Im writing here as I have few problems with my dns configuration.
Let me give u some details first.
I do have two networks in my school. Admin network is fine and do not have any problems with the dns.
On my curriculum network I have 3 dc`s:
dmhsc (primary, pdc, master, 2008)
dmhsc-dc (ad, 2008 R2)
printserver (ad, printserver 2008 R2)
On this network I have very slow logon times, especially on applying computer settings when it takes good 3-5 mins sometimes longer. Also very strange when I run gpupdate /force on client machines and than gpresult I see that computer settings were picked up from different server than user settings, ex computer settings from dmhsc-dc and user settings from printserver. This happens most of the times 90%.
I have started to do some troubleshooting of my dc`s.
When I run netshare all servers have correct permissions to sysvol, replication works fine as well.
I did run dcdiag on all servers:
dmhsc - passes everything
dmhsc-dc - passes everything
printserver - failed on
Running enterprise tests on : draytonmanor.ealing.sch.uk
Starting test: LocatorCheck
Error: The server returned by DsGetDcName() did not match
DsListRoles() for the PDC.
dmhsc - passed everything
netdom query /domain:mydomain fsmo
dmhsc - passed everything, pointed everything to dmhsc
dmhsc-dc - passed everything, pointed everything to dmhsc
printserver - passed everything, pointed everything to dmhsc
I did look at my dns on dmhsc and I don`t think it looks right. Insted of having only dmhsc under first site domain I have all of my dc`s. I have attached screenshots and would be very greatful if you could have a look.
On my dmhsc I also get loads of security-kerberos event id 4 errors in event log.
I also got quiet lots of dns-server-service event id 4013 errors in event log under dns.
I did try to follow the guide hxxp://sgwindowsgroup.org/blogs/panda/archive/2010/03/19/client-going-to-different-domain-controller-randomly-for-authentications-cause-and-solution.aspx and deleted other servers but they came back at the same place after a while.
Your DNS entries are correct, all the DC's in the site should show up in the site name as this is where is queried to find DC's to process logon's. Have you got all the subnets and stuff configured properly in AD Sites & Services, this could result in the error on printserver with DC diag.
Also which DNS servers are each of the DC's pointing at?
Is one of your servers particularly slower than the others normally, we had a slow startup problem at one stage and found it was one DC causing the problem. We now run only 2 DC's for 1000 PC's on the site instead of 3.
The other things that can affect the time taken for the computers to pass Applying computer settings are the group policies check this thread of advice GPO Bloat
Hi! Thank for the replay. I did have a look at ad sites & services and looks fine as each server points to another ones. I don`t have anything under subnets in ad sites & services.
Regarding DNS only dmhsc is dns server as I have only one. All other servers have it`s ip under tcp/ip settings so they know it`s a dns server. I`m gonna have a look at the link you provided- thanks.
I would strongly recommend that you put the network subnets into AD sites and services, even if you only have one subnet on 1 site, it's still "The Right Thing to do"
From a relliability and resillience point of view it would be best if you had 2 DNS servers, DNS should automatically be installed with the DC role on the 2008 servers so it's probably already there, have a check. May also reduce the load on a single server if there were 2.
Last edited by SkreeM1980; 11th May 2011 at 01:02 PM.
Reason: Added more comments about DNS