I have checked on some servers that their perfered and alternative dns server are ADDNS but while checking the netlogon server of those server are showing different DC name why so?
-
6. května 2012 19:48
I have checked on some servers that their perfered and alternative dns server are ADDNS but while checking the netlogon server of those server are showing different DC name why so?
ideally it should show the netlogon DC server name to the perfered ADDNS server?
Všechny reakce
-
7. května 2012 4:39
I'm not sure I fully understand. What exactly do you mean by checking the "netlogon server?" You mean the DC that logged the client into the domain, possibly by running the "echo %logonserveR%" command?
If so, specifying a specific DNS server as the first entry does NOT guarantee that that DC will be the logon server.
Therefore, this is actually more of an AD question and better suited for the DS (Directory Services) forum, however, the question does kind of falls in the middle of whether the question is best suited here or not, only because there are multiple things involved (assuming I understood what you mean). There's the DNS client side resolver algorithm, theer's the DNS client side resolver, and most of all, there's the DC Locator procecss, which uses those two services querying DNS to "find" a DC that the client will try to use to login and/or authenticate (such as to a printer, etc). So it's using that server to send the query, but there's no guarantee the query results will be that server.
As for the AD process, it still goes through the DC Locator process by first querying DNS for a DC in the domain, such as the following (and the links below the pic describes it in full detail):
.
.
More specifics in the following links:
The DC Locator Process, The Logon Process, Controlling Which DC Responds in an AD Site, and SRV Records
Published by Ace Fekay, MCT, MVP DS on Jan 3, 2010 at 10:30 AM 1285 0
http://msmvps.com/blogs/acefekay/archive/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records.aspxHow DNS Support for Active Directory Works: Active Directory
Enables a client to locate a domain controller (dc) of the domain named ..... The process that the Locator follows can be summarized as follows: ...
Scroll down to "Domain Controller Locator Process."
http://technet.microsoft.com/en-us/library/cc759550(WS.10).aspxHow Domain Controllers Are Located in Windows XP_TCP.dc._msdcs.domainname.
After the client locates a domain controller, the client establishes ... To troubleshoot the domain locator process: ...
http://support.microsoft.com/kb/314861Jorge 's Quest For Knowledge! : DC Locator Process in W2K, W2K3(R2 ...This is the 2 nd part of "DC Locator Process in W2K, W2K3(R2) and W2K8" Looking
at this all, the DC locator process as explained above still applies to ...
http://blogs.dirteam.com/blogs/jorge/archive/2007/06/30/dc-locator-process-in-w2k-w2k3-r2-and-w2k8-part-2.aspxIn addition, there's another factor involved with which DNS entry it will use first or not, but most cases it will more than likely always be using the first DNS server address, unless the first one goes down. Here are more specifics on this behavior:
WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
The DNS Client Side Resolver algorithm. Client side resolution process chart.
If one DC or DNS goes down, does a client logon to another DC?
DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders)
Client side resolution process chart
Published by Ace Fekay, MCT, MVP DS on Nov 29, 2009 at 10:28 PM 1764 1
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
- Navržen jako odpověď Sachin Gadhave 7. května 2012 9:51
-
7. května 2012 10:01
No, that is not always true. The DNS name resolution process and DC locator processes are independent hence use different paths/algorithms. When a client tries to locate a DC for authentication it transparently looks for SRV records to identify the nearest DC and is unaware whether the preferred or alternate DNS server itself is a DC. Thus what you see is a normal behaviour by design.
Sachin Gadhave (MCP, MCTS)
- Upravený Sachin Gadhave 7. května 2012 10:02
-
7. května 2012 10:10
Hello.
1.How many domains you manage at you place?
2.How Many DNS servers do you have in environment?
Regards, Ravikumar P
- Upravený Ravikumar PulagouniMicrosoft Community Contributor 7. května 2012 10:31
-
7. května 2012 16:26
Thanks to you All..........
I got the solution after opening case with MS and the issue found on the local servers itself.
As per microsoft findings, issue was in the process name is ECoNTagt.exe creating more than 12k handles........
- Označen jako odpověď Gautam Ji 7. května 2012 16:26
-
7. května 2012 18:26
Thanks to you All..........
I got the solution after opening case with MS and the issue found on the local servers itself.
As per microsoft findings, issue was in the process name is ECoNTagt.exe creating more than 12k handles........
I'm glad to hear Microsoft support helped you with a solution. I'm curious, what is that service? Does that have something to do or causing problems with the DC LOcator process?
Also, can you provide the solution they gave you? This will help benefit others searching for a solution to a similar issue.
Thank you!
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
8. května 2012 3:21
I'll check this with server team and update you soon..........
.png)
