CSS redundant interface and DNS server

We're attempting to implement a pair of CSS's using redundant ASR and GSLB where the CSS's act as DNS servers.
But I'm not sure if the 2 features are compatible. The CSS's answer DNS queries to their direct interface but not the redundant interface.
Does anyone have any suggestions or work-arounds? We're running version 8.20.
TIA,
Dan

Dan doing some research I can see that the option to configure redundant-interface to resolve dns queries is not included on CSS 11500 series, this from the documentation.
On the document for CSS 11000 series that I provided before shows:
Configuration Requirements and Restrictions
The following requirements and restrictions apply to the configuration of this feature.
â¢You can configure this feature only on Cisco 11000 series CSSs (not 11500)
If I look at the redundant-interface configuration on old CSS 11000 series I see the option for dns:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/VIPRedun.html#wp1067528
Look at this line:
dns-server - Keyword that enables the CSS to respond to DNS queries destined for the redundant interface IP address. For more information, see the "Configuring a Redundant Virtual Interface to Respond to DNS Requests" section.
On new CSS 11500 series this option is not available:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1067528
I am trying to find if there is any workaround but so far semms that is expected to miss this feature on CSS11500.

Similar Messages

Windows server 2012 as primary DC and DNS server and windows server 2003 as secondary DC and DNS

Migration from windows server 2003 AD DC and DNS server to windows server 2012 R2,
Cannot I set up Windows server 2012 R2 as primary DC and DNS , windows server 2003 as secondary DC and DNS ? (for backup server when server 2012 fail, user can continue to login and access internet services)

You can mix both as long as your Forest and Domain Functional level are Windows Server 2003. However, I would like to bring your attention to this blog about known problems when mixing DCs with Windows Server 2003 and 2012 R2 OS:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

How can we get the prompt to enter IP Address, Subnet Mask , gateway and DNS Server during Task Sequence?

How can we get the prompt to enter IP Address, Subnet Mask , gateway and DNS Server during Task Sequence?

This is for 2007 but may still be relevant for 2012
http://hexdump.net/?p=391
Cheers
Paul | sccmentor.wordpress.com

Redundancy Interface for Content Server Release 6.x

Third-generation Content Server is UCS C220 (Not Vmware).
I see from TCS Release 6.x Quick Start which cannot use LAN2.
I'm not sure. How to connect LAN for redundancy interface or not because it have many NIC card.
Dual 1-Gb Ethernet ports:
LAN1 (Arrow 7, left pointer)— Use this port to connect the Content Server to the network (also see Figure 3)
LAN2 (Arrow 7, right pointer)— Not used

Hi,
The TCS server supports only single NIC in a deployment. That particular NIC value is used to generate the checksum, which needs to be passed along with the Release keys to bring up the content engine. That is the reason if you connect any other NIC to the network, the content engine will not start.
Also, when the release keys are generated on the license server, it uses the NIC with the lowest value (always the first NIC on the server).
I know its a complete waste to have so many NICs and use only one. But what can I say, thats the way Cisco designed the server..!!!
Regards,
-Deepti

CSS redundant-interface ping response

Hi,
I just wan't to make a simple question:
Should the css11151 respond to ping requests made to a redundant-interface?
If yes, what can be the reason for the redundant interface, not being responding to ping requests?
Thanks in advance,
Regards,
LR

Hi,
Did you ever find solution to the issue.
I have 11503 and I have same problem, I cannot ping the redundant-interface address from the directly connected switch.
It works for first few seconds when the CSS reboots or interface bounces then stops.
Any ideas?
Thanks

Configure proxy and dns server for a single URLConnection

Hello!
I am relatively new to network programming in Java so I was looking for a solution to set a DNS server and a PROXY server for one SINGLE UrlConnection. The settings should only be used in one thread, while another thread maybe has different settings.
The most suggestions I found on the net looked like follows:
Proxy:
System.setProperty("proxyPort","8080");
System.setProperty("proxyHost","proxy");
DNS Server
sun.net.spi.nameservice.provider.<n>=<default|dns,sun|...>
sun.net.spi.nameservice.nameservers=<server1_ipaddr,server2_ipaddr ...>
sun.net.spi.nameservice.domain=<domainname>
The problem is that both solutions are not thread safe and the settings are valid system wide (as far as I am understand). In my application a lot of different workerThreads open a connection to a remote server via URLConnection , for example:
URL url = new URL("http://www.sun.com");
HttpURLConnection con = (HttpURLConnection) url.openConnection();In the worst case 200 different workerThreads open a connection nearly at the same time. If the worst case happens one workerThread changes the DNS and PROXY settings and in the next step another thread which already has set dns and proxy tries to connect to a specified server with wrong dns and proxy settings.
One solution would be to synchronize the whole method that configures the connection and tries to connect to a remote server but that would be a very bad solution for me, because all other threads have to wait until the last thread has finished.
My question: Is there a possibility to configure a different DNS server and a different PROXY server for each URLConnection, for example something like:
URL url = new URL("http://www.sun.com");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setProxyHost("proxy");
con.setProxyPort("3128");
con.setProxyUsername("user");
con.setProxyPassword("pass");
con.setDNS("85.27.63.2");Thanks in advance for your answers.
Kind regards,
Buliwyf

Mainly because it's in the spec. I did not figure out exactly why it is necessary to use different dns servers. Let me give you a quick glimpse what the application should do:
The application checks if a URL is still available and returns an xml file with a return code (401 for example), connection time, an extract of thesource code and other information. This event repeats periodically (every 10 s, 20 min...). Therefore the customer has a good overview about the availability of his websites.
The customer himself controls the process with a xml configuration file that is read on the startup of the application. In the xml file you can find information like: connection timeout, http proxy, https proxy, used user agents, prefered request method (post or get) and regretfully even the DNS server that should be used.
Regretfully I don't have a chance to get the dns removed from the spec. The GUI which delivers the xml is already implemented and won't be changed.

Two Network Interfaces and DNS

Hi -
Sorry for asking what sounds like a simple question. I'm running 10.6.2 on and early 2009 Xserve.
I have two interfaces. One that I'm using for web traffic and the other for a SIP PBX that's running on the Xserve. I know how to point the the inbound traffic to the correct interface (web vs. SIP) through WAN to LAN rules (I have a separate pubic IP for each service), but how do tell a particular service to use that interface for outbound traffic?
Is this done by creating a machine name locally for that interface? When I do that, I notice that in server admin, that DNS name is linked to that IP. I have outbound rules that tie that LAN IP to external IP, but I just want to make sure the Xserve is sending out traffic on the correct interface.
Thanks!

Static routes likely won't help here - they're based on the destination IP address and you're not likely to know that for all possible incoming connections. In addition, it's entirely possible that the same client IP establishes a web and a SIP connection so now you're hosed - you're only going to use one destination-based route for that client address.
My first suggestion would be to simplify your network and run on a single public interface. What's your thinking behind using two interfaces here? Unless you have > 1gbps WAN link you're not going to saturate the link. Even if you do you could bond the two interfaces together to get a 2gbps link to your switch/router.
Then you use your firewall to manage the address translation based on port (port 80 -> WAN IP 1, 5060 -> WAN IP 2).
That said, Snow Leopard appears to support source-based routing where the default route is based on the source (i.e. server-side) IP address. This could solve your issue, but I can't confirm this since my network is architected to not use source-based routing so I haven't needed to look at that option.

Time Capsule as DHCP Router and DNS server for larger network - too taxing?

Ok, let me say first that I'm no networking expert, but I have tried to learn a decent amount over the years. I haven't got quite gotten o the level of combing router event logs, though I intend to do that as my next step. My question here though is if my overall network strategy is flawed.
My setup at home is one that may be a bit more extensive than most users have:
Cable modem -> Time Capsule -> Multiple gigabit switches (business grade) -> Wired Cat5e throughout the house and 2 Airport Extremes. I don't know how many total wired and wireless clients I have, but it may be between 30 and 40 (only a few are computers with the rest being game systems, networked DVRs, audio streamers, NAS, etc)
At the moment, the Time Capsule only backs up one machine - a MBP (I have external HDDs connected directly to the desktops). I don't use the TC's HDD for anything else. Also, I have the network configured so that the TC handles DHCP addressing and NAT. The Airport Extremes are in bridge mode.
For the most part, everything works very well. Internet speeds are good, audio streaming works well, no problems with TC backups, etc. The only issue I've run into are dropouts when streaming video content on the network from one device to another (not form the internet). Basically, the stream will pause and then an error will pop up on screen saying that there was a network problem. Now, I know that the specific devices themselves may have issues of their own, but since it's happened on more than one system, I'm wondering if there is a common network culprit- expecting the Time Capsule to handle its duties especially while it is doing a backup.
Here are a few thoughts I have:
1 - From a technical standpoint, I don't know if all client to client network traffic goes through the TC. I was thinking that communication could happen between devices on the same switch without having to go up to the TC and then back down, but maybe I'm wrong. If I am wrong, that certainly is a bottleneck right there. I'm not segregating the video streamers to their own subnet on a new router to isolate the traffic. I'm also not sure if the bottleneck is impacted by static vs dynamic IP addressing. IOW, I don't know if setting the devices up with static IPs would change the flow of traffic to not have to go through the TC (just flow across the switch) or not.
2 - Long ago in a different network setup, I had allowed the wireless access points to assign IPs. However, I found that doing so sometimes created problems accessing some of those devices from a computer or device on a different subnet. As such, I switched over to having the router connected to the modem do all the IP addressing. Maybe this is a bad idea given the temporary nature that some devices will hop on and off the network.
3 - Additionally, in the interests of getting better wireless coverage over the whole house, I switched to using 2 airport extremes configured to use the same SSID (so that devices moving around the house wouldn't need to specifically change networks in order to get better signal). I guess I could let one of those 2 handle IP addressing while the other is in bridge mode (pointing to the primary Extreme vs the TC).
4 - Kind of getting back to the TC as the bottleneck, maybe it shouldn't handle network wide DHCP and NAT duties. If TC backups take network priority, such that other kinds of traffic could hiccup, then I probably need to rethink where the TC should exist in the network. Or, maybe it would be enough to just have the stream sensitive components be on their own subnet.
I know there are potentially multiple flaws in my current strategy, so any suggestions or attempts at correcting my assumptions would be helpful.
Thanks!
Jeff
Message was edited by: Rgbyhkr
Message was edited by: Rgbyhkr

Welcome to the discussions!
1 - Everything goes through the router when it is setup to handle DHCP and NAT
2 - You want your main router, the TC, to handle all DHCP and NAT functions. It will handle up to 250+ connections, so 30-40 devices won't be much of a challenge
3 - Keep both AirPort Extremes in bridge mode to allow the TC to handle the things in #2 above. If you setup an Airport Extreme to give out IP addresses, you'll create a Double NAT issue on your network...which can slow down communications between devices...the thing you are trying to avoid. If you use Xbox live or other interactive services, the online features will not function with a Double NAT on your network.
4 - You want the TC to handle all DHCP and NAT functions as in #2. I assume that you have no single run of CAT5e more than 300 feet.
5 - If you want to create separate sub nets correctly (the AirPorts won't allow you to do this as they are designed for basic home networking), you'll need to look at routers for professional and commercial use, like Cisco.
With as many devices as you have, you may be running out of bandwidth at times. If you only notice the issue during Time Machine backups, and you don't need to backup each hour, take a look at Time Machine Editor to setup backups whenever you like, maybe once a day at 2 AM when things on the network are quiet.
My suggestions are of course opinions. Hopefully you'll receive some other possibly differing views.

Why do we configure the Redundant Interface in CSS Public Face

Hi,
I have a question : Why do we configure the redundant interface in a CSS facing the public side of a CSS.
I understand the need for the interface in the server side though. Please refer to the URL below;
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/redundgd/vipredun.htm#wp1063393

this is not a requirement if your vips belong to the public vlan subnet.
But if your vip addresses are from a different subnet, then the upstream router needs a route pointing to the CSS redundant interface ip.
Gilles.

Configure single CSS as authoritative dns server

Hi Experts,
I have one CSS11501 acting as the load balancer. And all the servers are in private network behind it. We need to configure an authoritative dns server for this web domain. I want to use this CSS to be the dns server. I saw that there are some advance configuration notes about configuring dns server
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/DNS.html
I wonder if I only use a single server, what the configuration is needed? is there an example. Most of the documents have the example for multiple CSS in global server load balancing environment.
We currently only have standard feature license. I wonder if we have to purchase the 'enhanced feature set' to implement this function?
Only the command 'add dns xxx.xxx.com' under content rule could be used in the standard software. Is this sufficient enough to be as dns server?
Thanks for your help in advance.

licensing hasn't changed for the CSS in a long time.
So this old document still applies
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps789/products_tech_note09186a0080094a76.shtml
The Enhanced feature set contains all components of the Standard feature set and also includes:
Network Address Translation (NAT) Peering
Domain Name Service (DNS)
Demand-Based Content Replication (Dynamic Hot Content Overflow)
Content Staging and Replication
Network Proximity DNS
Content Routing Agent
Client Side Accelerator
Gilles.

How share ADSL Internet connection to all machines without RRAS but using Windows Server DHCP and DNS

Hello!
I have this scenario on my small network with 10 PCs (connecting from outside to inside my network):
1) Modem with ADSL connection
2) Wireless Router with public IP on WAN interface
3) Switch
4) Server 2012 with DC/DHCP/DNS (with 2 NICs) and others servers/desktops machines
I want to share internet to servers and desktops.
I was able to share internet by 2 methods searching on google, but I am not satisfied with them:
First method - Using the Wireless Router and its DHCP Server
I turned on the DHCP inside the Wireless Router. All machines will get an IP and be able to go to Internet, but I don’t have the ability to control the DHCP and DNS in the router
how I would like to have, because the server DHCP and DNS must be turned off on Windows Server.
Second method - Using the Windows Server RRAS NAT, DHCP and DNS server
I have 2 NICs on the server:
NIC1 - CONNECTED TO SWITCH
IP: 192.168.1.1
MSK: 255.255.255.0
GTW:192.168.1.1
DNS:192.168.1.1
NIC2 - CONNECTED TO WIRELESS ROUTER
(the LAN IP of the wireless router is 172.16.0.1)
IP: 172.16.0.2
MSK: 255.255.0.0
GTW: 172.16.0.1
DNS: 172.16.0.1
After installing and setting the RRAS with NAT at the Server, the internet began to work on all machines but at some times the internet stop to load some
random webpages, and if you hit a couple of times the F5 button, the webpage open sometimes, but very, very slow.
I saw other people in foruns saying that RRAS is not very good, and could cause weird things at internet connection, so, now I think the internet is horrible
because of RRAS. After notice that internet is bad I tested it connecting a cable direct to the lan ports of the Wireless Router, and the internet works fast and perfect.
What is the best thing to do in my case to maintain Windows Server DHCP and DNS turned on and Internet be shared without loss of quality?
Thank you!

Hi,
please deploy according to this network topology. please turn off DHCP from router and use internal NAT function to share internet. Detailed configurations:
Router part:
LAN address: 192.168.1.1/24
DHCP part:
scope name : site name
address pool: 192.168.1.3-192.168.1.254
scope options:
router:192.168.1.1
DNS server:192.168.1.2
DNS part:
configure a forwarder to point to the public DNS address such as 8.8.8.8
with these settings, you can maintain Windows Server DHCP and DNS turned on and Internet be shared via hardware router.
Regards,
Mike
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Deleted failed DC from the domain (Server 2012 R2) - Now after doing metadata and DNS cleanup, I can no longer promote a new DC to the domain

I work for a university and teach IT courses to undergrad and graduate students. The details below are pertaining an isolated lab environment
I had a storage failure in my lab and the DCs became corrupt. This is a university lab environment so there isn't anything crucial on here. I just would rather avoid rebuilding the domain/forest and would rather use this as a learning experience with my
students...
So after the storage failed and was restored, the VMs hosted became corrupt. I did a NTDSUTIL to basically repair the NDTS.dit file but one of my DCs reverted to a state before DC promotion. Naturally, the domain still had this object in AD. After numerous
failed attempts at trying to reinstall the DC on the server through the server manager wizard in 2012 R2, I decided that a metadata cleanup of the old failed object was necessary.
Utilizing this article, I removed all references of the failed DC from both AD and DNS (http://www.petri.com/delete_failed_dcs_from_ad.htm)
So now that the failed object is removed completely from the domain and the metadata cleanup was successful, I then proceeded to re-install the necessary AD DS role on the server and re-promote to the existing domain. Pre-Requisites pass but generate some
warning around DNS Delgation, and Dynamic Updates (delegation is ignored because the lab is isolated from external comms, and dynamic updates are in fact enabled on both my _msdcs and root domain zones).
Upon the promotion process, I get the following error message (also worth mentioning - the account performing these operations is a member of DA, EA, and Schema Admins)
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=domainVMDC1,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu on the remote AD DC domainVMDC2. Ensure the provided network credentials have sufficient permissions.
"While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync."
As you can see, this error seems odd considering. Now that I'm down to a single DC and DNS server, the sync should be corrected. I've run a repadmin /syncall and it completed successfully. Since then, I've run dcdiags and dumped those to a text as well and
here are my results...
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = domainVMDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
......................... domainVMDC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Advertising
......................... domainVMDC2 passed test Advertising
Starting test: FrsEvent
......................... domainVMDC2 passed test FrsEvent
Starting test: DFSREvent
......................... domainVMDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... domainVMDC2 passed test SysVolCheck
Starting test: KccEvent
......................... domainVMDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... domainVMDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... domainVMDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... domainVMDC2 passed test NCSecDesc
Starting test: NetLogons
......................... domainVMDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... domainVMDC2 passed test ObjectsReplicated
Starting test: Replications
......................... domainVMDC2 passed test Replications
Starting test: RidManager
......................... domainVMDC2 passed test RidManager
Starting test: Services
......................... domainVMDC2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001795
Time Generated: 12/18/2014 00:35:03
Event String:
The program lsass.exe, with the assigned process ID 476, could not authenticate locally by using the target name ldap/domainvmdc2.domain.school.edu. The target name used is not valid. A target name should
refer to one of the local computer names, for example, the DNS host name.
......................... domainVMDC2 passed test SystemLog
Starting test: VerifyReferences
......................... domainVMDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=domain,DC=school,DC=edu) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Configuration failed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=domain,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... domain failed test CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: LocatorCheck
......................... domain.school.edu passed test
LocatorCheck
Starting test: Intersite
......................... domain.school.edu passed test Intersite
From what I can gather, there is a definite DNS issue but I don't have any stale records to the old DC stored anywhere. I've tried this with a new server as well and get similar errors...
At this rate I'm ready to rebuild the entire forest over again. I'm just reluctant to do so as I want to make this a learning experience for the students.
Any help would be greatly appreciated. Thanks!

As you can see, there seems to be some errors. The one that I did correct was the one around the _msdcs NS record being unable to resolve. For whatever, reason the name wasn't resolving the IP but all other NS tabs and records were. Just that one _msdcs
sub-zone. Furthermore, the mentioning of any connections to root hint servers can be viewed as false positives. There is no external comms to this lab so no communication with outside IPs can be expected. Lastly, they mentioned a connectivity issue yet mention
that I should check the firewall settings. All three profiles are disabled in Windows Firewall (as they have been the entire time). Thank you in advance for your help!
C:\Windows\system32>dcdiag /test:dns /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine domainVMDC2, is a Directory Server.
Home Server = domainVMDC2
* Connecting to directory service on server domainVMDC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=domainVMDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... domainVMDC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... domainVMDC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: DNS
Test results for domain controllers:
DC: domainVMDC2
Domain: domain.school.edu
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS
Microsoft Windows Server 2012 R2 Datacenter (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:A2:2C:24
IP Address is static
IP address: *.*.100.26
DNS servers:
*.*.100.26 (domainVMDC2) [Valid]
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid (unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid (unreachable)]
Name: d.root-servers.net. IP: 199.7.91.13 [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid (unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid (unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid (unreachable)]
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
TEST: Delegations (Del)
Delegation information for the zone: domain.school.edu.
Delegated domain name: _msdcs.domain.school.edu.
Error: DNS server: domainvmdc2. IP:<Unavailable>
[Missing glue A record]
[Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone domain.school.edu
Warning: Failed to delete the test record dcdiag-test-record in zone domain.school.edu
[Error details: 13 (Type: Win32 - Description: The data is invalid.)]
TEST: Records registration (RReg)
Network Adapter [00000010] vmxnet3 Ethernet Adapter:
Matching CNAME record found at DNS server *.*.100.26:
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.a9241004-88ea-422d-a71e-df7b622f0d68.domains._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._udp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kpasswd._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_gc._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.pdc._msdcs.domain.school.edu
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.91.13 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: *.*.100.26 (domainVMDC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: domain.school.edu
domainVMDC2 PASS FAIL FAIL FAIL WARN FAIL n/a
......................... domain.school.edu failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

Can't connect to mail server - DNS Server settings?

Hello:
Let me preface this question by saying that computer networking is not my strong suit.
Last week I moved our web hosting from our ISP to Lunarpages; our domain is marshall-arts.net. I set up some POP email accounts on our new mail servers and was able to successfully send and receive email wirelessly using our G4 ibook. However, none of our networked desktop systems could connect to our new mail server, although they could connect to our ISP's mail server; they also have no problem connecting to the web. The mail server and user names were identical between the desktop systems and the ibook. But upon closer examination of the TCP/IP settings of the ibook I found that the ibook had 209.253.113.10 entered into the DNS Servers (optional) field. That field was blank in the desktop systems. Once I entered that address into the DNS Servers field on the desktop systems they had no problem connecting to our Lunarpages mail servers.
Here's our setup, as best as I can describe it:
We have an AirPort Extreme connected to our DSL router. It's connected via ethernet, configured manually with a static IP, router and DNS server addresses provided by our ISP. It's set to distribute IP addresses with the AirPort client computers sharing a single IP address using DHCP and NAT (10.0.1.1. addressing). It's connected via ethernet to a Linksys gigabit ethernet switch to which we have connected three desktop Macs running OS 10.3.x and 10.4.x.
The TCP/IP of the three desktop systems and the ibook are configured Using DHCP.
As I wrote above, only the ibook had an address entered into the DNS Servers field, 209.253.113.10. This doesn't correspond to anything our ISP provided (those addresses are entered in the AirPort Extreme.) I have no idea where it came from.
So I have two questions:
Would that address have been generated automatically while setting up the AirPort connection on the ibook?
Why would that supposedly optional DNS Server address be required for me to connect to our new mail servers (but not our old ISP mail servers)?
Thank you.
Shawn Marshall
Marshall Arts Motion Graphics
Dual 2.5 Ghz G5 Mac OS X (10.4.7)
Dual 2.5 Ghz G5 Mac OS X (10.4.7)

Hello:
Let me preface this question by saying that computer networking is not my strong suit.
Last week I moved our web hosting from our ISP to Lunarpages; our domain is marshall-arts.net. I set up some POP email accounts on our new mail servers and was able to successfully send and receive email wirelessly using our G4 ibook. However, none of our networked desktop systems could connect to our new mail server, although they could connect to our ISP's mail server; they also have no problem connecting to the web. The mail server and user names were identical between the desktop systems and the ibook. But upon closer examination of the TCP/IP settings of the ibook I found that the ibook had 209.253.113.10 entered into the DNS Servers (optional) field. That field was blank in the desktop systems. Once I entered that address into the DNS Servers field on the desktop systems they had no problem connecting to our Lunarpages mail servers.
Here's our setup, as best as I can describe it:
We have an AirPort Extreme connected to our DSL router. It's connected via ethernet, configured manually with a static IP, router and DNS server addresses provided by our ISP. It's set to distribute IP addresses with the AirPort client computers sharing a single IP address using DHCP and NAT (10.0.1.1. addressing). It's connected via ethernet to a Linksys gigabit ethernet switch to which we have connected three desktop Macs running OS 10.3.x and 10.4.x.
The TCP/IP of the three desktop systems and the ibook are configured Using DHCP.
As I wrote above, only the ibook had an address entered into the DNS Servers field, 209.253.113.10. This doesn't correspond to anything our ISP provided (those addresses are entered in the AirPort Extreme.) I have no idea where it came from.
So I have two questions:
Would that address have been generated automatically while setting up the AirPort connection on the ibook?
Why would that supposedly optional DNS Server address be required for me to connect to our new mail servers (but not our old ISP mail servers)?
Thank you.
Shawn Marshall
Marshall Arts Motion Graphics
Dual 2.5 Ghz G5 Mac OS X (10.4.7)
Dual 2.5 Ghz G5 Mac OS X (10.4.7)

DHCP Reservation Sync and DNS Host record sync etc shown in IPAM GUI

Hello all,
I am aware of the scripts in the TechNet script center to sync DHCP leases etc to IPAM, however my question is about something else -
If you highlight an IP address (IP address inventory->select an IP), You can see fields that say: "DHCP reservation sync", "DNS PTR record sync" and "DNS host record sync" as below:
I was curious as to what these are for. Is there some built-in sync functionality for these that I perhaps have not enabled? (Don't see such options any where..)
thanks,
-Ravi

Hi Ravi ,
The three columns tell us the information of the synchronization between IPAM server and DNS server (or DHCP server) .
Here is the detailed guide for using IPAM :
Using the IPAM Client Console :
https://technet.microsoft.com/en-us/library/jj878351.aspx#inventory
IPAM can sync DNS and DHCP records .
The IPAM database is separate from DHCP and DNS servers on our network ,and full synchronization of hosts and IP addresses between IPAM and managed DNS or DHCP servers does not occur automatically
unless we have configured automated tasks to perform this synchronization .
For detailed information ,see
DNS and DHCP record synchronization chapter in the following link :
Multi-server Management :
https://technet.microsoft.com/en-us/library/jj878329.aspx
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

HH5 issuing wrong IP and DNS address

My Win7 desktop pc is connected via ethernet to a HH5 and worked until this morning when it wouldn't connect to the internet. Various restarts of pc and HH didn't work so I checked the properties of the pc network. It stated that the IP address was valid (192.168.1.65) but the DNS was 192.168.0.254 instead of 192.168.1.254. After I changed it it worked OK so I manually set it to the DNS values in the HH5 setup of 62.6.40.162.
All is working on my pc but now my win7 laptop is having the same problem when connected wirelessly to the HH. Also my Brother wireless printer wouldn't connect so I restarted it's network wizard which seemed to work until I checked the IP address and it's 192.168.0.104 so can't be seen by other devices.
However, assorted iPads and iPhones all seem to connect and get the correct IP and DNS addresses OK giving good internet access.
This only started this morning and as far as I know nothing has changed.
What is going on ?
Oh and I have already tried a factory reset of the HH5 by sticking a pin in the reset hole.

Try disabling IPv6 on the Windows machines.
This suggestion by forum member gg30340, should fix the problem.
Select Start
In the Start Search field type ncpa.cpl and press the Enter key on your keyboard.
In the new window, right-click on your Wireless Network Connection and select Properties.
In the This connection uses the following items section, remove the tick beside (i.e. disable) Internet Protocol Version 6 (TCP/IPv6) and then press OK.
Left click on Internet Protocol IPV4, click on properties. Check the options to obtain IP address and DNS Server address automatically.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

CSS redundant interface and DNS server

Similar Messages

Maybe you are looking for