none
Use the Following DNS Server Address

    Question

  • I have a client that I just setup a new windows 2008 Server for that has DNS and DCHP, and running as a DC.  I moved the DHCP from windows 2003 to the new 2008 server in the proper way,  however the old 2003 server is still running DNS and is the master role holder.  

    Yesterday the customer by mistake shut down his new windows server 2008 that held the DHCP server,  why he did that is unknown.  This morning when he came in the Vista clients would not get an Ip address, not a big mystery why. 

    I advised him to restart his new windows 2008 server, and when it was up and running the Vista clients still would not obtain an IP address.  I don't know if there was some replication time involved, but when I got there on site all Vista client were resolving and getting new addressed.  When I looked at DHCP, in the new windows 2008 server,  it looked like some clients renewed with new 8 day leases.  While this was happening the windows 7 Client were not affected dunring the time when the DHCP server was down.

    The client also asked me when he was on vacation to setup the pc clients on the network with manual DNS address on thier network adapter, even though scope settings are set in DHCP,  one that points to the Windows 2008 DHCP server and one that points to an external DNS resolvers.  The idea being that if the DC goes down, they can stilll get to the internet.  I think that is a non-standard configuration. When I try to point to MY DNS server on MY domain controller, by putting in the DNS address on the network adapter. DNS does not work correctly, but when I take it out.  I can connect to my Exchange Server and all my Shares.

    Questions that I have are:

    • Why did it take so long for the Vista clients to reconnect with DHCP ip address?
    • Did the manual configuration of ip address interfer with the normal operation of Active Directoy DNS resoultion?
    • Is putting manual DNS settings on a network adapter really a vaild configuration when the DHCP scope is already set in the DHCP options?

    Thanks very much for looking that question and post

    Rick

     


    Rick Arnold Arnoldconsult, MCP

    Friday, May 04, 2012 5:34 PM

Answers

  • Hi Rick-

    I'll dive straight into the questions.

    Regarding the Vista and DHCP issue - see http://support.microsoft.com/kb/958336 which discusses the situation and offers up a way to force Vista to maintain the IP address even if the DHCP server is unavailable.

    Regarding the manual configuration and impacting AD DS DNS.  Whether you specify a DNS server manually or automatically has no bearing on the operations.  However, there are some caveats depending on the configuration of the client computers and the DHCP server.  You mentioned that in your testing a manual configuration did not work.  Can you provide more detail?  Were you able to resolve the FQDN of your client computer?  Were you able to resolve the FQDN of the AD DS domain and the domain controller?

    Regarding using a manual configuration on DNS to provide better internet connectivity if a DC goes down - I try to avoid such configurations.  There are pros and cons.  The pros are that client computers will be able to reach the Internet if the domain controller/DNS server is down.  But the cons are the manual configuration management overhead, the lack of control, and the step down in security (there are probably plenty more cons too).  Instead, I would recommend bringing up a second domain controller that runs DNS.  That way, you provide highly available AD DS services and DNS services.

    Brian

    • Proposed as answer by Tiger Li Monday, May 07, 2012 5:56 AM
    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:14 AM
    Sunday, May 06, 2012 3:59 AM
  • Hi Rick,

    I think Brian very well covered all your queries. I would just like to add that your design seems a little less fault tolerant to me since there is only one DC/DNS/DHCP in your domain. I would highly recommend that you promote an additional DC with AD integrated DNS and also run DHCP in 80/20 setup so that next time such unexpected shutdown of your DHCP server (and also DC/DNS server) takes place you don't get into this much trouble.

    You can simply promote the Windows 2008 server that is currently running DHCP as ADC and configure it as ADI DNS. Hyper V can also be considered to run these roles on VMs which will need some additional efforts on your end but will be a great option. Also as i said run DHCP in 80/20 setup do acheive high availability, refer to these article for details-

    80/20 Rule
    http://technet.microsoft.com/en-us/library/cc958936.aspx

    DHCP Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab
    http://technet.microsoft.com/en-us/library/ee405264%28v=ws.10%29.aspx

    HTH


     Sachin Gadhave (MCP, MCTS)

    View Sachin Gadhave's profile on LinkedIn

    • Proposed as answer by Tiger Li Monday, May 07, 2012 5:56 AM
    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:14 AM
    Sunday, May 06, 2012 6:38 PM
  • Hi Rick-

    The issue about Vista and DHCP does not apply to Windows 7.  So you likely aren't seeing the same behavior there.  I'd advise making the registry adjustments if the problem is recurring or causing some annoyances.

    Brian

    • Proposed as answer by Tiger Li Monday, May 07, 2012 5:57 AM
    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:15 AM
    Sunday, May 06, 2012 10:59 PM
  • Hi Rick,

    Thanks for posting here.

    > Question - If the new Domain Controller goes down and cannot be recover from backup is it possible to seize the roles back using the Windows2003 Server?

    Yes, by using  Ntdsutil.exe utility we can seize roles to the remain Windows Server 2003 once the Windows server 2008 is down and unrecoverable:

    How to view and transfer FSMO roles in Windows Server 2003

    http://support.microsoft.com/kb/324801/

    > So, the DHCP server is an issue with Vista, but it seem not an issue with Windows 7?

    Yes, this is by deign on Windows Vista.

    In addition, I’d also suggest to have DNS server installed on secondary Windows server 2003 domain controller and use it as the secondary DNS at clients . We can have external name resolution on this secondary one by setting forward or other settings and will not suggest to have any external DNS server listed on client side.

    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

    http://support.microsoft.com/kb/825036

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:15 AM
    Monday, May 07, 2012 5:55 AM
  • Hi Rick,

    Thanks for update.

    >The Last reaming question I am still not clear about is why it took Vista so long to get IP address after the Domain controller was booted backup again.

    By default  client will sent discover messages at intervals of 0, 4, 8, 16, and 32 seconds if no DHCP server responses . we can read the detail explication form the blog post below:<//span>

    What it takes to get a lease.........

    http://blogs.technet.com/b/teamdhcp/archive/2006/07/18/442307.aspx

    I’d also like know how long did vista clients get lease form this initiated DHCP server?

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:15 AM
    Tuesday, May 08, 2012 1:52 AM

All replies

  • Hi Rick-

    I'll dive straight into the questions.

    Regarding the Vista and DHCP issue - see http://support.microsoft.com/kb/958336 which discusses the situation and offers up a way to force Vista to maintain the IP address even if the DHCP server is unavailable.

    Regarding the manual configuration and impacting AD DS DNS.  Whether you specify a DNS server manually or automatically has no bearing on the operations.  However, there are some caveats depending on the configuration of the client computers and the DHCP server.  You mentioned that in your testing a manual configuration did not work.  Can you provide more detail?  Were you able to resolve the FQDN of your client computer?  Were you able to resolve the FQDN of the AD DS domain and the domain controller?

    Regarding using a manual configuration on DNS to provide better internet connectivity if a DC goes down - I try to avoid such configurations.  There are pros and cons.  The pros are that client computers will be able to reach the Internet if the domain controller/DNS server is down.  But the cons are the manual configuration management overhead, the lack of control, and the step down in security (there are probably plenty more cons too).  Instead, I would recommend bringing up a second domain controller that runs DNS.  That way, you provide highly available AD DS services and DNS services.

    Brian

    • Proposed as answer by Tiger Li Monday, May 07, 2012 5:56 AM
    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:14 AM
    Sunday, May 06, 2012 3:59 AM
  • Hi Rick,

    I think Brian very well covered all your queries. I would just like to add that your design seems a little less fault tolerant to me since there is only one DC/DNS/DHCP in your domain. I would highly recommend that you promote an additional DC with AD integrated DNS and also run DHCP in 80/20 setup so that next time such unexpected shutdown of your DHCP server (and also DC/DNS server) takes place you don't get into this much trouble.

    You can simply promote the Windows 2008 server that is currently running DHCP as ADC and configure it as ADI DNS. Hyper V can also be considered to run these roles on VMs which will need some additional efforts on your end but will be a great option. Also as i said run DHCP in 80/20 setup do acheive high availability, refer to these article for details-

    80/20 Rule
    http://technet.microsoft.com/en-us/library/cc958936.aspx

    DHCP Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab
    http://technet.microsoft.com/en-us/library/ee405264%28v=ws.10%29.aspx

    HTH


     Sachin Gadhave (MCP, MCTS)

    View Sachin Gadhave's profile on LinkedIn

    • Proposed as answer by Tiger Li Monday, May 07, 2012 5:56 AM
    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:14 AM
    Sunday, May 06, 2012 6:38 PM
  • Brian & Scchin,

    I want to
    thank you both for the great replies. <o:p></o:p>

    I am

    re-testing the manual assignment of DNS address on my laptop right now. I agree
    with Brian that it is not best practice. His windows 2003 server is running
    DNS, so this configuration is really not necessary. The 2003 server was the
    first server, and then I brought up the Windows 2008 Server as a DC. The 2008
    will be his new Domain Controller holding all the roles and doing DNS and DHCP.

    On the Windows 2008 server, I did promote it to a DC, but I did not transfer
    the roles from his 2003 server because he did not have adequate backup. If the
    new server went down for some reason and it was the role holder, without
    adequate back up his domain would be very difficult to recover, but it would
    not be impossible.<o:p></o:p>

    While I was on site Friday, I advised him to leave the Windows 2003 Server on line after he
    transfers the roles to the 2008. The 2003 will act as a second DC and
    keep a copy of AD. Question - If the new Domain Controller goes down and cannot
    be recover from backup is it possible to seize the roles back using the Windows
    2003 Server? <o:p></o:p>

    His network domain is very small he as 12 computers. I agree that splitting the DHCP would
    be a good idea, but I think it is over kill. On the windows 2003 Server, I left
    DHCP installed, but I disabled the DHCP server service. If the Server 2008 does
    go down, he can re-enable the 2003 server very quickly. The DCHP data base was transferred
    from 2003 to 2008, so it should be the same. I doubt his network will grow much
    more beyond what it is, and if it does DHCP on the old server will pick up the
    new clients if there are any.<o:p></o:p>

    One other question I am still not clear on is why did the Vista clients take so long to
    connect after the Windows 2008 Server was brought back on line. I advised the
    client to boot his windows 2008 server up, and then he went back up stairs
    and the vista clients were still not getting ip's from the 2008 server.  It probably took him about 5 minutes to get back up to his office. The
    2008 server was off line for about 12 hours. Brian, I read the Microsoft KB,
    and that is exactly what happened;  the KB hit it right on the head. So, the DHCP
    server is an issue with Vista, but it seem not an issue with Windows 7?



    Rick Arnold Arnoldconsult, MCP

    Sunday, May 06, 2012 8:54 PM
  • Hi Rick-

    The issue about Vista and DHCP does not apply to Windows 7.  So you likely aren't seeing the same behavior there.  I'd advise making the registry adjustments if the problem is recurring or causing some annoyances.

    Brian

    • Proposed as answer by Tiger Li Monday, May 07, 2012 5:57 AM
    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:15 AM
    Sunday, May 06, 2012 10:59 PM
  • Hi Rick,

    Thanks for posting here.

    > Question - If the new Domain Controller goes down and cannot be recover from backup is it possible to seize the roles back using the Windows2003 Server?

    Yes, by using  Ntdsutil.exe utility we can seize roles to the remain Windows Server 2003 once the Windows server 2008 is down and unrecoverable:

    How to view and transfer FSMO roles in Windows Server 2003

    http://support.microsoft.com/kb/324801/

    > So, the DHCP server is an issue with Vista, but it seem not an issue with Windows 7?

    Yes, this is by deign on Windows Vista.

    In addition, I’d also suggest to have DNS server installed on secondary Windows server 2003 domain controller and use it as the secondary DNS at clients . We can have external name resolution on this secondary one by setting forward or other settings and will not suggest to have any external DNS server listed on client side.

    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

    http://support.microsoft.com/kb/825036

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:15 AM
    Monday, May 07, 2012 5:55 AM
  • Thanks for the replies.

    The issue why I was orginally called was due to the Visat not getting an IP address when DCHP server was off line.  The Last reaiming question I am still not clear about is why it took Vista so long to get IP address after after the Domain controller was booted backup again.

    Thanks very much for all the previous posts they were awesome!

    Rcik Arnold


    Rick Arnold Arnoldconsult, MCP

    Monday, May 07, 2012 11:01 PM
  • Hi Rick-

    Regarding Vista client computers not immediately obtaining an IP address once the DHCP server came back online... how long did it take before the Vista client computer obtained IP addresses?  Did anybody have to manually take action on the client computers or did it happen automatically?  I think the issue is moot if you perform the fix from the earlier KB (whereby the Vista client computers do not lose their DHCP lease to begin with).

    Brian

    Monday, May 07, 2012 11:35 PM
  • Hi Rick,

    Thanks for update.

    >The Last reaming question I am still not clear about is why it took Vista so long to get IP address after the Domain controller was booted backup again.

    By default  client will sent discover messages at intervals of 0, 4, 8, 16, and 32 seconds if no DHCP server responses . we can read the detail explication form the blog post below:<//span>

    What it takes to get a lease.........

    http://blogs.technet.com/b/teamdhcp/archive/2006/07/18/442307.aspx

    I’d also like know how long did vista clients get lease form this initiated DHCP server?

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Tuesday, May 08, 2012 5:15 AM
    Tuesday, May 08, 2012 1:52 AM
  • Tiger Li,

    Thanks for your reply, it makes sense.  After I advised the client to bring the server back on line, it ook about 10 minuntes before he came back to the phone.  The server he has takes a little longer than that to come to windows logon prompt.  I figure it takes his windows 2008 machine about 15 minutes to fully boot and the services to work again. You may see the logon screen, but it may not be totally open for business yet.  I think that may have been the issue,  when the DHCP service came back on line who knows where the clients were in the DHCP acquiring process.  It was about 2 hours before I was on site and Vista clients were getting Ip address.  Before I came in, the client switched the vista clients to another internet connection.  When I came in, I switched them back and they were getting IP address from DHCP. 

    However, I did see the priviate IP address talked about in the blog on one of the clients, and I did see Vista have trouble aquiring an ip address even when the DCHP server came back on line. Vista did not deal very well with missing DHCP server even after it came back on line.

    Tiger Li,  I'm going to chalk it up server was not fully booted and Vista just had issues reconnecting when DHCP finally came back on line.

    Everyone thanks very much for your technical expertise

    Rick Arnold


    Rick Arnold Arnoldconsult, MCP

    Tuesday, May 08, 2012 2:21 AM