question

OlegLutskyi-4374 avatar image
0 Votes"
OlegLutskyi-4374 asked DSPatrick commented

Windows server 2012R2 DNS issue

Hi there,
We have two DCs. One installed in the office DC1 (192.168.20.21) and the other in the cloud MainDC (172.31.32.40).
ipcpnfig DC1:

Windows IP Configuration

Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

PPP adapter RAS (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interfac
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.20.60(Preferre
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter NIC1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gig
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . : 192.168.20.21(Preferre
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DHCPv6 IAID . . . . . . . . . . . : 315105126
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-C8-6F-C

DNS Servers . . . . . . . . . . . : 172.31.32.40
192.168.20.21
NetBIOS over Tcpip. . . . . . . . : Enabled


Ipconfig DC2:

Windows IP Configuration

Host Name . . . . . . . . . . . . : MainDC
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AWS PV Network Device #
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . : 172.31.32.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.31.32.1
DHCPv6 IAID . . . . . . . . . . . : 319697556
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-FC-B5-3D

DNS Servers . . . . . . . . . . . : 192.168.20.21
172.31.32.40
NetBIOS over Tcpip. . . . . . . . : Enabled


On DC1 we received every 15 min Error 4015: "The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error."
From MainDC Error 4015 AND 4004: "The DNS server was unable to complete directory service enumeration of zone TrustAnchors. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error."

Replication is currently working fine. All data is mirrored. Ping passed between DCs. But nslookup result:
From MainDC:

Server: UnKnown

Address: 192.168.20.21

Name: domain
Addresses: 172.31.32.40
192.168.20.21

From DC1:

DNS request timed out.

timeout was 2 seconds.
Server: UnKnown
Address: 172.31.32.40

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

Please advise what I missed in configuration and how to fix this issue. Thank you!







windows-server-2012windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Multi-homing a domain controller will always cause no end to grief for active directory DNS. Install the RRAS roles on it's own instance of windows.

--please don't forget to upvote and Accept as answer if the reply is helpful--


· 6
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image DSPatrick ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
OlegLutskyi-4374 avatar image OlegLutskyi-4374 DSPatrick ·

Hi,

Thanks for you reply. As is it only one recommendation and we also thinking before about transferring RRAS to another servers. So, yes, we will try and it's require a time, of course.

0 Votes 0 ·
DSPatrick avatar image DSPatrick OlegLutskyi-4374 ·

Sounds good, please don't forget to close up the thread by 145510-image.png




0 Votes 0 ·
DSPatrick avatar image DSPatrick OlegLutskyi-4374 ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
Show more comments
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered OlegLutskyi-4374 commented

Hi there,

The DNS Server service relies on Active Directory Domain Services (AD DS) to store and retrieve information for AD DS-integrated zones.

This error indicates that AD DS is not responding to requests from the DNS Server service. Ensure that AD DS is functioning properly, troubleshoot any problems, and then restart the DNS Server service.

You can follow the troubleshooting steps from the below article and see if that helps you
Event ID 4015 — DNS Server Active Directory Integration https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735674(v=ws.10)?redirectedfrom=MSDN


--If the reply is helpful, please Upvote and Accept it as an answer–

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OlegLutskyi-4374 avatar image OlegLutskyi-4374 ·

The DNS service has been rebooted many times as well as the servers in general, it does not help.

0 Votes 0 ·