.com...
> The modems are directly connected to a Watchguard router/firewall. Then
> into
> a switch - this is the same on both sides of the locations.
>
> If it is a sleep issue on the modem then why when I restart the DNS server
> service I can access the internet? When this does not work - if I go to
> the
> monitoring tab of the DNS server and run a simple and recursive test they
> both fail - but once I restart the DNS server service all is well and they
> pass. I can still ping out by IP but no name resolutuion when the problem
> happens. If the modem goes to sleep then would I be able to ping out by IP
> or
> once I did this would it wake up and allow name resolution?
>
> This is only seems to be affecting places with more than one AD DNS
> server.
> I have this issue at three locations but the one thats the worse is the
> one
> with site to site VPN's.
> --
> Thanks in Advance - Marcus


I was trying to find a link that i thought I bookmarked to explain it, but I
can't find it. Take my word for it. Set the modems to "always on." I will
try to search for the link for you in the meantime.

Here's an older link, not the one I was looking for. It applies to Win2000,
2003, XP, etc., whether directly connected or not.
175436 - microsoft nt4 dns stops forwarding queries after ppp link goes down
{maybe applies to w2k too]:
http://support.microsoft.com/?id=175436

Do you have a forwarder set?

Ace

I will check that article out.

Both DNS servers have forwarders to the ISP's and the NIC cards are pointing
to themselves.

Would the always on also affect T1's and cable connections? One of my
clients who have this same DNS issue have two WAN connections (one cable and
one T1 for failover) and today they had this issue of the DNS server not able
to resolve outside names and I put a ISP external ip on the NIC card as the
secondary IP and then I could get out. This server is a terminal server and a
DNS server. When the users terminaled in they could not get to the internet
because the server was pointing to itself and once the ISP DNS was added to
the card - all was well. I removed the ISP DNS entry from the card and was
unable to get out - restarted DNS server service and I could get out. The
second DNS (Which was the main DC) had no problem and could get out. I think
these clients are on a Indian Burial Ground
--
Thanks in Advance - Marcus


"Ace Fekay [MVP]" wrote:

>
> "mcrow7" <mcrow7@discussions.microsoft.com> wrote in message
> news:0C22C337-FDF4-4989-B9EF-A826CF34C0BB@microsoft.com...
> > The modems are directly connected to a Watchguard router/firewall. Then
> > into
> > a switch - this is the same on both sides of the locations.
> >
> > If it is a sleep issue on the modem then why when I restart the DNS server
> > service I can access the internet? When this does not work - if I go to
> > the
> > monitoring tab of the DNS server and run a simple and recursive test they
> > both fail - but once I restart the DNS server service all is well and they
> > pass. I can still ping out by IP but no name resolutuion when the problem
> > happens. If the modem goes to sleep then would I be able to ping out by IP
> > or
> > once I did this would it wake up and allow name resolution?
> >
> > This is only seems to be affecting places with more than one AD DNS
> > server.
> > I have this issue at three locations but the one thats the worse is the
> > one
> > with site to site VPN's.
> > --
> > Thanks in Advance - Marcus
>
>
> I was trying to find a link that i thought I bookmarked to explain it, but I
> can't find it. Take my word for it. Set the modems to "always on." I will
> try to search for the link for you in the meantime.
>
> Here's an older link, not the one I was looking for. It applies to Win2000,
> 2003, XP, etc., whether directly connected or not.
> 175436 - microsoft nt4 dns stops forwarding queries after ppp link goes down
> {maybe applies to w2k too]:
> http://support.microsoft.com/?id=175436
>
> Do you have a forwarder set?
>
> Ace
>
>
>

In news:B8C902F8-5D9D-44E2-91D5-553F78977B1E@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> I will check that article out.
>
> Both DNS servers have forwarders to the ISP's and the NIC cards are
> pointing to themselves.
>
> Would the always on also affect T1's and cable connections? One of my
> clients who have this same DNS issue have two WAN connections (one
> cable and one T1 for failover) and today they had this issue of the
> DNS server not able to resolve outside names and I put a ISP external
> ip on the NIC card as the secondary IP and then I could get out. This
> server is a terminal server and a DNS server. When the users
> terminaled in they could not get to the internet because the server
> was pointing to itself and once the ISP DNS was added to the card -
> all was well. I removed the ISP DNS entry from the card and was
> unable to get out - restarted DNS server service and I could get out.
> The second DNS (Which was the main DC) had no problem and could get
> out. I think these clients are on a Indian Burial Ground

Pictures of scenes from the movie Poltergeist come to mind... :-)

Is there a forwarder set on that DNS server having problems? If so, which
ISP's line was connected at the time and which ISP did the forwarder belong
to? Was the ISP DNS you added the one that belonged to the ISP currently
connected or the others? In some cases, some ISPs will not allow recursion
to their servers if the query request is coming from an out of network host.

Ace

In the case of WAN failover site - the forwarders are pointing to the main
ISP DNS external servers and then I have the ones for the backup ISP listed
at the bottom of the forwarders list. So I have two from the main ISP and
then two from the secondary ISP on both DNS servers as forwarders and the
servers are pointing to themselves on the NIC Cards.

I had this issue happen today with the DNS problem. Here is the setup - 1
SBS server doing DC, Exchange, DNS and 1 Standard Server doing File, Print
and DNS, DHCP. They called and said that email was getting stuck and they
were getting bounce backs. So I remoted into the server and I could get onto
the internet so I didn't think it was the DNS issue but when I looked at the
NIC properties of the card with the Exchange server - it had a second entry
for the file server that was doing DNS and that was how I was getting out to
the internet. I removed the Second DNS entry and I could not get out to the
internet on the SBS Exchange server so I restarted the DNS Server Service and
now I could get out to the internet and the Exchange Queues cleared up. So
one DNS server was working and one was not and they are both configured with
the same forwarders to there ISP and only have one ISP with no failover. Both
DNS servers point to themselves as primary DNS and each other as Secondary on
the NIC cards. I don't know why Exchange would not use the other DNS server
to send out mail. I have the clients pulling both DNS servers in the DHCP
options so they could get out just fine.

I appreciate all your replies to these and I am trying to figure it out as
it is so fustrating.
--
Thanks in Advance - Marcus


"Ace Fekay [MVP]" wrote:

> In news:B8C902F8-5D9D-44E2-91D5-553F78977B1E@microsoft.com,
> mcrow7 <mcrow7@discussions.microsoft.com> typed:
> > I will check that article out.
> >
> > Both DNS servers have forwarders to the ISP's and the NIC cards are
> > pointing to themselves.
> >
> > Would the always on also affect T1's and cable connections? One of my
> > clients who have this same DNS issue have two WAN connections (one
> > cable and one T1 for failover) and today they had this issue of the
> > DNS server not able to resolve outside names and I put a ISP external
> > ip on the NIC card as the secondary IP and then I could get out. This
> > server is a terminal server and a DNS server. When the users
> > terminaled in they could not get to the internet because the server
> > was pointing to itself and once the ISP DNS was added to the card -
> > all was well. I removed the ISP DNS entry from the card and was
> > unable to get out - restarted DNS server service and I could get out.
> > The second DNS (Which was the main DC) had no problem and could get
> > out. I think these clients are on a Indian Burial Ground
>
> Pictures of scenes from the movie Poltergeist come to mind... :-)
>
> Is there a forwarder set on that DNS server having problems? If so, which
> ISP's line was connected at the time and which ISP did the forwarder belong
> to? Was the ISP DNS you added the one that belonged to the ISP currently
> connected or the others? In some cases, some ISPs will not allow recursion
> to their servers if the query request is coming from an out of network host.
>
> Ace
>
>
>
>

In news:E883CB57-43AE-4D38-81BF-413A645C4228@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> In the case of WAN failover site - the forwarders are pointing to the
> main ISP DNS external servers and then I have the ones for the backup
> ISP listed at the bottom of the forwarders list. So I have two from
> the main ISP and then two from the secondary ISP on both DNS servers
> as forwarders and the servers are pointing to themselves on the NIC
> Cards.

Putting a bunch of IPs in the forwarders list will not make it work the way
many expect. The resolution process looks at them one at a time and if it
gets a response, even if the response is negative, it is still a response
and it will look no further. Same as when multiple listed on a client
machine. The first one is always queired. Then is no response in one second,
then it goes to the next in line until if finds a response. For all that do
not respond, they get removed from the eligible resolvers list for a period
of time.

Unfortunately, putting listing multiples like that don't .

>
> I had this issue happen today with the DNS problem. Here is the setup
> - 1 SBS server doing DC, Exchange, DNS and 1 Standard Server doing
> File, Print and DNS, DHCP. They called and said that email was
> getting stuck and they were getting bounce backs. So I remoted into
> the server and I could get onto the internet so I didn't think it was
> the DNS issue but when I looked at the NIC properties of the card
> with the Exchange server - it had a second entry for the file server
> that was doing DNS and that was how I was getting out to the
> internet. I removed the Second DNS entry and I could not get out to
> the internet on the SBS Exchange server so I restarted the DNS Server
> Service and now I could get out to the internet and the Exchange
> Queues cleared up. So one DNS server was working and one was not and
> they are both configured with the same forwarders to there ISP and
> only have one ISP with no failover. Both DNS servers point to
> themselves as primary DNS and each other as Secondary on the NIC
> cards. I don't know why Exchange would not use the other DNS server
> to send out mail. I have the clients pulling both DNS servers in the
> DHCP options so they could get out just fine.
>
> I appreciate all your replies to these and I am trying to figure it
> out as it is so fustrating.

Is the other DNS server a DC?

Exchange wouldn't use the other one due to the resolver service behavior.

Ace

No. The other server is not a DC and is just a file, DHCP, and Secondary AD
Integrated DNS server. It is used as the secondary server in case of failure
- and this seems to be working for failover because the clients dont notice
that the first one goes down until email starts getting bounced back.
--
Thanks in Advance - Marcus


"Ace Fekay [MVP]" wrote:

> In news:E883CB57-43AE-4D38-81BF-413A645C4228@microsoft.com,
> mcrow7 <mcrow7@discussions.microsoft.com> typed:
> > In the case of WAN failover site - the forwarders are pointing to the
> > main ISP DNS external servers and then I have the ones for the backup
> > ISP listed at the bottom of the forwarders list. So I have two from
> > the main ISP and then two from the secondary ISP on both DNS servers
> > as forwarders and the servers are pointing to themselves on the NIC
> > Cards.
>
> Putting a bunch of IPs in the forwarders list will not make it work the way
> many expect. The resolution process looks at them one at a time and if it
> gets a response, even if the response is negative, it is still a response
> and it will look no further. Same as when multiple listed on a client
> machine. The first one is always queired. Then is no response in one second,
> then it goes to the next in line until if finds a response. For all that do
> not respond, they get removed from the eligible resolvers list for a period
> of time.
>
> Unfortunately, putting listing multiples like that don't .
>
> >
> > I had this issue happen today with the DNS problem. Here is the setup
> > - 1 SBS server doing DC, Exchange, DNS and 1 Standard Server doing
> > File, Print and DNS, DHCP. They called and said that email was
> > getting stuck and they were getting bounce backs. So I remoted into
> > the server and I could get onto the internet so I didn't think it was
> > the DNS issue but when I looked at the NIC properties of the card
> > with the Exchange server - it had a second entry for the file server
> > that was doing DNS and that was how I was getting out to the
> > internet. I removed the Second DNS entry and I could not get out to
> > the internet on the SBS Exchange server so I restarted the DNS Server
> > Service and now I could get out to the internet and the Exchange
> > Queues cleared up. So one DNS server was working and one was not and
> > they are both configured with the same forwarders to there ISP and
> > only have one ISP with no failover. Both DNS servers point to
> > themselves as primary DNS and each other as Secondary on the NIC
> > cards. I don't know why Exchange would not use the other DNS server
> > to send out mail. I have the clients pulling both DNS servers in the
> > DHCP options so they could get out just fine.
> >
> > I appreciate all your replies to these and I am trying to figure it
> > out as it is so fustrating.
>
> Is the other DNS server a DC?
>
> Exchange wouldn't use the other one due to the resolver service behavior.
>
> Ace
>
>
>

Read inline please.

In news:9A9F1FB8-A638-4B27-A422-1108B18F4CF4@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> No. The other server is not a DC and is just a file, DHCP, and
> Secondary AD Integrated DNS server. It is used as the secondary
> server in case of failure - and this seems to be working for failover
> because the clients dont notice that the first one goes down until
> email starts getting bounced back.

This post is rather perplexing, there is no such thing as a Secondary AD
Integrated zone, it can be one or the other but not both ADI and Secondary.
You state that it is not a DC, but if it's not, it can't be a Global
Catalog and it cannot have an AD Integrated zone.
Best Practice would be for both to be DCs, Global Catalogs, and have AD
Integrated zones. Also, they should not both point only to themselves for
DNS, both should also point to the other for DNS as well as itself. This is
especially important for the server with Exchange, because when the server
with Exchange starts, it should have a Global Catalog available to it, so
that the Exchange services start.

IF the Second server is actually a DC, check its zone types, ADI zones will
replicate to all DCs, so there is no need for Secondary zones.
Also, If the original DC was Win2k3, there should be two zones, one named
with the AD Domain name, the other would be named _msdcs.ADDomain. If it has
these two zones make sure both DCs (if both are DCs) have both zones. If
they do not, you need to check replication, and that both DCs are properly
registered in the _msdcs.ADDomain zone. If you don't have a _msdcs.ADdomain
zone, check that the _msdcs sub domain in the ADDomain zone, is populated
with the GUID CNAME records and all SRV records for both DCs, and that the
gc._msdcs.ADDomain folder has the A records for all Global Catalogs.

You can also configure the SMTP Virtual Server with External DNS servers for
doing its lookups (Delivery tab, Advanced button, then Configure button) The
DNS servers you list here are not used by Exchange for any other purposes
other than SMTP. So you can use an ISP, Router or any reliable DNS source.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

In news:9A9F1FB8-A638-4B27-A422-1108B18F4CF4@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> No. The other server is not a DC and is just a file, DHCP, and
> Secondary AD Integrated DNS server. It is used as the secondary
> server in case of failure - and this seems to be working for failover
> because the clients dont notice that the first one goes down until
> email starts getting bounced back.

These are two terms that do not go together. AD integrated zones can ONLY
exist on a DC. AD Integrated means the DNS data is stored in teh actual
physical AD database and gets replicated to all DCs.

You'll need to clean up your infrastructure to clean up the errors. Follow
Kevin's suggestions.

Ace

I just worded my servers incorrectly. I called the server secondary for
failover purposes as the DHCP options gives it out as the second DNS server
for failover. They are both AD integrated servers and I am starting to think
that the issue has something to do with SBS server and Standard R2. The three
places that I am having this issue at all have these configurations -

First Location
2003 SBS SP1 - DC, GC, Exchange, DNS
2003 Standard R2 Sp2 - DC, File, Print, DNS

Second Location
2003 SBS SP1 - DC, GC, Exchange, DNS
2003 Standard R2 Sp2 - DC, GC, File, Print, DNS

Third Location
2003 SBS SP2 - DC, GC, Exchange, DNS
2003 Standard R2 Sp2 - File, Print, DNS, Terminal Server

As you can see, they all are almost the same and only two have a R2 server
and a DC. I extended the Schema for those and followed the procedure for
adding a R2 to a Forest. Let me know if you know of any issue surrounding R2
and non R2 SBS. This is my only solution left and I don't have this problem
anywhere else where I have two AD DNS servers or SBS servers and Standard R2
servers but only the SBS server is doing DNS. This only happens when I have
two servers doing DNS and they are R2 and SBS 2003. Let me know if this
sounds crazy?

--
Thanks in Advance - Marcus


"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>
> In news:9A9F1FB8-A638-4B27-A422-1108B18F4CF4@microsoft.com,
> mcrow7 <mcrow7@discussions.microsoft.com> typed:
> > No. The other server is not a DC and is just a file, DHCP, and
> > Secondary AD Integrated DNS server. It is used as the secondary
> > server in case of failure - and this seems to be working for failover
> > because the clients dont notice that the first one goes down until
> > email starts getting bounced back.
>
> This post is rather perplexing, there is no such thing as a Secondary AD
> Integrated zone, it can be one or the other but not both ADI and Secondary.
> You state that it is not a DC, but if it's not, it can't be a Global
> Catalog and it cannot have an AD Integrated zone.
> Best Practice would be for both to be DCs, Global Catalogs, and have AD
> Integrated zones. Also, they should not both point only to themselves for
> DNS, both should also point to the other for DNS as well as itself. This is
> especially important for the server with Exchange, because when the server
> with Exchange starts, it should have a Global Catalog available to it, so
> that the Exchange services start.
>
> IF the Second server is actually a DC, check its zone types, ADI zones will
> replicate to all DCs, so there is no need for Secondary zones.
> Also, If the original DC was Win2k3, there should be two zones, one named
> with the AD Domain name, the other would be named _msdcs.ADDomain. If it has
> these two zones make sure both DCs (if both are DCs) have both zones. If
> they do not, you need to check replication, and that both DCs are properly
> registered in the _msdcs.ADDomain zone. If you don't have a _msdcs.ADdomain
> zone, check that the _msdcs sub domain in the ADDomain zone, is populated
> with the GUID CNAME records and all SRV records for both DCs, and that the
> gc._msdcs.ADDomain folder has the A records for all Global Catalogs.
>
> You can also configure the SMTP Virtual Server with External DNS servers for
> doing its lookups (Delivery tab, Advanced button, then Configure button) The
> DNS servers you list here are not used by Exchange for any other purposes
> other than SMTP. So you can use an ISP, Router or any reliable DNS source.
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

I replied to Kevin's - Please read.
--
Thanks in Advance - Marcus


"Ace Fekay [MVP]" wrote:

> In news:9A9F1FB8-A638-4B27-A422-1108B18F4CF4@microsoft.com,
> mcrow7 <mcrow7@discussions.microsoft.com> typed:
> > No. The other server is not a DC and is just a file, DHCP, and
> > Secondary AD Integrated DNS server. It is used as the secondary
> > server in case of failure - and this seems to be working for failover
> > because the clients dont notice that the first one goes down until
> > email starts getting bounced back.
>
> These are two terms that do not go together. AD integrated zones can ONLY
> exist on a DC. AD Integrated means the DNS data is stored in teh actual
> physical AD database and gets replicated to all DCs.
>
> You'll need to clean up your infrastructure to clean up the errors. Follow
> Kevin's suggestions.
>
> Ace
>
>
>
>

Answers are inline...

In news:A048DC51-B30E-4EF1-87CC-FF8363250747@microsoft.com,
mcrow7 <mcrow7@discussions.microsoft.com> typed:
> I just worded my servers incorrectly. I called the server secondary
> for failover purposes as the DHCP options gives it out as the second
> DNS server for failover. They are both AD integrated servers


AD integrated servers? Let's try to get the terminology straight. There's no
such thing as an "AD integrated server."
Are they both domain controllers? I believe that is what you are trying to
convey.


> and I am
> starting to think that the issue has something to do with SBS server
> and Standard R2. The three places that I am having this issue at all
> have these configurations -

Not that it may or not now, but were you aware there is a separate
newsgroup dedicated for SBS due to the differences, limitations and the
configuration wizards available compared to the other operating systems?



>
> First Location
> 2003 SBS SP1 - DC, GC, Exchange, DNS
> 2003 Standard R2 Sp2 - DC, File, Print, DNS
>
> Second Location
> 2003 SBS SP1 - DC, GC, Exchange, DNS
> 2003 Standard R2 Sp2 - DC, GC, File, Print, DNS
>
> Third Location
> 2003 SBS SP2 - DC, GC, Exchange, DNS
> 2003 Standard R2 Sp2 - File, Print, DNS, Terminal Server
>
> As you can see, they all are almost the same and only two have a R2
> server and a DC. I extended the Schema for those and followed the
> procedure for adding a R2 to a Forest. Let me know if you know of any
> issue surrounding R2 and non R2 SBS. This is my only solution left
> and I don't have this problem anywhere else where I have two AD DNS
> servers or SBS servers and Standard R2 servers but only the SBS
> server is doing DNS. This only happens when I have two servers doing
> DNS and they are R2 and SBS 2003. Let me know if this sounds crazy?

What published procedure did you follow? I assume you ran adprep for R2 from
the second CD and there were no issues.

Did you move any of the FSMO roles to the new server? If so, please keep in
mind you can't do that with SBS and a replica DC. But you can make the new
replica a GC, which is recommended.

If all the above is ok, then I assume there are no problems when you added
the replica DCs. Here's a good checklist:
The Official SBS Blog Debunking Myths About Additional Domain Controllers
In SBS Domains:
http://blogs.technet.com/sbs/archive...bs-domain.aspx

Not that it applies with DNS issues, but I assume you did not try to trust
each domain in