Internal DNS Caching - Different than External DNS Caching?

Similar Messages

• What Is an Appropriate Hostname & DNS Zone Configuration for External DNS Setup?

  I setup servers that are hosted on a secure external data centre. The data centre has its own DNSS, so the DNS service is never setup on the server itself, and is handled by the data centre. I have already setup a handful of servers, and they all seem to be working well. Nevertheless, a couple of people in these discussions have told me, that I'm not setting the servers up 'properly' because of the way I'm naming the server - ie., they believe I'm assigning a 'wrong' hostname - and because of the way I'm setting up subdomains in the zone file. Here is how I'm currently doing it:
  CURRENT SETUP:
  The server is public, and it is also the ONLY machine publicly in the domain zone. So, if the client's domain is "example.com", there is only one machine that will respond to all services in that domain. Because of this:
  - Server Hostname: "example.com"
  - reverse DNS PTR record points to "example.com"
  -  'mail.example.com', 'www.example.com', 'ftp.example.com', etc, are all setup as A records that point to the same IP address as "example.com".
  This has been working fine so far. I have not had any problems with any service, including mail. However, a couple of people suggested that "example.com" is not a fully qualified domain name, and that this setup is therefore  'incorrect', and that it will cause me problems in the future. They suggest I should be setting these servers up like this:
  SUGGESTED SETUP:
  - Server Hostname: "server.example.com"
  - reverse DNS PTR record points to "server.example.com"
  - setup "www.example.com" as a record pointing to the same IP address as "server.example.com", but avoid setting up other subdomains unless absolutely necessary - ie., tell client to use "server.example.com" as the 'proper' address for mail/ftp/etc.
  Technically, 'net', 'company.net' and 'server.company.net' can all be fully qualified domain names, if each one of them points unequivocally to a single IP address. An domain name is not fully qualified, for instance, when it points to a subnet instead of a single IP address. Using "example.com" as a FQDN is technically correct. However, what is 'technically correct' and what Server considers acceptable are not always the same thing....
  I certainly don't want my clients to have problems in the future, and if OS X Server is going to misbehave because of the way I'm setting up my hostname and zone files, I need to know for sure NOW rather than later!

  I'm the "other people" referenced here.
  For general information on DNS, please acquire and skim a copy of Cricket Liu's DNS and BIND book.  It was on its fifth edition when last I checked.  DNS server on OS X Server is the ISC BIND server, which is discussed in that book in some detail.
  If configuring OS X Server in a data center, the OS X Server box probably does not want (nor need) to be running a local DNS server.  (Running local DNS services just means that DNS server will potentially become part of a DNS DDoS, if who can issue queries to the server isn't carefully controlled.)  Use the DC DNS server(s).
  If you want the domain itself to be used as an IP address (eg: example.com), then that's usually an A record, particularly if you're getting email via that domain (and not an MX record going elsewhere).  Some versions of OS X Server have had some issues with setting up this record within Server Admin.app and Server.app.
  The previous issues were likely due to stale DNS translations lurking within the configuration, and caching of that data up to the TTL.  (FWIW, this discussion is related to this thread and this thread.)

• Change External DNS on sbs2008 server

  Hi
  I want to change my internet connection and move it to another ISP.
  The SBS2008 server is also the internal DNS Server, but witch external DNS servers does the SBS2008 server use? I can't find the IP-adresses of the external dns servers, i want to change them to the DNS servers of mij new ISP.
  Regars.. Jo

  Hi:
  You can check this in the DNS app under Admin tools.  Your dns server can either use root hints or forwarders.  Forwarders are found by right clicking the name of the server and properties, forwarders tab.
  If root hints, and it is working for you, then no need to change.  If Forwarders, you can either change them in the properties of the DNS server - forwarders or run the wizard to connect to the internet on the SBS Console.
  Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

• External DNS reference in ACE

  I have an External DNS: 12.53.18.186
  I have IP (VIP): 10.35.153.69
  How to configure ACE to reference this external DNS IP? (what are comds, or better still, URL reference.)

  Andrew,
  Sure; below is the basic ACE lb template the program manager handed off to me:
  =================================================================================
  Complete Description of the Request: Implement Load Balancer on VLAN 401 in XYZ Dallas
  App: Production Extranet Farm
  Test/Prod: Production
  IP (VIP): 10.35.153.69
  DNS: bpnwww.mbco.com
  External DNS: 12.53.18.186
  Virtual Service Port: 80, 443, 4081
  Real Server Name: mbsdalweb15, mbsdalweb23, mbsdalweb24, mbsdalweb25, mbsdalweb26, mbsdalweb27, mbsdalweb28
  Real Server IP: 10.35.153.68, 10.35.153.55, 10.35.153.56, 10.35.153.57, 10.35.153.58, 10.35.153.59, 10.35.153.60,
  Ports to be balanced: 80, 443, 4081
  Load-Balancing Method: Least Connections
  Persistence Method: Yes, timeout = 1260 seconds
  Rules: None required.
  Health Monitor: ICMP Ping to server
  ==============================================================================
  Thanks for any assist you can give,
  jack

• External DNS cache slow to update?

  Hello.
  Is there something in OS X 10.5 Server (which all machines use for their DNS server) that caches external DNS requests? I often find, within our network, external DNS cache is slow to be updated.
  For example, right now, I just moved servers for a project I'm working on (well, I moved it 12 hours ago) and updated the DNS/zone file for it. When I'm outside our network, tracecroutes of the domain point to the new server. But, when I'm within the network, traceroutes still point to the old server.
  The reason I think this has something to do with OS X 10.5 Server is, on the machine I'm sitting at right now, when DNS is set to the IP of the OS X 10.5 Server, external DNS is old (i.e., the traceroute on the domain I've moved still points to the old server). But, if I change the DNS to OpenDNS or Google DNS, the DNS information is new (i.e., the traceroute on the domains I've moved points to the new server).
  Now, on the OS X 10.5 Server, I have "Forwarder IP Addresses" set to OpenDNS server. So, should DNS requests, via the OS X 10.5 Server, not make their way via OpenDNS servers? And if so, why is it that, when going through OS X 10.5 Server, I'm still pulling old DNS information?
  I've:
  - flushed the cache in OS X 10.5 Server (via dscacheutil -flushcache)
  - flushed the cache on the 10.8 client machine (via sudo killall -HUP mDNSResponder)
  - restarted the machines
  Does anyone know what's going on here?
  Thanks,
  Kristin.

  Hi
  If it's any consolation both sites mentioned have always been slow to load for me. Regardless of Service Bandwidth, external/internal DNS, Browser, Platform or Location.
  Occasionally and for no apparent reason they do load as quickly as other sites. Only to return to their usual 'performance' after a short time. There are other sites that perform the same for me which I can't think of at the moment.
  Tony

• 2008 R2 DNS does not resolve external websites until I clear DNS cache

  Do I need to apply this hotfix
  http://support.microsoft.com/kb/2508835/en-us
  MCSE Certified

  Thank you for posting the ipconfig /all, but we can't use it since the relevant data that we need to evaluate has been blocked out. I can understand if you have a strong security policy.
  The Conditional Forwarders shouldn't be causing you to not to resolve specific domain names.
  How long has this been going on?
  What exactly occurs? Does DNS stops totally responding when you test it with nslookup, or are you just testing it with Internet Explorer?
  If you have nslookup tests and responses, it may be helpful to see them, but if your security policy prevents you from posting them, I understand.
  I'm curious about this part that you posted:
  > "And as suggested by microsoft
  > earlier,we have blocked few DNS
  > Domains by creating conditional
  > forwarders , pointing to
  > our another domain."
  Did you open a ticket with Microsoft support that provided this suggestion? If yes, you can email your support engineer that assisted you.
  Or did you post this in this forum or elsewhere that you received this suggestion? If a forum post, do you have a link?
  Without specifics, it may be difficult to assist. However, what I can provide are the following hotfixes. The second one you had already installed. I suggest and recommend to install the others.
  1. DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2
  Post Windows 2008 R2 SP1 HOTFIX available.
  APPLIES TO •Windows 2008 R2 Datacenter •Windows 2008 R2 Ent •Windows 2008 R2 Std.
  Requires a restart.
  http://support.microsoft.com/kb/2616776
  2. DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2
  Hotfix release - (released 4/15/2011)
  http://support.microsoft.com/kb/2508835
  3. Windows 2008 -
  DNS queries for external domains are not resolved when you use Conditional Forwarding in Windows Server 2008
  Post Windows 2008 SP2 Hotfix available
  Requires a restart.
  http://support.microsoft.com/kb/2625735/
  4. DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in Windows Server 2008 R2 - Post Service Pack Hotfix available.
  Does not require a restart.
  http://support.microsoft.com/kb/2655960
  If the above do not help or provide improvements, I highly suggest to contact Microsoft Support for specific assistance. Here's the link if you decide that you need to go with this option:
  http://support.microsoft.com/contactus/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Cacheing vs. Forwarding DNS

  I think I already know the answer to this, but if you have a "forward only" DNS server, does it also perform cacheing, or does every resolve request that passes through it get forwarded along for resolution?
  We're using OS X Tiger Server 10.4.7 on a couple of Xserve G4s. The /etc/named.conf file contains the following code in the options block:
  options {
  ... other stuff ...
  forwarders { ...my ISPs resolvers delimited by semicolons... };
  forward only;
  ... other stuff ...
  and since we're "forward only", I took out the code that would normally query the root resolvers, namely:
  zone "." IN {
  type hint;
  file "root.servers";
  I want to confirm that the behavior is what I would expect. For example, if discussions.apple.com isn't already in my Xserve's DNS cache and I try to resolve it, then that request gets forwarded to my ISPs resolvers. If another request for discussions.apple.com comes along but the old answer is still in my Xserve's DNS cache (and hasn't gone stale), then the cached answer is returned and the request is not forwarded to my ISP.
  Do I have it right?
  1.42GHz Mac Mini   Mac OS X (10.4.6)   1GB RAM, SuperDrive, Airport

  There are quite a number of these servers so I would rather not enter them manually.
  Too bad. Get over it
  Is there a way for the DNS server to forward queries to an external DNS server for server names that it does not have a records for ?
  No. The server resolver decision is based on zones. If the server thinks it's authoritative for a zone (e.g. 'companyx.com') then it will answer all queries for that zone based on the data it has. It will only use forwarders or external resolvers for zones that it does not 'own'.
  You can forward lookups in subdomains of your zone (e.g. the server can 'own' companyx.com, but pass requests for '*.newyork.companyx.com' to another server) but I'm guessing that's not how your external hosts are configured.

• How many DNS record need to create in Internal & external DNS server for exchange?

  Hi friends,
  I recently installed Exchange Server 2010 in my organization for testing purpose and I've register a pubic ip too for exchange server on godaddy.com. How many
  internal & External DNS records reqired to configure on external & Internal dns server so my all feature like Auto-discover, Activ -sync,& webmail start working perfectly.
  It's my first time configuring exchange for a organization.
  Thanks & Regards,
  Pradeep Chaugule

  Hi,
  Just as what ManU Philip said, you need to create
  Autodiscovery.domaincom and mail.domain.com for external dns server.
  Generally, you configure your Exchange Servers as DNS clients of your internal DNS server.
  Refer from:
  http://technet.microsoft.com/en-us/library/aa996996(v=exchg.65).aspx
  Best Regards.

• DNS - external DNS internal - Domainname?

  Hello, I have the following problem:
  Private IP network (192.168.0.0) behind router, which has a fixed external IP and an ADSL connection.
  The Leo server on the internal network has a fixed IP: 192.168.0.20.
  The Domain Name "firma.com" is hosted on a external provider, there is also a external web server running, which can be and should be accessible under "firma.com" and "www.firma.com".
  I have set up a subdomain in the external provider’s DNS, "intranet.firma.com". This is resolving to the external IP of my router. The router is configured that it routes all requests from the external IP to the internal address "192.168.0.20".
  The Mailxchange (MX) record also redirects on "intranet.firma.com."
  And now the DNS server on the Leo-server? Which are the correct entries?
  IP address: 192.168.0.20
  subnet mask: 255.255.255.0
  router : 192.168.0.1
  Primary DNS: 192.168.0.20
  DNS Secondary: I 192.168.0.1
  Which has to be primary zone name: "firma.com" or "intranet.firma.com"? I mean, can there be "firma.com", when there is a external webserver which needs that name?
  When I use "firma.com" for the Leo DNS and the server’s name is "intranet ", the it resolves to the internal server very well. But how can I get my externally hosted web "firma.com" or "www.firma.com", if I DNS server "firma.com" as the primary zone there? Which is the right configuration that I can send mails internal, external and from external? And use the external webserver as is?
  Thank you
  Willi

  First using a 192.168.0.0/24 or 192.168.1.0/24 network on your LAN is a bad thing if you are going to use VPN later.
  "I have set up a subdomain in the external provider’s DNS, "intranet.firma.com". This is resolving to the external IP of my router. The router is configured that it routes all requests from the external IP to the internal address "192.168.0.20". "
  You can use this if you want but you probably don't want the mail to require a an address like:
  <user/mailaccount-name>@intranet.firma.com do you? The MX pointer can use firma.com with an address of intranet.firma.com:
  firma.com MX 10 intranet.firma.com
  You could also look at intranet(.firma.com) as a hostname instead of a subdomain.
  (Maybe you should use an other domainname internally: firma.private or firma.internal)
  If you want to use the same domainname (firma.com) internally setup "all" the public names/IPs in the internal DNS and use only the server (private IP) DNS (with forwarders to your ISP DNS IPs) not the router DNS proxy for all internal machines.
  If you want to run an intranet webserver why not call it intranet.firma.com and the public one keeps it's name www.firma.com.

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• External DNS zone on Internal DNS servers

  We currently have a 2 domain forest with DNS running on all domain controllers. All domain controllers are 2012 or 2012 R2 and our Domain and forest functional level is set at 2008 R2 due to the existence of an exchange 2003 server which wont be retired
  for several months. We have 2 DNS servers in the root domain and 4 DNS servers in the child domain. This is a centralized DNS setup. Our parent domain is DOMAIN.LOCAL and the child domain is XX.DOMAIN.LOCAL. Externally, our DNS is MYDOMAIN.com. we
  do not have a public facing DNS server and our DNS records are hosted by a 3rd party
  We want to add the MYDOMAIN.COM DNS zone internally (AD Integrated) since we have several instances where applications do not really work well with the XX.DOMAIN.LOCAL DNS. We want this zone to host several DNS records for internal resolution
  only since we do not have any public facing applications or web servers such as SharePoint etc.
  My question(s) is this?
  How is the best way to do this and how will it affect the zones we currently have in place.
  Is it as simple as creating a new forward lookup zone, adding static records?
  How do we (or do we) handle delegation?
  Any information or suggestions to get me started would be greatly appreciated.
  Russ

  Hi,
  I’m not quite understand your question, do you want to create a new primary DNS zone on your current DNS server? If so, you
  just need to create a new primary, you can create the additional primary DNS zone.
  The related KB:
  Configuring a new primary server
  http://technet.microsoft.com/en-us/library/cc776365(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• External DNS not resolving SBS2011

  Hi,
  Hoping someone can help me out here.  We have an SBS server that is no longer forwarding external DNS queries.  We setup a secondary DNS server onsite so users would still be able to access web resources, but our primary DC only resolve
  internal DNS.  We have checked the forwarders on the servers (same on both), and one server resolves the forwarders, the other can't.
  I have triedrestarting the DNS service, flushing DNS cache and a server restart.  I've also checked forwarders and root hints, but can't see anything wrong in the configuration.  Both servers have NIC set with the other DNS server as primary and itself
  as secondary.
  I tried running an nslookup which works when both DNS servers are polled, but fails on the SBS server if it tries to poll itself or an external DNS server.
  Anyone have any ideas?
  Thanks
  Luke

  Here is the results from my dcdiag test:
  dcdiag /test:dns
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = SERVER01
  * Identified AD Forest.
  Done gathering initial info.
  Doing initial required tests
  Testing server: Default-First-Site-Name\SERVER01
  Starting test: Connectivity
  ......................... SERVER01 passed test Connectivity
  Doing primary tests
  Testing server: Default-First-Site-Name\SERVER01
  Starting test: DNS
  DNS Tests are running and not hung. Please wait a few minutes...
  ......................... SERVER01 passed test DNS
  Running partition tests on : ForestDnsZones
  Running partition tests on : DomainDnsZones
  Running partition tests on : Schema
  Running partition tests on : Configuration
  Running partition tests on : domain
  Running enterprise tests on : domain.com.au
  Starting test: DNS
  Test results for domain controllers:
  DC: SERVER01.domain.com.au
  Domain: domain.com.au
  TEST: Forwarders/Root hints (Forw)
  Error: All forwarders in the forwarder list are invalid.
  Error: Both root hints and forwarders are not configured or
  broken. Please make sure at least one of them works.
  Summary of test results for DNS servers used by the above domain
  controllers:
  DNS server: 128.63.2.53 (h.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
  DNS server: 128.8.10.90 (d.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
  DNS server: 139.130.4.4 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 139.130.4.4
  DNS server: 139.134.5.51 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 139.134.5.51
  DNS server: 192.112.36.4 (g.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
  DNS server: 192.203.230.10 (e.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
  DNS server: 192.33.4.12 (c.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
  DNS server: 192.36.148.17 (i.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
  DNS server: 192.5.5.241 (f.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
  DNS server: 193.0.14.129 (k.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
  DNS server: 198.41.0.10 (j.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.10
  DNS server: 198.41.0.4 (a.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
  DNS server: 202.12.27.33 (m.root-servers.net.)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
  DNS server: 203.50.2.71 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 203.50.2.71
  DNS server: 203.8.183.1 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 203.8.183.1
  DNS server: 208.67.220.220 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.220.220
  DNS server: 208.67.222.222 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.222.222
  DNS server: 209.244.0.3 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.244.0.3
  DNS server: 209.244.0.4 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.244.0.4
  DNS server: 210.23.129.34 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 210.23.129.34
  DNS server: 220.233.0.1 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 220.233.0.1
  DNS server: 220.233.0.2 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 220.233.0.2
  DNS server: 4.2.2.1 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.1
  DNS server: 4.2.2.2 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.2
  DNS server: 61.8.0.113 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 61.8.0.113
  Summary of DNS test results:
  Auth Basc Forw Del Dyn RReg Ext
  Domain: domain.com.au
  SERVER01 PASS PASS FAIL PASS PASS PASS n/a
  ......................... domain.com.au failed test DNS
  Hope this helps.
  Thanks
  Luke

• Lync 2013 mobile app does not work internally, SIP domain is Different than users UPN. not sure if that matters.

  using the lync client connectivity tester on a pc on the same lan as my mobile client everything is green and it says its ready for use.
  using my android galaxy s5 client on wifi on the same lan i get a screen with waiting to sign in spinning and an error at the top "we cant connect to the server check your network connection and server address, and try again."
  i have uploaded the full client log files
  here: client log file
  some errors that stand out from this log file are:
  1. ERROR HttpEngine: Certificate check fails: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
  2. <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
    <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
  i am using the correct creds, same creds i used on the analyzer tool.
  in the analyzer tool i did have to fill in the username field because my sip domain is different then my users UPN. which from what ive read its required to use the username field.
  i also filled in the username field in the mobile app with domain\username
  3. ERROR LYNC: ERROR TRANSPORT /Volumes/ServerHD2/buildagent/workspace/200604/tps/ucmp/platform/networkapis/privateandroid/CHttpConnection.cpp/295:CHttpConnection exception: java.lang.NullPointerException
  Jan 14, 2015 8:40:49 AM INFO LYNC: INFO TRANSPORT /Volumes/ServerHD2/buildagent/workspace/200604/tps/ucmp/ucmp/transport/requestprocessor/private/CHttpRequestProcessor.cpp/173:Received response of request(UcwaAutoDiscoveryRequest) with status = 0x22020001
  Jan 14, 2015 8:40:49 AM INFO LYNC: INFO TRANSPORT /Volumes/ServerHD2/buildagent/workspace/200604/tps/ucmp/ucmp/transport/requestprocessor/private/CHttpRequestProcessor.cpp/201:Request UcwaAutoDiscoveryRequest resulted in E_ConnectionError (E2-2-1). The retry
  counter is: 0
  4. Jan 14, 2015 8:40:50 AM ERROR LYNC: ERROR TRANSPORT /Volumes/ServerHD2/buildagent/workspace/200604/tps/ucmp/ucmp/transport/authenticationresolver/private/CAuthenticationResolver.cpp/431:Failing the original request as we weren't able to get the token
  this is the same type of error i was getting in the lync connectivity analyzer until i filled in the username field. but its filled in, in my client.
  again you can see the full log file is `HERE
  thank you in advance for any help. im trying to get internal working before i try external.

  Eric,
  I am trying to configure a reverseproxy on my netscaler which is in a 2 arm mode(dmz/internal) but I keep getting an error when configuring the monitor.
  i used this guide to configure it
  http://www.lynced.com.au/2014/04/configure-citrix-netscaler-vpx-as.html
  but continue to get this error in the netscaler monitor "Failure - TCP connection successful, but application timed out"
  so the virtual server is never up, thinking about just changing it to tcp as a monitor so it stays up and i can at lesat get the vip up.
  Also your link to the diagram shows it going to the reverse  proxy but the one im using has it going directly to the front end servers.
  http://www.lync-solutions.com/Documents/Lync_2013_protocol_poster_v6_7.pdf
  I'm guessing Microsoft's is the correct one but wonder why the config differential?
  I see that your diagram says "mobility url", what is the mobility url? i though that was the lyncdiscoverinternal.internal.com
  current setup is
  2 fe servers on internal
  1 edge server on dmz
  1 almost done reverse proxy netscaler load balancer.
  also this ms link i used to configure dns entries, along with the pdf linked above.
  http://technet.microsoft.com/en-us/library/jj945644.aspx
  i currently have these external dns entries and they all point to the edge server on the dmz.
  dialin .external.com
  lync .external.com
  lyncweb .external.com
  lyncdiscover.external.com
  meet .external.com
  sip .external.com
  webconf .external.com
  av .external.com
  _autodiscover._tcp.external.com.
  the internal dns links point to 1 of the front end servers
  1. lyncdiscoverinternal.internal.com
  2. lyncdiscover.internal.com
  3. _sipinternaltls._tcp.internal.com
  4. _sipinternal._tcp.internal.com
  5. sipinternal.internal.com
  6. sip.internal.com
  thanks again for your help.

• External DNS server not replicating records to secondary after migration from 2003 to 2012

  Hi
  I have a query relating to 2012 Server and DNS.
  Last week we de-commissioned our primary external DNS server (Windows 2003 Server) and moved the role over to a new Windows 2012 server.
  Since this point replication to our secondary server (3rd party hosted) does not seem to occur and our DNS records seem to have expired on the secondary server as we cannot look these up via nslookup.
  I cannot see any failures in the event log of the server; I have checked our external firewall logs and nothing is being blocked inbound/ outbound as far as I can see. And the server’s local firewall has been disabled.
  The server is a standalone server in a workgroup with a standard filebased primary zone, with no AD integration and recursion disabled.
  When I created the zone I copied the .dns file from the old server and selected this in the interface during the creation of the zone on the new server.  The new server has the same internal and external IP as the old server and the old server is off-line.
  I have also manually increased the serial number of the zone and still no joy.
  One thing that I have noticed is when I open the zones properties/Name Servers and click edit on the external nameserver I get the infamous "The server with this IP address is not authoritative for the required zone" error.
  Any help Would be appreciated, thanks in advance

  Nice to hear that you are close in finding the problem. So in short:
  You have enabled Zone transfers in DNS management console for the applicable zone
  You have verified that your DNS is listening to the correct interfaces
  You have enabled firewall rules to accept TCP and UDP traffic to port 53
  You have checked if "BIND secondaries" option is applicable to your case
  You have initiated a zone transfer from the secondary server
  Lefteris Karafilis 
  MCSE, MCTS, SEC+ 
  LinkedIn: http://www.linkedin.com/in/lkarafilis 
  Mail: [email protected] 
  Blog: http://www.karafilis.net 

• Leopard server and external DNS issues?

  I am trying to setup a new leopard server for a school with the internet being streamed in from the local borough with filtering for the students via DHCP with a range of 10.x.x.50 - 10.x.x.200. I have all their details (IP, subnet, router) inc their DNS settings. Now I want to create an OD master but am going insane with DNS as the new layout is confusing things. I am using the primary zone name "schoolname.internal" and giving it the manual IP address of the ethernet card 10.X.XX.XXX, I can ping clients around me but the server will not resolve correctly, I am using the external DNS settings provided by the ISP as forwarders.
  I will admit that I am still getting my head around DNS and would really like some more details into how to configure Leopard for this, Why can't I use the internal IP address setting of my server for the DNS?
  Plus do I need to have DHCP running on the server for OD in Leopard if it is being given by the external borough supplier ?

  Ladies and gentlemen, I have the answer.
  I stumbled across this accidentally when I was playing desperately in the Finder trying to get some inspiration about this issue.
  The problem doesn't lie in the clients... it lies in the Server.
  Here is my solution:
  1. In the finder, right-click on the external drive, and select "Get Info".
  2. Under "General", there should be 2 little check boxes, "Shared Folder" and "Locked".
  3. Click on "Shared Folder" to put an X in it.
  Thats it!
  For some reason Time Machine setup didn't share the folder and so the client machines recognised it as a shared time machine backup source, but couldn't actually find it on the network because it wasn't shared.
  Have fun ladies and gentlemen!!