locked
DNS not replicating RRS feed

  • Question

  • I'll try to make this short:  I have a laptop user in a branch office, and when booting he often has to wait over 30 minutes for the laptop to get to the login screen.  Then another long time after logging in to get to desktop.  There is a DC in his office, but via GPRESULT I've determined his laptop is authenticating with a DC in our headquarters office (this, I believe is the reason his login is so long).  So looking into the issue, I noticed DNS on the branch server has no forward lookup zones or reverse lookup zones.  So for some reason DNS is not replicating to this office, which is probably why he cannot authenticate to this server (let me know if I'm wrong here).  AD Users and Computers seems to replicate fine (although it's useless if the PCs aren't "talking" to this server anyway during logon.

    In a related matter, when I open Sites and Services I see that all branches have a NTDS Settings object within SITE>Servers>SERVER NAME...except the branch that I'm having problems with.


    Any help would be awesome!!


    Thanks!

    Monday, October 17, 2011 3:43 PM

Answers

All replies

  • Hello,

    I'll try to make this short:  I have a laptop user in a branch office, and when booting he often has to wait over 30 minutes for the laptop to get to the login screen.

    please make sure that your computer is pointing to an internal DNS server as primary DNS server (Avoid using a public DNS server as primary DNS server). 

    Please also check appliance of group policies. More information if you check logs in event viewer.

    There is a DC in his office, but via GPRESULT I've determined his laptop is authenticating with a DC in our headquarters office (this, I believe is the reason his login is so long).  So looking into the issue, I noticed DNS on the branch server has no forward lookup zones or reverse lookup zones.  So for some reason DNS is not replicating to this office, which is probably why he cannot authenticate to this server (let me know if I'm wrong here).  AD Users and Computers seems to replicate fine (although it's useless if the PCs aren't "talking" to this server anyway during logon.

    Please use Microsoft Skydrive to upload the output of these commands on each DC you have:

    ipconfig /all >c:\ipconfig.txt (From each DC)

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt

    repadmin /showrepl server1.domain.local /verbose /all /intersite > c:\repadmin.txt

    dnslint /ad /s "The DC's IP Address" (http://support.microsoft.com/kb/321045) 

    Once done, post a link here.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Monday, October 17, 2011 9:08 PM
  • I didn't upload results from every server like you asked because I'm already getting errors from the server I'm having trouble with.  The errors are in the txt documents here:

    http://dl.dropbox.com/u/36527676/L/dcdiag.txt

    http://dl.dropbox.com/u/36527676/L/dnslint.txt

    http://dl.dropbox.com/u/36527676/L/ipconfig.txt

    http://dl.dropbox.com/u/36527676/L/repadmin.txt

     

    Let me know if you really need the other servers' info.  FYI: When I did dcdiag on this server and on another I was getting an error that AD Lightweight Directory Service has stopped working.  Weird.

    Tuesday, October 18, 2011 12:44 PM
  • oh, and by the way.  I do have primary DNS server set to an internal DNS server (the local DC that is not working, in fact).  Secondary is set to a DC in our headquarters office.
    Tuesday, October 18, 2011 12:51 PM
  • I tried to expand on your scripts and run dcdiag /dnsall and I get the error ***Error: L-SRVR is not a Directory Server.  Must specify /s:<Directory Server> or /n:<Naming Context> or nothing to use the local machine.

    ERROR: Could not find home server.

     

    So, it appears that my server thinks it's not a domain controller...

    Tuesday, October 18, 2011 2:14 PM
  • Hello again,

    please check that you have a DC / DNS / GC server that is working fine.

    Once identified then you can:

    • Force demotion of the faulty DC using dcpromo /forceremoval
    • Resize FSMO roles if the demoted DC was holder of FSMO roles
    • Perform a metadata cleanup
    • Promote again the server

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Tuesday, October 18, 2011 10:52 PM
  • Hi SVLKRS,

     

    Thanks for posting here.

     

    So will it work faster if disconnect with network ?I think we should first correct the AD settings.

    Please host this AD-integrated DNS zone on domain controller at both sites . After we should split the domain controllers to the proper AD site that it belongs to by setting AD sites and replication:

     

    http://technet.microsoft.com/en-us/library/bb727051.aspx

     

    Clients at each site should use the local domain controller as the primary DNS server .

     

    For more information about  how to troubleshoot slow logon issue , please refer to the blog post below:

     

    http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx

     

    http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-2.aspx

     

    Thanks.


    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, October 20, 2011 7:14 AM