none
Connection to DNS Server dropping in and out

    Question

  • I am having a very difficult problem with a newer Windows Server 2008 R2 and TMG 2010 installation.

     

    I am losing connectivity with my internal DNS servers for up to minutes at a time. I think it may be happening to Windows 7 clients as well but it is very irregular and it is not happening to my work station so it is difficult to catch. The big problem with the TMG server is that when communication with the DNS server is cut off the proxy server will either take a very long time to respond to time out completely.

     

    I have checked the logs of all of the servers involved and I do not have any error messages: 1 TMG server, 2 DNS servers (both AD controllers), 1 Hyper V server hosting 1 DNS server.

     

    The only change I made to the environment at the time this started to happen was to install WSUS on the DNS server running on HyperV. I had a problem with it downloading all of the updates during business hours and uninstalled it a few hours later.

     

    I do not see anything in the Event logs related to network or the DNS server.

    I have tried a netmon capture on the TMG server and while I am not an expert on reading the traces I could not see anything obvious.

     

    And just starting today I am starting to loose connection to the RDC on the TMG server for a couple of minutes at a time. But while I am not able to connect to the server I am able ping it.

     

    All network drivers on the DNS Server and the TMG server are up to date.

     

    I created an alert on the TMG server to alert me when connectifity is lost to the two DNS servers. During the day I get a many errors going to DNS server 1 (prefered) and maybe a couple errors going to server 2 (alternate).

     

    The only DNS errors I can find through diagnostics are if I run dcdiag /test:dns which give me the following:

     

                DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               

                DNS server: 2001:500:2f::f (f.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               

                DNS server: 2001:500:3::42 (l.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42               

                DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               

                DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               

                DNS server: 2001:7fd::1 (k.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               

                DNS server: 2001:7fe::53 (i.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               

                DNS server: 2001:dc3::35 (m.root-servers.net.)

     

                   1 test failure on this DNS server

     

                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               

             ......................... franksville.quickcable.com passed test DNS

     

    I have never done anything with IPv6 on any of the machines prior to this problem.

     

    I have tried disabling the IPv6 protocol on all of the servers involved but this did not change a thing.

    Wednesday, January 12, 2011 8:06 PM

Answers

  • I FIXED IT!

    I did have the firewalls deactivated. Found the power issue early on, I actually had that problem at home so I knew about the NIC turning off.

    It turned out an intern is here irregularly and had his computer configured to use the same IP address as the TMG server (internal). I tracked it down after looking through arp tables on the affected computers and found that it didn't match the server.

    And after talking to him, he needed to change his IP address on his laptop to work with an X-Box.

    Thank you everyone for your help

    • Proposed as answer by Ace Fekay [MCT]MVP Friday, January 14, 2011 5:13 PM
    • Marked as answer by mpalecek Friday, January 14, 2011 5:15 PM
    Friday, January 14, 2011 5:00 PM

All replies

  • Hello,

    did you ask in the Forefront TMG forum: http://social.technet.microsoft.com/Forums/en-US/category/forefront


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, January 12, 2011 11:06 PM
  • I second Meinolf's suggestion. This sounds like a TMG/ISA question. Check with the folks in the TMG forum for specific TMG assistance.

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Thursday, January 13, 2011 1:40 AM
  • I have not yet for two different troubleshooting reasons.

    1. I am having the same problem on Windows 7 but it is easier to see on the server

    2. Running nslookup I get time outs when TMG cannot communicate with the DNS Servers. This seems to me to indicate that it is not something with TMG but with Windows Networking.

    Thursday, January 13, 2011 3:21 AM
  • TMG has a lot to do with Windows Networking, that's its intended role to control network traffic. Are you using the firewall client? A misconfig can cause problems, especially if you are using the Firewall Client.

    If you want to rule out Windows network, please post the following to better assist:

    • A complete ipconfig /all from a sample workstation.
    • A complete ipconfig /all from the TMG
    • A complete ipconfig /all from the DNS server.
    • Is the DNS server a DC?
    • Is the DNS server multihomed, or are any of the DCs multihomed?
    • Any event log errors on any machine (workstation, server, DC, etc)?
    • How is TMG configured? Secured NAT, with or without the firewall client, or just for web proxy/caching?
    • Is the 2008 R2 server correctly identifying the network or does it show as Public?

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Thursday, January 13, 2011 4:15 AM
  • Hi,

     

    Thanks for posting here.

     

    Have you tried by pass the TMG server and would these connectivity issues persist ?

    What’s the network relationship between two sides ? Route or NAT ?

     

    Please try enabling debug mode when perform nslookup and post back the result here for further investigation.

     

    Nslookup: set debug

    http://technet.microsoft.com/en-us/library/bb490733.aspx

     

    Meanwhile, for peer experience and suggestions, you may also post this issue to Forefront TMG and ISA Server forum. This will provide access to others who read the public forum regularly who will either share their knowledge.

     

    http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, January 13, 2011 5:42 AM
    • Below are all of the IP Config results
    • The DNS Server IS a DC
    • No, this DC/DNS server and the other DC/DNS server are not multi-homed
    • There is one error on the TMG server:
    • Source SChannel, Event ID: 36888: The following fatal alert was generated: 10. The internal error state is 1203
    • I also get numerous Forefront errors in the event logs that correspond to the connectivity verifier that I have set up so I can see when the DNS is not responding.
    • The TMG is configured as a NAT with firewall client. Non windows computers connect as SecureNAT or WebProxy.
    • The TMG also accepts incoming VPN connection but that is rarely used during the day.
    • DHCP is used and includes WPAD settings
    • Network and Sharing Center identify the network as a "Domain Network"

    Workstation:Windows IP Configuration

       Host Name . . . . . . . . . . . . : qcw109

       Primary Dns Suffix  . . . . . . . : franksville.quickcable.com

       Node Type . . . . . . . . . . . . : Hybrid

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : franksville.quickcable.com

     

    Ethernet adapter Local Area Connection:

     

       Connection-specific DNS Suffix  . : franksville.quickcable.com

       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

       Physical Address. . . . . . . . . : 6C-62-6D-51-A3-88

       DHCP Enabled. . . . . . . . . . . : Yes

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : fe80::8454:d7f2:4809:c889%13(Preferred) 

       IPv4 Address. . . . . . . . . . . : 192.168.0.65(Preferred) 

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Lease Obtained. . . . . . . . . . : Wednesday, January 12, 2011 2:39:29 PM

       Lease Expires . . . . . . . . . . : Thursday, January 20, 2011 2:39:27 PM

       Default Gateway . . . . . . . . . : fe80::9487:aa35:aba4:7495%13

                                           192.168.0.1

       DHCP Server . . . . . . . . . . . : 192.168.0.8

       DHCPv6 IAID . . . . . . . . . . . : 275538541

       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-21-CA-93-6C-62-6D-51-A3-88

       DNS Servers . . . . . . . . . . . : 192.168.0.8

                                           192.168.0.9

       NetBIOS over Tcpip. . . . . . . . : Enabled

     

    Tunnel adapter isatap.franksville.quickcable.com:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : franksville.quickcable.com

       Description . . . . . . . . . . . : Microsoft ISATAP Adapter

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Tunnel adapter Local Area Connection* 9:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Microsoft 6to4 Adapter

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Tunnel adapter Local Area Connection* 11:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes


     

    TMG Server:Windows IP Configuration

     

       Host Name . . . . . . . . . . . . : QCS011

       Primary Dns Suffix  . . . . . . . : franksville.quickcable.com

       Node Type . . . . . . . . . . . . : Peer-Peer

       IP Routing Enabled. . . . . . . . : Yes

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : franksville.quickcable.com

     

    PPP adapter RAS (Dial In) Interface:

     

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : RAS (Dial In) Interface

       Physical Address. . . . . . . . . : 

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       IPv4 Address. . . . . . . . . . . : 10.1.0.1(Preferred) 

       Subnet Mask . . . . . . . . . . . : 255.255.255.255

       Default Gateway . . . . . . . . . : 

       NetBIOS over Tcpip. . . . . . . . : Enabled

     

    Ethernet adapter Internal:

     

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : HP NC112T PCIe Gigabit Server Adapter

       Physical Address. . . . . . . . . : 00-22-64-89-78-12

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : fe80::d192:ca8:fc00:5a00%11(Preferred) 

       IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred) 

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 

       DHCPv6 IAID . . . . . . . . . . . : 234889828

       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-80-16-E8-00-22-64-89-78-12

       DNS Servers . . . . . . . . . . . : 192.168.0.9

                                           192.168.0.8

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Ethernet adapter External AT&T:

     

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : HP NC326i PCIe Dual Port Gigabit Server Adapter

       Physical Address. . . . . . . . . : D4-85-64-CE-EF-08

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       IPv4 Address. . . . . . . . . . . : 12.15.215.34(Preferred) 

       Subnet Mask . . . . . . . . . . . : 255.255.255.248

       Default Gateway . . . . . . . . . : 12.15.215.33

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

    DNS Server: 

     

    Windows IP Configuration

     

       Host Name . . . . . . . . . . . . : qcs001

       Primary Dns Suffix  . . . . . . . : franksville.quickcable.com

       Node Type . . . . . . . . . . . . : Hybrid

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : franksville.quickcable.com

                                           quickcable.com

     

    Ethernet adapter Local Area Connection:

     

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter

       Physical Address. . . . . . . . . : 00-15-5D-00-03-00

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : fe80::ed98:577e:82d0:4886%10(Preferred) 

       IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred) 

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 192.168.0.1

       DHCPv6 IAID . . . . . . . . . . . : 167777629

       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-76-34-3A-00-15-5D-00-03-00

       DNS Servers . . . . . . . . . . . : 192.168.0.8

                                           192.168.0.9

                                           127.0.0.1

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Tunnel adapter Local Area Connection* 8:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : isatap.{DAC647BB-6251-471D-AE41-98B663C3D0A0}

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Thursday, January 13, 2011 1:19 PM
  • The other thing I have noticed is that I get a a few alerts on the TMG server (and have since it was brought online in September) every day:

    Non-TCP Sessions from One IP Address Limit Exceeded

    I will get these from both DNS/DC servers but mostly from the same one I have problems with. These events are not new and they do not correspond to the same times and the DNS connectivity.

    Thursday, January 13, 2011 1:27 PM
  • It took me a while to get run nslookup while I was experiencing the outage and the only thing that I got was below. The only difference with debug turned on is there are multiple DNS Request timed out entries. Normally there is only one:

    > yahoo.com

    Server:  qcs001.franksville.quickcable.com

    Address:  192.168.0.8

     

    DNS request timed out.

        timeout was 2 seconds.

    timeout (2 secs)

    DNS request timed out.

        timeout was 2 seconds.

    timeout (2 secs)

    DNS request timed out.

        timeout was 2 seconds.

    timeout (2 secs)

    DNS request timed out.

        timeout was 2 seconds.

    timeout (2 secs)

    *** Request to qcs001.franksville.quickcable.com timed-out

    Thursday, January 13, 2011 3:08 PM
  • I ssume all WIndows machines, including DCs, etc, are all firewall clients?

    I see the TMG server has PPP connection, possibly for allowing VPN? Curious, and not sure if this has anything to do with it, but when someone is VPN'd in, does this issue with DNS dropping out occur? If it does, and since you are using the firewall client, I'm tending to lean on it's a TMG config or rule issue. Just a guess...

    Otherwise, I don't see anything else wrong wtih the ipconfigs, other than you can safely remove the 127.0.0.1 from the DC. It's redundant since it's already pointing to itself as the first entry.

    Ace

     

    Late Addition - Sorry, I forgot to address your concerns regarding the error message you're getting. Take a look at the following links. I'm still leaning towards this being a TMG issue,

    ISA Server Network Protection: Protecting Against Floods and Attacks
    http://technet.microsoft.com/en-us/library/bb794735.aspx

    Non-TCP Sessions from One IP Address Limit Exceeded on TMG 2010
    http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/ec7e923c-f15f-4b6f-b3c6-6ea5ed73738a


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

     

     

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, January 14, 2011 5:46 AM
  • Yes, we have three users that utilize a VPN but the connection problems do not coincide with them logging on. Only one of them uses it during the day and the issue only occurs during the day. I will check the logs to double check though.

    I added the the 127 address based on the recommendation of the best practices scanner in 2008 R2.

    The reason I do not think it is a TMG issue is that our Windows 7 clients experience the same behavior but Vista and XP do not. The reason I am focusing on the TMG server is that it is easier to work with than individual's computers that do not see much traffic and it gets more traffic so the problem occurs more often.

    As for the error messages, I have seen both of those articles and they did not help.

    Friday, January 14, 2011 1:11 PM
  • Hmm, just on the Win7 machines? I'm curious if you find any correlation with the VPN, but from what you're saying that it's only happening with Win7 machines, that at this point, I don't think there will be any correlation.

    Now I'm starting to think the issue is only Win7 based. Is the local Windows firewall on the Win7 machines active? If so, I would think to disable that if you have the TMG firewall client installed.

    Or maybe it's a Win7 NIC driver issue? Not sure. It's just another guess at this time. What model/brand are these machines? Any available updated NIC driver for them?

    Or a NIC power management issue?

    If none of the above guess/suggestions help, I think it may be prudent to give Microsoft PSS a call to get their assistance to get to the bottom of this:
    http://support.microsoft.com/common/international.aspx?RDPATH=dm;en-us;select&target=assistance

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Friday, January 14, 2011 3:46 PM
  • I FIXED IT!

    I did have the firewalls deactivated. Found the power issue early on, I actually had that problem at home so I knew about the NIC turning off.

    It turned out an intern is here irregularly and had his computer configured to use the same IP address as the TMG server (internal). I tracked it down after looking through arp tables on the affected computers and found that it didn't match the server.

    And after talking to him, he needed to change his IP address on his laptop to work with an X-Box.

    Thank you everyone for your help

    • Proposed as answer by Ace Fekay [MCT]MVP Friday, January 14, 2011 5:13 PM
    • Marked as answer by mpalecek Friday, January 14, 2011 5:15 PM
    Friday, January 14, 2011 5:00 PM
  • Wow! All from an intern trying to setup his laptop to play an XBox at home? Sometimes IT never ceases (edited to correct 'seizes') to amaze me! LOL!

    Glad you figured it out. Good job on looking at the arp tables.

    If I may suggest, change your company's IP range from something that the router companies use by default (or folks use at home) to something else, such as 192.168.80.x. This will eliminate this possiblity from ever happening again, as well as allow folks when using VPN to work, otherwise their home machines while VPN'd in will have the same range as the company's and won't work.

    Cheers!

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.


    Friday, January 14, 2011 5:17 PM
  • Hey Ace, I think you meant to say "...ceases to amaze me".  LOL

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Monday, February 10, 2014 3:58 PM
  • Hey Ace, I think you meant to say "...ceases to amaze me".  LOL

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.



    Yes, I did! Thanks to my phone's Autocomplete feature! LOL! I'll edit it... :-)

    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, February 10, 2014 6:26 PM