Verifying DNS Record Readiness fails before domain rename

Similar Messages

• Lync server DNS Record configuration failed many time

  As i configure Lync Online DNS record in my Domain provider but it's goes failed many time .
  Can you please provide the information regarding this issue.

  Hi  Singh
  You may need to contact Domain registrar help desk to see the problem as they will be able to help you.

• State of DNS after Domain rename

  Hi all
  Still learning DNS and want to add secondary DC
  I initially set this up as a mydomain.local as I believed that was best practice. When researching SSL certificates I realised that it was now supposedly best practice to use mydomain.com. I did a Domain rename which was interesting and seemed to work reasonably
  well.
  2012 AD DC is :
  IPv4: 192.168.1.105
  Computer name: name
  Full Computer name: name.mydomain.local
  Domain name is: mydomain.com
  2012 Server RDS is: (was secondary DNS when .local)
  IPv4: 192.168.1.100
  Computer name: remote
  Computer name: remote.mydomain.com
  Domain name is: mydomain.com
  I want to install Secondary DNS to the RDS server or maybe a VM on it for redundancy but am concerned my DNS is possibly a little bit dodgy.
  Only issues I have is sometimes from remote “mydomain.com” will resolve to 192.168.1.100 and don’t believe this should happen but may be wrong.
  Every now and again from Remote Desktop which is on 192.168.1.100 (remote.mydomain.com) web sites won’t load and you need to refresh which will normally then resolve and load.
  The only other issue is every now and again autodiscover will take a while to resolve and troubleshooting that implies a timeout. MS have looked at this and didn’t see any issues in my DNS however I think that was just due to the fact that it resolved eventually.
  I have include some info ipconfig on 192.168.1.100 shows DNS 192.168.1.105.
  NSLOOKUP
  Name:    mydomain.com
  Addresses:  192.168.1.100
            192.168.1.105
  > remote.mydomain.com
  Server:  UnKnown
  Address:  192.168.1.105
  Name:    remote.mydomain.com
  Address:  192.168.1.100
  > mydomain.local
  Server:  UnKnown
  Address:  192.168.1.105
  Name:    mydomain.local
  Address:  192.168.1.105
  Pings from RDS
  C:\Users\administrator.MD>ping mydomain.local
  Pinging mydomain.local [192.168.1.105] with 32 bytes of data:
  Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
  C:\Users\administrator.MD>ping mydomain.com
  Pinging mydomain.com [192.168.1.100] with 32 bytes of data:
  Reply from 192.168.1.100: bytes=32 time<1ms TTL=128
  C:\Users\administrator.MD>ping mydomain.com
  Pinging mydomain.com [192.168.1.105] with 32 bytes of data:
  Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
  DCDIAG
           The DFS Replication Event Log.
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems.
           A warning event occurred.  EventID: 0x800008A5
              Time Generated: 05/14/2014   01:30:50
              Event String:
              The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the
  files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
              Additional Information:
              Volume: C:
              GUID: A3ABE3A7-A0E5-11E2-93E8-806E6F6E6963
              Recovery Steps
              1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
              2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
              wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="A3ABE3A7-A0E5-11E2-93E8-806E6F6E6963" call ResumeReplication
  * Replication Latency Check
              DC=ForestDnsZones,DC=mydomain,DC=com
                 Latency information for 1 entries in the vector were ignored.
                    1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
  latency information (Win2K DC). 
              DC=DomainDnsZones,DC=mydomain,DC=com

  Hi,
  If I understand correctly, you have two computers with the following host names and IP addresses:
  1. name (192.168.1.100)
  2. remote (192.168.1.105)
  The first server is a domain controller. The second server is a domain member server.
  Your Active Directory domain was 'mydomain.local' and you changed this to 'mydomain.com'
  DNS is installed on server #1.
  To avoid confusion when talking about DNS and Active Directory, you can refer to mydomain.com as your Active Directory domain, which has users and groups in it and is hosted on a domain controller. You also have a DNS forward lookup zone mydomain.com that
  is used to dynamically register computers that are members of the Active Directory domain. So - when referring to Active Directory - it is a domain but when referring to DNS it is a zone. These are two separate things that are linked.
  The DNS zone should have at least three A (address) records:
  mydomain.com (the root of the zone)
  name.mydomain.com (the DC)
  remote.mydomain.com (the member server)
  You should see the .100 address for the first two and the .105 address for the third. Open up DNS Manager and view the zone to check it.
  The pings you have listed in your post don't all make sense. Two of them are pinging the same FQDN but give different IP addresses (below):
  What problem are you trying to solve?
  -Greg

• #554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##

  Hi,
  This is my first post here. 
  My exchange server of late is facing a peculiar problem. I get the error message that I have posted below when sending mails to any outside domain. However when I restart the server the mails can be resend to the address without any issue. After a certain
  time again the issue pops up upon which I am forced to restart the server again. I am running 2007 Exchange on Windows 2003.
  Generating server: name.mydomain.com
  [email protected]
  #554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
  [email protected]
  #554 5.4.4 SMTPSEND.DNS.MxLoopback; DNS records for this domain are configured in a loop ##
  Original message headers:
  Received: from name.mydomain.com ([1xx.xxx.xxx.xx5]) by MHDMAILS.mouwasat.com
   ([1xx.xxx.xxx.xx5]) with mapi; Wed, 19 Oct 2011 08:56:29 +0300
  From:  <[email protected]>
  To: <[email protected]>
  CC: "Al Alami,Tareq" <[email protected]>
  Date: Wed, 19 Oct 2011 08:56:27 +0300
  Subject: RE:   
  Thread-Topic:   
  Thread-Index: AcyAQ5tu8z9CvBfdT5+1pcGQkk6x0AIuwczAAAGZjeABQyW5sAADeeJQAAETNDA=
  Message-ID: <[email protected]>
  References: <[email protected]com>
   <[email protected]com>
  Accept-Language: en-US
  Content-Language: en-US
  X-MS-Has-Attach: yes
  X-MS-TNEF-Correlator:
  acceptlanguage: en-US
  Content-Type: multipart/related;
              boundary="_004_EEC8FA6B3B286A4E90D709FECDF51AA06C0588CA11namedomain_";
              type="multipart/alternative"
  MIME-Version: 1.0

  On Sun, 23 Oct 2011 15:05:15 +0000, Jobin Jacob wrote:
  >
  >
  >Even af
  >
  >ter removing my domain from the send connector I continue to receive the error. I would like to say I do have a firewall, Cyberoam. However, it was the same configuration till now in the firewall. I did try Mx lookup and found the following.
  >
  >Could there be any other solution to this issue ?
  Sure, but it's necessary to ask a lot of questions since none of us
  know how your organization is set up.
  I see you also have "Use the External DNS Lookup settings on the
  transport server" box checked. How have you configured the "External
  DNS Lookups" on the HT server's property page? Is there any good
  reason why you aren't just using your internal DNS servers? If the
  internal DNS servers are configured to resolve (or forward) queries
  for "external" domains then there's no reason to use that checkbox. In
  most cases checking that box is a mistake.
  http://technet.microsoft.com/en-us/library/aa997166(EXCHG.80).aspx
  The behavior you describe (it works for a while and then fails;
  restarting the server returns it to a working state) sure sounds like
  some sort of DNS problem.
  Rich Matheisen
  MCSE+I, Exchange MVP
  --- Rich Matheisen MCSE+I, Exchange MVP

• How to create a DNS record for a domain itself (without a hostname)

  Hi,
  Normally, you can create a DNS record that points to the zone itself, e.g.:
  @               10800 IN A    196.197.200.201
  How do you accomplish that on a Mac OSX Lion Server? The DNS requires you to enter a hostname and it does not accept "@" as the hostname as it normally appears in the zone file.
  (manually modifying the host file does not work - I tried that ;-) )
  Any help is appreciated
  Thanks
  Bjoern Dirchsen

  Create either a blank record with a ., or a FQDN such as 'domain.com.' (note the trailing dot). Either of these should map to the domain name.

• DNS record is not dynamically created in DNS Zone, when joining to DNS domain

  hi
  in my test lab i have deployed two virtual machines (both are windows server 2008 R2 enterprise).
  on vm1 i have installed just DNS role (without Active directory) and created a primary non-ADintegrated zone.
  on this DNS zone, i have enabled dynamic update set to
  non-secure & secure .
  now in my vm2 (as a DNS client) , i set the ip address of this DNS server as preferred DNS server and then in system properties, on the primary DNS suffix field, i entered the name of my DNS domain (mydomain.lab)& rebooted VM2, but the a record of this
  client (vm2) is not registered (created ) in mydomain.lab zone.
  i respect the record be created like the situations which we join a client to AD domain 

  Hi  John ,
  When registering DNS record ,client will send a SOA query to find the primary server of the zone .Then send register message to the server .
  We can use nslookup to find the problem :
  Open Command Prompt
  type nslookup
  type set type=soa
  type zone name
      1. If there is positive response ,check the name of
  primary name server and the IP address of the server .
  Its name should be vm1.mydomain.lab .If not ,edit the SOA record in the zone .
  If no IP address ,edit NS record in the zone .
      2. If there is no response ,check the SOA record in the zone .
  We can manually delete and recreate the records to ensure there are right SOA and NS records .
  Here is the guide for using nslookup :
  Nslookup :
  https://technet.microsoft.com/en-us/library/cc940085.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Hi Leo, thanks for reply.
  i did all steps you mentioned but still no result.
  i put an screenshot of my desktop here , everything is shown here:

• Windows DNS - Active Directory record Load Failed

  Hello guys, 
  I'm in an environment with Windows Server 2012 R2 that have ADDS and DNS services deployed, have received event ID 4010 is as follows: 
  Event ID: 4010 
  Event Source: DNS 
  Event Log: DNS Server 
  Event Description: The DNS server was unable to create a resource record for ed8f33e5-E8EB-48da-bfdc-4eb278964864._msdcs.dominio.com. in zone dominio.com. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The
  event data contains the error. 
  I've deleted the records as recommended by Microsoft article but after restarting the DNS service error reappears in DNS logs. 
  Anyone have any ideas?

  Thanks for the reply, below is the results I had with the recommended query:
  PS C:\Windows\system32> Get-ADDomainController -filter * | FL name, *guid*
   name             : ServerS014  ServerObjectGuid
  : 1c1f2405-dc6d-4e5b-b3de-05406f9687b8
   name             : ServerS002 ServerObjectGuid
  : f8d6f018-6bb8-4fbf-9555-4a527f2719ac
   name             : ServerS100 ServerObjectGuid
  : 2f4cd536-380f-4351-9220-3185f73fcd33
   name             : ServerS014 ServerObjectGuid
  : 73d6d936-4deb-4e46-8a22-3b19754b96f1
  I checked the records in DNS are different from that of the consultation 
  Have deletes DNS records and after ipconfig / registerdns records are re-created with different ID of the consultation.

• New Windows Server 2012 unable connect to Netlogon Service or update DNS records

  Hi everybody, all of my Windows Servers 2012 decided to collapse after innocuous group policy update that was meant to make user passwords more secure.
  The AD and DNS seem to be functioning "normally", I am able to add new Windows7 and Windows Server 2008 machines to the domain, I can see them in listed in the AD and DNS record are update correctly, however, as soon as I try to join Windows Server
  2012 it breaks.
  The event log is littered on the new server with:
  The system failed to register host (A or AAAA) resource records (RRs) for network adapter
  with settings:
             Adapter Name : {DB7F73CE-E011-4F3C-BEBC-2CE7A871DF51}
             Host Name : CHEETAH
             Primary Domain Suffix : somedomain.com
             DNS server list :
  192.168.0.5
             Sent update to server : <?>
             IP Address(es) :
  192.168.0.15
  The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
  at this time.
  You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
  and
  Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.somedomain.com. timed out after none of the configured DNS servers responded.
  When I try to ping the primary DC (WS2003) it fails, the Secondary DC (WS2012) responds.
  The >nltest /sc_query:somedomain.com on Windows Servers 2012 returns:
  Flags: 0
  Trusted DC Name
  Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
  The command completed successfully
  yet it works on all other machines.
  I tried removing 2012 servers from the domain and rejoining - without success. The cookie crumbled when I added two new installations of Windows Server 2012 & 2008 and 2008 worked fine but 2012 showed same symptoms.
  There is one peculiar thing that I had noticed on all Windows 2012 machines, it constantly showing "Workplace Connection - Connecting" in the networks pane on the right side of the screen, which I can't say i ever noticed before.
  Unfortunately, the secondary DC is a multihoming server with Direct Access role - I am not sure if this may play some part but our existing configuration worked for a year now without any problems. Issue appeared when I changed the password complexity rule,
  which boggles the mind. I wonder if there has been some other changes in GPO that did not propagate from years ago and finally comeback to break things.
  Any suggestions would be really appreciated.
  wmin

  Hello Ace, i wish you a Happy New Year! I hope your break was enjoyable and filled with cheer.
  In the end I had to bite the bullet and reinstall all troublesome servers. Your recommendations from above removed some serious problems with the DA and DNS resolution.
  I was able to attach new server to the domain without any problems and begin painful process of rebuild.
  I have promoted TIGER to full DC controller role, but having some issues with replication. Although running >repadmid /showrepl gives positive
  feedback, the sysvol folder on the secondary DC is empty.
  Also there is a couple of warnings in the event log:
  Event ID 4012
  Log Name: DNS Server
  Source: DNS-Server-Service
  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial
  synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server
  for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
  - which has not repeated since 3rd of Jan.
  These events occur on the primary DC every few minutes:
  Event ID 1030
  Source: Userenv
  Log Name: NT AUTHORITY\SYSTEM
  Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Event ID 1058
  Source: Userenv
  Log Name: NT AUTHORITY\SYSTEM
  Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=somedomain,DC=com. The file must be present at the location <\\somedomain.com\sysvol\somedomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
  (The network name cannot be found. ). Group Policy processing aborted.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Should sysvol folder be shared on the secondary DC? Another interesting thing to point out is that
  \\somedomain.com\sysvol\somedomain.com\Policies\ can be access
  from all other machines except the DC1.
  Cheers!
  kind regards,
  wmin

• DNS record ownership and the DnsUpdateProxy group

  I have a 2 x 2003 domain controller that have DNS and DHCP Services installed
  I was thinking of configuring DHCP to use a service account to update DNS records.
  If I set this, do the DHCP Servers need to be members of the DNSUpdateProxy security group for the service account to work?>

  I have to agree with John here. I don't think it's reasonable to just say 'ms told us so'. We need a
  technical before and answer is given. I have multiple DHCP servers and I use a security account on them to register the records and never use the
  DNSUpdateProxy Group and I have no problems. My thinking is this:
  Assume we are using Integrated Secure Zones in AD:
  Scenario 1:
  Windows DHCP server i registering records on behalf of clients
  Not a member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as dhcpserver$  and only that account can update
  This is a problem if that DHCP server fails
  Also, non Windows DHCP server with no AD account cannot update
  Scenario 2:
  Windows DHCP server i registering records on behalf of clients
  Member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as SYSTEM  and authenticated users can updated meaning any user or client on that domain
  No problem if that DHCP server fails as any other authorized DHCP server can update
  Non Windows DHCP servers can updated if they have a domain machine account
  Scenario 3:
  Windows DHCP server i registering records on behalf of clients
  Using a dedicated account
  Records added with owner same as this dedicated account
  Another DHCP server that also uses this same account can updated the records
  A non windows DHCP server that can use this account can also update the records
  Now, can someone from MS please clarify the technical reason they say that in Scenario 3, you must add the DHCP servers to the
  DNSUpdateProxy group ?
  http://technet.microsoft.com/en-us/library/cc780538(v=ws.10).aspx
  I guess this link didn't help?
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates
  with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  Just to add:
  Why is the DnsUpdateProxy group needed in conjunction with credentials?
  The technical reason is twofold:
  DnsUpdateProxy:
   Objects created by members of the DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the objects.
  DHCP Credentials:
   Forces ownership to the account used in the credentials, which the DnsUpdateProxy group allowed to take ownership other than the registering client.
  Otherwise, the default process is outlined below, and this applies to non-Microsoft operating systems, too, but please note that non-Microsoft operating systems can't use Kerberos to authenticate to dynbamically update into a Secure Only zone, however
  you can configure Windows DHCP to do that for you.
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  More on this discussed in:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/6f5b82cf-48df-495e-b628-6b1a9a0876ba/regular-domain-user-uses-rsat-to-create-dns-records?forum=winserverNIS
  If that doesn't help, I highly suggest to contact Microsoft Support to get a definitive response. If you do, I would be highly curious what they say if it's any different than what I found out from the product group (mentioned earlier in this thread).
  And of course, if you can update what you find out, it will surely benefit others reading this thread that have the same question!
  Thank you!
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• When do I have to update my DNS records for my URLs, such as mail and autodiscover?

  We currently have EX2010, with autodiscover.domain, owa.domain, and outlook.domain records in DNS.  The outlook.domain is used for the CAS array and would not be modified during this.
  We are going to install new EX2013 servers soon.  When we do that, we plan to set all the URLs to be the same as EX2010 (like above).  
  From what I can tell, I do not have to change the DNS records until we actually start to migrate mailboxes.  Would that be correct?  I would rather do some additional testing, and get our load balancers configured correctly, before pointing autodiscover
  and owa at EX2013.  
  Most of the documentation I have seen says change the DNS records at the end of your installation, but that would be if I was ready to migrate mailboxes I would think.
  Thanks for any help or assistance on this.  I have read all of the articles on the Exchange Blog site, but nothing really says make this change immediately.

  Hi DarlonJeel,
  Based on your description, I know you want to upgrade Exchange 2010 to Exchange 2013.
  After you've completed the installation of Exchange 2013, you could update the MX record and the Autodiscover record to the Exchange 2013  CAS Server.
  Don’t worry about that the users whose mailboxes are located in Exchange 2010 server. When a user uses OWA or OutlookAnywhere, Exchange 2013 CAS server will redirect to the Exchange 2010
  CAS server automatically.
  Hope it helps,
  Best regards,
  Eric

• What are the right DNS records to host more than one site on OSX Server (ML). My conf in Server.app looks right but one of my sites lands on the default server. Any suggestion?

  I started using OSX Server on Mountain Lion a few days ago and it looks promising.
  I do however measure my ignorance in DNS matters...
  I defined two websites in addition to the the Default Server, so I have three names to deal with.
  For argument's sake
  - www.main.com is the default site
  - www.sitea.com is the first site
  - www.siteb.com is the second site
  I define a virtual host for www.sitea.com and another for www.siteb.com
  The resulting apache conf is what I would expect, I am pretty sure it is correct.
  So I modified my DNS entries (they were A records) to point to my new OSX Server.
  My result is:
  - www.main.com shows the default site
  - www.sitea.com shows the first site
  - www.siteb.com shows...the default site
  Any ideas?
  Cheers

  Thanks MrHoffman!
  My problem ended up being a name but not in the DNS!...In Apache.
  Your information allowed me to rule out possibilities and zoom in to the culprit faster.
  I just report here the conclusion hoping it can help someone else.
  When I installed OSX Server last week, I had in mind to principally run siteb.
  During the initial install, this is what I must have entered and then forgot about it.
  Then I defined my virtual hosts sitea and siteb and realised my machine was called siteb and changed its name to main to avaid a name collision. At which time I remember OSX Server telling me that changing the name could have consequences...But it apparently went ok, and it did except for one little thing.
  The consequence was this:
  in the main configuration file /Library/Server/Web/Config/apache2/http_server_app.conf the ServerName directive had remained siteb (instead of main). I manually updated it with TextEdit (could do vi from bash, its the same) and replaced siteb with main.
  There is a way to detect it.
  In Server.app, there is a "logs" panel, which displays all sorts of logs for everything including the websites.
  Each website's logs are presented as "access" and "error" logs. The information was there, but I could not see it because the viewing window in remarkably small for so much information in raw text...
  web logs are actually written to only two files in /var/log/apache2 (error.log and access.log)
  I openned two bash windows and run tail -f on error.log in one and tail -f access.log in the other.
  When I started the web service, apache threw a warning stating from mod_ssl saying that the certificate did not match the serve name...I the certificate was what I expected, I checked http_server_app.conf and found the ServerName directive that was not changed when I renamed my server...
  Easily fixed when its found, but it can take a while to find.
  BTW, I was using A DNS records for and it works, but I find your method of using CNAME records documents the administrator's intent better than with A records; I started to do the same. (A records a useful though, they can run a domain across multiple machines)
  Cheers mate!

• DNS Records Confused

  Hi everyone,
  I have did the transtion from Exchange 2007 to Exchange 2013.
  My Exchange 2007 URLS were with mail.mydomain.com and hostname of the exchange 2007 server was  mail.
  I came up with Exchange 2013 with hostname mail1
  mail  : 192.168.1.10 (Exchange 2007)
  mail1 : 192.168.1.15 (Exchange 2013)(all virtual directories i set to mail.mydomain.com)
  After decommisioning Exchange 2007 i changed exchange 2013 server to the old ip of Exchange 2007
  mail1 192.168.1.10
  I created 
  A record mail pointing to 192.168.1.10(mail.mydomain.com)? is it right
  Now i have two records mail and mail1 pointing to same ip 192.168.1.10
  Autodiscover record pointing to 192.168.1.10(autodiscover.mydomain.com)? is it right
  should my MX record be pointing to mail or mail1
  Should i create an SRV recoard?
  Please do guide me ,i am able to open Exchang admin center and owa web pages but i am not able to login.
  For outlook or active sync, what should be the incoming and outgoing mail server(mail.mydomain.com or mail1.mydomain.com)
  I want to use mail as used earlier with exchange 2007

  The mail part of mail.mydomain.com for purposes of finding your mail server is not referring to the name of the server as in server1.mydomain.com so the name of your server is not important. 
  But your certificate should match whatever that is.  So for example my mailserver uses webmail.mydomain.org on the certificate so this is what the internal and external DNS records are pointed to even though the server has a name completely
  unrelated to that.  Also, my internal domain is mydomain.local so I created a separate DNS zone internally for webmail.mydomain.org and put the A record (with the internal IP) for my exchange server in there. 
  So from internally when you look for webmail.mydomain.org you find the internal IP address of the exchange server and when externally looking for the same thing, webmail.mydomain.org you find the external IP address of the exchange server.
  Since you have put the new server at the old server IP you should not have to change DNS records externally and if you have DNS configured internally you should not have to change those either. 
  You do not need srv or mx records internally.  An mx record would be an external record to help people find your mail server on the internet but as I said, since you put the new server at the same IP, presumably you already have external
  DNS and firewall settings to allow access.
  What you need to do is set the virtual directory addresses and the Service Connection Point for the new server. 
  First verify your DNS by pinging mail.mydomain.com both internally and externally. 
  Internally it should resolve to 192.168.1.10.  Externally it should resolve to whatever public IP provides external access through your firewall to the server sitting at that internal IP.
  Set the SCP for the new server using EMS (this assumes that your internal ping results above worked correctly):
  Set-ClientAccessServer -Identity mail1 -AutoDiscoverServiceInternalURI https://mail.yourdomain.com/autodiscover/autodiscover.xml
  You said you already did this part below but you can verify or do it again.
  Configure virtual directories for mail1. 
  Go to ECP and navigate to Servers >> Virtual Directories
  Select mail1 then click the wrench
  Add mail1 at the top and then enter mail.yourdomain.com
  Back in the Servers >> Virtual Directories section of ECP click on the virtual directories one at a time and then click the edit pencil and copy and paste to make the internal URL match the external one. 
  Do this for OWA, ECP, ActiveSync, EWS and OAB.  Skip autodiscover and powershell!
  Once all of this is done your OWA would be accessed at
  https://mail.mydomain.com/owa and your ecp would be accessed at
  https://mail.mydomain.com/ecp from both inside and outside your organization.

• DNS record ownership for DHCP clients

  my configuration:
  dhcp/dns/dc installed on same system - Windows 2008 R2 SP1 in domain environment.
  all zones configured to secure updates only with aging and scavenging enabled
  dhcp servers are member of DNSupdateproxy group.
  dhcp are configured with standard domain user account (this user was made a member of dnsupdateproxy as well, DOES THAT MATTER?)
  dhcp scopes are configured with default DNS setup (force DNS update by DHCP)
  now...
  all DNS records for endpoint devices on dhcp lease (windows7, mac os X, ubuntu) are owned by SYSTEM
  in security tab for some DNS records i can see service account with write permission to record ( i believe this is desired state)
  in other records service account has no permission but timestamps are still updated by computer account (hostname$ has write permission). these records have pencil icon on computers in dhcp lease table.
  Problem with this (hostname$ has write permissions) is when user connect to network via VPN (obtains dhcp lease) it get's two records registered in DNS -> 1 record for ip distributed by dhcp server and 2nd record for his home private network.
  Have anyone seen this before?
  i've tried deleting DNS records / releasing ip on endpoint device (example win7). It would not register to DNS by DHCP. However if i do ipconfig /registerdns it will do it, but dhcp service account won't have permission no this record.

  Apparently it appears that DHCP may not be configured with credentials, DHCP DNS settings are not configured to force DHCP to register ALL requests, nor has the DHCP server itself have been added to the DnsUpdateProxy group. These are all prerequisites
  for DHCP to own all records, otherwise you will see default behavior, which is:
  By default, a Windows 2000 and newer statically configured machines will
  register their A record (hostname) and PTR (reverse entry) into DNS.
  If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow
  the machine itself to register its own A record, but DHCP will register its PTR
  (reverse entry) record.
  The entity that registers the record in DNS, owns the record.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. Give it a really strong password.
  Set DHCP properties, DNS tab, to update everything, whether the clients can or cannot.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group.
  Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it. They must be removed or it won't work.
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging one one DNS server. Set the NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length. What it scavenges will replicate to others anyway.
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx 
  Good summary:
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  DNS Record Ownership and the DnsUpdateProxy Group
   http://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated (NON-ADMIN) user account and
  configure DHCP servers to perform DNS dynamic updates with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  DNS record ownership and the DnsUpdateProxy group
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b17c798c-c4b2-4624-926c-4d2676e68279/
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Disk Utility verify of ISO burn fails, but md5 sum matches

  Frequently when I burn a large DVD iso to a DVD, via the "Burn" task in OS X Disk Utility, the process results in a failure at the end of the verify process.  However, if I check the md5 sum of the DVD against the published md5 sum for the ISO, the checksum matches.  From this I assume that the DVD must have written correctly.  Why does DiskUtility report that the verify failed?
  System:  IMac 27-inch, Mid 2011
  OS X 10.9.5 (13F34)
  Disk Utility:  Version 13 (517)
  Example:  Here's the md5 sum of the downloaded ISO, which matches the published me5 sum for the ISO on the Centos website, and of the written DVD. 
       # get md5 of downloaded ISO:
  $ md5 CentOS-6.5-x86_64-bin-DVD1.iso
  MD5 (CentOS-6.5-x86_64-bin-DVD1.iso) = 83221db52687c7b857e65bfe60787838
       # Centos site reports:  83221db52687c7b857e65bfe60787838 CentOS-6.5-x86_64-bin-DVD1.iso
       # read DVD via dd and pipe to md5 to get md5 sum:
  $ dd  if=/dev/disk2 | md5
  8726528+0 records in
  8726528+0 records out
  4467982336 bytes transferred in 63.966136 secs (69849183 bytes/sec)
  83221db52687c7b857e65bfe60787838
  DVD was written via DiskUtility:
       1.  File | Open ->select ISO from downloads folder
       2.  Select ISO in left panel of Disk Utility
       3.  insert blank DVD
       4.  click Burn icon (pops up Burn Disc in: SuperDrive.  Ready to burn.)
       5.  click Burn
  Result:
       dialog with "writing track"...  "verifying" "Unable to burn "Centos....iso." (Verifying the burned data failed.)

  its not your drive the problem its the disk if you use singapore produce disk there is a way to find out what kind of disk is made by you could have a disk of poor quality made by Ricoh, singapore disk dual layer disk of of top quality.
  apple needs to update the firmware KA19 to be compatible to the Ricoh disk.

• Testing an ISA Server Rule, the recursive query to other DNS Servers test fails

  Hello,
  I am trying to configure the following infrastructure with ISA Server 2006 and two W2003 servers (called "Server1" and "Server2") . "Server1" is a domain controller, and in
  "Server2" is the ISA Server installed, which also has
  attached two network Ethernet cards, one called "Internal Ethernet Card", and the other one called
  "External Ethernet Card".
  The infrastructure would be:  "Internal Ethernet Card"---- ISA Server ----"External Ethernet Card"---"Router"----"Internet"
  "Internal Ethernet Card" manages the internal package traffic of the infrastructure, the network segment which belongs is isolated from what we could called the Outbound traffic, which is linked to a router. "Internal Ethernet Card" it`s
  a virtual network.
  "Internal Ethernet Card" feature configuration is the following:
  - IP address: 192.168.3.3
  - Subnet Mask: 255.255.255.0
  - DHCP Enabled: No
  - DNS Server: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)
  - Default Gateway:  None  (because doesnt point to outside)
  - Primary WINS Server: 192.168.3.1  
  The "External Ethernet Card" provides, the outbound connection, and this card is connected to the physical router.
  It`s feature configuration is the following:
  - IP address: 192.168.1.50
  - Subnet Mask: 255.255.255.0
  - DHCP Enabled: No
  - Default Gateway: 192.168.1.1
  - DNS Servers: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)
  After configuring the network cards, I create the following rule in the ISA Server to allow the traffic towards outside from the server and the clients which have joined to the domain:
  Action: Allow.  Protocol: DNS.  From:"Server2".  To : External.  Condition: All Users
  After applying the changes to update the configuration, I enter in the Dns Server of "Server1" and in the "Monitoring" tab, I run a "recursive query to other DNS Servers" but fails.
  Only works the "simple query against this DNS Server".
  I don`t know why fails, but I`m stucked on this issue, because in the "Server1" DNS Server, in the "domain forward IP address list", I have added two DNS addresses which work OK.
  I would appreciate some help to solve this issue.
  Thanks
  Regards 

  Hello Ms. Long, 
  Yes, you are right. In the Server1 is configured the DNS server, to use forwarders whose are set in the field "Selected domain`s forwarder IP address list", two DNS address numbers obtained from "Open DNS", which work well.
  There is no DNS Server linked to the External NIC.
  The Server1 belongs to a private network configured as "VMnet3", which it is set as follows:
  IP address: 192.168.3.1
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.3.3
  DNS Server: 192.168.3.1
  I have tried to test your suggested idea:
  > set d2
  > google.com
  Server:  srv-dcfs-01.dominio.local
  Address:  192.168.3.1
  SendRequest(), len 42
      HEADER:
          opcode = QUERY, id = 2, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0
      QUESTIONS:
          google.com.dominio.local, type = A, class = IN
  Got answer (113 bytes):
      HEADER:
          opcode = QUERY, id = 2, rcode = NXDOMAIN
          header flags:  response, auth. answer, want recursion, recursion avail.
          questions = 1,  answers = 0,  authority records = 1,  additional = 0
      QUESTIONS:
          google.com.dominio.local, type = A, class = IN
      AUTHORITY RECORDS:
      ->  dominio.local
          type = SOA, class = IN, dlen = 46
          ttl = 3600 (1 hour)
          primary name server = srv-dcfs-01.dominio.local
          responsible mail addr = hostmaster
          serial  = 41
          refresh = 900 (15 mins)
          retry   = 600 (10 mins)
          expire  = 86400 (1 day)
          default TTL = 3600 (1 hour)
  SendRequest(), len 28
      HEADER:
          opcode = QUERY, id = 3, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0
      QUESTIONS:
          google.com, type = A, class = IN
  DNS request timed out.
      timeout was 2 seconds.
  timeout (2 secs)
  SendRequest failed
  *** Request to srv-dcfs-01.dominio.local timed-out
  As you can see highlighted in bold, the problem remains in the "recursive query to other DNS Servers" check.
  Maybe is better to put the issue on the "Windows Server General Forum" , because the issue has not nothing in common with the ISA Server, dont you?
  Thanks
  Best regards