Unable to access DFS shares when server 1 goes down

Hello all,
I have a test domain I am building in order to prepare for a new domain we are going to create. We currently have an SBS 2003 that is reaching the end of its' life. We are going to start fresh. I have setup domain-based DFS along with DFS folder replication
for each of the folders. So far, all is working ok, up to this point.
Replication is occurring as it should and my Hyper-V test machines can connect to the mapped drives via the DFS namespace.
\\domain\namespace\target folder
However, once I shut down the primary server (SRV01) I am no longer able to access the shares. The namespace servers tab on the center window of the namespace MMC, has both SRV01 and 02 listed. I receive no errors except "Unable to connect to \\domain\namespace\target
folder because it is unavailable". It is not "failing over" to the secondary available server.
Once I power SRV01 back up, connectivity is then restored to the folders and mapped drives. Is there something I should check for, or am missing?
Any and all insight is appreciated.
Dario Garcia

Hi,
1. Run DFSUTIL /pktinfo to see if the referral target is still the primary server when it is actually down.
If so, run DFSUTIL /pktflush to flush the cached information and try to access the namespace again.
2. If 1 cannot help, whether DNS is also configged on primary server? If so, as it is down,
\\domain may not be recognized.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

Similar Messages

Is there a requirement to restart the JMS/Weblogc Server everytime when the DB goes down?

Question:
When the Database is shutdown gracefully everything was fine.
But when the Database is brought down with shutdown abort the MDB consumer will never consume messages from the topic again. And we need to restart the WebLogic Server in order to get the messages consumed again.
So is there a requirement to restart the JMS/Weblogc Server everytime when the DB goes down? If not, what type of failures will require the JMS/WLS restart?

On a DB failure, a WL JDBC store service will make a brief attempt to reconnect before shutting itself down along with any services that depend on the store.
It isn't necessary to restart the entire WebLogic Server JVM to bring the affected service(s) back if you can use the Automatic Service Migration feature. ASM can automatically restart a failed service on a different WL Server in the same cluster, and/or can try a restart-in-place for the service if the service's original host WL Server JVM is still running. The Automatic Service Migration (pdf) white-paper has a thorough discussion of this area.
In addition to ASM, there's also a "whole server migration" option that can automatically restart or migrate an entire WL server.
Tom

Java stack of XI server is going down frequently.

Hi Experts,
The java stack of our XI Server is going down very frequently. This is happening mostly once in 3 to 4 days.Please let me know what could be the problem and how can I reolve it
Thanks & Regards,
Shanahas.K

Hi Sunny,
Where can I check default trace files when your Java is down ?
I have checked in /usr/sap/<SID>/DVEBMGS00/j2ee/cluster/server0 folder. But the files which I have found are either very old(about a month) or the files are latest which are created after the system is restarted.(Java started working after we restarted the server)
Also, how to find out whether installed license in our As Java.
Please help
Thanks & regards,
Shanahas

IOException when remote client goes down in Linux

Hello all -
This my first post here. I have ran into a bit of an issue with some code I have written. I have written a small client/server application that works on the premise that if the remote application ends, the socket will be broken, and an IOException will be thrown. I then catch the IOException and then end the particular thread associated with that socket. This works fine in Windows, but when I kill the remote application in Linux, an IOException is never thrown on the server, it's as if the socket is still there even tho the application ended. I'm thinking there is something different that happens when I kill a process in Linux vs Windows. I have tried using the SIGINT, and SIGTERM switches for kill but they made no difference. Does anyone have any idea, admittedly I am a Linux noob, thanks!
-Kam

If the server is reading when the client goes down it won't get an IOException, it will get an EOS condition: read() returns -1, readLine() returns null, readXXX() for any other X throws an EOFException.

MS SQL server is going down frequently(10 days of gap) with exception message: "A severe error occurred on the current command. The results, if any, should be discarded".

MS SQL server is going down frequently(10 days of gap) with exception message: "A severe error occurred
on the current command. The results, if any, should be discarded". We are facing this issue for past two month.But funny thing is server will be up automatically with out any service restart manually. Also if we try to restart the SQL
server service manually then SQL server will be in a dead lock situation and it will not come up even if we wait for long time. Then we should do a windows server machine restart to
make the SQL sever up. As a suggestion from Microsoft to fix this kind of similar issue,
we have installed service pack 3 for SQL Server. But even after we are facing same issue.
Server Details:
Server OS: Windows Server 2008 R2
Two type of database servers are installed on server:
1. MS SQL Server 2008 R2
2. My SQL
Also Reporting server is configured for the purpose of generating SSRS report from a dot net website.
NOTE:Immediately after the data retrieval/save, we are closing the connection explicitly by the
application.
we have checked the windows event log and below are the details:
Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Application information:
    Application domain: /LM/W3SVC/5/ROOT-1-130718142067856406
    Trust level: Full
    Application Virtual Path: /
    Application Path: E:\WebSpaceFolder\ACSQuiK\Production\
    Machine name: DBSERVER
Process information:
    Process ID: 148
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
    Exception type: SqlException
    Exception message: A severe error occurred on the current command. The results, if any, should be discarded.
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
Log Name:      Application
Source:        Report Server Windows Service (MSSQLSERVER)
Description:
Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Report Server Windows Service (MSSQLSERVER)" />
    <EventID Qualifiers="0">107</EventID>
Could anybody can suggest any kind of fix for this issue? Thanks in advance.

Hi YesYemPee,
I have tried but still not clear about your issue, I would like you provide more details information about your issue based on below points to better analysis about the issue:
What action did you do and caused the error "A severe error occurred on the current command. The results, if any, should be discarded", did you run report on the web application or something else then the error happen?
If you rendering the report and got the error, please try to provide us more error information in the log files which path like:
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\LogFiles
If it is not the case in step1, Please try to provide SQL Server Error log(SQL Server Logs) and more details information.
If you still have any problem, please feel free to ask.
Regards,
Vicky Liu
Vicky Liu
TechNet Community Support

How to display visited sites in a different color? For example, when I'm going down an ebay search list.

How do I make settings so that visited sites have a different color hypertext? For example, when I'm going down an ebay search list I want to know what items I already viewed.

* Make sure that the History is set to at least 1 day: Tools > Options > Privacy > History: "Remember visited pages for at least"
* Make sure that you do not start Firefox in Private Browsing mode (Tools > Stop Private Browsing is grayed, see [[Private Browsing]])
* To see all History and Cookie settings in Tools > Options > Privacy, choose the setting "Firefox will: Use custom settings for history"
Your above posted system details show outdated plugin(s) with known security and stability risks.
* Shockwave Flash 10.0 r12
Update the [[Managing the Flash plugin|Flash]] plugin to the latest version.
*http://www.adobe.com/software/flash/about/

InDesign CS4 -- unable to browse DFS share folders?

We've recently purchased a slew of CS4 licenses in anticipation for our company's migration from InDesign CS2 to CS4. However in testing we've noticed what appears to be a bug with InDesign. Anytime we use file browse dialog within InDesign CS4(ex. trying to open a new file, trying to import a file into the current .idd, etc..) we run into an issue where we are unable to browse to any DFS network share. The DFS shares are listed, however they are grayed out and unable to be selected. However, the first time InDesign is run, the shares show up correctly and are able to be accessed. When you close InDesign and re-open it, the DFS links are now grayed out and unaccessable.
InDesign CS2 also had the same issue however there was a workaround available: When browsing for a file in CS2, if you choose the "Use Adobe Dialog" all the DFS shares would then be displayed under the 'Computer' link on the left hand side. However after researching these forums and speaking with Adobe techs there is no such feature available in CS4.
Normally I would assume this was some type of compatability issue with DFS and Adobe products...however every other program in the CS4 suite works perfectly... it's just InDesign that's giving us problems(and of course, InDesign is the program we need the most).
Does anyone have any insight as to how we could possibly workaround this issue? Has anyone experienced any similar issues with DFS links being grayed out in InDesign?
Any help with this issue would be greatly appreciated.
Thanks in advance,
Tim

Thanks for the reply.
Apparently they have tried waiting (quite a while) before trying the delete but no joy they still have to close InDesign or reboot.
Message was edited by: elliott-1

Window 8.1 system unable to access network shares via VPN connection

Is there something inherent to Windows 8.1 that prevents it from accessing shares on a domain?
I know that it cannot join a domain, but does that also mean that it cannot access shares which are on a domain?
My problem is that I have several user that are running windows 8.1 that are connecting to our network via a VPN.
The users have domain accounts but their computers as windows 8.1 cannot joined to the domain.
So to access network shares they have to use their domain credentials to create a VPN connection.
Once connected the user can RDP to systems on the domain using their domain accounts, so I know that their user names/passwords and permissions are correct. They can access these systems using the computer name, so I don't feel that I have a DNS issue.
They can see the shares on our file server, but when they try to access their departments shared file, they receive an access denied message. There are a few shares that are completely wide open, shared to all users and all departments but they cannot access
those shares either.
You can ping the file server, from the the client when they are connected to the VPN but you just cannot access any of the shares.
So...
I am thinking that it has something to do with windows 8.1 and not being able to join a domain, but I cannot find anything to explicitly support this thought.
Other users running a variety different OS (windows 7, OSX, Linux) can all access the shares without any problems via the VPN, so I am a little stumped.

I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
I can see all the shares, so dns seems to be fine right?
So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
When I try to create a mapped drive by machine name I receive the following message:
Windows cannot access \\fileserver.dev.lan\all
You do not have permissions to access \\fileserver.dev.lan. contact your network administrator to request access.
But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
This only seems to happen on windows 8.1, which leads me to think that has something to do with OS.
I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem.

Unable to access CIFS shares using SSL Web portal

Hello,
i have deployed Cisco Clientless Web VPN on my ASA5515.
I'm having an issue when I try to browse a file server (access CIFS shares) from the WEB VPN portal. I am prompted for login, and after logging in I get the "Error contacting host" immediately. it's seem like a bug on ASA ? i saw that on Cisco Web site : bug CSCsl94183
I already DONE those things :
1- reload the ASA
2- upgrade to the latest software release
3- test different web browser ( Firefox, IE, Chrome)
1- ASA Platform is 5515 running latest software release (9.1.4)
2- File server running Windows 2008 R2
3- Clients is using Firefox.
4- When I establish SSL VPN connection using Cisco AnyConnect I have no problems accessing files or folders on the same server.
NOTE : I have 2 other CIFS server running Window 2003 and there is no issue. the issue is happening ONLY with the server running Window 2008 R2

I've also seen this exact problem. We have several Windows 2008 R2 servers, one of our Domain controllers has been migrated to 2008 R2. I can access shares on the Windows 2008 R2 domain controller, but not a deicated (member) file share server.

Network Media Player (Noontec V9-T) unable to access network shares on WIN8 Pro

I have just upgraded from Windows 7 home premium 64 bit to Windows 8 Pro 64 bit. After the upgrade, I made sure my video library was shared (both with the homegroup and my username) and that network discovery was enabled file sharing enabled etc etc.
On the Noontec Media centre I can see the workgoup called WORKGROUP. When I click on it I can see the name of my PC. But when I click on the pc name to log in to access the shares within it comes up with a username/pass box comes up. I then put in my username/pass
on the windows 8 pro machine, to which the Noontec receives an error message stating cannot login.
Previously I had enabled sharing with everyone (read only) on windows 7 home and this username/pass dialog box never appeared. Just said successful logon. So i tried sharing video library with "everyone" in windows 8 pro, the unit still can't log on.
I believe this noontec uses Samba. The last updated samba file was named "samba_3.0.23c_mipsel.ipk" when I updated the media players samba about 9 months-a year ago. i have checked the manufacturers website, there has been no further updates released.
Is there a way for me to access network shares from this media centre by maybe installing a new samba server on the windows 8 machine that is compatible with older samba clients? I am not savy with samba clients/servers at all, I just loved the way XP network
shares always seemed to work across multiple platforms... and win7/8 doesn't. Help anyone?

A lot of these media players will not work correctly. If your Video files are stored as .avi, MKV, MP4 etc.. pretty much anything excpet for .ISO, the best way is to use Plex media server on the windows 8 PC. It's free and should allow you to organise files
and libraries as you want.In fact, it's my preferred access method now, as most, smart TVs also support plex and support it well....allowing me to play the files directly in my smart TV, without using the Media players.
In addition if you have an Android tablet or phone, you can (if you want) access your media files from Plex using Media Monkey (free) and simply play them direct to the TV, Media Monkey simply hands the data stream over to the smart TV.
I have a similar set of media players and exactly the same problem with windows 8,8.1, previous shares on versions 7, vist etc..work perfectly. I use a free application on my android phone to remote start my media server/s (via the network card).
Shutter Light - Free monitoring activity and network data, to prevent unwanted sleep during Videos and to ensure the PC goes into sleep mode (disabling windows power management)
Plex simplifies everything and acts as a great central server for all types of devices and can bring media files together from different Directories/Disks, in to one set of Libraries.

Unable to access a share - beachball...

Colleague has raised an issue - he is unable to access a shared folder on our server.
He does Command K, enters ip number of server, clicks connect,
enters name and password
Gets a window offering volumes to mount - as soon as he clicks on one gets 'beachball of death'...
I can login from another site using his name and password and sail through to volumes OK...
He can Ping the server's ip number successfully...
Any thoughts on reason?
Any solutions...
Thanks - he's on 10.4.6 (probably should upgrade to 10.4.11), server is 10.4 os x server

If you can access the site through www.megaproxy.com/freesurf/ or a similiar web proxy service, then Verizon is giving you access. The Web Host probably has an out of date filter.
He can either add your subnet to his network, or you can simply turn off your modem for four hours (there is a lease time on the ip address that doesn't expire for 4 hours) and then turn it back on. I usually tell folks to do this at night when they go to bed. Basically just unplug the modem and don't plug it back in until the morning.
OR if you want it right away, you can try chat support or Call Verizon, and don't bother telling them your problem AT ALL. just ask for tech support and ask if they can release your IP Address, or break the dhcp lease.
you should have your modem powered off when they do that, and don't plug it back in for AT LEAST 3 to 5 minutes before plugging it back in.
If you plug it in immediately, then you run the risk of that IP address coming right back to you, but if you give it a few minutes, it will most likely go back into the dhcp pool and get assigned to someone else, and you will be in perfect shape to get a new ip address.

WRT54GL unable to access wired shares or printer on PC from wireless iMac

The subject line applies to a new router on which I can access the internet ok both from the wired PC and the wireless iMac.
The problem is this router is unable to access the PC shares or printer from the iMac. Pls note, "this router"!
I have an identical WRT54GL v1.1, same firmware, setup is identical on both, one works with no problem, but the new one has the above problem..
I have spent a day on it and its in line for return on Monday, but I still hope for a miracle tip which may sort it out :-)
On the good one 'Port scan' of the PC from iMac gives me:
Port Scan has started ...
Port Scanning host: 192.168.1.100
Open TCP Port: 139
Open TCP Port: 445
while the faulty one gives me:
Port Scan has started ...
Port Scanning host: 192.168.1.100
..and thats it! No contact.
Yes, the router is set up for 'Lan & Wireless' (no way to change that setting to 'WAN only' it seems, it bounces back to 'Lan & Wireless')
I have btw done a Factory Reset on it (twice) with no joy.
Any ideas anyone?
Mvh

My first guess for this kind of problem would be a software firewall on the computer. The firewall will detect where it is connected and configures the settings depending on the location. Two routers are two different "locations". Try turning off the firewall or even better deinstall it as often some parts of those software firewalls are still active when turned off.
The only option that does affect access of wireless clients to the LAN is the "AP Isolation" option on the "Advanced Wireless Settings". That should be off.
Another thing you could try if you like: do a configuration backup on the working router and restore it to the faulty one. Maybe there are some settings that don't match and that you cannot configure through the web interface. Have you ever used a 3rd party firmware on either of the routers?

MDM 7.1 SP05 server is going down all of a sudden : Any Inputs?

Hi All,
I am working on SAP MDM 7.1 SP05 and my repository is going down all of a sudden and when I get in to Log I see the following message :
The specified value for the Server Listening Port (0) is outside the range of available listening ports for system use. Please use only values between 49152 and 65535.
I went through the SAP Note and we upgraded all the components as per the guidlines... Does any one been through this issue, please share how to get rid of it.
Thanks
Rajeev.

HI,
we have MDM server port, MDS Port, MDSS Port, MDIS port..
all these ports are differnet... as we are integrated with other applicaitons.. other applicaitons are accessing MDM using MDM server port....
Apart from this wondering need to dig down .... we are not sure where the issue is... why MDM server getting restarted...
Your inputs are appreciated.
Regards,
Rajeev.

ASA has to be failed over when primary ISP goes down.

I have an outside 7206 router that is configured with BGP. Behind that I have an ASA 5520 with a failover. Everytime my primary ISP goes down I have to failover the ASA to restablish a connection to the secondary ISP. When the primary comes back on line I have to fail it over again. I have had Cisco TAC look at the ASA and they didn't see anything misconfigured on the ASA. Doesn't seem to be any problems with the router config either. Any Ideas on what could be causing this?

Thanks for your responses. Sorry, I'm new to this. Here are the configs and a simple pic of the primary asa and router the way thery are deployed. I've been dealing with issue for a while. Hoping to get some help here.
7206 router:
show runn
Building configuration...
Current configuration : 4678 bytes
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname lee-border
boot-start-marker
boot-end-marker
enable secret 5 **********************
no aaa new-model
ip subnet-zero
ip cef
ip name-server 206.77.62.152
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface GigabitEthernet0/1
description Univ. of Texas OTS for ISP and Inet2
no ip address
duplex full
speed 100
media-type rj45
negotiation auto
interface GigabitEthernet0/1.7
description Internet2 Access
encapsulation dot1Q 7
ip address 192.88.12.238 255.255.255.252
interface GigabitEthernet0/1.16
description THENet-Access
encapsulation dot1Q 16
ip address 207.80.110.134 255.255.255.252
interface GigabitEthernet0/1.743
description UT OTS TX-BB Peering
encapsulation dot1Q 743
ip address 192.124.228.114 255.255.255.252
interface GigabitEthernet0/2
description Phonoscope ISP Service
ip address 66.60.235.146 255.255.255.248
duplex full
speed 100
media-type rj45
negotiation auto
interface GigabitEthernet0/3
description Lee College Internal LANs
ip address 68.232.208.241 255.255.255.240 secondary
ip address 68.232.208.1 255.255.255.248
duplex full
speed auto
media-type rj45
negotiation auto
interface ATM1/0
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/1
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/2
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/3
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/4
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/5
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/6
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/7
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface FastEthernet2/0
no ip address
shutdown
duplex half
interface FastEthernet4/0
no ip address
duplex auto
speed auto
interface FastEthernet4/1
no ip address
shutdown
duplex auto
speed auto
router bgp 46094
no synchronization
bgp log-neighbor-changes
network 68.232.208.0 mask 255.255.240.0
network 198.216.112.0 mask 255.255.252.0
network 207.80.120.0 mask 255.255.252.0
neighbor 66.60.235.145 remote-as 22442
neighbor 66.60.235.145 description Phonoscope
neighbor 66.60.235.145 next-hop-self
neighbor 66.60.235.145 send-community
neighbor 66.60.235.145 version 4
neighbor 66.60.235.145 soft-reconfiguration inbound
neighbor 66.60.235.145 route-map Lee-out out
neighbor 192.88.12.237 remote-as 276
neighbor 192.88.12.237 description Internet2 Peering
neighbor 192.88.12.237 send-community
neighbor 192.88.12.237 version 4
neighbor 192.88.12.237 route-map I2-in in
neighbor 192.88.12.237 route-map Lee-I2-out out
neighbor 192.88.12.237 password 7 132C4546070901
neighbor 192.124.228.113 remote-as 6922
neighbor 192.124.228.113 description UT-Commodity
neighbor 192.124.228.113 send-community
neighbor 192.124.228.113 soft-reconfiguration inbound
neighbor 192.124.228.113 route-map OTS-in in
neighbor 192.124.228.113 route-map OTS-out out
no auto-summary
ip default-gateway 192.124.228.113
ip classless
ip route 68.232.208.0 255.255.240.0 Null0 250
ip route 68.232.209.0 255.255.255.0 68.232.208.2
ip route 68.232.211.0 255.255.255.0 68.232.208.2
ip route 68.232.212.0 255.255.252.0 68.232.208.2
ip route 68.232.216.0 255.255.248.0 68.232.208.2
ip route 198.216.112.0 255.255.252.0 Null0 250
ip route 198.216.113.0 255.255.255.0 198.216.115.1
ip route 198.216.114.0 255.255.255.0 198.216.115.1
ip route 207.80.8.0 255.255.255.0 198.216.115.1
ip route 207.80.120.0 255.255.252.0 Null0 250
ip route 207.80.120.0 255.255.255.0 198.216.115.1
ip route 207.80.121.0 255.255.255.0 198.216.115.1
ip route 207.80.122.0 255.255.255.0 198.216.115.1
ip route 207.80.123.0 255.255.255.0 198.216.115.1
no ip http server
access-list 90 permit 68.232.208.0 0.0.15.255
access-list 90 deny any
access-list 91 permit 198.216.112.0 0.0.3.255
access-list 91 permit 207.80.112.0 0.0.15.255
access-list 91 deny any
route-map OTS-out permit 10
match ip address 90
route-map Lee-out permit 10
match ip address 90
route-map I2-in permit 10
set local-preference 200
route-map Lee-I2-out permit 10
match ip address 90
route-map Lee-I2-out permit 20
match ip address 91
route-map OTS-in permit 10
set local-preference 150
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 *****************
login
end
ASA (Primary)
logging permit-hostdown
mtu Outside 1500
mtu inside 1500
mtu LeeDMZ 1500
mtu management 1500
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.1.1 255.255.255.0 standby 172.16.1.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any LeeDMZ
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 68.232.211.1-68.232.223.253
global (Outside) 1 interface
global (Outside) 1 68.232.223.254
global (Outside) 2 68.232.209.25
global (LeeDMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 tcp 16384 12000
nat (LeeDMZ) 2 access-list NAT_NEW_ISA
nat (LeeDMZ) 1 192.168.10.0 255.255.255.0
static (inside,Outside) 68.232.209.10 10.1.200.253 netmask 255.255.255.255
static (inside,LeeDMZ) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
static (inside,LeeDMZ) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (inside,Outside) 68.232.209.53 10.1.254.3 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.5 192.168.10.5 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.6 192.168.10.6 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.51 192.168.10.51 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.37 192.168.10.37 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.75 192.168.10.75 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.101 192.168.10.101 netmask 255.255.255.255
static (inside,LeeDMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (LeeDMZ,Outside) 68.232.209.102 192.168.10.102 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.38 192.168.10.38 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.23 192.168.10.23 netmask 255.255.255.255
static (inside,Outside) 68.232.209.136 10.1.7.37 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.111 192.168.10.111 netmask 255.255.255.255
static (inside,Outside) 68.232.209.8 10.1.13.8 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.103 192.168.10.103 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.92 192.168.10.92 netmask 255.255.255.255
static (inside,Outside) 68.232.209.4 10.1.6.2 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.219 192.168.10.219 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.217 192.168.10.217 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.206 192.168.10.206 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.234 192.168.10.234 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.33 192.168.10.33 netmask 255.255.255.255
static (inside,Outside) 68.232.209.246 10.1.1.246 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.11 192.168.10.11 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.100 192.168.10.100 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.120 192.168.10.120 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.70 192.168.10.70 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.36 192.168.10.36 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.50 192.168.10.50 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.22 192.168.10.22 netmask 255.255.255.255
static (inside,Outside) 68.232.209.121 10.1.1.121 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.20 192.168.10.20 netmask 255.255.255.255
static (inside,Outside) 68.232.209.203 10.1.55.203 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.15 192.168.10.15 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.25 192.168.10.25 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.55 192.168.10.55 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.143 192.168.10.143 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.34 192.168.10.34 netmask 255.255.255.255
access-group out-in in interface Outside
access-group 170 in interface inside
access-group dmz in interface LeeDMZ
route Outside 0.0.0.0 0.0.0.0 68.232.208.1 1
route inside 10.1.0.0 255.255.0.0 10.1.200.1 1
route inside 192.168.2.0 255.255.255.0 10.1.200.254 1
route inside 192.168.3.0 255.255.255.0 10.1.200.254 1
route inside 192.168.5.0 255.255.255.0 10.1.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
url-server (inside) vendor websense host 10.1.1.66 timeout 10 protocol TCP version 1 connections 5
aaa authentication ssh console LOCAL
filter url except 10.1.4.4 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.136 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.30 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 0.0.0.0 0.0.0.0 192.168.10.36 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.22 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.100 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.27 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.30 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.89.2 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.11 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.61 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.7 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.38 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.89.10 255.255.255.255 allow
filter url except 10.1.56.189 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.15 255.255.255.255 0.0.0.0 0.0.0.0
filter https except 10.1.4.30 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.1.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.1.4.29 255.255.255.255 management
http 10.1.4.30 255.255.255.255 management
http 10.1.4.31 255.255.255.255 management
http 10.1.4.4 255.255.255.255 management
snmp-server host inside 10.1.1.215 community *****
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 216.168.57.82
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map interface Outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=LEE-ASA
crl configure
crypto ca trustpoint ASDM_Lee
enrollment self
subject-name CN=LEE-ASA
crl configure
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.1.4.29 255.255.255.255 management
telnet 10.1.4.30 255.255.255.255 management
telnet 10.1.4.31 255.255.255.255 management
telnet 10.1.4.4 255.255.255.255 management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 LeeDMZ
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.1.4.0 255.255.255.0
threat-detection scanning-threat shun duration 3600
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
url-block url-mempool 2500
url-block url-size 4
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable interface Outside
dynamic-filter drop blacklist interface Outside
dynamic-filter whitelist
address 192.168.10.0 255.255.255.0
address 10.1.1.6 255.255.255.255
address 10.1.1.2 255.255.255.255
dynamic-filter blacklist
address 46.249.59.47 255.255.255.255
address 95.215.2.8 255.255.255.255
address 94.75.201.36 255.255.255.255
ntp server 64.250.229.100 source Outside
ntp server 24.56.178.140 source Outside prefer
webvpn
username **********************************
username **************************************
username ************************************
tunnel-group 216.168.57.82 type ipsec-l2l
tunnel-group 216.168.57.82 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect dns migrated_dns_map_1 dynamic-filter-snoop
inspect rtsp
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:************************************: end

Secondary DNS failing to redirect clients when Primary DNS goes down

I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual). Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x).
All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS.
DHCP is enabled only on DC1. (This might be part of the issue, not sure).
The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients. Trying to pull up any website results in a "Page cannot be displayed" error. DC2 is available during this time and can be
pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations. However I can log on to DC2 locally and browse the web.
Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
Directory Server Diagnosis
Performing initial setup:
   * Connecting to directory service on server DC2.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\DC2
      Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\DC2
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
     Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
      Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC2 passed test DNS
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : mydomain
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running enterprise tests on : mydomain.com
      Starting test: DNS
Test results for domain controllers:
DC: DC2.mydomain.com
Domain: mydomain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
                  Microsoftr Windows Serverr 2008 Standard
(Service Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
                  DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:91:59:68
IP Address is static
IP address: 192.168.0.249
DNS servers:
192.168.0.105 (DC1.mydomain.com.) [Valid]
127.0.0.1 (DC2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
                  The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.105 (DC1.mydomain.com.) [Valid]
192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
TEST: Delegations (Del)
Delegation information for the zone: mydomain.com.
Delegated domain name: _msdcs.mydomain.com.
DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone mydomain.com
Test record _dcdiag_test_record deleted successfully in zone mydomain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Matching CNAME record found at DNS server 192.168.0.249:
        a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
             Matching
SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
           Matching
SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Warning: Record Registrations not found in some network adapters
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.168.0.105 (DC1.mydomain.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.mydomain.com. is operational on IP 192.168.0.105
DNS server: 192.168.0.249 (DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: mydomain.com
DC2
PASS WARN FAIL PASS PASS WARN PASS
......................... mydomain.com failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

Looks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
Check out this article:
http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
See if you can enable DNS access through the firewall to the Internet if it's not already available. Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers. Alternativly,
you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications

Unable to access DFS shares when server 1 goes down

Similar Messages

Maybe you are looking for