Hi,

We are in the process of upgrading Exchange 2007 to 2010.  In the process we are running dcdiag with the /a switch and the result below.

We have checked our dns server and found this to be "we think" correctly configured.

is there any way we can be pointed in the correct direction to resolve this issue before proceeding with the upgrade.

Many Thanks

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = RAD01PPWDC01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: RAD01\RAD01PPWDC01

      Starting test: Connectivity

         The host 3edd0255-ac86-4d77-9218-458a1984dbce._msdcs.radford.internal

         could not be resolved to an IP address. Check the DNS server, DHCP,

         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... RAD01PPWDC01 failed test Connectivity

   
   Testing server: RAD01\RAD01PVWDC02

      Starting test: Connectivity

         ......................... RAD01PVWDC02 passed test Connectivity

   
   Testing server: RAD01\RAD02PPWDC01

      Starting test: Connectivity

         ......................... RAD02PPWDC01 passed test Connectivity



Doing primary tests

   
   Testing server: RAD01\RAD01PPWDC01

      Skipping all tests, because server RAD01PPWDC01 is not responding to

      directory service requests.

   
   Testing server: RAD01\RAD01PVWDC02

      Starting test: Advertising

         ......................... RAD01PVWDC02 passed test Advertising

      Starting test: FrsEvent

         ......................... RAD01PVWDC02 passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... RAD01PVWDC02 failed test DFSREvent

      Starting test: SysVolCheck

         ......................... RAD01PVWDC02 passed test SysVolCheck

      Starting test: KccEvent

         ......................... RAD01PVWDC02 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... RAD01PVWDC02 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... RAD01PVWDC02 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... RAD01PVWDC02 passed test NCSecDesc

      Starting test: NetLogons

         ......................... RAD01PVWDC02 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... RAD01PVWDC02 passed test ObjectsReplicated

      Starting test: Replications

         ......................... RAD01PVWDC02 passed test Replications

      Starting test: RidManager

         ......................... RAD01PVWDC02 passed test RidManager

      Starting test: Services

         ......................... RAD01PVWDC02 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x0000002F

            Time Generated: 04/15/2013   15:11:07

            Event String:

            Time Provider NtpClient: No valid response has been received from manually configured peer 2.au.pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.

         A warning event occurred.  EventID: 0x0000002F

            Time Generated: 04/15/2013   15:12:11

            Event String:

            Time Provider NtpClient: No valid response has been received from manually configured peer 0.au.pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.

         A warning event occurred.  EventID: 0x0000002F

            Time Generated: 04/15/2013   15:17:03

            Event String:

            Time Provider NtpClient: No valid response has been received from manually configured peer 3.au.pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.

         A warning event occurred.  EventID: 0x0000002F

            Time Generated: 04/15/2013   15:18:07

            Event String:

            Time Provider NtpClient: No valid response has been received from manually configured peer 1.au.pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:27:27

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!RAD01PVWPS02!ITS-HPCLJ3600 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:27:27

            Event String:

            Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:27:30

            Event String:

            Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

         A warning event occurred.  EventID: 0x00000010

            Time Generated: 04/15/2013   15:51:02

            Event String:

            Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

         ......................... RAD01PVWDC02 failed test SystemLog

      Starting test: VerifyReferences

         ......................... RAD01PVWDC02 passed test VerifyReferences

   
   Testing server: RAD01\RAD02PPWDC01

      Starting test: Advertising

         ......................... RAD02PPWDC01 passed test Advertising

      Starting test: FrsEvent

         ......................... RAD02PPWDC01 passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... RAD02PPWDC01 failed test DFSREvent

      Starting test: SysVolCheck

         ......................... RAD02PPWDC01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... RAD02PPWDC01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... RAD02PPWDC01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... RAD02PPWDC01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... RAD02PPWDC01 passed test NCSecDesc

      Starting test: NetLogons

         ......................... RAD02PPWDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... RAD02PPWDC01 passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,RAD02PPWDC01] A recent replication attempt failed:

            From RAD01PPWDC01 to RAD02PPWDC01

            Naming Context: CN=Schema,CN=Configuration,DC=radford,DC=internal

            The replication generated an error (8524):

            The DSA operation is unable to proceed because of a DNS lookup failure.

            

            The failure occurred at 2013-04-15 15:41:05.

            The last success occurred at 2013-04-15 14:52:14.

            2 failures have occurred since the last success.

            The guid-based DNS name

            3edd0255-ac86-4d77-9218-458a1984dbce._msdcs.radford.internal

            is not registered on one or more DNS servers.

         [Replications Check,RAD02PPWDC01] A recent replication attempt failed:

            From RAD01PVWDC02 to RAD02PPWDC01

            Naming Context: CN=Schema,CN=Configuration,DC=radford,DC=internal

            The replication generated an error (1908):

            Could not find the domain controller for this domain.

            The failure occurred at 2013-04-15 15:42:05.

            The last success occurred at 2013-04-15 14:52:14.

            2 failures have occurred since the last success.

            Kerberos Error.

            A KDC was not found to authenticate the call.

            Check that sufficient domain controllers are available.

         [Replications Check,RAD02PPWDC01] A recent replication attempt failed:

            From RAD01PPWDC01 to RAD02PPWDC01

            Naming Context: CN=Configuration,DC=radford,DC=internal

            The replication generated an error (8524):

            The DSA operation is unable to proceed because of a DNS lookup failure.

            

            The failure occurred at 2013-04-15 15:36:04.

            The last success occurred at 2013-04-15 14:52:14.

            1 failures have occurred since the last success.

            The guid-based DNS name

            3edd0255-ac86-4d77-9218-458a1984dbce._msdcs.radford.internal

            is not registered on one or more DNS servers.

         [Replications Check,RAD02PPWDC01] A recent replication attempt failed:

            From RAD01PVWDC02 to RAD02PPWDC01

            Naming Context: CN=Configuration,DC=radford,DC=internal

            The replication generated an error (1908):

            Could not find the domain controller for this domain.

            The failure occurred at 2013-04-15 15:38:34.

            The last success occurred at 2013-04-15 14:52:14.

            1 failures have occurred since the last success.

            Kerberos Error.

            A KDC was not found to authenticate the call.

            Check that sufficient domain controllers are available.

         ......................... RAD02PPWDC01 failed test Replications

      Starting test: RidManager

         ......................... RAD02PPWDC01 passed test RidManager

      Starting test: Services

         ......................... RAD02PPWDC01 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 04/15/2013   15:33:18

            Event String:

            Name resolution for the name _ldap._tcp.dc._msdcs.radford.internal timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x00000C18

            Time Generated: 04/15/2013   15:33:31

            Event String:

            The primary Domain Controller for this domain could not be located.

         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 04/15/2013   15:33:39

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:33:49

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 04/15/2013   15:33:57

            Event String:

            Name resolution for the name _ldap._tcp.radford.internal timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:34:16

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x00002724

            Time Generated: 04/15/2013   15:34:18

            Event String:

            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

         A warning event occurred.  EventID: 0x00000081

            Time Generated: 04/15/2013   15:34:36

            Event String:

            NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

         An error event occurred.  EventID: 0xC2000001

            Time Generated: 04/15/2013   15:34:38

            Event String: Unexpected failure. Error code: 490@01010004

         A warning event occurred.  EventID: 0x00000081

            Time Generated: 04/15/2013   15:34:38

            Event String:

            NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

         An error event occurred.  EventID: 0x00000423

            Time Generated: 04/15/2013   15:34:42

            Event String:

            The DHCP service failed to see a directory server for authorization.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:34:43

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0x00000423

            Time Generated: 04/15/2013   15:34:54

            Event String:

            The DHCP service failed to see a directory server for authorization.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:35:10

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0x00000469

            Time Generated: 04/15/2013   15:35:22

            Event String:

            The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:35:37

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:36:04

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:36:31

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 04/15/2013   15:36:49

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/RAD02PPWDC01.radford.internal; WSMAN/RAD02PPWDC01.


         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:36:58

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00A0038

            Time Generated: 04/15/2013   15:37:11

            Event String:

            The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 172.26.100.32.

         An error event occurred.  EventID: 0x00000469

            Time Generated: 04/15/2013   15:37:15

            Event String:

            The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:37:19

            Event String:

            Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:37:20

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!RAD01PVWPS02!ITS-HPCLJ3600 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:37:22

            Event String:

            Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:37:25

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:37:52

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/15/2013   15:38:19

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/15/2013   15:39:11

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'radford.internal.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/15/2013   15:49:26

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'radford.internal.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/15/2013   15:49:34

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.radford.internal.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/15/2013   15:49:34

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.radford.internal.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00000081

            Time Generated: 04/15/2013   15:49:43

            Event String:

            NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

         A warning event occurred.  EventID: 0x00000081

            Time Generated: 04/15/2013   15:49:44

            Event String:

            NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

         A warning event occurred.  EventID: 0x00000081

            Time Generated: 04/15/2013   15:49:47

            Event String:

            NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

         A warning event occurred.  EventID: 0x00000081

            Time Generated: 04/15/2013   15:49:48

            Event String:

            NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:52:24

            Event String:

            Driver HP Color LaserJet 3600 required for printer !!RAD01PVWPS02!ITS-HPCLJ3600 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/15/2013   15:52:24

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\radford.internal\SysVol\radford.internal\Policies\{5E6E8D57-6C8C-4868-A402-715F3DFE1048}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:52:25

            Event String:

            Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/15/2013   15:52:26

            Event String:

            Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.

         ......................... RAD02PPWDC01 failed test SystemLog

      Starting test: VerifyReferences

         ......................... RAD02PPWDC01 passed test VerifyReferences

   
   
   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=radford,DC=internal) we

            encountered the following error retrieving the cross-ref's

            (CN=15934885-fc90-49d6-9b06-9cce03bb6eb3,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=radford,DC=internal) we

            encountered the following error retrieving the cross-ref's

            (CN=15934885-fc90-49d6-9b06-9cce03bb6eb3,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=radford,DC=internal) we

            encountered the following error retrieving the cross-ref's

            (CN=4df4ae6e-9956-4537-8aa4-f2ddca964490,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=radford,DC=internal) we

            encountered the following error retrieving the cross-ref's

            (CN=4df4ae6e-9956-4537-8aa4-f2ddca964490,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition

            (CN=Schema,CN=Configuration,DC=radford,DC=internal) we encountered

            the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... Schema failed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=radford,DC=internal) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... Configuration failed test CrossRefValidation

   
   Running partition tests on : radford

      Starting test: CheckSDRefDom

         ......................... radford passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=radford,DC=internal) we encountered the

            following error retrieving the cross-ref's

            (CN=ADRADFORD01,CN=Partitions,CN=Configuration,DC=radford,DC=internal)

             information:
               LDAP Error 0x3a (58).
         ......................... radford failed test CrossRefValidation

   
   Running enterprise tests on : radford.internal

      Starting test: LocatorCheck

         ......................... radford.internal passed test LocatorCheck

      Starting test: Intersite

         ......................... radford.internal passed test Intersite

DHCP database is backed up every 60 minutes, it overwrites existing backup file, does anyone have script to schedule backup weekly to file server or create a dump on file server?

Usman Ghani - MCITP Exchange 2010

Hi,

I have a strange issue.  Recently we have noticed dynamically registered IPv4 addresses disappearing from our internal Windows DNS forward lookup zones.

I don't run our very large DNS environment, so unfortunately, I can't examine the configuration.  The problem seems to be tied to Windows servers with IPv6 enabled (windows 2008 and Windows 2008 R2 servers).

In our Windows server configuration, we allow the check mark for "Allow this connection to be registered in DNS" to be selected in the TCP/IP settings of the production IP address for the server.

Periodically, we have noticed that the IPv4 A records disappears from DNS while the AAAA IPv6 address for the server remains in tact. 

I have been troubleshooting this problem from the server side (DNS client side).  It appears that if I disable 6TO4 IPv6 addresses from the server and then restart the server, the problem goes away (IPv4 address comes back in DNS after the reboot).  To disable IPv6 transition technologies, we implement DISABLECOMPONENTS = 1.

Although, this work around seems to solve all of our problems, I don't understand why the IPv4 address gets removed in the first place?  I suspect a misconfiguration on the DNS server.

More information:

Overall IPv6 Problem: By default, the 6to4 tunneling protocol is enabled in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 when an interface is assigned a public IPv4 address (that is, an IPv4 address that is not in the ranges 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). 6to4 will automatically assign an IPv6 address to the 6to4 tunneling interface for each such address that is assigned, and 6to4 will dynamically register these IPv6 addresses on the assigned DNS server. If this behavior is not desired, we recommend disabling IPv6 tunnel interfaces on the affected hosts. In the company network, it also appears that IPv6 registration sometimes causes IPv4 A records to be removed in DNS. Microsoft has informed us that this http://support.microsoft.com/kb/2782438 might be the reason for the behavior. But I am still pressing to root cause because we are not using DHCP in our server vlans.

Using the options to disable IPv6 described in article 929852 is fully supported by Microsoft: Microsoft Answer: "Disabling IPv6 is not recommended but it's completely supported, but you might have to enable it back in future if you are going to implement new technologies like DirectAccess etc, which needs IPv6."

Microsoft recommends that we use DisabledComponents = 1 for all Windows 2008 and Windows 2008 R2 servers that are problematic: This will disable IPv6 transition technologies and Servers will not get IPv6 address

It has also been asked that instead of disabling IPv6 on all of our Windows servers can we just disable IPv6 on the DNS servers: Microsoft Answer: disabling IPv6 only on DNS Servers will not help, as it will not stop clients from registering their IPv6 address.

Disabling IPv6 will impact applications that require IPv6. The known application services are: HomeGroup and DirectAccess -- we do not believe our company is currently using these technologies.

We recently upgraded our Domain from 2003 to 2008 R2.  We are also running DNS (AD Integrated).  The old Domain Controllers have been retired, roles moved to the new AD controllers, and DNS entries for them have been removed.  DHCP scope has been updated with the new DNS servers.

Since we have made the change, we have an issue where the same URL (for our internal Helpdesk Site) will stop responding.  This impacts IT only, as we are the only ones that access the site.  The other thing that seems to be similar is the clients accessing/having issues are running Windows 7 x64.  My colleague is still running Windows XP - and never has the issue.

What will happen is we will go to the URL - it will work most of the day for me, but through out the day (maybe once or twice) I will get Page cannot be displayed.  When that occurs the following is also true:

1) I cannot ping the URL (get unknown host).

2) If I do an nslookup however -> the DNS server provides the correct IP to FQDN

I always end up having to ipconfig /flushdns and then ipconfig /registerdns.  At this point I am not sure if it is client related, or DNS related.  The reason I am posting here, is because of the recent changes in our infrastructure.

Should also advise - I am on the same network/location as the DNS servers.  There is no firewall between us.  It is always the same URL that has issues.  (There is a second one that also has problems).  All other URLs/FQDN's are working fine.  We have no issues with forwarders - internet resolution is working from all locations.

I already have a RADIUS/NPS deployed. My current solution is the WIN2008R2 NPS and help me authenticating 802.1X clients (HP Switches), Alcatel IP Phones (MD5 enabled) and VPN PPTP Clients (incoming connections through a Fortigate appliance)

Now, i need to solve a problem with my Ruckus Zone Director and a limitation of 128 MAC addresses per SSID in my controlled SSID

To avoid the 128 MACs limitation someone suggested to use MAC Address Authorization, see:

http://forums.ruckuswireless.com/forums/8/topics/885



But as far as i know, i need to make changes in the NPS that can turn the current configurations impossible to use without impacting my 802.1X, VPN and IP Phone clients.


NPS: Override User-Name
http://technet.microsoft.com/en-us/library/dd197553(v=ws.10).aspx



"...

If you set Override User-Name to 1 and the User Identity Attribute to 31, the authenticating server can perform only Automatic Number Identification/Calling Line Identification (ANI/CLI)-based authentication. Normal authentication by using authentication protocols, such as Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) and Extensible Authentication Protocol (EAP), is disabled
..."


So, how can i deploy NPS MAC Address authentication using my current NPS deployment without changing my current configurarions, just adding?








MAC Address Authorization
http://technet.microsoft.com/en-us/library/dd197535(v=ws.10).aspx


NPS: User Identity Attribute
http://technet.microsoft.com/en-us/library/dd197523(v=ws.10).aspx

I have one Server run Web Services with IIS + TMG 2010 (Server is not Domain Controler, it's Workgroup)

+ I have a problem with Event ID 1005 - ADWS, but can not solve this problem:

Event ID : 1005-ADWS

Detail : Active Directory Web Services could not change its advertising state. The Netlogon service might not be running. Restart Netlogon and then restart Active Directory Web Services.

Pls help me solve this problem.

Thanks and best your regard.

Hi All,

i am configuring a windows server 2012 as a VPN server for my company, the server is located at our DMZ zone as below:

Internal - FW2 - DMZ - FW1 - Internet - Client

this server is not joining domain and using standalone CA. i have tried to cofigure the server following some guides that i have read over internet and got stuck at a part where i need to use the Certification Template to setup the Online Responder template. as i am using local account and is not joined domain, i did not have Certification Template at my CA console. is there a way that i can setup RRAS server at DMZ zone without joining domain?

DC/DNS: Windows Server 2008 R2

Zone: contoso.com

I set up several sub zones under contoso.com, like a.contoso.com, b.contoso.com on the DNS servers. Is there a way to delegate the administrative permissions of a.contoso.com zone to AdminA, and delegate b.contoso.com zone to AdminB? It looks like I can only configure the security settings on contoso.com level.

Hi All,

I have one web server with hostname "CHN-VM-001" with IP address of 10.200.2.10. I have added CNAME "kb" to this server and we have one more file share server with IP of 10.200.2.54. Now i migrated the share from 10.200.2.54 to 10.200.2.10 and i shutdown existing 10.200.2.54 server, added 10.200.2.54 as a secondary IP in 10.200.2.10 server. Now, when i ping "kb" it shows 10.200.2.54. i need 10.200.2.54 only for windows share\\10.200.2.54 and remaining services should work through 10.200.2.10 IP Address.what should i do? 

Dhakshinamoorthy Balasubramanian

Hello!

We have 2 dc and rras server in Datacenter VMware vSphere, they are behind cisco router, port 1723 redirects to RRAS server.

RRAS server uses only PPTP connections.

I tried two configs: using DHCP relay and using static ip address range. Using both of theese configs I can't resolve hostnames from DNS server when connected with vpn.

How can I make such config:

- dedicaded subnet for vpn users

- vpn hosts can resolve hostnames with DNS

- Other hosts can see vpn hosts

Is it possible to make such configuration?

I have a DHCP in the Domain Controller and I want to provide access to a secruity group. I see the local group Named "Dhcp Administrator" and "DHCP users" are moved to the Active Directory. However even after adding the Group to DHCP user, the user still not able to access it. How, we have 3 such DHCP server all in the Domain Controller. I am not sure if that cause an issue, but looking out if there can be any alternative to solve this out

Hi all,

Currently, we have two  Windows 2008 R2 DHCP servers with split scope.
Due to budget, we need to move one of two Windows 2008 R2 DHCP servers to different site.
since the lease duration is 8 days, most leased IPs will be expired next week.
But, we have to shutdown one DHCP server today.
I think that I am going to delete exclusion and that's it.
Will those leased IPs (on DHCP server that will be taken off) that expire next week will
be fine?

Can anyone help?

Thank you.

Hi all. Easy question hopefully.. I currently have about 250 reverse zones, mostly class Cs. I did some analysis and found that this still doesn't include all the Cs covered by our DHCP scopes. Instead of adding additional class C zones, I'd like to create two class Bs to cover the ranges being passed out by DHCP. My question is whether this will have an effect on the existing class Cs, or in other words, will the more "specific" reverse zones get priority for queries and dynamic updates, or will I need to create delegations to the other zones? Long-term, I'd like to collapse all the Cs into the two Bs.

For example, suppose we have:

10.20.30.in-addr.arpa
12.20.30.in-addr.arpa

What happens if I create 20.30.in-addr.arpa? If you can reference any documentation I'd appreciate it.

Thanks!

Paul

hello,

small environ ment

1- windows  2008 R2 std roles ADC/DNS/user profiles

2- windows 2008 R2 Std 2nd ADC/FS

clients are all win7 pro X64-all clients are static

every once in a while (a couple of times a day) the ADC becomes inaccessible from the client side. no consistance what so ever, i cannot see any error messages in the event viewer.  the error persists for a few minutes and then it is back again. browsing the network will show the server but cannot access it either. UNC not work..

tried:

-disable AV (using AVG)

-disable all power management (just in case)

-test on the NIC shows no problems, updated NIC driver..

Any ideas ??

Here is my scenario:  creating a domain trust for an AD migration.  Setting up DNS between DomainA.COM and DomainB.com.  DomainA.com has DNS/AD servers spread across many global locations.  There is a VPN tunnel between the two sites that only allows traffic between the main site of DomainA and main site of DomainB. 

When I create a stub zone in DomainB, it downloads the Name Servers for DomainA from all over the globe, even locations to which DomainB is not allowed to contact based on the site to site VPN rules.  Therefore, when resources try to resolve a ping to DomainA.com, for example, sometimes the request is sent to an AD/DNS server that DomainB cant contact.

How can I tell DNS in domainB to only contact the primary domain controllers in domainA, and not randomly selecting a DNS server from around the globe (and vice versa)? 

-- Ron Williams http://www.r0nwilliams.com

I am trying to set up globalnames zone to work on Windows 2008R2. A domain mydomain.dir contains just two DCs and no other servers.

I created it as described in http://technet.microsoft.com/en-ca/library/cc731744.aspx

I also read the following http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/8953820a-3f2f-4929-9a3e-2b0731b80e04 and http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/8953820a-3f2f-4929-9a3e-2b0731b80e04/

I ran the dnscmd servername /config /enableglobalnamessupport 1 on the server

I checked that EnableGlobalNamesSupport is set to 1 in the registry.

I restarted DNS service.

I created a GlobalNames forward-lookup zone - Active Directory integrated, primary, replicate to all DNS in the forest (I also tried to all DNS in domain), no dynamic updates.

I created a zone singlelabel.dir on the same server and added  an A record to it for SRV1.

I created a CNAME record in the GlobalNames zone to SRV1 pointing to  SRV1.singlelabel.dir.

I am trying resolution from the DNS server itself.

I can resolve SRV1.singlelabel.dir and SRV1.globalnames, but I cannot resolve SRV1.

What did I do wrong?

Hi,

I have setup RRAS on my server.

It has two virtual networks cards.

NIC 1 is connected to an external virtual switch and NIC 2 is connected to an virtual internal switch.

RRAS is set to use NIC 1 for internet access using NAT.

Everything works ok.

I want to add a DHCP server on the internal side that will distribute ip's.

What I was wondering is, what scope settings would I need to add?

i.e would I still need to specify any DNS or Gateway settings?

Thanks

Hi All,

I'm getting the below warning messages on daily basis on my WINS Server. Actually Wins & DHCP installed in clustered setup on Domain controllers running on 2008 R2. Pls help to reolve this meassages.

Source:  Wins, Event ID: 4343

Description:The WINS server noticed chance of duplicate name registration from 172.20.28.63 address for the Node SCI_MANOTE      ( 172.20.102.87 ).