Server Domain Problems

[patseguin Global Moderator]

I own a small business and run Windows Server 2008 R2 and about 7-8 workstations. The problem I've run into recently is odd network behavior on my workstation. For instance, every morning I come in and there's an X through all my shared network drives (not mapped but set in my user profile on the server) when they worked perfectly the previous day. I have to reboot the computer in order to get them back. I also started having an issue where websites would not load until I hit reload in the browser a bunch of times. I solved this one by changing the DNS server addresses on my workstation. I also have developed a problem printing to network printers until a reboot.

Just for information, my server address is 192.168.10.2 and the default gateway is 192.168.10.1. All my workstations have static IP's, for instance my personal workstation is 192.168.10.40

What could possibly have changed to make my network so messed up? I've noticed this behavior on 2 other workstations. Do I need to change some setting on the server in Administrative Tools? I barely ever touch the server so I don't know what could have gone wrong.

[Dan~]

Hmm sounds odd, so it has been working in the past without the issues and all of a sudden they've started to happen?

The first thing i'd check tbh is the time on the DC, then look at each machine and ensure the same time is there, as it sounds abit like a credential failure, which can occur if times are out, usually anymore than 5 mins is considered a big chance difference in Active Directory.

Report back your findings, I wouldn't want to say do this and do that if it has worked in the past without any modifications occuring, would make sense for this to happen if you/someone has been playing around.

[patseguin Global Moderator]

Yeah all of a sudden. The only change I did do was upgrade AVG Business Edition to the latest version. I just checked the time on the DC and it's exactly the same as my workstation. Your line of think does seem to make sense since this literally happens over night. Is there something I should do to make sure my time is properly synchronized with the DC at all times?

[articuno1au]

Time drift is pretty rare in computers.

I would be inclined to think that AVG is related as you changed that right before the issues presented.

[+BudMan MVC]

"I solved this one by changing the DNS server addresses on my workstation."

What did you change it too? the ONLY dns that a member of a domain should point to is the AD dns, normally in small setup this is the one DC they have. If you are pointing to your isp, googledns, opendns, etc. on the workstation even if added as secondary then yeah your going to have nothing but grief with your AD.

googledns does not know anything about your AD. Clients need to talk to AD dns, AD dns then forwards to googledns, isp dns, etc. or looks up from roots directly. If you were having issues with looking up websites, this tells me you have something wrong setup in your AD dns.

[patseguin Global Moderator]

"I solved this one by changing the DNS server addresses on my workstation."

What did you change it too? the ONLY dns that a member of a domain should point to is the AD dns, normally in small setup this is the one DC they have. If you are pointing to your isp, googledns, opendns, etc. on the workstation even if added as secondary then yeah your going to have nothing but grief with your AD.

googledns does not know anything about your AD. Clients need to talk to AD dns, AD dns then forwards to googledns, isp dns, etc. or looks up from roots directly. If you were having issues with looking up websites, this tells me you have something wrong setup in your AD dns.

The website loading errors got to be so annoying that I changed them to 4.2.2.1 and 4.2.2.2

I know what you're saying and for years I pointed it to the AD DC by using 192.168.10.1. I could change it back but would that have anything to do with these other issues?

[+BudMan MVC]

Sorry you NEED to point to your AD for dns - maybe there is something wrong with it resolves outside domains slow. FIX IT!!

How do you resolve your AD records if your not usnig its DNS? 4.2.2.2 does not know about it for damn sure.

If your AD is having issues with resolve outside domains - then you Need to FIX that. And yes not pointing to your AD dns could cause all kinds of issues like not being able to auth to stuff, stuff being disconnected, not being able to log in or taking a LONG time to, etc. etc.

Having issue finding the MS article that lists it as one of the top mistakes, but here

http://mcpmag.com/ar...ur-network.aspx

10 DNS Errors That Will Kill Your Network

1. TCP/IP Configuration Points to Public DNS Servers

This is by far the most common DNS error. Each network interface has a set of TCP/IP settings that lists the DNS servers used by that interface.

If the TCP/IP settings for a member computer specify the IP address of a public DNS server?perhaps at an ISP or DNS vendor or the company?s public-facing name server?the TCP/IP resolver won?t find Service Locator (SRV) records that advertise domain controller services, LDAP, Kerberos and Global Catalog. Without these records, a member computer can?t authenticate and get the information it needs to operate in the domain. It then acts like a teenager who can?t get the car keys, growing sullen and exhibiting a variety of bad behaviors.

[patseguin Global Moderator]

I pointed my workstation DNS servers to the DC and website loading problems started immediately. When I went back to the ones listed above, everything went back to normal.

I just don't know how there can be any "DNS errors" when my Domain has worked fine for 10 years.

[sc302 Veteran]

you need to learn active directory and dns....

cliffs:

dns....setup forwarders in your ad dns to your dns servers that are not having issues. uncheck use root hints if no forwarders are available.

clients use the ad dns server for all lookups. also the ad server points to its ip in tcpip properties, not the loop back.

[+BudMan MVC]

"I just don't know how there can be any "DNS errors" when my Domain has worked fine for 10 years."

Well where are you forwarding your non authoritative zone lookups too on your AD dns? As sc302 points out on your AD dns you can have it either use root hints or your isp dns or some other dns server.

FACT!!! - All members of AD NEED!!! and Require to ONLY use your AD for dns, if they point or have multiple entries to other outside dns, then your going to have issues with your AD, plain simple FACT!! The only dns that knows anything about your AD is your AD dns, googledns sure and the hell does not have your srv records, nor does 4.2.2.2, etc. So if you ask them for stuff about your AD, your going to get back nxdomain. This is going to cause you NOTHING but pain!!!

Point your clients to your AD dns, and then work out why your AD dns can not resolve google.com, neowin.net, etc.