none
Windows 2012 R2 DNS Issue RRS feed

  • Question

  • Hi,

    We have 3 domains, 1 root and 2 child domains in the same forest, all DCs/DNS servers were 2008R2 and the forest and domain levels were also 2008R2, all was working fine. We've introduced 1 2012R2 DC/DNS in the root domain and 2 in into our main production child domain. 

    If we set the 2008R2 servers as DNS servers on a client their doesn't seem to be any issues, if we set a client to use one or both of the 2012R2 servers as their DNS they resolve all of the address in the same domain ok but if they try and access a resource in the root domain or the other child domain they usually get a DNS time out, occasionally it works but mostly not.

    So for example if we ping the root domain or one of its DCs by its FQDN from a client PC in the child domain with the new DCs configured as DNS servers the usual response is "Ping request could not find the host "FQDN". Please check the name and try again. Occasionally this works and responds with a successful ping result. If we do the same test from the same PC but use the 2008R2 DNS servers it resolves and responds correctly every time.

    I've ran the Microsoft best practice analyser on one of the problem DNS servers, the only error it finds is "The DNS server must resolve names in the forest root domain name zone" If I do an nslookup on the root domain from one of the 2012R2 DNS servers in the child domain this is the output:

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    Non-authoritative answer
    Name: FQDN of server
    Address: server IP

    If I do the same NSLookup query on one of the 2008R2 DNS servers in the same domain it responds immediately with 

    Non-authoritative answer
    Name: FQDN of server
    Address: server IP

    I've upgraded the domain from 2003 to 2008R2 in the past without any issue.

    All of the reserve lookup zones are setup and working correctly

    Each DNS server is configured to point to another one as its primary DNS server and its self as the secondary server.

    We've been through the DNS configuration a number of times now comparing all of the DNS servers and cant see any difference. Does anyone have an idea as to what has gone wrong?

    Thanks,

    Friday, January 4, 2019 9:58 AM

All replies

  • Have you tested connectivity? Just check that the routing is ok between the 2012 and 2008 servers and then check DNS ports are open between the new DNS servers and the old DNS servers (portqry or something). Check any network devices in the path for blocking or host-level protection (windows firewall or other 3rd party product eg MCAffee HIPS).
    Friday, January 4, 2019 10:55 AM
  • The servers are all on the same local network, no firewalls or routers in between. We can ping the serves via IP from clients and from server to server no problem. I'll try a port query and let you know, though name resolution does work sometimes, it just randomly starts working for a short period of time, about half an hour then will stop again. When it does work The 2012R2 servers can usually resolve either the domain name or the server name but not both.

    Thanks,

    Friday, January 4, 2019 11:46 AM
  • A section of the port query namely port 53. Does that mean its listening correctly on that port number?

    Thanks,

    Attempting to resolve IP address to a name...


    IP address resolved to "FQDN of Server"

    querying...

    TCP port 53 (domain service): LISTENING

    UDP port 53 (domain service): LISTENING
    portqry.exe -n 10.152.3.53 -e 53 -p BOTH exits with return code 0x00000000.

    Friday, January 4, 2019 12:02 PM
  • Hi,

    Did you change zone replication scope to all DNS servers in forest?

    Did you add all DNS servers into the name servers list?

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 7, 2019 3:03 AM
    Moderator
  • Hello,

    Which forwarders are configured on the new 2012 R2 DNS server for the child domain ?

    How did you configure your root DNS server regarding zone delegation ?

    Best Regards,

    Monday, January 7, 2019 8:13 AM
  • The _msdcs zone was already set to replicate to all domain controllers in the forest. Yes all of the DNS servers in the forest are in the name servers list.

    Thanks,

    Monday, January 7, 2019 8:41 AM
  • Hi,

    All DNS servers in the child domain (both 2008R2 and 2012R2) forward to the 2 DNS servers in the root domain.

    On the root DNS servers under forward lookup zones, the root domain is listed. Under there there are 3 delegated zones on for each of the child domians and _msdcs. The new 2012R2 DNS servers are listed as name servers under the appropreate child zone.


    Thanks,

    Monday, January 7, 2019 8:55 AM
  • Ok so you should check on your 2012 R2 DNS server if the DNS port (TCP and UDP 53) is open to all your DNS servers.

    You can use portquery for that or telnet client

    Best Regards,

    Monday, January 7, 2019 9:28 AM
  • This is the port query result from the two 2012R2 DNS servers, I presume this means the ports are open?

    Querying target system called:

     10.0.227.142

    Attempting to resolve IP address to a name...


    IP address resolved to stnhstdc3.stnhst.xsthealth.nhs.uk

    querying...

    TCP port 53 (domain service): LISTENING

    UDP port 53 (domain service): LISTENING or FILTERED

    Sending DNS query to UDP port 53...

    UDP port 53 is LISTENING
    portqry.exe -n 10.0.227.142 -e 53 -p BOTH exits with return code 0x00000000.0

    =============================================

     Starting portqry.exe -n 10.152.3.53 -e 53 -p BOTH ...


    Querying target system called:

     10.152.3.53

    Attempting to resolve IP address to a name...


    IP address resolved to stnhstdc4.stnhst.xsthealth.nhs.uk

    querying...

    TCP port 53 (domain service): LISTENING

    UDP port 53 (domain service): LISTENING
    portqry.exe -n 10.152.3.53 -e 53 -p BOTH exits with return code 0x00000000.

    Thanks,

    Monday, January 7, 2019 9:40 AM
  • Ok how many DNS servers do you have for the root (Let's called it Root A), the child domain (Child A) and the child domain (Child B) ?

    Best Regards,

    Monday, January 7, 2019 10:09 AM
  • Root domain - 2 DNS Servers, 1 2012R2 and 1 2008R2

    Child Domain A - 4 DNS servers, 2 2012R2 and 2 2008R2

    Child Domain B - 2 DNS servers, both 2008R2

    Thanks,

    Monday, January 7, 2019 10:13 AM
  • Ok so you have missing information on your port query.

    You need to check that every 2012R2 DNS can reach every other DNS server.

    Best Regards,

    Monday, January 7, 2019 12:44 PM
  • I've ran a port query on each DNS server to every other DNS server, all servers are listening on both UDP and TCP port 53.

    I've ran the best practice analayer on the 2 problem DNS severs, both return the same error.

    Problem:
    The DNS server 10.152.3.53 on Ethernet0 did not successfully resolve the name for the start of authority (SOA) record of the zone hosting the computer's forest root domain name.

    Impact:
    Active Directory Domain Services (AD DS) operations that depend on locating domain controllers will fail.

    Resolution:
    Click Start, click Network, click Network and Sharing Center, and then click Change adapter settings to remove all invalid or unresponsive DNS servers.

    Scan time: 08/01/2019 09:33:03

    I've checked both servers, they only have one NIC installed and the DNS servers on those NICs are valid.

    Thanks,

    Tuesday, January 8, 2019 9:50 AM

  • I personally configure DNS Servers to lookup against itself as a primary and another server as it secondary, can't remember if that is part of the BPA.


    Just before we get into this do a health check of the name servers against the zones and make sure all entries are valid with A-records registered. Make sure the SOA tab is correct for the zone as well.

    Also is the reverse lookup zone configured for forest-wide replication and have you check for AD replication errors on all DC's (Repadmin /replsum and DCDiag)


    Choose one of the 2008 DC's in the child domain (DC3?) I presume this server can resolve both FQDN's of DC1 and DC2 in the root domain with no issues?

    When we run the same nslookup on one of the 2012 DC's (DC4) in the child domain do we get the same results?


    Tuesday, January 8, 2019 11:21 AM
  • I used to have the DNS servers setup to pint to themseleves first but it doesnt seem to be best practice now. Since we started to have these issues I've changed it to use another DNS server first, not that its helped. I'm tempted to change it back to be honest.

    Yes I've checked all of the name servers in each zone all are valid entries. Yes each zone has A-records registered for appropreate DNS servers. SOA Tab is correct.

    The reverse lookup zones are set for domain wide replication. I've created manual entries in the reverse lookup zones for the DNS servers in other domains.

    2008R2 DNS Server - Child Domain

    repadmin /replsum
    Replication Summary Start Time: 2019-01-08 14:02:17

    Beginning data collection for replication summary, this may take awhile:
      ............


    Source DSA          largest delta    fails/total %%   error
     STICLDC1                  16m:49s    0 /  22    0
     STICLDC2                  16m:13s    0 /  17    0
     STNDC5                    16m:49s    0 /  33    0
     STNDC6                    16m:49s    0 /  26    0
     STNHST-DC1                16m:49s    0 /  19    0
     STNHSTDC3                 16m:13s    0 /  26    0
     STNHSTDC4                 16m:13s    0 /  21    0
     XSTDC5                    16m:13s    0 /  22    0
     XSTHEALTHDC1              13m:52s    0 /  17    0


    Destination DSA     largest delta    fails/total %%   error
     STICLDC1                  14m:22s    0 /  17    0
     STICLDC2                  15m:42s    0 /  17    0
     STNDC5                    05m:33s    0 /  26    0
     STNDC6                    16m:14s    0 /  31    0
     STNHST-DC1                09m:49s    0 /  26    0
     STNHSTDC3                 16m:50s    0 /  26    0
     STNHSTDC4                 10m:16s    0 /  26    0
     XSTDC5                    13m:53s    0 /  17    0
     XSTHEALTHDC1              03m:26s    0 /  17    0





    dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = STNDC5
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: STH-Acute\STNDC5
          Starting test: Connectivity
             ......................... STNDC5 passed test Connectivity

    Doing primary tests

       Testing server: STH-Acute\STNDC5
          Starting test: Advertising
             ......................... STNDC5 passed test Advertising
          Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... STNDC5 passed test FrsEvent
          Starting test: DFSREvent
             ......................... STNDC5 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... STNDC5 passed test SysVolCheck
          Starting test: KccEvent
             ......................... STNDC5 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... STNDC5 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... STNDC5 passed test MachineAccount
          Starting test: NCSecDesc
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
             DC=DomainDnsZones,DC=stnhst,DC=xsthealth,DC=nhs,DC=uk
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
             DC=ForestDnsZones,DC=xsthealth,DC=nhs,DC=uk
             ......................... STNDC5 failed test NCSecDesc
          Starting test: NetLogons
             ......................... STNDC5 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... STNDC5 passed test ObjectsReplicated
          Starting test: Replications
             ......................... STNDC5 passed test Replications
          Starting test: RidManager
             ......................... STNDC5 passed test RidManager
          Starting test: Services
             ......................... STNDC5 passed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0xC9001009
                Time Generated: 01/08/2019   13:19:16
                Event String:
                The Remote Desktop license server cannot update the license attribut
    es for user "bulj0102" in the Active Directory Domain "stnhst.xsthealth.nhs.uk".
     Ensure that the computer account for the license server is a member of Terminal
     Server License Servers group in Active Directory domain "stnhst.xsthealth.nhs.u
    k".
             ......................... STNDC5 failed test SystemLog
          Starting test: VerifyReferences
             ......................... STNDC5 passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : stnhst
          Starting test: CheckSDRefDom
             ......................... stnhst passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... stnhst passed test CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running enterprise tests on : xsthealth.nhs.uk
          Starting test: LocatorCheck
             ......................... xsthealth.nhs.uk passed test LocatorCheck
          Starting test: Intersite
             ......................... xsthealth.nhs.uk passed test Intersite





    2012R2 DNS Server - Child Domain

    C:\Windows\system32>repadmin /replsum
    Replication Summary Start Time: 2019-01-08 14:46:52

    Beginning data collection for replication summary, this may take awhile:
      ............


    Source DSA          largest delta    fails/total %%   error
     STICLDC1                  54m:50s    0 /  17    0
     STICLDC2                     :48s    0 /   5    0
     STNDC5                    54m:50s    0 /  28    0
     STNDC6                    54m:50s    0 /  26    0
     STNHST-DC1                50m:07s    0 /  14    0
     STNHSTDC3                 54m:50s    0 /  21    0
     STNHSTDC4                 54m:23s    0 /  21    0
     XSTDC5                       :48s    0 /  10    0
     XSTHEALTHDC1              54m:23s    0 /  10    0


    Destination DSA     largest delta    fails/total %%   error
     STICLDC2                     :17s    0 /  17    0
     STNDC5                    50m:07s    0 /  26    0
     STNDC6                       :48s    0 /  31    0
     STNHST-DC1                54m:24s    0 /  26    0
     STNHSTDC3                 01m:25s    0 /  26    0
     STNHSTDC4                 54m:51s    0 /  26    0


    Experienced the following operational errors trying to retrieve replication info
    rmation:
              58 - xstdc5.xsthealth.nhs.uk
              58 - STICLDC1.sticl.xsthealth.nhs.uk
              58 - XSTHealthDC1.xsthealth.nhs.uk






    C:\Windows\system32>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = STNHSTDC4
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: STH-Acute\STNHSTDC4
          Starting test: Connectivity
             ......................... STNHSTDC4 passed test Connectivity

    Doing primary tests

       Testing server: STH-Acute\STNHSTDC4
          Starting test: Advertising
             ......................... STNHSTDC4 passed test Advertising
          Starting test: FrsEvent
             ......................... STNHSTDC4 passed test FrsEvent
          Starting test: DFSREvent
             ......................... STNHSTDC4 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... STNHSTDC4 passed test SysVolCheck
          Starting test: KccEvent
             ......................... STNHSTDC4 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             [XSTDC5] DsBindWithSpnEx() failed with error 1722,
             The RPC server is unavailable..
             Warning: XSTDC5 is the Schema Owner, but is not responding to DS RPC
             Bind.
             Ldap search capability attribute search failed on server XSTDC5,
             return value = 81
             Warning: XSTDC5 is the Schema Owner, but is not responding to LDAP
             Bind.
             Warning: XSTDC5 is the Domain Owner, but is not responding to DS RPC
             Bind.
             Warning: XSTDC5 is the Domain Owner, but is not responding to LDAP
             Bind.
             ......................... STNHSTDC4 failed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... STNHSTDC4 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... STNHSTDC4 passed test NCSecDesc
          Starting test: NetLogons
             ......................... STNHSTDC4 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... STNHSTDC4 passed test ObjectsReplicated
          Starting test: Replications
             [STICLDC1] DsBindWithSpnEx() failed with error 1722,
             The RPC server is unavailable..
             ......................... STNHSTDC4 failed test Replications
          Starting test: RidManager
             ......................... STNHSTDC4 passed test RidManager
          Starting test: Services
             ......................... STNHSTDC4 passed test Services
          Starting test: SystemLog
             ......................... STNHSTDC4 failed test SystemLog
          Starting test: VerifyReferences
             ......................... STNHSTDC4 passed test VerifyReferences


       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : stnhst
          Starting test: CheckSDRefDom
             ......................... stnhst passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... stnhst passed test CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running enterprise tests on : xsthealth.nhs.uk
          Starting test: LocatorCheck
             ......................... xsthealth.nhs.uk passed test LocatorCheck
          Starting test: Intersite
             ......................... xsthealth.nhs.uk passed test Intersite


    Yes the 2008 DNS server can resolve both DCs and the domain name of the root domain. Strangley it does show a DNS timeout the first time, then resolves it the second time

    nslookup
    Default Server:  stndc5.stnhst.xsthealth.nh
    Address:  10.152.3.86

    > xsthealthdc1.xsthealth.nhs.uk
    Server:  stndc5.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.86

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Non-authoritative answer:
    Name:    xsthealthdc1.xsthealth.nhs.uk
    Address:  10.152.3.68

    > xsthealthdc1.xsthealth.nhs.uk
    Server:  stndc5.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.86

    Non-authoritative answer:
    Name:    xsthealthdc1.xsthealth.nhs.uk
    Address:  10.152.3.68

    > xstdc5.xsthealth.nhs.uk
    Server:  stndc5.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.86

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Non-authoritative answer:
    Name:    xstdc5.xsthealth.nhs.uk
    Address:  10.152.3.85

    > xstdc5.xsthealth.nhs.uk
    Server:  stndc5.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.86

    Non-authoritative answer:
    Name:    xstdc5.xsthealth.nhs.uk
    Address:  10.152.3.85

    > xsthealth.nhs.uk
    Server:  stndc5.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.86

    Non-authoritative answer:
    Name:    xsthealth.nhs.uk
    Addresses:  10.152.3.85
              10.152.3.68


    The 2012R2 DC is currently unable to resolve the root DCs names or the domain name its self. 

    C:\Windows\system32>nslookup
    Default Server:  stnhstdc4.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.53

    > xsthealth.nhs.uk
    Server:  stnhstdc4.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.53

    Name:    xsthealth.nhs.uk

    > xstdc5.xsthealth.nhs.uk
    Server:  stnhstdc4.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.53

    *** stnhstdc4.stnhst.xsthealth.nhs.uk can't find xstdc5.xsthealth.nhs.uk: Non-ex
    istent domain
    > xsthealthdc1.xsthealth.nhs.uk
    Server:  stnhstdc4.stnhst.xsthealth.nhs.uk
    Address:  10.152.3.53

    *** stnhstdc4.stnhst.xsthealth.nhs.uk can't find xsthealthdc1.xsthealth.nhs.uk:
    Non-existent domain
    > exit

    Thanks,

    Tuesday, January 8, 2019 3:02 PM
  • Hello,

    It really seems to be a forwarding issue on your 2012 r2 DNS.

    Is disable recursion configured on your DNS server ?

    You can check it by :

    • Launching the dns console
    • Right clicking on your server
    • Go to properties
    • Go to Advanced tab

    Best Regards,

    Tuesday, January 8, 2019 5:00 PM
  • Hi,

    That option is unchecked on all of our DNS servers.

    Thanks,

    Wednesday, January 9, 2019 9:05 AM
  • Ok so let's another method.

    Is it possible for you to create a secondary zone (corresponding to your root domain) on the 2012 r2 child DNS server (Not ad replicated) and see if you can transfer it from the master (Your root DNS server)

    After that look in the event log (DNS) to see which kind of error you have

    Best Regards,

    Thursday, January 10, 2019 9:35 AM
  • Hi,

    I've created the secondary zone  on the 2012R2 DNS server as suggested. The zone has failed load any information.

    "The DNS server encounted a problem while attempting to load the zone. The transfer of zone data from the master server failed."

    DNS Event Log error - 6525

    A zone transfer request for the secondary zone xsthealth.nhs.uk was refused by the master DNS server at 10.152.3.85. Check the zone at the master server 10.152.3.85 to verify that zone transfer is enabled to this server.  To do so, use the DNS console, and select master server 10.152.3.85 as the applicable server, then in secondary zone xsthealth.nhs.uk Properties, view the settings on the Zone Transfers tab.  Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

    Thanks,

    Friday, January 11, 2019 11:30 AM
  • Ok so did you go on the master and enabled zone transfer for the zone ?

    Best Regards,

    Monday, January 14, 2019 7:49 AM
  • I do see some DCDiag errors here that may need investigating to see if they are related but it maybe a resulte of the DNS issue.

    Can you set the DNS servers back to resolve itself as the primary, don't set a secondary. Can you also flush the local DNS cache and DNS Server cache.

    I want to see a very specific pass on the 2008R2 in the child domain (STNDC4?) resolve the FQDN of both the DC's in the root domain. It gives me a reference model to narrow down the issue. We can then take the same test over to the 2012 server.

    Also is there any chance we could 'borrow' the IP address from the 2008 R2 DC in the child domain, setting it on the 2012 DC. Requires some re-configuration.

    Wednesday, January 16, 2019 4:06 PM
  • Hi,

    Yes i did enable the zone transfer from the master. I got an error saying the DNS server i was trying to transfer to (1 of the 2012R2 DNS servers in the child domain) wasnt authorative for that Zone.

    Thanks,

    Thursday, January 17, 2019 9:02 AM
  • Hi,

    Yes I've already changed the DNS servers back so they look at themselves first, I have set them all to use 1 particular DNS server as there secondary as well.

    For the last 2 days the DNS servers have been stable, all DNS servers are able to resolve each other and the domain names. We're not seeing any of the issues that we have done previously. I'm not entirely sure what has been changed on the network but it seems something has to resolve this issue.

    Although its great it’s working now, it’s a little unsatisfying not being able to say what fixed it and more worryingly it may happen again.

    Thanks to everyone who offered input into this. Not sure what to do about marking any answers.

    Thursday, January 17, 2019 9:16 AM
  • Well I'm glad it working, probably worth saying something was helpful rather than saying propose as answer and deleting any specific details on your network information such as IP addresses names DCdiag output etc.

    It did sound like a network issue of some sort, narrowing it down would have been good before it was resolved. Just make sure by switching your DNS servers back around on one server though as that was something that you had changed.

    Monday, January 21, 2019 11:37 AM