Do I need AAAA records in DNS for MPs for clients connecting via DirectAccess?
This is my situation:
Have had SCCM 2007 r3 installed for some time
Have DirectAccess implemented for over 2 years
We are in Mixed Mode
Have always had issues with DA connected clients getting adverts from SCCM
DA connected clients do not report heartbeat
In troubleshooting I have added the ipv6 boundaries and followed all the articles on FW settings and DA settings. Still no luck.
I ran across an article that said you need to have AAAA records in DNS for you MPs. Is that true? and if so, how do I get them into DNS as they are not there right now.
Any help (especially if I am on the wrong track) would be helpful.
Thanks
Eric
Yes, I know this is an old post, but I’m trying to clean them up.
No CM07 does not need a AAAA record. Honestly this is going to be a DA issue not a CM07 issue.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ
Similar Messages
-
Need to get a bootable external E-SATA HDD connected via E-SATA ExpressCard adaptor
We need to get a bootable external E-SATA HDD connected via E-SATA ExpressCard adaptor to this laptop however there are 2 main question before we purchase those hardware:
1 - will it be bootable at all?
2 - what speed is going to be provided by the ExpressCard slot on this laptop - is it comparable with E-SATA standard?
I'm purchasing the card here http://www.ebay.com/itm/add-2-eSATA-Hard-Disk-ports-for-Laptop-Notebook-PC-fits-34mm-Expresscard-slo... but still can't understand is it compatible and what speed will I get on the slot of my laptop - taking into account your official specification:
" 1 ExpressCard/54 Slot (also supports ExpressCard/34)"
Could you please advise us on the above?wiki explains that "...The ExpressCard has a maximum throughput of 2.5 Gbit/s through PCI Express and 480 Mbit/s through USB 2.0 dedicated for each slot, while all CardBus devices connected to a computer share a total 1.06 Gbit/s bandwidth." - but:
how can I know whichever bus (PCIExpress or USB) is used in my laptop for this interface? -
Adding AAAA records to DNS manually (Server Manager don't let you add them)
Using the following webpage http://www.isi.edu/~bmanning/v6DNS.html#named.conf I have been able to get IPv6 name resolution setup, so that clients will use IPv6 for connecting to my server on the LAN when possible (e.g. Mail, iChat, Web).
This is working well, and the records also display in Server Manager. I have tested add/remove/update to existing records in DNS to make sure the manually added AAAA records don't get wiped out, and they don't .
NOTE: Put AAAA records above A records. Not sure why, but this prevented a few problems I initially had.
I haven't had a go at making a reverse lookup zone yet for IPv6, but if/when I do, I shall post here.
Below is a before -> after of the following files I had to edit, using nano under sudo in Terminal:
Zone name: test.com
File: /var/named/zones/db.test.com.zone.apple
Owner: root:wheel
*Before AAAA:*
;GUID=9ACB60A1-BB9E-496A-BF3F-D23D8BA52DE4
$TTL 10800
test.com. IN SOA test.com. admin.test.com (
2009081800 ;Serial
86400 ;Refresh
3600 ;Retry
604800 ;Expire
345600 ;Negative caching TTL
test.com. IN NS test.com.
test.com. IN A 172.16.0.143
test.com. IN HINFO "Mac Pro 1.1, 9GB RAM" "Mac OS X Leopard Server 10.5"
SipuraSPA.test.com. IN A 172.16.0.148
camera.test.com. IN A 172.16.0.175
dd-wrt.test.com. IN A 172.16.0.200
XBMC.test.com. IN A 172.16.0.147
XBMC.test.com. IN HINFO "Microsoft XBox" "XBox Media Center"
Office-Mac-mini.test.com. IN A 172.16.0.149
Office-Mac-mini.test.com. IN HINFO "Mac Mini G4" "Mac OS X Leopard 10.5"
N95.test.com. IN A 172.16.0.141
N95.test.com. IN HINFO "Nokia N95 8GB" "Symbian OS"
switch.test.com. IN A 172.16.0.173
ucs.test.com. IN A 172.16.0.230
LinksysPAP.test.com. IN A 172.16.0.152
wireless.test.com. IN A 172.16.0.131
trixbox.test.com. IN A 172.16.0.129
trixbox.test.com. IN HINFO "Dell Precision Workstation" "Trixbox 2.6"
trixbox.test.com. IN TXT "IP PBX"
intranet.test.com. IN A 172.16.0.143
lb.dns-sd.udp IN PTR test.com.
test.com. IN MX 10 test.com.
*After AAAA:*
;GUID=9ACB60A1-BB9E-496A-BF3F-D23D8BA52DE4
$TTL 10800
test.com. IN SOA test.com. admin.test.com (
2009081800 ;Serial
86400 ;Refresh
3600 ;Retry
604800 ;Expire
345600 ;Negative caching TTL
test.com. IN NS test.com.
test.com. IN AAAA 2002:aaaa:aaaa:0000:0217:f2ff:fe04:35ec
test.com. IN A 172.16.0.143
test.com. IN HINFO "Mac Pro 1.1, 9GB RAM" "Mac OS X Leopard Server 10.5"
SipuraSPA.test.com. IN A 172.16.0.148
camera.test.com. IN A 172.16.0.175
dd-wrt.test.com. IN A 172.16.0.200
XBMC.test.com. IN A 172.16.0.147
XBMC.test.com. IN HINFO "Microsoft XBox" "XBox Media Center"
Office-Mac-mini.test.com. IN A 172.16.0.149
Office-Mac-mini.test.com. IN HINFO "Mac Mini G4" "Mac OS X Leopard 10.5"
N95.test.com. IN A 172.16.0.141
N95.test.com. IN HINFO "Nokia N95 8GB" "Symbian OS"
switch.test.com. IN A 172.16.0.173
ucs.test.com. IN A 172.16.0.230
LinksysPAP.test.com. IN A 172.16.0.152
wireless.test.com. IN A 172.16.0.131
trixbox.test.com. IN AAAA 2002:aaaa:aaaa:0000:020d:56ff:fe10:deb7
trixbox.test.com. IN A 172.16.0.129
trixbox.test.com. IN HINFO "Dell Precision Workstation" "Trixbox 2.6"
trixbox.test.com. IN TXT "IP PBX"
intranet.test.com. IN AAAA 2002:aaaa:aaaa:0000:0217:f2ff:fe04:35ec
intranet.test.com. IN A 172.16.0.143
lb.dns-sd.udp IN PTR test.com.
test.com. IN MX 10 test.com.
I hope this comes in handy for someone.
TonyTony,
Be aware that your ;SERIAL directive MUST change if you made changes to the file.
The <serial-number> directive is a numerical value incremented every time the zone file is altered to indicate it is time for named to reload the zone.
I do not know for sure, but this might be why the data has not been wiped out or otherwise modified by Named or might have caused or is hiding some of the difficulty you experienced.
Peter -
Am i on the right track for establishing my client connection with BC4J?
I am developing web-application with BC4J JSP project now. However, I find the auto-generated page not that useful as they are not flexible enough. Then, I decided to write coding by myself. But the first problem is - how to write the coding for client connection? To make maintenance easy, I would like to place those connection code in a class file instead of hard-coding each connection details in my JSP or Servlet page.
Question 1: Through the examples I search in my JDeveloper (Candidate 2) directory, found a file TestClient.java in the \BC4J\samples\Caching\src\demo directory with the following codes:
// Create an instance of the application module by name, using local mode
String _am = "demo.DemoModule"; // Fully-qualified application module name
String _cf = "DemoModuleLocal"; // Configuration name for connection info
ApplicationModule am = Configuration.createRootApplicationModule(_am,_cf);
// Find the Managers view object by name in the application module
ViewObject mgrVO = am.findViewObject("Managers");
// We're done with the AM instance, so release it
Configuration.releaseRootApplicationModule(am,true);
Is it for testing only or really useful for the production environment? Am I doing the right thing if i use such method to establish my web client connection? What's the pros and cons for using this method? Any other better alternatives?
Question 2: As I know BC4J automatically takes care of connection pooling as a default manner since version 3.2. Can I still use the following statement
session.setAttribute("user_name", user_name); //Set session attribute
String user_name = (String) session.getAttribute(user_name); // Get session attribute
to capture and assign client session correctly for individual clients?
Question 3: What codes should I use to achieve 'Transaction' update, which assembles the coding as follows:
Connection.setAutoCommit(false); //disable auto commit
connection.commit();
connection.rollback();
connection.close();
Thanks for answering!!!Question 1: Through the examples I search in my JDeveloper (Candidate 2) directory, found a file TestClient.java in the \BC4J\samples\Caching\src\demo directory with the following codes:
// Create an instance of the application module by name, using local mode
String _am = "demo.DemoModule"; // Fully-qualified application module name
String _cf = "DemoModuleLocal"; // Configuration name for connection info
ApplicationModule am = Configuration.createRootApplicationModule(_am,_cf);
// Find the Managers view object by name in the application module
ViewObject mgrVO = am.findViewObject("Managers");
// We're done with the AM instance, so release it
Configuration.releaseRootApplicationModule(am,true);
Is it for testing only or really useful for the production environment? Am I doing the right thing if i use such method to establish my web client connection? What's the pros and cons for using this method? Any other better alternatives?The Configuration API (createRootApplicationModule, releaseRootApplicationModule) will work. However, please note
that it is intended for java clients that will hold an ApplicationModule reference for a long duration. The BC4J web
frameworks (represented, for example, by the ApplicationModule and ReleasePageResources tags) all use the
SessionCookie interface to acquire/release ApplicationModule instances on a per request basis. This will allow
better scalability. Please see the pooling sample / documentation / javadoc for more information about using these
APIs. The pooling sample servlet is located in \BC4J\samples\Pooling\src\demo\TestPoolServlet.
Question 2: As I know BC4J automatically takes care of connection pooling as a default manner since version 3.2. Can I still use the following statement
session.setAttribute("user_name", user_name); //Set session attribute
String user_name = (String) session.getAttribute(user_name); // Get session attribute
to capture and assign client session correctly for individual clients?BC4J will not interfere with your use of the HttpSession context. How do you intend the "user_name" to be used? Do
you intend it to represent the DB user, JAAS user, etc. If you intend it to be used as the DB user you will need to declare
the "user_name" to BC4J. Please see:
http://technet.oracle.com/products/jdev/howtos/bc4j/howto_dynamic_jdbc.html
Question 3: What codes should I use to achieve 'Transaction' update, which assembles the coding as follows:
Connection.setAutoCommit(false); //disable auto commit
connection.commit();
connection.rollback();
connection.close();ApplicationModule.getTransaction().commit();
ApplicationModule.getTransaction().rollback();
If you are using the Configuration or SessionCookie APIs, as mentioned above, then the connection lifecycle will be
managed for you. So, you should not need to invoke connection.close().
Thanks for answering!!!
Hope this helps.
JR -
Reason for message: another user connected via Sharing
For a bunch of reasons I don't want to get into yet I was wondering if someone could explain this to me:
If you have a desktop and laptop connected through your Airport (private network) and you close your laptop without logging out of the network and then log onto another (unprotected) network and then go to restart and you get the message that there is another user connected to you via Apple File Sharing could that be your own unterminated connection from your desktop? Or does it mean that someone went into your system? (and if that is the case is there a way of knowing what if anything was opened and/or uploaded?) TIAEasiest way to look back is with...
With Sharepoints...
http://www.hornware.com/sharepoints/
And...
http://www.hornware.com/afsmonitor/
IIRc, one allows you to enable the logging, then view with the other.... though it says "current" Users, I think it might inclusde history!?
But in the future I will turn the Airport off before putting the laptop to sleep for the night, if that improves the security.
Actually, the reason for disconnecting before Sleep or Moving away, is so as not to confuse the Macs as to who's on first!
During Sleep, the power to the Airport Transmitter & Receiver is cut off to save power... it deaf, dumb, and blind during Sleep. -
DCDIAG /test:dns result is pested here.
C:\Users\administrator.SUD>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MUM-ADS-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: Connectivity
......................... MUM-ADS-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MUM-ADS-01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sud
Running enterprise tests on : sud.in
Starting test: DNS
Test results for domain controllers:
DC: MUM-ADS-01.sud.in
Domain: sud.in
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: sud-ad.sud.in. IP:<Unavailable>
[Missing glue A record]
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Warning:
Missing AAAA record at DNS server 10.1.6.132:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.132:
gc._msdcs.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
gc._msdcs.sud.in
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: sud.in
MUM-ADS-01 PASS WARN FAIL FAIL PASS WARN n/a
......................... sud.in failed test DNSHi Meinolf,
Please find the IP Details as well as DNS test results.
C:\Users\Administrator.SCI>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MDCDCDNS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: Connectivity
......................... MDCDCDNS passed test Connectivity
Doing primary tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
ERROR: NO DNS servers for IPV6 stack was found
......................... MDCDCDNS passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sci
Running enterprise tests on : sci.com
Starting test: DNS
Test results for domain controllers:
DC: MDCDCDNS.sci.com
Domain: sci.com
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter
[00000009] Microsoft Virtual Network Switch Adapter:
Warning:
Missing AAAA record at DNS server 10.64.7.32:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.32:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
gc._msdcs.sci.com
Warning: Record Registrations not found in some network adapters
MDCDCDNS PASS WARN PASS PASS PASS WARN n/a
......................... sci.com passed test DNS
C:\Users\Administrator.SCI>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MDCDCDNS
Primary Dns Suffix . . . . . . . : sci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sci.com
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : External Internal Virtual Network
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.64.7.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.64.7.1
DNS Servers . . . . . . . . . . . : 10.64.7.32
10.64.7.35
10.20.33.72
10.20.33.71
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TEAM : Team #1
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.105.163(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2D5A4A27-298F-48E5-A376-EA886EF1E
42A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{14FA7CD4-8B69-4C86-A58B-056793B7D
901}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Please check and revert back for any queries..
Thanks...
Deva Self-trust is the first secret of success. -
AD DS Config problem (The AAAA record for this DC was not found) Cannot connect to ADUC
I am trying to figure out what is wrong with my AD DS Config. I ran dcdiag. The results were:
C:\Users\Administrator>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = R210_1_2K12
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\R210_1_2K12
Starting test: Connectivity
......................... R210_1_2K12 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\R210_1_2K12
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... R210_1_2K12 passed test DNS
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : bcas-tbf
Running enterprise tests on : bcas-tbf.local
Starting test: DNS
Test results for domain controllers:
DC: R210_1_2K12.bcas-tbf.local
Domain: bcas-tbf.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter [00000017] Hyper-V Virtual Ethernet Adapter:
Warning:
Missing AAAA record at DNS server 172.16.0.202:
R210_1_2K12.bcas-tbf.local
Warning:
Missing AAAA record at DNS server 172.16.0.202:
gc._msdcs.bcas-tbf.local
Warning:
Missing AAAA record at DNS server ::1:
R210_1_2K12.bcas-tbf.local
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.bcas-tbf.local
Warning: Record Registrations not found in some network adapters
R210_1_2K12 PASS WARN PASS PASS PASS WARN n/a
......................... bcas-tbf.local passed test DNS
IPCONFIG info:
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : R210_1_2K12
Primary Dns Suffix . . . . . . . : bcas-tbf.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bcas-tbf.local
Ethernet adapter vEthernet (Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client
) #36 - Virtual Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-26-B9-7E-81-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bda9:1a28:974a:5fc3%19(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.0.202(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
DHCPv6 IAID . . . . . . . . . . . : 335554233
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0A-52-45-00-26-B9-7E-81-75
DNS Servers . . . . . . . . . . . : ::1
172.16.0.202
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{AE70C63E-0A8A-4461-A789-8E4CD99CEA46}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1cf5:1d4f:53ef:ff35(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::1cf5:1d4f:53ef:ff35%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
I'm unsure of what the problem is or what to do next. Thank You.Disable IPv6 according to Pauls blog:
Disabling
IPv6 on Windows 2008
After disabling run:
ipconfig /flushdns
ipconfig /registerdns
restart the netlogon service or reboot.
For co-existence from IPv4 and IPv6 see:
Configuring DNS for IPv6/IPv4
Coexistence
IPv6
for the Windows Administrator: How Name Resolution Works in a Dual IPv4/IPv6 Scenario
IPv6 for the Windows Administrator: IPv6 Fundamentals
Hopefully, that fixes your issue. Added some links to read in cause you want to.
If it answered your question, remember to “Mark as Answer”.
If you found this post helpful, please “Vote as Helpful”.
Postings are provided “AS IS” with no warranties, and confers no rights.
Active Directory: Ultimate Reading Collection -
Secondary DNS failing to redirect clients when Primary DNS goes down
I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual). Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x).
All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS.
DHCP is enabled only on DC1. (This might be part of the issue, not sure).
The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients. Trying to pull up any website results in a "Page cannot be displayed" error. DC2 is available during this time and can be
pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations. However I can log on to DC2 locally and browse the web.
Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server DC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : mydomain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : mydomain.com
Starting test: DNS
Test results for domain controllers:
DC: DC2.mydomain.com
Domain: mydomain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Standard
(Service Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:91:59:68
IP Address is static
IP address: 192.168.0.249
DNS servers:
192.168.0.105 (DC1.mydomain.com.) [Valid]
127.0.0.1 (DC2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.105 (DC1.mydomain.com.) [Valid]
192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
TEST: Delegations (Del)
Delegation information for the zone: mydomain.com.
Delegated domain name: _msdcs.mydomain.com.
DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone mydomain.com
Test record _dcdiag_test_record deleted successfully in zone mydomain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Matching CNAME record found at DNS server 192.168.0.249:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Warning: Record Registrations not found in some network adapters
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.168.0.105 (DC1.mydomain.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.mydomain.com. is operational on IP 192.168.0.105
DNS server: 192.168.0.249 (DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: mydomain.com
DC2
PASS WARN FAIL PASS PASS WARN PASS
......................... mydomain.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: IntersiteLooks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
Check out this article:
http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
See if you can enable DNS access through the firewall to the Internet if it's not already available. Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers. Alternativly,
you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Using Exchange 2013 (e2013), SP1.
Three locations. (Let's say Location-A, -B, and C.)
Each Location is an AD site, and physically "remote" from the others.
Each location will have one e2013 server, each server running both CAS and Mailbox function.
The main location ( LOC-A) is where all external OWA and EAS will "enter" from the Internet, via a firewall.
The E2013 server there will "connect" (?) to the e2013 server for "this mailbox",...at any of the 3 locations.
What "special" configuration do we need on the 2 remote/other e2013 servers for OWA virtual directory (or similar).
It looked like it was working "out of the box".
Some users work OK, with no special changes to anything.
But some users have OWA in a "never ending wait" (browser appears to spin forever),
and that might be due to a different Language at the other locations.
I guess Exchange knows how to "internally route" the OWA traffic from the LOC-A CAS to the LOC-B CAS.
(In Exchange 2007 we called this "Exchange CAS proxy" as I recall, but not sure that term is correct in e2013.)
Thanks.
==Hi,
L-A
L-B
L-C
User-A
User-B
User-C
Mailbox-A
Mailbox-B
Mailbox-C
CAS-A
CAS-B
CAS-C
Exchange-A
Exchange-B
Exchange-C
User-A logon OWA in L-B.
Based on my knowledge, if User-A logon OWA in L-B, CAS-B would accept the request first.
Then it detect the User-A's mailbox located in L-A. CAS-B will proxy this request to CAS-A.
I find a great blog for your reference:
Client Connectivity in an Exchange 2013 Coexistence Environment
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Thanks
Mavis Huang
TechNet Community Support -
Do I need to run local DNS server for NAT/DHCP to work?
Hello,
I'm coming across all kinds of explanations how to set up a server for public access, having a static IP and a pointed domain, but I have a dynamic public IP and don't need the server to be accessible through a domain name. I just want all the computers in my office to connect to the web over 1 cable connection. I've used Gateway Setup Assistant to set up NAT and DHCP and DNS and what not, but it didn't work out of the box. After some bootpd.plist fixes I now have DHCP working, it's handing out IP addresses, but all LAN connected machines cannot get onto the web, only the server can.
What am I doing wrong? Should I configure my DNS server differently? Or should it not be on at all, couldn't the local machines use my ISP's DNS servers?
Currently DNS is configured like this:
Settings are:
accept recursive queries from the following networks: localnets
forwarder IP addresses: (empty)
Zones are:
private. primary zone
134.23.24.in-addr.arpa. reverse zoneThough still a valid question for others I guess, I got my DNS working. The network preferences didn't have external DNS servers configured for the local network interface.
-
Serving static AAAA records with IOS' DNS server
Hi guys,
Has anyone managed to get IOS to serve statically defined AAAA records? I do this just fine with A records as such :
On the router :
ip dns server
ip host ns.example.com 1.1.1.1
ip host somehost.example.com 1.1.1.2
ip dns primary example.org soa ns.example.org [email protected] 21600 900 7776000 86400
From the Linux box :
unixhost$ dig @1.1.1.1 somehost.example.com
; <<>> DiG 9.8.1-P1 <<>> @1.1.1.1 somehost.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;somehost.example.com. IN A
;; ANSWER SECTION:
somehost.example.com. 10 IN A 1.1.1.2
;; Query time: 1 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Aug 15 00:42:11 2012
;; MSG SIZE rcvd: 50
Interestingly whenever I add a static ipv6 entry, I get the SOA as an answer instead of the actual AAAA record. But from the router itself, it can use the statically defined hosts just fine.
On the router :
ipv6 host somehost.example.com 2001:1:1:1::2
From the Linux box :
unixhost$ dig -t AAAA @1.1.1.1 somehost.example.com
; <<>> DiG 9.8.1-P1 <<>> -t AAAA @1.1.1.1 somehost.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53347
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;somehost.example.com. IN AAAA
;; AUTHORITY SECTION:
somehost.example.com. 86400 IN SOA ns.example.com. [email protected]. 3553994542 21600 900 7776000 86400
;; Query time: 1 msec
;; SERVER: 192.168.200.252#53(192.168.200.252)
;; WHEN: Wed Aug 15 00:42:22 2012
;; MSG SIZE rcvd: 108
But from the router, it works just fine :
router#ping ipv6 somehost.example.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1:1:1::2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
I'm running 15.2(2)T1.
Thanks,
Eric LauriaultHello Everyone,
in case someone runs into this thread: In our case it turned out that the problem was related to the DNS Server service. Regardless of the above configuration settings on the NIC and in the registry, the DNS server will always register in DNS using
all of its IPs that the service is listening on. To change this behaviour you can tell the DNS service to only register individual IPS in the registry:
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Add a Reg_Multi_SZ called "PublishAddresses" and specify the list of IPs
In our case we added just one of the three configured IPs and from then on the server only registered this address and not the other ones.
Regards
HarryNew -
"it's always DNS" - Need Help setting network/DNS settings for MacMini Serv
Well, I must admit defeat and ask for help. I've set up an Xsan or 2, but for the life of me cannot set up my mac mini server. My basic two problems seem to be these:
1) Service Order in System Preferences/Network
I want to run my private LAN through Ethernet, using a 10.1.17. IP range, and use my Airport Extreme Base Station (Technically a Time Capsule) for the Public ISP 192.168.1 DHCP service. Cannot get both to work. The only way I can get the server to work and to be able to login using Open Directory is to either set the Ethernet as Primary for both my client and server, in which case there is no internet service AT ALL for either. I have a sneaking suspicion it has something to do with either DNS or a few extra DNS entries in the ethernet or airport categories, but for the life of me I cannot find the right combination. Is there any way to have BOTH Ethernet LAN and Airport internet service?
2) Related to the first question, I think, is that my local FQDN (not registered, just meant for internal LAN use only right now) and DNS name only show up to my client computer in Server Admin, Directory Utility, Workgroup Manager if I DISABLE my airport card. Otherwise, they come up as <servername>.local and not the FQDN <servername>.editdog.com, and I cannot login using OD.
3) I'm not sure what happend to the Binding I used to have to do in OSX Server 10.5, but maybe that's the issue? I have the Peachpit OSX Server Essentials Book, and it's been less than helpful.
Any ideas out there?bump
-
DNS is waiting for AD to signal the initial replication has completed
Hello,
First off, thank you for your help in advanced. Any help you can offer would be appreciated, and let me know if there's more information you need
me to provide, or utilities to run.
I have just joined a Server 2012 R2 DC to my Server 2008 R2 domain. Topology is it only had one DC previously, the 2008 R2, running AD/DNS/DHCP.
I ran the forest prep & domain prep on the 2008 R2 domain controller, then ran a dcpromo on the 2012 R2. From there, I migrated the FSMO roles over to the 2012 R2 server using ntdsutil.exe. The ultimate goal is to retire the 2008 R2 DC and
bring on line a 2nd 2012 R2 DC for this domain.
My Issues
Windows 7 client PC's do not always resolve/pass traffic to the Server 2012 R2 server, sometimes I need to ping
the server by IP before it will resolve, other times if I just repeatedly double click on the shared folder mapped to the Server 2012 R2 DC it will work eventually. This is intermittent/random,
and not always repeatable with any specific procedures. Sometimes the user will be working, then all of the sudden they can't resolve DNS to the internet, nor internally.
I am getting the following errors in the event log on my 2012 R2 DC
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/16/2014 8:02:34 PM
Event ID: 4013
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: HSSserver.carman.local
Description:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there
is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will
be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:56:17 PM
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HSSserver.carman.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has
not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Partitions,CN=Configuration,DC=carman,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This
may be done using the steps provided in KB articles 255504 and 324801 on.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:56:17 PM
Event ID: 2092
Task Category: Replication
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HSSserver.carman.local
Description:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has
not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=carman,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity,
DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This
may be done using the steps provided in KB articles 255504 and 324801 on
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Log Name: DFS Replication
Source: DFSR
Date: 3/16/2014 11:21:43 PM
Event ID: 5014
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: HSSserver.carman.local
Description:
The DFS Replication service is stopping communication with partner CARMANSERVER for replication group Domain System Volume due to an error. The service will retry the connection periodically.
Additional Information:
Error: 1726 (The remote procedure call failed.)
Connection ID: 020D5B10-4876-4888-9214-45E3D8B3206D
Replication Group ID: 8A8ADB84-CB25-495E-8C28-AE9FD1761E85
From the Server 2008 R2 DC, I get the following errors/warnings in my event log:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 3/16/2014 8:02:45 PM
Event ID: 2088
Task Category: DS RPC Client
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: CARMANSERVER.carman.local
Description:
Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy,
users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory Domain Services forest,
including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
HSSserver.carman.local
Failing DNS host name:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following
diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source
domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view <DC
name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered,
using the DNS Enhanced version of DCDIAG.EXE available on
dcdiag /test:dns
4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the
destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was found.
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/16/2014 8:02:19 PM
Event ID: 4013
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there
is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be
logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 3/16/2014 8:01:55 PM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: CARMANSERVER.carman.local
Description:
Name resolution for the name _ldap._tcp.dc._msdcs.carman.local timed out after none of the configured DNS servers responded.
Log Name: System
Source: NETLOGON
Date: 3/16/2014 8:02:07 PM
Event ID: 3096
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The primary Domain Controller for this domain could not be located.
Log Name: System
Source: Microsoft-Windows-WinRM
Date: 3/16/2014 8:05:08 PM
Event ID: 10154
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
The WinRM service failed to create the following SPNs: WSMAN/CARMANSERVER.carman.local; WSMAN/CARMANSERVER.
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/16/2014 10:50:55 PM
Event ID: 10009
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CARMANSERVER.carman.local
Description:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocolsSorry, the forum limited me to only 60000 characters per post, so here is some more detailed information:
Here's some initial diags/info from my server 2012 DC:
c:\windows\system32\dcdiag /test:DNS /v /e
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine HSSserver, is a Directory Server.
Home Server = HSSserver
* Connecting to directory service on server HSSserver.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=carman,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=carman,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=CARMANSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=HSSSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=carman,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CARMANSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
The clock difference between the home server HSSSERVER and target
server CARMANSERVER is greater than one minute. This may cause
Kerberos authentication failures. Please check that the time service
is working properly. You may need to resynchonize the time between
these servers.
......................... CARMANSERVER passed test Connectivity
Testing server: Default-First-Site-Name\HSSSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... HSSSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CARMANSERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\HSSSERVER
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
Starting test: DNS
See DNS test in enterprise tests section
for results
......................... HSSSERVER passed test DNS
See DNS test in enterprise tests section for results
......................... CARMANSERVER passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : carman
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : carman.local
Starting test: DNS
Test results for domain controllers:
DC: HSSserver.carman.local
Domain: carman.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2012 R2 Standard
(Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is F0:1F:AF:E1:D1:C4
IP Address is static
IP address: 192.168.17.7, fe80::35d3:8713:ce0a:3680
DNS servers:
192.168.17.7
(HSSSERVER) [Valid]
192.168.17.5 (carmanserver.carman.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.220.220 (<name unavailable>) [Valid]
208.67.222.222 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: carman.local.
Delegated domain name: _msdcs.carman.local.
DNS server: carmanserver.carman.local. IP:192.168.17.5 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone carman.local
Test record dcdiag-test-record deleted successfully in zone carman.local
TEST: Records registration (RReg)
Network Adapter
[00000010] Broadcom NetXtreme Gigabit Ethernet:
Matching CNAME record
found at DNS server 192.168.17.7:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.7:
HSSserver.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.e6c304e4-c161-4258-8d51-5a2f20a61c7a.domains._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._udp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kpasswd._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_kerberos._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.gc._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.7:
gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_gc._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.7:
_ldap._tcp.pdc._msdcs.carman.local
Matching CNAME record
found at DNS server 192.168.17.5:
25346b74-2fc2-4311-a54d-d500669d4026._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.5:
HSSserver.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.e6c304e4-c161-4258-8d51-5a2f20a61c7a.domains._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._udp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kpasswd._tcp.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_kerberos._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.gc._msdcs.carman.local
Matching A record found
at DNS server 192.168.17.5:
gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_gc._tcp.Default-First-Site-Name._sites.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.carman.local
Matching SRV record
found at DNS server 192.168.17.5:
_ldap._tcp.pdc._msdcs.carman.local
DC: CARMANSERVER.carman.local
Domain: carman.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard
(Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5716C NetXtreme II
GigE (NDIS VBD Client):
MAC address is A4:BA:DB:12:D1:77
IP Address is static
IP address: 192.168.17.5
DNS servers:
127.0.0.1
(carmanserver.carman.local.) [Valid]
192.168.17.7 (HSSSERVER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
208.67.220.220 (<name unavailable>) [Valid]
208.67.222.222 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: carman.local.
Delegated domain name: _msdcs.carman.local.
DNS server: carmanserver.carman.local. IP:192.168.17.5 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone carman.local
Test record dcdiag-test-record deleted successfully in zone carman.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5716C NetXtreme II
GigE (NDIS VBD Client): -
DNS load balancing for Enterprise serevrs
Hi All
In my test Lync 2010 Enterprise environments, recently i have implemented the DNS load balancing with webservices
My environment is two lync 2010 ent servers , 1 SQL server, 1 Monitoring + Archive server (Same Box)
The below steps was performed from me for DNS load balancing.
PLEASE NOTE: NO HARDWARE LOAD BALANCING IN MY SETUP
Create a Host record for the Pool name with respective front end servers
Pool name : Pool2.doitnow.com with 2 lync 2010 enterprise servers named lyncfe01n.doitnow.com (192.168.1.5) and lyncfe02.doitnow.com (192.168.1.6)
Two host A records in DNS as POOl2 with IP of 192.168.15 and 192.168.1.6
1. From the Lync Server 2010 program group, open Topology Builder.
2. From the console tree, expand the Enterprise Edition Front End pools node.
3. Right-click the pool, click Edit Properties, and then click
Web Services.
4. Below Internal web services, select the Override FQDN check box.
5. Type the pool FQDN that resolves to the physical IP addresses of the servers in the pool. in
(my case it is Pool2.doitnow.com )
6. Below External web services, type the external pool FQDN that resolves to the virtual IP addresses of the pool, and then click
OK. ((my case it is Pool2.doitnow.com ) - is that REQUIRED ?
7. From the console tree, select Lync Server 2010 , and then in the
Actions pane, click Publish Topology.
IS THERE ANY THING TO BE DONE APART fROM ABOVE POINTS
Now
what i did is. in lyncfe01n.doitnow.com - i have disabled the network card and try to login lync 2010 client , but not succeesfull
my assumption is, it should work via lyncfe02.doitnow.com, since load balanace in DNS is in already in place
do i need to open / firewall rule to be creany port in second lync server
here is the below seqeunce of event viwer from lync
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:34:31 PM
Event ID: 32108
Task Category: (1006)
Level: Warning
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Pool Manager changed state of Registrar with FQDN: lyncfe02.doitnow.com to Inactive.
======
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:35:01 PM
Event ID: 32109
Task Category: (1006)
Level: Information
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Pool Manager changed state of Registrar with FQDN: lyncfe02.doitnow.com to Active
====
Log Name: Lync Server
Source: LS Routing Data Sync Agent
Date: 1/14/2014 3:50:58 PM
Event ID: 48003
Task Category: (1058)
Level: Information
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
The Routing Data Sync Agent has initiated a sync cycle with: [pool2.doitnow.com]
=====
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:56:21 PM
Event ID: 32108
Task Category: (1006)
Level: Warning
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Pool Manager changed state of Registrar with FQDN: lyncfe02.doitnow.com to Inactive.
===============
Log Name: Lync Server
Source: LS File Transfer Agent Service
Date: 1/14/2014 3:56:45 PM
Event ID: 1008
Task Category: (1121)
Level: Error
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Failed to read Central Management database information from AD connection point. Microsoft Lync Server 2010, File Transfer Agent will continuously attempt to retrieve this information.
While this condition persists, configuration changes will not be delivered to replica machines.
Exception:
Microsoft.Rtc.Management.ADConnect.ADTransientException: Active Directory error "-2147016646" occurred while searching for domain controllers in domain "doitnow.com": "The server is not operational.
Name: "doitnow.com"
" ---> System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational.
Name: "doitnow.com"
---> System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
--- End of inner exception stack trace ---
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.GetDCForDomain(String fqdn, NetworkCredential networkCredential)
--- End of inner exception stack trace ---
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.GetDCForDomain(String fqdn, NetworkCredential networkCredential)
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.DiscoverDC()
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.ReportDownServer(String serverName, ADServerRole role)
at Microsoft.Rtc.Management.ADConnect.Connection.ADConnection.MarkDown(LdapError ldapError, String message)
at Microsoft.Rtc.Management.ADConnect.Connection.ADConnection.AnalyzeDirectoryError(DirectoryException de)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.AnalyzeDirectoryError(ADConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Find(ADObjectId rootId, String optionalBaseDN, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate
arrayCreator, Boolean includeDeletedObjects)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.GetTopologySetting()
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.GetBackEndServer()
at Microsoft.Rtc.Xds.Replication.Common.Utils.TryGetConnectionPointFromAD(String& sqlStorePath, Exception& exception)
Cause: Possible issues with configuration or AD access.
Resolution:
Ensure that activation is completed and AD is accessible from this machine.
at Microsoft.Rtc.Xds.Replication.Common.Utils.TryGetConnectionPointFromAD(String& sqlStorePath, Exception& exception)</Data>
====================
Log Name: Lync Server
Source: LS Master Replicator Agent Service
Date: 1/14/2014 3:56:45 PM
Event ID: 2014
Task Category: (2122)
Level: Error
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Failed to read Central Management database information from AD connection point. Microsoft Lync Server 2010, Master Replicator Agent will continuously attempt to retrieve this information.
While this condition persists, configuration changes will not be delivered to replica machines.
Exception:
System.ApplicationException: Domain "doitnow.com" cannot be contacted or does not exist. ---> System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException: The specified domain does not exist or cannot be contacted.
at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.GetDCForDomain(String fqdn, NetworkCredential networkCredential)
--- End of inner exception stack trace ---
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.GetDCForDomain(String fqdn, NetworkCredential networkCredential)
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.DiscoverDC()
at Microsoft.Rtc.Management.ADConnect.Connection.DirectoryServicesTopologyProvider.ReportDownServer(String serverName, ADServerRole role)
at Microsoft.Rtc.Management.ADConnect.Connection.ADConnection.MarkDown(LdapError ldapError, String message)
at Microsoft.Rtc.Management.ADConnect.Connection.ADConnection.AnalyzeDirectoryError(DirectoryException de)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.AnalyzeDirectoryError(ADConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Find(ADObjectId rootId, String optionalBaseDN, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate
arrayCreator, Boolean includeDeletedObjects)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties)
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.GetTopologySetting()
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.GetBackEndServer()
at Microsoft.Rtc.Xds.Replication.Common.Utils.TryGetConnectionPointFromAD(String& sqlStorePath, Exception& exception)
Cause: Possible issues with configuration or AD access.
Resolution:
Ensure that activation is completed and AD is accessible from this machine.
===============
Log Name: Lync Server
Source: LS Inbound Routing
Date: 1/14/2014 3:56:46 PM
Event ID: 45005
Task Category: (1037)
Level: Error
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Unexpected exception occurred in the Inbound Routing Application.
======================================
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:56:53 PM
Event ID: 30975
Task Category: (1006)
Level: Warning
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Encountered a connection failure while executing a request against the back-end.
Back-end: sql.doitnow.com\rtc
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:56:53 PM
Event ID: 32134
Task Category: (1006)
Level: Error
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Failed to connect to back-end database. Lync Server will continuously attempt to reconnect to the back-end. While this condition persists, incoming messages will receive error responses.
Back-end Server: sql.doitnow.com\rtc Database: rtc Connection string of:
driver={SQL Server Native Client 10.0};Trusted_Connection=yes;AutoTranslate=no;server=sql.doitnow.com\rtc;database=rtc;
Cause: Possible issues with back-end database.
Resolution:
Ensure the back-end is functioning correctly.
=================
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:56:53 PM
Event ID: 32112
Task Category: (1006)
Level: Warning
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Pas with FQDN: Pool2.doitnow.com has been detected to be down.
=================
Log Name: Lync Server
Source: LS User Services
Date: 1/14/2014 3:56:54 PM
Event ID: 32098
Task Category: (1006)
Level: Warning
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Failed processing conference status requests. This error might delay the freeing up of PSTN meeting ids in conference directories homed on this pool.
Error code: 0x800407D0
Cause: Possible issues with back-end or Lync Server health.
Resolution:
Ensure the Lync Server service is healthy.
===========
Log Name: Lync Server
Source: LS User Replicator
Date: 1/14/2014 3:58:33 PM
Event ID: 30022
Task Category: (1009)
Level: Warning
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
The connection to domain controller DC01.doitnow.com appears to have been terminated. The domain controller could have gone down. User Replicator will attempt to reconnect to an available domain controller for this domain.
=====
Log Name: Lync Server
Source: LS File Transfer Agent Service
Date: 1/14/2014 3:58:43 PM
Event ID: 1035
Task Category: (1121)
Level: Error
Keywords: Classic
User: N/A
Computer: lyncfe01n.doitnow.com
Description:
Failed to register with back-end database. Microsoft Lync Server 2010, File Transfer Agent will continuously attempt to reconnect to the back-end. While this condition persists, no replication will be done.
The Connection string: Data Source = sql.doitnow.com\rtc;
Database = xds;
Max Pool Size = 5;
Connection Timeout = 60;
Connection Reset = false;
Enlist = false;
Integrated Security = true;
Pooling = true;
Exception: [-1] Could not connect to SQL server : [Exception=System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that
the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject)
at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.Rtc.Common.Data.DBCore.PerformSprocContextExecution(SprocContext sprocContext)]
Cause: Possible issues with back-end database.
Resolution:
Ensure the back-end is functioning correctly.
=================Thanks Andrew.
may be i missed to create SRV records for the second FE server - Let me check this point and come back -- is it mandatory to create the SRV records for second FE server?
Are the clients using "Automatic Configuration"? Yes.
so web service need a hardware load balancer right? -
DNS best practices for hub and spoke AD Architecture?
I have an Active Directory Forest with a forest root such as joe.co and the root domain of the same name, and root DNS servers (Domain Controllers) dns1.joe.co and dns2.joe.co
I have child domains with names in the form region1.joe.com, region2.joe.co and so on, with dns servers dns1.region1.joe.co and so on.
Each region has distribute offices that may have a DC in them, servers named in the form dns1branch1.region1.joe.co
Over all my DNS tests out okay, but I want to get the general guidelines for setting up new DCs correct.
Configuration:
Root DC/DNS server dns1.joe.co adapter settings points DNS to itself, then two other root domain DNS/DCs dns2.joe.co and dns3.joe.co.
The other root domain DNS/DCs adapter settings point to root server dns1.joe.co and then to itself dns2.joe.co, and then 127.0.0.1
The regional domains have a root dns server dns1.region1.joe.co with adapter that that points to root server dns1.joe.co then to itself.
The additional region domain DNS/DCs adapter settings point to dns1.region1.joe.co then to itself then to dn1.joe.co
What would you do to correct this topology (and settings) or improve it?
Thanks in advance
just davidHi,
According to your description, my understanding is that you need suggestion about your DNS topology.
In theory, there is no obvious problem. Except for the namespace and server plaining for DNS, zone is also needed to consideration. If you place DNS server on each domain and subdomain, confirm that if the traffic browsed by DNS will affect the network performance.
Besides, fault tolerance and security are also necessary.
We usually recommend that:
DC with DNS should point to another DNS server as primary and itself as secondary or tertiary. It should not point to self as primary due to various DNS islanding and performance issues that can occur. And when referencing a DNS server on itself, a DNS client
should always use a loopback address and not a real IP address. detailed information you may reference:
What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
How To Split and Migrate Child Domain DNS Records To a Dedicated DNS Zone
http://blogs.technet.com/b/askpfeplat/archive/2013/12/02/how-to-split-and-migrate-child-domain-dns-records-to-a-dedicated-dns-zone.aspx
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Maybe you are looking for
-
Magic Track Pad disconnecting after upgrading to Maverick
My magic track pad has worked flawlessly since purchased with my iMac in 2011. After upgrading to Mavericks it now randomly disconnects and is scrolling in reverse. In order to get it working all I need do is turn on the mouse and when it connects, t
-
my mac is from around 2005. is there any possible way me to put os x mountain lion onto my mac
-
My 2012 OSX doesn't open WMV downloads
How can I allow WMV files to download? Richard
-
Bringing the nor rebate condition type in rebate credit memo request.
Dear Gurus, Is it possible, to bring the discount condition type say Zxxx(which is not a rebate relevant) in the rebate credit memo request. In the credit memo request, while doing price analysis I can see the condition type Zxxx with the message co
-
I bought my first Apple Computer in 1987 used, but working perfectly. Since that time, I have had five Mac Computers and three IPods. I had one repair in that time which was not Apple's failure; a collegue had spilled coffee on it. But my most rece