DNS ?

[formermarine]

We are running Windows 2003 Servers W/AD. We have been having DNS problems and I am trying to gather as much info as possible as to what might be causing these problems.

Error message:
The Knowledge Consistency Checker (KCC) has detected problems
with the following directory partition.

Directory partition:
DC=dmz129,DC=dmz,DC=cendantmobility,DC=net

There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory partition
are unable to replicate the directory partition information. This is
probably due to inaccessible domain controllers.


Above is just one of the error messages in the event viewer.

Here is another: Active Directory was unable to establish a connection with the global catalog.
Error value:
1792 An attempt was made to logon, but the network logon service
was not started.
Internal ID:3200caf

Ibelieve that the DNS servers are causing problems with AD but I need to find any white papers or any Microsoft Articles to explain this.

There are three major issues right now.
1) Outlook sometimes can not find the exchange server.
2) We have in the past few months have had PC's removed from the domain. We have to rejoin them.
3) We have users from time to time get locked out of their account. We then have to reset their password. This sometimes will happen up to a couple of times in one day for the same user.


Can anyone please help me out>?

Thank you,

Carlos Tejada

 

[airbourne]

We had a lot of problem with our DNS servers too when we first started. Mostly because I don't know DNS very well, but here is something you might look into that was giving us similar problems.

First, how many Domain Controllers do you have in your network?
Second, do you have any other machines that are not Domain Controllers running DNS?
Third, of each DNS server you have, when you look at the network connection properties, do they only point to themselves for DNS?


Example:

Host: DC1
IP: 10.100.100.1
SN: 255.255.255.0
DNS1: 10.100.100.1
DNS2:

Host: DC2
IP: 10.100.100.2
SN: 255.255.255.0
DNS1: 10.100.100.2
DNS2:

A Domain Controller is always a DNS server. These servers should never point to each other or any other DNS server, including servers on the internet. They should only point to themselves for DNS resolution. The you use replication to push the changes to one another.

 

[formermarine]

I understand and thank you for your response. I have several issues. One is that sometimes I get PC's dissappearing from AD. I have asked around and no removed them, this has happened at one of other sites as well. The account lockouts also.

 

[airbourne]

I think I am begining to see how daunting of a task that could be. You said you have multiple sites. Other than the incorrect DNS setup possibility, if the sites are remote or on a slow connection, perhaps there is a replication problem?

My network is less complicated since we got rid of our only 2 remotely connected sites (downsizing), I've never setup or looked for some sort of auto-pruning program or feature in active directory. Is there even such a thing? Maybe it is set too agressively, or if in the case of a replication problem, the sites think that the client is gone because it hasn't communicated in a long time.

 

[airbourne]

nvm, scratch that last question, there is scavenging in DNS for stale records.