none
problem with DNS? RRS feed

  • Question

  • Hi there,

    I think I have some problems with my DNS.

    I installed a domain controller (AD) and everything seemed to be fine. One week later we started having problems with name resolution, for example, I was trying to access another computer using remote desktop application and it returned to me that I already have an opened session and when I tried to access it using the IP address instead of the hostname it worked like a charm. Another thing that is happening is if I try to access a network shared folder and it said: Logon Failure: The target account name is incorrect.

    These problems come and go along the day, it's working then 2 minutes after its not.

    I'm using Windows 7 32/64bits Enterprise on the clients and Windows Server 2012 R2 on the server.

    • My network is 10.196.24.XXX
    • My AD and DNS server is 10.196.24.31

    When I use nslookup on a client it returns as below (note that SCANSERVER ≠ SCASERVER):

    When I installed AD I configured the DNS zones (i dont know if I did it properly). Please see if it’s OK and tell me.

     

    And the forward lookup zones:

    when I run "ipconfig /flushdns" it starts working again...

    any idea?

    Could you tell me where the problem is?

    Best Regards.



    • Edited by rdgcatell Tuesday, September 6, 2016 11:07 AM
    Tuesday, September 6, 2016 11:01 AM

Answers

All replies

  • I noticed from the screenshot you are missing an A record for the scaserver.hrbr.local AD/DNS server (IP 10.196.24.31) in the hrbr.local DNS Forward Lookup zone.  On this AD/DNS server, run the following commands, which will put the A record back, as well as any other missing SRV records which could be generating on your clients the login failure message.

    ifconfig /flushdns

    net stop netlogon  

    net start netlogon

    ifconfig /registerdns


    Best Regards, Todd Heron | Active Directory Consultant

    • Proposed as answer by John Lii Wednesday, September 7, 2016 1:50 AM
    Tuesday, September 6, 2016 12:33 PM
  • Well the problem came back.

    One thing that I found is that the nslookup now works properly (after the commands you told).

    but I just reveiced this message again when trying to access \\scanserver... if I type 10.196.24.177 (which is the scanserver IP, works good).

    and

    Another thing I noticed now is that only SCANSERVER is not accessible. I can access others computers using the hostname but SCANSERVER ... find below the SCANSERVER configuration (running windows 7):

    *note that Im not having now this problem with others computers, but I cannot assure you its not happening*

    any suggestions? :(


    • Edited by rdgcatell Tuesday, September 6, 2016 2:50 PM
    • Proposed as answer by John Lii Wednesday, September 7, 2016 1:50 AM
    • Unproposed as answer by John Lii Wednesday, September 7, 2016 1:50 AM
    Tuesday, September 6, 2016 2:45 PM
  • Hi; the scanserver host name may have been in DNS all along, its just that the screenshot cut off before it displays the host names which began with the letter S.  The problem may be something else, it should be better revealed if you run the following command on scanserver and post the result:  

    dcdiag /v


    Best Regards, Todd Heron | Active Directory Consultant


    • Edited by Todd Heron Tuesday, September 6, 2016 2:57 PM Remove typo
    Tuesday, September 6, 2016 2:57 PM
  • I ran it on SCAserver (AD SERVER)...
    On SCANserver (CLIENT) the command cannot be found.

    C:\Windows\system32>dcdiag /v
    
    Directory Server Diagnosis
    
    Performing initial setup:
       Trying to find home server...
       * Verifying that the local machine SCASERVER, is a Directory Server.
       Home Server = SCASERVER
       * Connecting to directory service on server SCASERVER.
       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=HRBR,DC=local,
    LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
    ,CN=Sites,CN=Configuration,DC=HRBR,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=HRBR,DC=local,
    LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=SCASERVER,CN=Servers,C
    N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.
    
    Doing initial required tests
    
       Testing server: Default-First-Site-Name\SCASERVER
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... SCASERVER passed test Connectivity
    
    Doing primary tests
    
       Testing server: Default-First-Site-Name\SCASERVER
          Starting test: Advertising
             The DC SCASERVER is advertising itself as a DC and having a DS.
             The DC SCASERVER is advertising as an LDAP server
             The DC SCASERVER is advertising as having a writeable directory
             The DC SCASERVER is advertising as a Key Distribution Center
             The DC SCASERVER is advertising as a time server
             The DS SCASERVER is advertising as a GC.
             ......................... SCASERVER passed test Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Starting test: FrsEvent
             * The File Replication Service Event log test
             Skip the test because the server is running DFSR.
             ......................... SCASERVER passed test FrsEvent
          Starting test: DFSREvent
             The DFS Replication Event Log.
             ......................... SCASERVER passed test DFSREvent
          Starting test: SysVolCheck
             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... SCASERVER passed test SysVolCheck
          Starting test: KccEvent
             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 min
    utes.
             ......................... SCASERVER passed test KccEvent
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=SCASERVER,CN=Servers,CN=Default
    -First-Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=SCASERVER,CN=Servers,CN=Default
    -First-Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=SCASERVER,CN=Servers,CN=Default-Fi
    rst-Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=SCASERVER,CN=Servers,CN=Default-Fi
    rst-Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=SCASERVER,CN=Ser
    vers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local
             ......................... SCASERVER passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             Checking machine account for DC SCASERVER on DC SCASERVER.
             * SPN found :LDAP/SCASERVER.HRBR.local/HRBR.local
             * SPN found :LDAP/SCASERVER.HRBR.local
             * SPN found :LDAP/SCASERVER
             * SPN found :LDAP/SCASERVER.HRBR.local/HRBR
             * SPN found :LDAP/1f6ce596-e00d-43bd-802a-e6d4fb80ff6d._msdcs.HRBR.loca
    l
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f6ce596-e00d-43bd-80
    2a-e6d4fb80ff6d/HRBR.local
             * SPN found :HOST/SCASERVER.HRBR.local/HRBR.local
             * SPN found :HOST/SCASERVER.HRBR.local
             * SPN found :HOST/SCASERVER
             * SPN found :HOST/SCASERVER.HRBR.local/HRBR
             * SPN found :GC/SCASERVER.HRBR.local/HRBR.local
             ......................... SCASERVER passed test MachineAccount
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC SCASERVER.
             * Security Permissions Check for
               DC=ForestDnsZones,DC=HRBR,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for
               DC=DomainDnsZones,DC=HRBR,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=HRBR,DC=local
                (Schema,Version 3)
             * Security Permissions Check for
               CN=Configuration,DC=HRBR,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for
               DC=HRBR,DC=local
                (Domain,Version 3)
             ......................... SCASERVER passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             Verified share \\SCASERVER\netlogon
             Verified share \\SCASERVER\sysvol
             ......................... SCASERVER passed test NetLogons
          Starting test: ObjectsReplicated
             SCASERVER is in domain DC=HRBR,DC=local
             Checking for CN=SCASERVER,OU=Domain Controllers,DC=HRBR,DC=local in dom
    ain DC=HRBR,DC=local on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=SCASERVER,CN=Servers,CN=Default-First-
    Site-Name,CN=Sites,CN=Configuration,DC=HRBR,DC=local in domain CN=Configuration,
    DC=HRBR,DC=local on 1 servers
                Object is up-to-date on all servers.
             ......................... SCASERVER passed test ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Starting test: Replications
             * Replications Check
             * Replication Latency Check
             ......................... SCASERVER passed test Replications
          Starting test: RidManager
             * Available RID Pool for the Domain is 1600 to 1073741823
             * SCASERVER.HRBR.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 1100 to 1599
             * rIDPreviousAllocationPool is 1100 to 1599
             * rIDNextRID: 1210
             ......................... SCASERVER passed test RidManager
          Starting test: Services
             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... SCASERVER passed test Services
          Starting test: SystemLog
             * The System Event log test
             Found no errors in "System" Event log in the last 60 minutes.
             ......................... SCASERVER passed test SystemLog
          Test omitted by user request: Topology
          Test omitted by user request: VerifyEnterpriseReferences
          Starting test: VerifyReferences
             The system object reference (serverReference)
             CN=SCASERVER,OU=Domain Controllers,DC=HRBR,DC=local and backlink on
             CN=SCASERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
    ation,DC=HRBR,DC=local
             are correct.
             The system object reference (serverReferenceBL)
             CN=SCASERVER,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings
    ,CN=System,DC=HRBR,DC=local
             and backlink on
             CN=NTDS Settings,CN=SCASERVER,CN=Servers,CN=Default-First-Site-Name,CN=
    Sites,CN=Configuration,DC=HRBR,DC=local
             are correct.
             The system object reference (msDFSR-ComputerReferenceBL)
             CN=SCASERVER,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings
    ,CN=System,DC=HRBR,DC=local
             and backlink on CN=SCASERVER,OU=Domain Controllers,DC=HRBR,DC=local
             are correct.
             ......................... SCASERVER passed test VerifyReferences
          Test omitted by user request: VerifyReplicas
    
          Test omitted by user request: DNS
          Test omitted by user request: DNS
    
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
    
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
    
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
    
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
    
       Running partition tests on : HRBR
          Starting test: CheckSDRefDom
             ......................... HRBR passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... HRBR passed test CrossRefValidation
    
       Running enterprise tests on : HRBR.local
          Test omitted by user request: DNS
          Test omitted by user request: DNS
          Starting test: LocatorCheck
             GC Name: \\SCASERVER.HRBR.local
             Locator Flags: 0xe000f1fd
             PDC Name: \\SCASERVER.HRBR.local
             Locator Flags: 0xe000f1fd
             Time Server Name: \\SCASERVER.HRBR.local
             Locator Flags: 0xe000f1fd
    f1fd
             KDC Name: \\SCASERVER.HRBR.local
             Locator Flags: 0xe000f1fd
             ......................... HRBR.local passed test LocatorCheck
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope
             provided by the command line arguments provided.
             ......................... HRBR.local passed test Intersite
    
    C:\Windows\system32>

    Find below the "S" part....

    *A thing I forgot to mention is that SCAserver (AD SERVER) is in 2 networks, 10.196 and 192,168, but the AD service should be available just for 10.196 network.*

     regards


    EDIT:

    LOOK AT THIS, the SCANserver has been added automatically to reverse zone (??) why this is happening?

    • Edited by rdgcatell Tuesday, September 6, 2016 4:48 PM
    Tuesday, September 6, 2016 4:13 PM
  • I think I see the problem here.  Your DCDIAG results came back clean.  I wish I would have seen the screenshot of the SCASERVER AD/DNS IP earlier - and saw the second IP for the 192.168.x.x network in the Forward Lookup list.  You have a dual-homed (2 network cards) DC, and this causes problems - the kind of problems you described in your original post:

    "These problems come and go along the day, it's working then 2 minutes after its not."  ...which is also why it always worked straight by IP.

    When its working, you can be sure that your clients are connecting to SCASERVER by its 10.196.24.31 IP.  When its not working, they are attempting to connect to the 192.168.30.10 IP - 192.168.x.x IP addresses are non-routable. Go ahead and remove the 192.168.30.10 IP from DNS, and make sure it stays out of there by going into the TCP/IP properties for the adapter with IP 192.168.30.10, DNS tab, and un-checking the box "Register this connection's address in DNS".  If you un-check that box, the 192.168.x.x private connection will stay out of DNS and clients will not have further trouble connecting to your AD/DNS server by host name like they are right now.  For any host which needs connection to its 192.168.x.x, configure a Hosts file entry for them on that host itself.  It's probably not many hosts (maybe backup servers?) which need to connect to its 192.168.x.x IP.


    Best Regards, Todd Heron | Active Directory Consultant


    • Edited by Todd Heron Tuesday, September 6, 2016 4:54 PM Fixed typo
    Tuesday, September 6, 2016 4:53 PM
  • The 192 network is the ticket gates we have here.

    OK take a look and see if its OK.

    And the reverse zones is with the 10.196.24.X only...

    I am still with the problem, do I need to run some commands in order to refresh everything and make this new configuration working?

    Another doubt I have is: Why just SCANserver (client) were added to"reverse lookup zones" ?? it should be here? why the others computers are not? it has been added automatically...

    Tuesday, September 6, 2016 5:51 PM
  • Hi, you will need to run an "ifconfig /flushdns" on any problematic client after you made the change, as the name stays in local client cache for small period of time.

    You can go ahead and remove the client "scanserver" from the Reverse Lookup zone.  Client machines do not need to be in DNS reverse lookup zones, only servers.  

    On my personal note, I think the name "scanserver" is confusing, because it is too close to the name of your AD/DNS server "SCASERVER".  Therefore, in my opinion, I would rename the client machine, "scanserver" to something else.


    Best Regards, Todd Heron | Active Directory Consultant

    Tuesday, September 6, 2016 6:06 PM
  • I did what you said and 15 minutes later the second IP (192.168.30.10) backs to forward lookup zones automatically.

    Look at the conf on 192.168.30.10 (SCAserver), is it correct?

    Any suggestion?



    • Edited by rdgcatell Tuesday, September 6, 2016 6:45 PM
    Tuesday, September 6, 2016 6:44 PM
  • I'm not sure why the 192.168.x.x IP is re-registering itself in the Forward Lookup zone after un-checking that box.  You might need to re-cycle the netlogon service on SCASERVER so that it rids itself of this adapter's IP from its cache.  You can also purge the DNS server cache as well.

    net stop netlogon

    net start netlogon

    And then delete the the 19.168.x.x from DNS one more time and keep a watch on it.   It shouldn't be coming back, only the first IP 10.196.30.10 should remain in DNS.

    Alternatively, and very simply, you could, after deleting the 192.168.x.x record from DNS, simply restart SCASERVER to clear everything out.


    Best Regards, Todd Heron | Active Directory Consultant

    Tuesday, September 6, 2016 7:16 PM
  • Its funny... I removed the entry then I restarted the server... the entry came back right after the windows loads. I did it two times and the same result...

    im going crazy :(

    Tuesday, September 6, 2016 7:37 PM
  • No worries.  Please follow the steps outlined in this article (says applies to Windows 2000/2003, but it also holds for 2008/2012 as well). There are some steps you have to do within the DNS console as well which I did not mention.

    Active Directory communication fails on multihomed domain controllers



    Best Regards, Todd Heron | Active Directory Consultant

    • Marked as answer by rdgcatell Thursday, September 8, 2016 3:57 PM
    • Unmarked as answer by rdgcatell Thursday, September 8, 2016 6:07 PM
    • Marked as answer by rdgcatell Friday, September 9, 2016 6:54 PM
    Tuesday, September 6, 2016 7:47 PM
  • Very nice now the secondary IP is not coming back.

    Let's wait 1 day at least in order to see if the problem is finally solved.

    Anyway I appreciate your help so far  :)

    I post here tomorrow !

    Regards.


    • Edited by rdgcatell Tuesday, September 6, 2016 8:11 PM
    Tuesday, September 6, 2016 8:10 PM
  • Excellent.  Thanks for coming back to the thread, and if the problem stays resolved, don't forget to mark this thread as "Answered" to help guide others with similar issues.

    Best Regards, Todd Heron | Active Directory Consultant

    Tuesday, September 6, 2016 8:15 PM
  • Please let us know if the issue has been permanently resolved.

    Best Regards, Todd Heron | Active Directory Consultant

    Thursday, September 8, 2016 3:16 AM
  • The seconday IP didnt come back to the DNS list OK.

    but the problem continues:

    It's happening now.. the odd thing is that if I run an ipconfig /flushdns on my machine it will come back to work...

    More ideas?

    EDIT: AHH, I found out that it only happens with computers on HRBR domain (my domain) computers out of HRBR I can access using their local password normally...

    EDIT 2: LOL, whats happening? when I ping the inaccessible machines it returns my own computer, what the heck? :O

    • Edited by rdgcatell Thursday, September 8, 2016 6:20 PM
    Thursday, September 8, 2016 6:10 PM
  • Do you have a long-forgotten WINS server still on the network?  Or do you happen to have Hosts file with entries for these inaccessible machines?

    Best Regards, Todd Heron | Active Directory Consultant

    Thursday, September 8, 2016 6:29 PM
  • Hmm I dont think I have a WINS server, is there anyway to discover that? I though WINS were discontinued after windows xp..

    and I do not have hosts file "redirecting" anythng..

    Thursday, September 8, 2016 7:16 PM
  • Please post the results of an "ifconfig /all" from the client machine which is having the problems reaching the other machines as you described earlier today.

    EDIT:  We will be able to tell from the results if the client is using WINS or not


    Best Regards, Todd Heron | Active Directory Consultant


    • Edited by Todd Heron Thursday, September 8, 2016 7:27 PM
    Thursday, September 8, 2016 7:26 PM
  • Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : ROTEM-C08510
       Primary Dns Suffix  . . . . . . . : HRBR.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : HRBR.local
    
    Wireless LAN adapter Conexão de Rede sem Fio 2:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
       Physical Address. . . . . . . . . : 26-29-AF-D8-64-EF
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::4079:9988:72f0:db7%15(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.202.1(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 270936495
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-7B-5C-B5-74-E6-E2-D1-5A-07
    
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Ethernet adapter Conexão de Rede Bluetooth:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Dispositivo Bluetooth (Rede Pessoal)
       Physical Address. . . . . . . . . : 74-29-AF-D8-64-F0
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Wireless LAN adapter Conexão de Rede sem Fio:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
       Physical Address. . . . . . . . . : 74-29-AF-D8-64-EF
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter Conexão local:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
       Physical Address. . . . . . . . . : 74-E6-E2-D1-5A-07
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::cdff:d615:8f9a:5cde%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.196.24.99(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Thursday, September 08, 2016 7:50:36 AM
       Lease Expires . . . . . . . . . . : Friday, September 09, 2016 12:51:30 PM
       Default Gateway . . . . . . . . . : 10.196.24.1
       DHCP Server . . . . . . . . . . . : 10.196.24.1
       DHCPv6 IAID . . . . . . . . . . . : 292873954
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-7B-5C-B5-74-E6-E2-D1-5A-07
    
       DNS Servers . . . . . . . . . . . : 10.196.24.31
                                           10.13.11.19
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.{D5DE4C19-245B-4A55-A794-86EF56748D2E}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{638128CA-B144-4890-8856-AD1162383E8B}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    now everything is pointing to 127.0.0.1... I pingged AD server and my computer pings 127.0.0.1... i know that if I do a flushdns it will back to work normally but I need to know why this is happening..


    EDIT: I dont know but I feel in my heart that SCANserver (scanner server) is with some kind of issue,   it creates automatically a reverse lookup zone .. even if I delete it, it come back hours later.

    • Edited by rdgcatell Thursday, September 8, 2016 8:06 PM
    Thursday, September 8, 2016 7:53 PM
  • Give your system a free scan with Malware Bytes, and let us know the results.

    EDIT:  BTW, your results show you are not using WINS.


    Best Regards, Todd Heron | Active Directory Consultant


    • Edited by Todd Heron Thursday, September 8, 2016 8:45 PM
    Thursday, September 8, 2016 8:35 PM
  • This should be done on issued client? AD/DNS server?

    Which one you wnat the scan result?

    Thursday, September 8, 2016 8:50 PM
  • Need the result from the client.

    Best Regards, Todd Heron | Active Directory Consultant

    Thursday, September 8, 2016 9:03 PM
  • Hi; you should marked this thread as resolved as the original problem statement was that you had problem accessing certain computers by hostname, sometimes it would work and then 2 minutes later it would not, but would always work by IP.  The resolution was to remove and keep permanently removed a private 192.168.x.x IP address being registered in DNS by your domain controller, following the steps in this article:  Active Directory communication fails on multihomed domain controllers.  For the new problem of being unable to access certain hosts by name, a new question should be opened for that, providing details such as the name of the target host and an ifconfig /all of both the target server and the client trying to access it, plus the results of any malware scan completed on the client system we were discussing.

    Best Regards, Todd Heron | Active Directory Consultant

    Friday, September 9, 2016 1:00 PM
  • Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/9/2016 Scan Time: 3:57 PM Logfile: aasdasda.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.09.08 Rootkit Database: v2016.08.15.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: 782159 Scan Type: Threat Scan Result: Completed Objects Scanned: 399360 Time Elapsed: 21 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0

    (No malicious items detected) (end)

    About malware bytes you mean the above log?

    Are you sure that clients machine should not be added to reverse lookup zones?

    I saw people complaining on internet that the clients machine weren't being added to reverse lookup zones automatically...

    Today everything is working, I can access any computer using hostname... I dont know if the problem persists... we have to wait :/

    Friday, September 9, 2016 7:26 PM
  • Yes, that's a good log from MalwareBytes.  Don't add clients to Reverse Zones unless you have specific software which requires it.  Only servers need to be in Reverse zones.  Check DNS again when you can't connect to a system by hostname and ensure an A record is present for the system - and DCs should only have one adapter registering records into DNS.

    Best Regards, Todd Heron | Active Directory Consultant

    Saturday, September 10, 2016 2:19 AM