none
Problems with DNS and AD

    Question

  • Greetings , guys !

    There was a problem with the domain controller on windows 2012

    The server hands spelled static network 192.168.48.0 \ 24. The domain controller , alias dns , with Ip 192.168.48.4.

    The problem started with the fact that suddenly broke off rdp session to multiple servers , not ping.

    tcpdump at the gateway shows that traffic from them nevertheless goes. Reconnecting to a virtual ok to Hyper-V, try to log in, my answer is: no logon servers that can handle the request .

    I think that kind of nonsense , on a domain controller floor Rdp can go , now I sit on it , checked dns, check ip, availability on the network - all OK.

    Launched dcdiag / c / e / v no errors showed .

    Tried to create a second domain controller , you level an error "Verification of replica failed ..." and complains about the DNS.

    Looked ports on which listens dns:

    TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
      
    TCP 127.0.0.1:53 0.0.0.0:0 LISTENING
      
    TCP 192.168.48.4:53 0.0.0.0:0 LISTENING
      
    TCP 192.168.48.4:445 192.168.48.77:53744 ESTABLISHED
      
    TCP 192.168.48.4:3389 37.153.18.13:21055 ESTABLISHED
      
    TCP [::]: 49153 [ ::] : 0 LISTENING
      
    TCP [:: 1] : 53 [::] 0 LISTENING
      
    TCP [:: 1] : 389 [ :: 1] : 55533 ESTABLISHED
      
    TCP [:: 1] : 49155 [ :: 1] : 55530 ESTABLISHED
      
    TCP [:: 1] : 55530 [ :: 1] : 49155 ESTABLISHED
      
    TCP [:: 1] : 55533 [ :: 1] : 389 ESTABLISHE D
      
    UDP 127.0.0.1:53 *: *
      
    UDP 192.168.48.4:53 *: *
      
    UDP [:: 1] * 53 *

    If any server to do nslookup it is normally connected to the dns server and resolves any queries.

    If you make a ping office.local he says "Ping request could not find host print. Please check the name and try again."

    Help out in what could be the problem ?
    Saturday, October 05, 2013 4:01 PM

Answers

  • Thanks for the answer!

    I need to roll back changes because of theese GPOs some clients lost connection to Domain because of this registry settings:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes

    I made script to delete this registry keys:

    @echo off
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Tcpip" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes" /f
    reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v SMB1NATCompatibilityLevel /f

    But I can't apply it to workstations that lost connection to Domain...

    Sunday, October 06, 2013 12:06 PM
  • If that's truly the fix then it sounds like you may need to visit the console of the affected workstations.

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Sunday, October 06, 2013 3:06 PM

All replies

  • Please post an unedited ipconfig /all of DC/DNS server and problem client.

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, October 05, 2013 4:28 PM
  • Hello!

    Client:

    C:\Windows\system32>ping netflow
    Ping request could not find host netflow. Please check the name and try again.

    C:\Windows\system32>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : hyper
       Primary Dns Suffix  . . . . . . . : livetex.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : livetex.local

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 48-5B-39-A1-A6-34
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.48.19(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.48.1
       DNS Servers . . . . . . . . . . . : 192.168.48.4
       NetBIOS over Tcpip. . . . . . . . : Enabled

    C:\Windows\system32>ping google.com

    Pinging google.com [85.112.121.123] with 32 bytes of data:
    Reply from 85.112.121.123: bytes=32 time=8ms TTL=60
    Reply from 85.112.121.123: bytes=32 time=10ms TTL=60

    Ping statistics for 85.112.121.123:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 8ms, Maximum = 10ms, Average = 9ms
    Control-C
    ^C
    C:\Windows\system32>ping netflow.livetex.local
    Ping request could not find host netflow.livetex.local. Please check the name an
    d try again.

    Domain Controller:

    c:\>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : livetexserv
       Primary Dns Suffix  . . . . . . . : livetex.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : livetex.local

    Ethernet adapter vEthernet (Qualcomm Atheros AR8161 8165 PCI-E Gigabit Ethernet
    Controller (NDIS 6.20) - Virtual Switch):

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : ??????? Ethernet ??? ??????????? ???? Hyp
    er-V #2
       Physical Address. . . . . . . . . : 90-2B-34-D1-51-45
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.48.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.48.1
       DNS Servers . . . . . . . . . . . : 127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    c:\>ping ya.ru

    Pinging ya.ru [93.158.134.3] with 32 bytes of data:
    Reply from 93.158.134.3: bytes=32 time=14ms TTL=57

    ?????????? Ping ??? 93.158.134.3:
        ???????: ?????????? = 1, ???????? = 1, ???????? = 0
        (0% ??????)
    ??????????????? ????? ??????-???????? ? ??:
        ??????????? = 14????, ???????????? = 14 ????, ??????? = 14 ????
    Control-C
    ^C
    c:\>ping netflow

    Pinging netflow.livetex.local [192.168.48.6] with 32 bytes of data:
    Reply from 192.168.48.6: bytes=32 time=1ms TTL=128
    Reply from 192.168.48.6: bytes=32 time<1ms TTL=128

    ?????????? Ping ??? 192.168.48.6:
        ???????: ?????????? = 2, ???????? = 2, ???????? = 0
        (0% ??????)
    ??????????????? ????? ??????-???????? ? ??:
        ??????????? = 0????, ???????????? = 1 ????, ??????? = 0 ????
    Control-C
    ^C
    c:\>

    Saturday, October 05, 2013 5:33 PM
  • I did this on client:

    C:\Users\grigoriy.m>ping -a 192.168.48.22

    Pinging print.livetex.local [192.168.48.22] with 32 bytes of data:
    Reply from 192.168.48.22: bytes=32 time<1ms TTL=128
    Reply from 192.168.48.22: bytes=32 time<1ms TTL=128

    Ping statistics for 192.168.48.22:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    Control-C
    ^C

    C:\Users\grigoriy.m>ping -a 192.168.48.19

    Pinging hyper.livetex.local [192.168.48.19] with 32 bytes of data:
    Reply from 192.168.48.19: bytes=32 time<1ms TTL=128
    Reply from 192.168.48.19: bytes=32 time<1ms TTL=128

    It seems that Reverse zone works well, the problem is with Forward zones _msdcs.livetex.local and livetex.local. How can i fix it?

    Saturday, October 05, 2013 6:03 PM
  • I've set up new DNS server on 192.168.48.19, created primary zone google.com, created A record www.google.ru poiting ant 192.168.48.4.

    C:\Windows\system32>ping www.google.com

    Pinging www.google.com [192.168.48.4] with 32 bytes of data:
    Reply from 192.168.48.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.48.4: bytes=32 time<1ms TTL=128

    Ping statistics for 192.168.48.4:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    Control-C

    Okay, now on DNS server 192.168.48.19 I create Primary zone livetex.local and add host print.livetex.local.

    C:\Windows\system32>ping print.livetex.local
    Ping request could not find host print.livetex.local. Please check the name and
    try again.

    WHAT IS WRONG?!?!?!

    Saturday, October 05, 2013 6:49 PM
  • Do pings by address succeed?

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, October 05, 2013 7:08 PM
  • Yes.

    I guess it's because of DirectAccess gpo's that I found in Group Policy Management. How ca I roll back theese changes?

    Saturday, October 05, 2013 8:00 PM
  • Sounds like you may need to call Microsoft CSS.

    http://blogs.technet.com/b/tomshinder/archive/2010/03/13/uag-directaccess-group-policy-assignment-make-sure-the-right-policies-are-applied.aspx

    Might also ask them over here.

    http://social.technet.microsoft.com/Forums/forefront/en-US/home?forum=forefrontedgeiag

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    Saturday, October 05, 2013 10:01 PM
  • Thanks for the answer!

    I need to roll back changes because of theese GPOs some clients lost connection to Domain because of this registry settings:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes

    I made script to delete this registry keys:

    @echo off
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Tcpip" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes" /f
    reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v SMB1NATCompatibilityLevel /f

    But I can't apply it to workstations that lost connection to Domain...

    Sunday, October 06, 2013 12:06 PM
  • If that's truly the fix then it sounds like you may need to visit the console of the affected workstations.

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Sunday, October 06, 2013 3:06 PM
  • Hi,

    Did you fix this problem by deleting those registry values?

    Have you tried to troubleshoot this issue on the workstations?

    Please let us know the latest situation, so we could solve this issue efficiently.

    Best Regards,

    Amy Wang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    Wednesday, October 09, 2013 9:02 AM
    Moderator
  • Hi,

    Since we have not heard from you for a while, I assume that this issue is solved.

    I will mark replies as answers, please feel free to unmark them if the replies are not helpful.

    We are looking forward to hearing from you.

    Best Regards,

    Amy Wang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Friday, October 18, 2013 1:22 AM
    Moderator