Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bad DNS causing 1-hour boot time

Status
Not open for further replies.
Cervantes

Cervantes

MIS
Apr 1, 2003
147
CA
Hi;
Running AD and DNS on a 1Ghz Win2k advanced server with 384 mb ram. I'm setting it up to take over from the existing PDC, which is woefully inadequate and also probably not configured right. For the new server, boot time when it's unplugged from the network is fine, boot time when it's plugged in is miserable. From what I've read so far, this would indicate a DNS problem. However, as much as I can find places to say "don't do this or that", I haven't found one to tell me what I *should* be seeing in my DNS tree.

I've ensured that my ISP is not set in the servers DNS. The original PDC seems to have the required records, however, even though I added PCs to the domain in the past, lately it isn't working ("domain not found" error).

I'm sure the answer will be apparent once I've had some sleep, but, for now... :)

As soon as this works, I'll be nuking the existing PDC, so if anyone could let me know what DNS setting I should be seeing for my new server, I'd greatly appreciate it. (or, if there might be something else).

Thanks!
Cerv
 
Sort by date Sort by votes
I wouldn't have said it was DNS, but I've been wrong lots of times.

Minimum spec for Windows 2000 Standard Server is 256MB. Add advanced, AD, DNS and anything else you are running is going to seriously slow it down. On its own, maybe you can get away with it, but on a network with another DC, it will run like a dog.

Try increasing the RAM, bringing it up then migrate the FSMOs to the new box, migrate anything else possible and DCPromo the old box out gracefully. That may well increase the performance for you.

Why Advanced Server on a box/domain like that?

<signature sold. new owner moving in shortly>
 
Upvote 0 Downvote
This is no way a ram issue. No server takes this long to boot properly, no-matter how inadiquate the spec. It certainly sounds like DNS or firewall.

Check in the network settings for your servers network card you have the correct DNS server IP's. Usually the machines IP address itself.

Check you have setup any local software firewall correctly. If you have a software firewall, try disabling it for a boot and see if it helps. If it does, you know what the culprit is.

Check the DNS and Reverse DNS entries for your server are correct.

If other services the server uses from other network machines check their IP addresses are correct in DNS

Check DNS service actually starts correctly. Telnet to your server on port 53... if you get a flashing cursor on a blank screen, DNS is up. Connection failure... DNS isnt even responding. Try this from another PC and the server itself.

Check Subnet masks and IP addresses are correct and check any DHCP servers are giving out the correct DNS server settings (etc).

Robert Bentley

SynergyworksHosting.co.uk
"reliable services at realistic prices
 
Upvote 0 Downvote
DNS Guidelines:

1) Do not point any server or workstations directly to ISP DNS in thier local TCP/IP properties. DNS is required for Windows 2000/2003 domain communication. Pointing to the ISP will break domain communication...seeing how the ISP will not "know" anything about your internal domain.

2) You must have DNS working internally. When you install DNS, make sure that you have created a DNS structure for your internal Windows 2000/2003 domain (normally, you will allow the DCPROMO setup wizard do this for you.)

3) Once your DNS has been setup internally, you can create forwarder on your DNS server to forward internet bound requests to your ISP DNS servers. (In Windows 2000, you will have to delete the DNS "." root zone to allow for forwarders configuration. )

4) If you are having slow boots or logons, you should suspect DNS problems. This is because DNS is used (on the client Server/workstation) to logon to the domain. A good way to check DNS is by using the NSLOOKUP command line tool. NSLOOKUP works kind of like PING...but uses ONLY DNS queries to check resolution.

NSLOOKUP can be used to check to see if your domain controllers are registered in DNS... Just type in the domain name: domain.local You should get a response showing all of your DC IP addresses.

5) All clients should have the proper DNS Suffix. If your domain name is domain.local, domain.local should be listed as a domain suffix in the clients TCP/IP settings. If the suffix is not correct, your clients will not be able to query DNS properly. (again, use NSlookup to test this. If resolution does not work by just typing the HOST name (meaning that you have to type the host.domain.com to get resolution, then you suffix is not correct.)

6) Make sure that the DNS services are started. Sometimes, this service does not start or is disabled for some reason, you must make sure that your DNS servers have the DNs service started.

7) check your Event Viewer logs on the problematic computer. If you are having a slow boot, you will probably see the errors all over the event log.

...at least this might help a little...



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Hi All;
Thanks for the replies. In specific answer:

I know the RAM is a touch below spec, but I'm thinking something is quite wrong when this thing takes longer to boot than my original, stop-gap server, which was (wait for it)... a P200 Pro, 96MB RAM, 2G HD. God that thing was painful.

I used AS because, well, it's what I had handy. :)

I've confirmed the only DNS server in the TCP/IP setup of the server is itself, 10.0.0.13

No local firewall right now, this is a fresh install behind my hardware firewall, so I thought I'd get things working and *then* break it with a firewall.

The DNS is listing a mix of the old and new server in various records. Is it safe (once all services are up) to remove server-related DNS entries for the old server, leaving it with only a standard forward and reverse?

These are the only two servers on the network, there's nothing else dependant. The only other network services are DHCP and firewall, both handled by my router right now for reasons too boring to explain.

I can telnet to port 53 on the new server from the new server, and from the old server. I can connect from a 2000 client, but not from the XP client I'm using (it sits on "connecting to...")

My subnet masks for all PCs and servers are 255.255.248.0 and my DNS server is set properly in the DHCP server.

NSLookup was reporting 2 IPs for the new server (old DNS entry when I mistyped during config). I removed it, and now it only reports:
> dungeon.local
Server: acheron.dungeon.local
Address: 10.0.0.13

Name: dungeon.local
Address: 10.0.0.2
Click to expand...

Where .13 is the new server and .2 is the old server.

I do have the DNS forwarder set up to my ISPs primary and secondary DNS, and do not have those DNS addys listed anywhere else.

For the domain name, I was origionally able to use just "Dungeon" (a bad inside joke) without problem, but lately it seems to be recognizing that less, and "Dungeon.local" more. Any ideas why? I haven't made any changes to the server in quite a while. Honestly, I'd prefer to use just "Dungeon", because this domain will never be accessed externally.

And, finally (cheers?) my event log is filling up with warnings that all seem to be centred around not finding the PDC.

Anyways, that's the long of it. Thanks to all the good suggestions, I think I may have cleared up a few things just in running through them. Yes, it does seem to be DNS-centric, and no, I probably won't set it right if someone doesn't shove me in the right direction. :) I seem to be cursed with this new server to have everything go wrong. (I'm not kidding... the original case cracked, the old mainboard got hosed, the new one the fan died on, and then the old CPU died, and then the new board and cpu had to be shoehorned into the case... it's been an adventure).

So, I guess what I need to know now is: What DNS 'stuff' do I set to tell my little world that there's a new server in town? I remember having to do several DNS records when I set up the first server, because the domain wasn't registering correctly in there. What, why, and how are eluding me, so... can anyone point me where I should be? :)
 
Upvote 0 Downvote
Get rid of any records that refer to a non-existant server.

If you do that and still have problems, you need to run netdiag /v to get a sense of what is wrong in DNS.
 
Upvote 0 Downvote
I agree, if the "10.0.0.2" server does not exist, you must remove it from DNS (manually)...because:

> dungeon.local
Server: acheron.dungeon.local
Address: 10.0.0.13

Name: dungeon.local
Address: 10.0.0.2

Any client using the 10.0.0.13 DNS server will look to 10.0.0.2 for logon and domain communication. When you type your domain name into NSLOOKUP, all DC IP addresses should be listed. Seeing how only one IP is listed, all communication to the DC will be directed to 10.0.0.2

"For the domain name, I was origionally able to use just "Dungeon" (a bad inside joke) without problem, but lately it seems to be recognizing that less, and "Dungeon.local" more. Any ideas why? I haven't made any changes to the server in quite a while. Honestly, I'd prefer to use just "Dungeon", because this domain will never be accessed externally."

Because Active Directory is based on DNS, you are required to provide a fully qualified domain name when you install AD (DCPROMO). You picked dungeon.local. Dungeon.local is the fully qualified domain name (for DNS); however, the netbios name of this domain is DUNGEON. (So, if you look in your WINS database (if you have one), you will see DUNGEON listed.) The netbios name is required for backwards compatibility with older OS's.

-later



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Hi;
Thanks for the additional replies.

The 10.0.0.2 server does still exist. I haven't nuked it yet. It does have bad DNS settings though, which is part of the problem.

I tried to decomission it... but it could see that another server existed. At least, it could see that it existed, but it couldn't transfer files or let the other one access it in any way... it's severely buggered.

I've ended up at a point where I've nuked the BDC and reinstalled, and I'm going to make a new domain from scratch. It's probably good to do housecleaning anyways, though it is admitting defeat in some small manner. :) I have some config left to do on it, and then I'll just power off the old one, transfer a few profiles on client PCs, and be happy with the new one.

When I dcpromo'd the original server, I did choose just "Dungeon" as the domain name, ignoring the warning about requiring a ".something" in there, and it has worked fine... however, I may well have changed the DNS at some point like a schmuck. But, with the nuking and new-domain-ing, it's moot. Now I just have to find that MS doc on proper creation of SRV records, and I'm all set.

Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
988
suncit
suncit
B
  • Locked
  • Question
Robocopy Timestamp
Replies
0
Views
236
blackvan253
B
B
  • Locked
  • Question
Robocopy Timestamp
Replies
2
Views
345
blackvan253
B
DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
635
DTGMI
DTGMI
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
919
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top