can ping host but it is not in dns

2012-06-27

Question

_{Wednesday, June 27, 2012 6:41 PM}

we have a 2008 domain

a static record has once been created to point to a vmware esx host

now the machine has changed and that record is deleted

but ping that host name on clients still return the ip of that server

there is no WINS and i am sure that the dns is answering

but i searched all dns records and could not find that

both server and client has been rebooted but again that happens

so this is my first question ?

where is that

and my second. we have a lot of zones and sorting is not enough

so how can i search dns for a specific record (like searching computers or users in aduc) because there are alot of zones

thanks

All replies (25)

_{Saturday, June 30, 2012 6:32 PM ✅Answered | 1 vote}

If the zone is AD integrated, which I assume and is more or less defacto, and if there are replication problems, that would indicate inconsistency in DNS, because not all DC/DNS servers have the same information. For example, if the record was deleted on one DC/DNS, and replication problems prevent the AD database from replication, then what you're seeing is a symptom of this problem, which is actually a larger problem than wondering where the ISA record is coming from.

The same goes with WINS. If you are using WINS, and if you have multiple WINS servers, I assume they are partners, and if there is anything blocking WINS reploication, perhaps the same thing blocking AD replication, then what you're seeing is also a sypmtom of a larger problem.

And the reason why when you ping a single name, the client side resolver algorithm will attempt to first suffix the Search Suffix to resolve in DNS, and if that doesn't work, then it will attempt to resolve it through WINS if configured to use WINS, and if that doesn't work, it will then revert to broadcast.

So in your case, based on your pings pinging a single name works but the FQDN doesn't work, then it is getting it from either WINS or broadcast.

And the reason I am not sure if it is WINS or broadcast in your scenario, you haven't indicated if you had checked each and every WINS server for that record. And you would havee to check them individually if you;re saying there are replication problems.

Download and run PortQry from each DC to other DCs that you feel are not replicating between each other to determine if there are any ports being blocked by a firewall or an installed Antivirus Program that is doubling as a firewall.

PortQryUI - User Interface for the PortQry Command Line Port Scanner - Run the test for "Domains & Trusts"
http://www.microsoft.com/en-us/download/details.aspx?id=24009

Please note, anytime there are VPN tunnels between locations in a trusted environment, ideally the port range to allow between all locations in the firewall are either unblocked, or TCP 1-56535 & UDP -65535 (wide opened). Also note, WINS uses TCP 42.

To understand ports required in an AD infrastructure, please see the following link:

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

Another possibility that will cause inconsistencies between DCs that host DNS AD integrated zones, is a duplicate zone in the AD database. There are a number of causes for duplicates, some of which are AD replication problems, manually creating a zone on another DC that already exists, administering DNS from a new 2008/2008 R2 DC when there are still Windows 2000.2003 still in production, and many other reasons. Please use the following tutorial on how to find if you have duplicate zones. Please note, you will have to check all three partitions, as well as check it from different DC/DNS servers because they may *see* a different version of the AD database if there are AD replicaiton problems.

Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This post is provided AS-IS with no warranties or guarantees and confers no rights.

_{Wednesday, June 27, 2012 8:22 PM}

When you ping that server, do you just ping the hostname or the fqdn.

Can you paste the unedited ping response for that server

Thanks and Regards, Mukesh. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

_{Thursday, June 28, 2012 3:41 AM}

the domain is gta.net

when i ping just the server named isa it returns

but when i ping isa.gta.net it is not ok. we have many zones but i could not find this in any of them

and also we have not WINS, anyway i disabled netbios over tcp/ip and nothing is set as my WINS server but the results are the same

C:\Users\technet>ping isa

Pinging isa [172.20.10.10] with 32 bytes of data:
Reply from 172.20.10.10: bytes=32 time=7ms TTL=62
Reply from 172.20.10.10: bytes=32 time<1ms TTL=62
Reply from 172.20.10.10: bytes=32 time<1ms TTL=62
Reply from 172.20.10.10: bytes=32 time<1ms TTL=62

Ping statistics for 172.20.10.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 7ms, Average = 1ms

C:\Users\technet>ping isa.gta.net
Ping request could not find host isa.gta.net. Please check the name and try again.

as i said this address is for a vmware esx host

_{Thursday, June 28, 2012 4:48 AM}

Why are you so sure that DNS is answering the query? What happens if you do nslookup isa and nslookup isa.gta.net?

Where or what the target is should not make any difference.

Bill

_{Thursday, June 28, 2012 4:59 AM}

because we have not WINS

and i also have done this

verify WINS as the source for answering a DNS requery

http://technet.microsoft.com/en-us/library/cc782508%28v=ws.10%29.aspx

and nslookup result

C:\Users\technet>nslookup
Default Server: dc2.gta.net
Address: 172.20.21.6

> isa
Server: dc2.gta.net
Address: 172.20.21.6

*** dc2.gta.net can't find isa: Non-existent domain
> isa.gta.net
Server: dc2.gta.net
Address: 172.20.21.6

*** dc2.gta.net can't find isa.gta.net: Non-existent domain

_{Thursday, June 28, 2012 6:11 AM}

Hi M. Ganji,

Thanks for posting here.

I suspect that system was still caching netbios name of that host , so could we first flush the netbios cache by running the command “nbtstat -R” in command proper in administrator mode (right click “command prompt” and click “Run As administrator”) and see if system will keep resolving that name when ping.

How To Diagnose and Test TCP/IP or NetBIOS Network Connections in Windows Server 2003

http://support.microsoft.com/kb/323388

Please also check the entries in “HOSTS” file on this host which initial this testing .

Chapter 7 - Host Name Resolution

http://technet.microsoft.com/en-us/library/bb727005.aspx

Thanks.

Tiger Li

TechNet Community Support

_{Thursday, June 28, 2012 7:00 AM}

I believe, the best way to diagnose this issue is through the useing of some sniffers. For example, install WireShark on the client system and then bind it to the NIC that actually connect the system to network. Then ping again the target system and then analyze the produced traffic... If you can, filter the captured data and paste it here.

Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

_{Thursday, June 28, 2012 7:04 AM}

nbtstat -r says:

C:\Users\technet>nbtstat -r

NetBIOS Names Resolution and Registration Statistics

Resolved By Broadcast = 0
Resolved By Name Server = 1

Registered By Broadcast = 12
Registered By Name Server = 8

nbtstat -R says :

C:\Users\technet>nbtstat -R
    Failed to Purge the NBT Remote Cache Table.
    Failed to Purge the NBT Remote Cache Table.
    Failed to Purge the NBT Remote Cache Table.
    Failed to Purge the NBT Remote Cache Table.
    Failed to Purge the NBT Remote Cache Table.

i have done many restarts and many ipconfig /flushdns and many disable/enable network connection

the name is not hosts file

and i did not answer to my second question

how can i search for a host (a record) in myd DNS which has many zones (so manually it is difficult to do that)

maybe this entry is somewhere which i could not find (of course i think thats not that way)

_{Thursday, June 28, 2012 7:27 AM}

I believe, the best way to diagnose this issue is through the useing of some sniffers. For example, install WireShark on the client system and then bind it to the NIC that actually connect the system to network. Then ping again the target system and then analyze the produced traffic... If you can, filter the captured data and paste it here.

Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

i did not get anything special

wireshark traffic from me (172.20.24.54) to that hostname and from that hostname to me is just icmp

151   8.835251   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
154   8.843495   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
172   9.836516   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
173   9.837415   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
203   10.838486   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
204   10.839167   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
224   11.840445   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
225   11.841119   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
432   23.155786   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
433   23.164138   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
448   24.1572   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
449   24.157884   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
460   25.159083   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
461   25.160102   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply
478   26.160115   172.20.24.54   172.20.10.10   ICMP   Echo (ping) request
479   26.160818   172.20.10.10   172.20.24.54   ICMP   Echo (ping) reply

_{Thursday, June 28, 2012 7:33 AM}

Please restart the system and then run WireShark again and capture data. By doing this action we will ensure that the hostname's ip address is not somewhere on the client's cache. Please report back the result...

_{Thursday, June 28, 2012 7:39 AM}

and the pcap file is:

http://s3.picofile.com/file/7421444836/Captured.pcap.html

_{Thursday, June 28, 2012 7:41 AM}

Hi M.Ganji,

Thanks for posting here.

> nbtstat -R says :

>C:\Users\technet>nbtstat -R
> Failed to Purge the NBT Remote Cache Table.

Could we perform this commands in administrator mode ? The result you posted indicates that we don’t have proper permission to flush cache .

Thanks.

Tiger Li

TechNet Community Support

_{Thursday, June 28, 2012 8:00 AM}

Which operating system you are using on the client corner? If you are using operating systems other than Windows XP and Windows server 2003, try disabling LLMNR feature, restart the system and make a try again. For more information see the following link:

http://www.vistaheads.com/forums/microsoft-public-windows-vista-networking-sharing/122198-ability-disable-llmnr.html

Can you please run the ipconfig /all command on both systems and pate the output here?

_{Thursday, June 28, 2012 8:01 AM}

Are you trying to ping it from a particular system, or did you try pinging it from other systems too. Was it the same response from them too.

If this is coming from a particular system only then the issue is not with DNS entry.

_{Thursday, June 28, 2012 8:11 AM}

the result is from all systems

and this is the new cap file after restart

http://s3.picofile.com/file/7421475478/Cap_2.pcap.html

_{Thursday, June 28, 2012 8:23 AM}

That means the issue is not with caching.

Can you paste unedited ipconfig /all from your system

_{Thursday, June 28, 2012 5:51 PM}

thanks to all

i am using windows 7 clients and dns is 2008 r2

i will check LLMNR and also will paste ipconfig /all here the day after tomorrow cause we are in holidays here

please check back then and continue your kind help

by the way i am again asking ;) is there anyway to search dns records ?

_{Thursday, June 28, 2012 6:42 PM}

M. Ganji,

Please post an unedited ipconfig /all from this machine. Mukesh had asked too, but I haven't seen your response.

Also:

Run and post the results of an ipconfig /displaydns.
Is there an LMHOSTS file configured?
Are you using GNZs (Global Name Zones)?
Post the results of nslookup 172.20.10.10

As Tiger said, please run the command prompt as Administrator. He posted how to do that.

C:\Users\technet>ping isa

Pinging isa [172.20.10.10] with 32 bytes of data:
Reply from 172.20.10.10: bytes=32 time=7ms TTL=62
Reply from 172.20.10.10: bytes=32 time<1ms TTL=62
Reply from 172.20.10.10: bytes=32 time<1ms TTL=62
Reply from 172.20.10.10: bytes=32 time<1ms TTL=62

And I would like to point out based on how the ping response showed up, as you can see above, it did not resolve to a name. If it resolved to a name, it would have resolved it from DNS. Therefore, this means that it was not resolved from DNS. Rather, it appears, based on the output, that there is a computer name or another entity with a name of ISA on the network.

Assuming this is an AD environment, please look in Active Directory and search for the name ISA. Do you see a computer object (workstation, server, etc), in the search results?

This post is provided AS-IS with no warranties or guarantees and confers no rights.

_{Saturday, June 30, 2012 5:21 AM}

Ok ! I'm back

first of all my client is windows seven (7) and network discovery is turned off. any way i went to group policy and disabled it from there too. but no chance.

the client i am looking for is named isa. the returning address is 172.20.21.10 (forget previous ones). this address is now allocated to a esx 4 host (whose host name is not isa)

and note that i have vmware workstation installed on my client

ipconfig /all result

Windows IP Configuration

   Host Name . . . . . . . . . . . . : IT-27
   Primary Dns Suffix . . . . . . . : gta.net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gta.net

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix . : gta.net
   Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-27-0E-03-4B-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.20.24.54(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, June 30, 2012 7:40:13 AM
   Lease Expires . . . . . . . . . . : Sunday, July 08, 2012 7:40:13 AM
   Default Gateway . . . . . . . . . : 172.20.24.1
   DHCP Server . . . . . . . . . . . : 172.20.21.7
   DNS Servers . . . . . . . . . . . : 172.20.21.5
                                       172.20.21.7
                                       172.20.21.6
   Primary WINS Server . . . . . . . : 172.20.21.5
   Secondary WINS Server . . . . . . : 172.20.21.7
                                       172.20.21.6
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Adapter
   Physical Address. . . . . . . . . : 00-50-BA-8C-46-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::903f:25f2:515:f1e%20(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.192.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 469782614
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-4C-1C-9C-00-50-BA-8C-46-28
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5c40:bdba:bb0e:2cf6%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.152.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 486559830
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-4C-1C-9C-00-50-BA-8C-46-28
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E5F018CB-9CEF-45AA-A902-FEA705BBD223}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C792F6A7-2EC8-4DDB-BABB-209558ACA3F1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F1D78C95-A26C-497E-858E-7EE63792A97D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gta.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . : gta.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

and ipconfig /displaydns is :

Windows IP Configuration

isa

Name does not exist.

    dc1.gta.net

    Record Name . . . . . : DC1.gta.net
    Record Type . . . . . : 1
    Time To Live . . . . : 3213
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 172.20.21.5

    dc1

    Record Name . . . . . : DC1.gta.net
    Record Type . . . . . : 1
    Time To Live . . . . : 3228
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 172.20.21.5

    _ldap._tcp.pdc._msdcs.gta.net

    Record Name . . . . . : _ldap._tcp.pdc._msdcs.gta.net
    Record Type . . . . . : 33
    Time To Live . . . . : 260
    Data Length . . . . . : 16
    Section . . . . . . . : Answer
    SRV Record . . . . . : dc1.gta.net
                            0
                            100
                            389

    Record Name . . . . . : dc1.gta.net
    Record Type . . . . . : 1
    Time To Live . . . . : 260
    Data Length . . . . . : 4
    Section . . . . . . . : Additional
    A (Host) Record . . . : 172.20.21.5

    dc2.gta.net

    Record Name . . . . . : DC2.gta.net
    Record Type . . . . . : 1
    Time To Live . . . . : 3229
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 172.20.21.6

    Record Name . . . . . : DC2.gta.net
    Record Type . . . . . : 1
    Time To Live . . . . : 3229
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 172.20.21.7

output of nslookup 172.20.21.10
Server: dc2.gta.net
Address: 172.20.21.6

*** dc2.gta.net can't find 172.20.21.10: Non-existent domain

there is no host configured in LMHosts file

and no GNZ is present ( id did not know about GNz, i studied but it seems very bad cause as i found it wants to be a replacement for WINS but it does not support dynamic updates ...)

_{Saturday, June 30, 2012 10:56 AM}

maybe i have made a mistake

i am now testing it in our dc

when i set WINS that isa pc is pinged

when i remove WINS address from network connection of server (and do a purge) it is not pinged ..

but the address is for a esx host server and even its hostname is not ISA

so where is this entry ? from where it is registering itself in WINS .. ?

_{Saturday, June 30, 2012 11:16 AM}

so i tested again

the WINS is on isa will be pinged

no WINS no ping

but now i am confused why this entry is going to WINS records >.// >?

i tested the mac on the switch and this ip is coming from that mac and no vm is with that name on that port

_{Saturday, June 30, 2012 5:15 PM}

another thing i found

we have many sites

there is one site that its replication is facing problems and has not been replicated many weeks

so the record of "isa" has been there since many months ago

so there was a record for isa to the ip i specified

but here is my another problem

why it is returned in another site ?

and it is returned from WINS ...!

that site dns server wins was set to our central dc address

but how a record in its DNS address is resolved using WINS in our site ?

_{Sunday, July 1, 2012 11:43 AM}

Thanks so much to all off you especially to ACE with those complete instructions

i was careless (in fact i should document many things about this domain cause i have joined this company recently)

there was some static WINS records and this one "isa" was one of them and tombstoned

also the AD integrated DNS was not successfully replicated in that faulty domain and records (computer and dns) for that remote DC had many errors

i fixed them all. replication went ok and dns was replicated too and got ok

thanks to all of you

_{Sunday, July 1, 2012 4:31 PM}

I'm happy to hear you've found our suggestions helpful to resolve the problem!

Did you check in ADSI Edit to insure there are no duplicate zones?

What was the cause of the lack of AD replication (which causes DNS inconsistencies)?

This post is provided AS-IS with no warranties or guarantees and confers no rights.

_{Sunday, July 1, 2012 6:35 PM}

I'm happy to hear you've found our suggestions helpful to resolve the problem!

.

Did you check in ADSI Edit to insure there are no duplicate zones?

What was the cause of the lack of AD replication (which causes DNS inconsistencies)?

Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This post is provided AS-IS with no warranties or guarantees and confers no rights.

Dear Ace

First of all thanks again for your and all other people help here

let me give you a brief description of my actions

of course i should tell you that i have been in charge of this vast network maintenance just a months ago and unfortunately there are no (even a page) of documents. thousands of users, about 30 sites, about 10 DC's which about half of them are RODC (which i can not understand why they have done that) and about 20 DNS servers (just dns server not DC). different OS for DC's including 2003, 2008, 2008 R2 SP1 and ...

so as you see i have hard work to do ! :( in fact i was going to ask a question in forums about how we can document a big domain environment when we enter an enterprise organization without even a page of documents .. !!

so let me turn back to our scenario

as i told you one of DC's in a remote site had replication problems. last successful replication was one year ago but anyway clients did not face any significant problems so nobody noticed that too much. Second dns for clients was set to main office. DHCP was on that DC and as we all know it has nothing to d with AD DS so they successfully had their ip addresses and ..

so going to that DC i saw that DNS Records are a mess. very old ones there and new ones not in there. it was natural. AD Integrated DNS, No Replication and so no DNS update.

when i looked at Event Viewer I saw a lot of DNS 4015 events and also AD DS errors.

going deeper i found that even the computer name for that DC is not in the list of DNS records and also AD DS service was stopped.

when i tried to start it it said " service started and then stopped. some services are stopped if they have nothing to do ..)

and another thing, when i logged into that using my credentials there was alot of errors. ping 127.0.0.1 said "can not contact ip driver ..."

this is interesting because my friend who had an old user and password in domain with sufficient access rights could log on to that and did not have that ip driver error

so i thought this is useless to spend time on fixing this. i created the computer account in AD. disjointed it and again joined it and also removed DNS role

again i made it a DC with dc promo and it took about one hour in the process to copy objects from main office to the branch

then it was ok but still dns had some old records and zones !! i waited about 30 minutes. some replications were done and DNS was corrected.

also i initiated a repadmin /showrepl * and all seemed ok

about duplicate Zones :

hmmm. i do not know. i will check it again tomorrow but AD integrated DNS servers are present in this domain. some in RODC's and some in writable DC /GC's

i am not sure about this but i think if it is RODC so no manual adding zone is acceptable. and if it is not any change in zones will be soon replicated so other DNS servers get it too so the chance and the need for adding zones manually is not very much

and yes. we unfortunately have a DC in a very far remote site which is still 2003 so our functional level is also still 2003. so this sentence of yours is true

"administering DNS from a new 2008/2008 R2 DC when there are still Windows 2000.2003 still in production, and "

but as a matter of fact i do not know how this can cause that.

and at last that WINS thing. WINS was set on DC's of main office. but i thought by myself ok ! WINS is there but there is not any computer named "isa" so it can not be registered in WINS. but when i ordered it to display WINS records i saw that oh !! a static WINS record has been set for this entry and it was infinite !!!

again i do not know why they had done this. i have some assumptions but maybe they are not true.

i will be glad if you like to know anything else which can help this thread being useful for others in future

and i have some ambiguities about that faulty replicating DC which will ask if you can help.

the main question is " last successful replication was one year ago " and replicating was all failed on that DC

but my user was created four weeks ago and i was set to domain admins group

and with this user i logged on to this DC many times in previous month.

so if replicating was faulty, how this info was sent to that DC ?

or maybe i am wrong and in fact i was authenticated using main central DC's (something related to DC locator process ...)

Thanks.

Share via

can ping host but it is not in dns

Question

All replies (25)

Additional resources