Secondary DNS failing to redirect clients when Primary DNS goes down

-

i have single domain 2 windows 2008 servers, dc1 (physical) , dc2 (virtual).  both servers run dns , gc servers, , entire domain on same subnet (192.168.0.x). 

all clients on network configured use dc1 primary dns, dc2 secondary dns. 

dhcp enabled on dc1.  (this might part of issue, not sure).

the problem when dc1 goes down reboot or repair, lose access internet our clients.  trying pull website results in "page cannot displayed" error.  dc2 available during time , can pinged client not resolve dns requests, if specify primary dns server on 1 of workstations.  can log on to dc2 locally , browse web. 

here results of dcdiag /dnsall dc2 (i bolded areas of concern):

-------------------------------------------------------------------------------

directory server diagnosis

performing initial setup:

   * connecting directory service on server dc2.

   * identified ad forest.

   collecting ad specific global data

   * collecting site info.

   calling ldap_search_init_page(hld,cn=sites,cn=configuration,dc=mydomain,dc=com,ldap_scope_subtree,(objectcategory=ntdssitesettings),.......

   the previous call succeeded

   iterating through sites

   looking @ base site object: cn=ntds site settings,cn=default-first-site-name,cn=sites,cn=configuration,dc=mydomain,dc=com

   getting istg , options site

   * identifying servers.

   calling ldap_search_init_page(hld,cn=sites,cn=configuration,dc=mydomain,dc=com,ldap_scope_subtree,(objectclass=ntdsdsa),.......

   the previous call succeeded....

   the previous call succeeded

   iterating through list of servers

   getting information server cn=ntds settings,cn=dc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=mydomain,dc=com

   objectguid obtained

   invocationid obtained

   dnshostname obtained

   site info obtained

   all info server collected

   getting information server cn=ntds settings,cn=dc2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=mydomain,dc=com

   objectguid obtained

   invocationid obtained

   dnshostname obtained

   site info obtained

   all info server collected

   * identifying nc cross-refs.

   * found 2 dc(s). testing 1 of them.

   done gathering initial info.

doing initial required tests

  

   testing server: default-first-site-name\dc2

      starting test: connectivity

         * active directory ldap services check

         determining ip4 connectivity

         determining ip6 connectivity

         * active directory rpc services check

         ......................... dc2 passed test connectivity

doing primary tests

  

   testing server: default-first-site-name\dc2

      test omitted user request: advertising

      test omitted user request: checksecurityerror

      test omitted user request: cutoffservers

      test omitted user request: frsevent

      test omitted user request: dfsrevent

      test omitted user request: sysvolcheck

      test omitted user request: kccevent

      test omitted user request: knowsofroleholders

      test omitted user request: machineaccount

      test omitted user request: ncsecdesc

      test omitted user request: netlogons

      test omitted user request: objectsreplicated

      test omitted user request: outboundsecurechannels

      test omitted user request: replications

      test omitted user request: ridmanager

      test omitted user request: services

      test omitted user request: systemlog

      test omitted user request: topology

      test omitted user request: verifyenterprisereferences

      test omitted user request: verifyreferences

      test omitted user request: verifyreplicas

  

      starting test: dns

        

         dns tests running , not hung. please wait few minutes...

         see dns test in enterprise tests section results

         ......................... dc2 passed test dns

  

   running partition tests on : forestdnszones

      test omitted user request: checksdrefdom

      test omitted user request: crossrefvalidation

  

   running partition tests on : domaindnszones

      test omitted user request: checksdrefdom

      test omitted user request: crossrefvalidation

  

   running partition tests on : schema

      test omitted user request: checksdrefdom

      test omitted user request: crossrefvalidation

  

   running partition tests on : configuration

      test omitted user request: checksdrefdom

      test omitted user request: crossrefvalidation

  

   running partition tests on : mydomain

      test omitted user request: checksdrefdom

      test omitted user request: crossrefvalidation

  

   running enterprise tests on : mydomain.com

      starting test: dns

         test results domain controllers:

           

            dc: dc2.mydomain.com

            domain: mydomain.com

                            

               test: authentication (auth)

                  authentication test: completed

                 

               test: basic (basc)

                  microsoftr windows serverr 2008 standard  (service pack level: 2.0)

                   is supported

                  netlogon service running

                  kdc service running

                  dnscache service running

                  dns service running

                  dc dns server

                  network adapters information:

                  adapter [00000006] intel(r) pro/1000 mt network connection:

                     mac address 00:0c:29:91:59:68

                     ip address static

                     ip address: 192.168.0.249

                     dns servers:

                        192.168.0.105 (dc1.mydomain.com.) [valid]

                        127.0.0.1 (dc2) [valid]

                  the host record(s) dc found

                  warning: aaaa record dc not found

                  [error details: 9501 (type: win32 - description: no records found given dns query.) - mydomain.com]

                  the soa record active directory zone found

                  the active directory zone on dc/dns server found primary

                  root zone on dc/dns server not found

                 

               test: forwarders/root hints (forw)

                  recursion enabled

                  forwarders information:

                     192.168.0.105 (dc1.mydomain.com.) [valid]

                     192.168.0.7 (<name unavailable>) [invalid (unreachable)]

                     error: forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)

                 

               test: delegations (del)

                  delegation information zone: mydomain.com.

                     delegated domain name: _msdcs.mydomain.com.

                        dns server: dc1.mydomain.com. ip:192.168.0.105 [valid]

                 

               test: dynamic update (dyn)

                  test record _dcdiag_test_record added in zone mydomain.com

                  test record _dcdiag_test_record deleted in zone mydomain.com

                 

               test: records registration (rreg)

                  network adapter

                  [00000006] intel(r) pro/1000 mt network connection:

                     matching cname record found @ dns server 192.168.0.105:

                     a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com

                     matching record found @ dns server 192.168.0.105:

                     dc2.mydomain.com

                     warning:

                     missing aaaa record @ dns server 192.168.0.105:

                     dc2.mydomain.com

                     [error details: 9501 (type: win32 - description: no records found given dns query.)]

                    

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _kerberos._tcp.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _kerberos._tcp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _kerberos._udp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _kpasswd._tcp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.default-first-site-name._sites.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _kerberos._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _kerberos._tcp.default-first-site-name._sites.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.gc._msdcs.mydomain.com

                     matching record found @ dns server 192.168.0.105:

                     gc._msdcs.mydomain.com

                     warning:

                     missing aaaa record @ dns server 192.168.0.105:

                     gc._msdcs.mydomain.com

                     [error details: 9501 (type: win32 - description: no records found given dns query.)]

                    

                     matching  srv record found @ dns server 192.168.0.105:

                     _gc._tcp.default-first-site-name._sites.mydomain.com

                     matching  srv record found @ dns server 192.168.0.105:

                     _ldap._tcp.default-first-site-name._sites.gc._msdcs.mydomain.com

                     matching cname record found @ dns server 192.168.0.249:

                     a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com

                     matching record found @ dns server 192.168.0.249:

                     dc2.mydomain.com

                     warning:

                     missing aaaa record @ dns server 192.168.0.249:

                     dc2.mydomain.com

                     [error details: 9501 (type: win32 - description: no records found given dns query.)]

                    

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _kerberos._tcp.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _kerberos._tcp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _kerberos._udp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _kpasswd._tcp.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.default-first-site-name._sites.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _kerberos._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _kerberos._tcp.default-first-site-name._sites.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.gc._msdcs.mydomain.com

                     matching record found @ dns server 192.168.0.249:

                     gc._msdcs.mydomain.com

                     warning:

                     missing aaaa record @ dns server 192.168.0.249:

                     gc._msdcs.mydomain.com

                     [error details: 9501 (type: win32 - description: no records found given dns query.)]

                    

                     matching  srv record found @ dns server 192.168.0.249:

                     _gc._tcp.default-first-site-name._sites.mydomain.com

                     matching  srv record found @ dns server 192.168.0.249:

                     _ldap._tcp.default-first-site-name._sites.gc._msdcs.mydomain.com

               warning: record registrations not found in network adapters

                  

               test: external name resolution (ext)

                  internet name www.microsoft.com resolved successfully

        

         summary of test results dns servers used above domain

         controllers:

        

            dns server: 192.168.0.7 (<name unavailable>)

               1 test failure on dns server

               ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 192.168.0.7               [error details: 1460 (type: win32 - description: operation returned because timeout period expired.)]

              

            dns server: 192.168.0.105 (dc1.mydomain.com.)

               all tests passed on dns server

               name resolution functional._ldap._tcp srv record forest root domain registered

               dns delegation domain  _msdcs.mydomain.com. operational on ip 192.168.0.105

              

            dns server: 192.168.0.249 (dc2)

               all tests passed on dns server

               name resolution functional._ldap._tcp srv record forest root domain registered

              

         summary of dns test results:

        

                                            auth basc forw del  dyn  rreg ext

            _________________________________________________________________

            domain: mydomain.com

               dc2                       pass warn fail pass pass warn pass

        

         ......................... mydomain.com failed test dns

      test omitted user request: locatorcheck

      test omitted user request: intersite

 

looks may trying forward machine that's down (dc1 , 192.168.0.7) and root hints aren't available.

check out article: http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx

see if can enable dns access through firewall internet if it's not available.  try match whatever forwarder settings on dc1, or remove them entirely , let server resolve dns internet root servers.  alternativly, change forwarder public dns server have access to, isp should supply or test common 4.2.2.2.

please remember, if see post helped please click "vote helpful" , if answered question please click "mark answer". swc unified communications




Windows Server  >  IPAM, DHCP, DNS



Comments

Post a Comment

Popular posts from this blog

CRL Revocation always failed

-
hi all, i try configure radius server nps, somehow certificate authentication client failed with reason: reason = revocation function unable check revocation because revocation server offline. then check certificate client, certutil -f -urlfetch -verify client7.cer, result follow: issuer:     cn=entca     dc=intra     dc=domain     dc=co     dc=sg subject:     cn=computer.intra.domain.co.sg cert serial number: 1c5b00de000000000041 dwflags = ca_verify_flags_allow_untrusted_root (0x1) dwflags = ca_verify_flags_ignore_offline (0x2) dwflags = ca_verify_flags_full_chain_revocation (0x8) dwflags = ca_verify_flags_console_trace (0x20000000) dwflags = ca_verify_flags_dump_chain (0x40000000) chainflags = cert_chain_revocation_check_chain (0x20000000) hcce_local_machine cert_chain_policy_base -------- cert_chain_context -------- chaincontext.dwinfostatus = ce...
Read more

Failed to query the results of bpa xpath

-
Image
i have new server installed hyper v, iis , domain services roles on it.  i checking event log , see warning multiple times, idea how rid of it?? failed query results of bpa xpath: microsoft/windows/fileservices:$reports$\*\result.xml:/resultdatabase/result. error: device attached system not functioning., last error: system cannot find path specified.. follow me on twitter <<< levalencia blog <<< hi, similar issue discussed in forum: to rid of warnings: 1. go dashboard 2. click on add roles , features 3. click next "before begin step" 4. select "role based or feature based installation" , click next 5. select given server server pool , click next 6. in server roles step make sure following checked:   file , storage services > file , iscsi services > file server, click next 7.click next through rest of steps , install server role 8. rerun bpa scan described earlier for more information please refer foll...
Read more

0x300000d errors in Microsoft Remote Desktop client

-
we use rd connect home users office. @ server side remote desktop gateway configured on 2008r2 server. experience following:   for years worked fine, starting last year users apple macbook experienced connection errors after new version of microsoft remote desktop in app store , automatic update. after couple of weeks error disappaered when new updates released. since 6 8 weeks problem again. because don’t have macbook cannot reproduce problem.   starting couple of weeks samsung s6 experiencing problems, here version 8.1.37.135 installed, error displayed is: can’t connect tot remote pc because remote desktop gateway server temporaraily unavailable. try connecting later or contact network administrator assistance. error code  0x300000d   because has worked fine years expect issues on client can configuration error on gateway server.   who pin point real cause?   however, testing other rd gateway server works ok settings identically....
Read more