Troubleshooting DNS/Email problem

Discussion in 'Business & Enterprise Computing' started by GreyWolfe01, Jun 12, 2012.

  1. GreyWolfe01

    GreyWolfe01 Member

    Joined:
    Aug 1, 2001
    Messages:
    2,320
    Location:
    Sydney, Australia
    Hi all,
    I have a fairly major issue going right now and I was wondering if you had opinions on where the problem lies.

    We have a child domain here, with it's own DC and exchange server. Parent domain and master exchange servers are in the UK. Currently, all email outbound is queuing due to being unable to contact the master servers (which are located in the UK - all email goes in and out via them).

    Checking the exchange server, it's reporting 'destination server does not exist' for the master server. Tools/Monitoring and Status/Status shows both mine and the master server as unreachable. Here is where it gets funky.

    My DC runs a DNS server. It resolves all domain traffic over an MPLS link and all other traffic over our ADSL. However, it looks like there is something iffy with the DNS resolution.

    All normal DNS is working, ie web browsing. Exchange server is online locally and we can get each others emails, just nothing in or out from the outside world.

    DCDIAG reports:

    Starting test: Connectivity
    The host <guid>._msdcs.parentdomain.com could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc
    Although the Guid DNS name (<guid>._msdcs.parentdomain.com) couldn't be resolved, the server name (dc.localdomain.parentdomain.com) resolved to the IP address (192.168.191.6) and was pingable. Check that the IP address is registered correctly with the DNS server.

    and...
    TEST: Basic (Basc)
    Error: No LDAP connectivity
    Warning: adapter [00000007] HP NC373i Multifunction Gigabit Server Adapter has invalid DNS server: 192.168.191.6 (<name unavailable>)
    Warning: adapter [00000007] HP NC373i Multifunction Gigabit Server Adapter has invalid DNS server: 192.168.191.254 (<name unavailable>)
    Error: all DNS servers are invalid
    Error: The A record for this DC was not found

    Netdiag also reports:

    Testing the WINS server
    Local Area Connection
    Sending name query to primary WINS server 192.168.191.6 - Passed
    There is no secondary WINS server defined for this adapter.
    Gathering Winsock information.
    Testing DNS
    [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.191.6, ERROR_TIMEOUT.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.191.254'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    I also have messages in the event log about failed domain replication (NTDS KCC, error 1925), DNS (error 113, dns server could not signal the service 'NAT').

    Now, does this point to an issue with the parent domain controllers, or my unit? I've gone through every possible fix I can find for these issues individually, but nothing seems to get the DNS up to a state that passes dcdiag.

    Any and all comments are welcome.
     
  2. MikHail

    MikHail Member

    Joined:
    Feb 8, 2003
    Messages:
    434
    Location:
    Sydney
    What version(s) of Exchange is running?

    Are you able to ping the Exchange Master Server? were you able to ping it using IP Address or DNS Name of the Master Server?

    Are you able to telnet on port 25 from your Exchange Server to the Master Server? were you able to telnet using IP Address or DNS Name of the Master Server??
     
  3. OP
    OP
    GreyWolfe01

    GreyWolfe01 Member

    Joined:
    Aug 1, 2001
    Messages:
    2,320
    Location:
    Sydney, Australia
    Win 2k3 Sp2 running Exchange 2003

    Can ping master via IP, via name is 'destination net unreachable'

    I can telnet to my exchange and it reports all services onboard. Cannot telnet to master server, but it may be blocked (I don't control it).
     
  4. MrvNDMrtN

    MrvNDMrtN Member

    Joined:
    Dec 24, 2001
    Messages:
    1,355
    Location:
    SW Syd
    So it was working before?

    What's changed?

    Look at your change control system?

    On the technical side just use IP addresses for now until you work out your DNS trust/zone issues.
     
  5. OP
    OP
    GreyWolfe01

    GreyWolfe01 Member

    Joined:
    Aug 1, 2001
    Messages:
    2,320
    Location:
    Sydney, Australia
    What changed? Friday afternoon is what changed :/ Just up and started issues. Which is why im suspicious of the master server.

    I'm not sure how IPs are going to help. I don't have access (nor the inclination) to muck around with AD replication settings, or the master exchange server settings :/ I just can't conclusively say if its us or them.
     
  6. DavidRa

    DavidRa Member

    Joined:
    Jun 8, 2002
    Messages:
    3,033
    Location:
    NSW Central Coast
    Restart the DNS service (I've seen DNS just stop responding to queries). Check forwarders / zone configuration - someone might have broken it. Check the server is registering with the right internal DNS servers - itself and one other (remote). Check the registration was successful. Check there's no outside DNS servers configured anywhere.

    I'll have a think in the morning ... or send me a PM and I can find a slot to give you a call.
     
  7. OP
    OP
    GreyWolfe01

    GreyWolfe01 Member

    Joined:
    Aug 1, 2001
    Messages:
    2,320
    Location:
    Sydney, Australia
    Well, turns out that the MPLS link from our office to the main DC in the UK was down. Sadly, I have no visibility to this link, so I am unsure how I could have tested for it.

    The worrying thing is that there is no failover if this link goes down. It was 'supposed' to have 24/7 monitoring on it, but allegedly had been down for two days. I think someone is going to get a rocket up their rear...

    I'm still a little confused about how the problem presented itself in DNS, but it definitely seems linked to the failed AD replication.

    Thanks for your help guys! Twas a long night last night waiting for Tata to get back to us with results. Cheers.
     
  8. Simwah

    Simwah Member

    Joined:
    Aug 6, 2005
    Messages:
    1,998
    Location:
    Brisbane
    Try and ping/access something you know in the UK DC.
     

Share This Page

Advertisement: