Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 20, 2014 11:12 AM
Dear All,
Below is our condition
Topology
(ADSERVER, PC1, PC2, PC3)<==>SWITCH(192.168.25.0/24)<==>ROUTER<==>ACCESSPOINT(192.168.26.0/24)<==>(PC4, PC5, PC6)
Description
- ADSERVER acts as active directory and DNS server (ADSERVER is using Windows Server® 2008 Standard without Hyper-V (6.0, Build 6002) Service Pack 2 (6002.vistasp2_gdr.120402-0336))
- Segment 192.168.26.0/24 is allocated for wireless LAN
- All of our PCs on both segments is joined domain
Issues
- Our client cannot contact machine in 192.168.25.0/24 by hostname, but by IP address is no problem. Sometimes when we try reconnecting our client to the access point in 192.168.26.0/4, the problem is solve.
Could you help me please to solve this problem
Thank you for any help
All replies (9)
Tuesday, January 21, 2014 9:23 PM ✅Answered
I agree with the assessment that it's a DNS issue. My take on it is I have a feeling you are possibly using your DC's IP address as a DNS server, as well as some other outside (ISP's DNS perhaps?) as a second entry. That would make sense if you're finding that rebooting or reconnecting your client makes it work because that resets the eligible resolvers list (the list of DNS addresses on a client).
If the IP config is coming from the router's DHCP, I would suggest to use your DC for DHCP. If the router supports it, you can use a DHCP Relay Agent (also referred to as an IP Helper). If you don't want to do that, check the router's settings to make sure only the DC's IP is being configured as a DNS address.
AD Rule of thumb: ONLY use the DCs for DNS. Nothing else, or things just plain 'ole don't work. Specifics in my blog:
Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx
-
To explain the eligible resolvers list, and the client side resolver service and how it uses the DNS addresses (it doesn't just bounce around between DNS IPs, it only sticks to one), here are more specifics:
This blog discusses:
WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
Client side resolution process chart.
The DNS Client Side Resolver algorithm.
If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
**DNS Forwarders Algorithm and multiple DNS addresses on NIC **(if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
Client side resolution process chart
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, January 21, 2014 6:52 AM
Hi,
Thank you for your post here.
It sounds like the dns issue. Do you try to add an entry between IP and name in hostfile?
Please to add them to check if it can solve the problem.
When the issue occurs, pleas try to ping ADSERVER to see if it is successful.
http://technet.microsoft.com/en-us/library/cc751132.aspx
Best Regards
Quan Gu
Tuesday, January 21, 2014 12:40 PM
Add the IP address of your DNS server (ADSERVER) on the scope options (192.168.26.0) of your wireless clients.
Renew IP address on client
Johan Loos
Wednesday, January 22, 2014 7:59 AM
Dear Quan Gu,
Thank you for your reply. I have try o input the IP address and the hostname on the hostfile, but it cannot be saved and an infobox indicated that the file is being used appears.
Is there a running process uses this file? what is the process?
Best Regards,
Husein
Wednesday, January 22, 2014 8:13 AM
Hi,
Thank you for your update.
Do you use admin priviledge to open it?
Please follow the steps below to see if it works and which os do you use? This should be tested on client machine.
http://inspireinnovativelearning.blogspot.in/2012/12/tip-hosts-file-error-please-check-if.html
Best Regards
Quan Gu
Wednesday, January 22, 2014 8:23 AM
Dear Johan,
Thank you for your reply. I have added the IP of ADSERVER as our first DNS on the scope oprion (192.168.26.0), the second and third DNS is our ISP's DNS, but the problem is still not solved.
Best Regards,
Husein
Wednesday, January 22, 2014 9:44 AM
Dear Johan,
Thank you for your reply. I have added the IP of ADSERVER as our first DNS on the scope oprion (192.168.26.0), the second and third DNS is our ISP's DNS, but the problem is still not solved.
Best Regards,
Husein
You can't use your ISP's DNS servers for your AD clients. That is what is causing the whole problem. Please remove the ISP's DNS server IP and ONLY use your ADSERVER IP. Otherwise, you will continue to have issues.
You may have missed that part while reading my blog. For your convenience, I will post the specifics as to why you can't use your ISP's DNS:
"To summarize, if there are multiple DNS entries on a machine (whether a DC,
member server or client),
- it will ask the first entry first
- If the first entry doesn't have the answer, it will go to the second entry after a time out period, or TTL, which can last 15 seconds or more as it keeps trying the first one,
- When it does go to the second DNS entry, it REMOVES the first entry from the eligible resolvers list, and won't go back to it for another 15 minutes. In 15 minutes, the client side resolver will reset the DNS list back to the
original order). Using an ISP's DNS can cause issues with AD when logging on or trying to access a resource such as a printer, folder, getting GPOs to function, etc.
Now if the ISP's is the first DNS entry, obviously it will be knocked out when a client is trying to login.
This can be noticed by a really, REALLY LONG logon time period the client will
experience before it goes to the second one, your internal DNS.
Therefore, the first one is knocked out for 15 minutes.
Then let's say the client decides to go to an internet site. It will be querying the internal DNS at this point. As long as the internal DNS is configured with forwarders to an outside DNS, or using it's Root Hints, it will resolve both internal and external internet addresses.
*
Here's the blog, if you would like to re-read it:
Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx
*
I hope you found this helpful.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, February 4, 2014 8:01 AM
Dear Ace Fekay,
Sorry for late update. Our issue has been solved by implementing your suggestion.
Thank you so much for your support
Regards,
Husein
Tuesday, February 4, 2014 3:57 PM
Husein,
I'm happy to hear the issue has been resolved!
Cheers!
:-)
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.