Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Switching on DFS causes entire network to hang 2

Status
Not open for further replies.
Tightpants

Tightpants

Technical User
Jan 22, 2004
238
GB
Why would switching on the DFS service on our Windows 2003 servers cause the entire network to "hang" at random intervals? Our new servers were installed about a year ago and from the start we suffered with all the workstations locking up from time to time. After trying all sorts of things the cure seemed to be disabling the DFS service.

Any ideas?
 
Sort by date Sort by votes
ADB100-
You are correct...this was simply a tshooting task...which appears is going to be unecessary :)

tightpants-
this statement is correct
- The PDC (192.168.1.1) points to itself because it is a DNS server. In the forwarders tab it has the ISP's DNS servers listed.

this statement is incorrect:
- The replica DC (192.168.1.2) on the same site points to itself as a DNS server (because it is configured as one) and has the PDC (192.168.1.1) configured as a secondary DNS server in the LAN properties. There is nothing listed in the forwarders tab.
****replica DCs in teh same site as the PDC should point to the PDC for preferred and themselves as alternates. You should also add the same forwarders to all DCs in that site (and other sites too if same ISP is used at both sites)..all DNS servers must have forwarders, or else if DNS gliches on teh one server with forwarders, then no1 can get to the internet

This statment is correct:
- The DC at the remote site (192.168.2.1) is also configured as a DNS server. It points to itself as the primary DNS and the PDC in the other site (192.168.1.1)as the secondary DNS server. I have added the ISP's DNS servers in the forwarders tab but I am not sure that this is correct. If I take out the forwarders then all DNS queries will have to go via our VPN link between the sites which will increase network traffic.


In addition, the following ports are required to be open LAN to LAN:

Required ports:
1024-5000 TCP/UDP – RPC (dynamic response ports) / required for RPC to respond to communications
135 TCP – RPC (endpoint mapper) / required to open the endpoint mapper to the destination for RPC communications
389 TCP/UDP – LDAP / required to bind to a DC
3268 TCP – LDAP GC / required to bind to the GC function of a domain controller (extremely important for Exchange)
53 TCP/UDP – DNS / required for name resolution and Active Directory functionality as a whole
88 TCP/UDP – Kerberos / self explanatory
445 TCP – SMB / self explanatory
123 UDP – SNTP / required for time synchronization with a time source
ICMP / required for group policy detection, application, and MTU size detection, as well as other low level activities


Optional ports:
636 TCP – LDAP SSL / required to bind to a DC using LDAP over SSL
3269 TCP – LDAP GC SSL / required to bind to a GC using LDAP over SSL
137 UDP – NetBIOS name / self explanatory
138 UDP – NetBIOS Netlogon and Browsing / self explanatory
139 TCP – NetBIOS session / self explanatory
42 TCP – WINS replication / self explanatory
1723 TCP – PPTP / required if using PPTP VPN tunnel
IP PROTOCOL 47 (GRE) – VPN related/required for PPTP VPN tunnel as well

For more information, please see:

For Exchange considerations:


For SQL considerations:

For SMS considerations:



-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
I installed SP1 on the two servers in the same office. After the reboot the servers were unable to talk to each other. This lead to lots of network problems for the users. Fortunately your helpful posts in the Windows 2003 SP1 News thread pointed me in the right direction - the Windows firewall.

The firewall was enabled on the main server which prevented it acting as the primary DNS server. I disabled the firewall on both servers and this sorted it out. It was a worrying time because I was getting RPC errors and the warning dialogue said that my DNS may not be configured correctly. After all I have been though, I was confident that there was nothing wrong with my DNS configuration!

As it was a bad day I thought I would go for broke and re-enable DFS. For the rest of the day I had no network "hangs" at all. It will be interesting to see what next week brings but so far, so good. I am hoping that the complete review of DNS coupled with the installation of SP1 might cure this problem once and for all.

Thanks ADGod for your help and advice.
 
Upvote 0 Downvote
no problem buddy....we're getting DFS "there" :)

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
Just to let you know that we have had three whole days with no problems whatsoever with DFS enabled.
 
Upvote 0 Downvote
glad to hear it :)

please paste a summary of your symtpoms and the solution and I will get notice out of the issue up here if it is unknown.

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
No problems all week!

Summary as follows:

Symptoms

Workstations "hang" (become unresponsive) at random intervals, affecting entire network. When I say "hang" I meant stop responding. You can be working away in AutoCAD or MS Office and suddenly the mouse will stop moving. You cannot do anything for maybe 30 seconds up to a few minutes. The frequency and pattern of the hangs is completely random.

The network contains Windows 2003 servers with Windows XP Professional workstations.

Solution

Immediate resolution can be achieved by disabling then re-enabling the NIC on the server. Long term resolution appeared to be achieved by disabling the DFS service.

Check DNS settings carefully.
- The Primary DC (192.168.1.1) should point to itself as the only DNS server in the LAN properties. In the forwarders tab in DNS it must have ISP's DNS servers listed.
- The Replica DC (192.168.1.2) on the same site must point to the Primary DC as the primary DNS server and itself as a secondary DNS server in the LAN properties. In the forwarders tab in DNS it must also have ISP's DNS servers listed.
- The DC at a remote site (192.168.2.1) should also be configured as a DNS server. It should point to itself as the primary DNS server and the PDC in the other site (192.168.1.1) as the secondary DNS server. In the forwarders tab in DNS it must also have ISP's DNS servers listed.

Check DHCP is set up correctly and is authorised. DHCP should provide workstations with their primary and secondary DNS servers - 192.168.1.1 and 192.168.1.2 respectively on the main site, and 192.168.2.1 and 192.168.1.1 at the remote site. Workstations must not be configured with ISP's DNS servers.

Check replication is working correctly between all servers using AD Sites and Services.

Install Windows Server 2003 SP1 but watch out for the firewall!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
579
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
615
mangentle
mangentle
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
672
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
393
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top