No announcement yet.

Strange DNS Issue after Update Tuesday

  • Filter
  • Time
  • Show
Clear All
new posts

  • Strange DNS Issue after Update Tuesday

    Friday morning I applied the latest patches to my domain controller (S2K3 R2).

    The clients are not getting a software update from a GPO because they aren't getting the server's records from DNS.

    Authentication IS occurring as normal via Kerberos (which requires DNS), and network shares are accessible.

    If ping the FQDN of the DC from the client immediately after logon it resolves, after flushing the dns cache on the client it no longer resolves the FQDN.

    Ping to the server's IP gets a response.

    After an undetermined time period the client will resolve the FQDN even after flushing the cache.

    I rebooted the server to no effect.

    My XP workstation eventually installed from the GPO although it is the only one so far.

    What is going on!!!

    The SOA NS and glue records of the DC look OK in the DNS server console.

  • #2
    Re: Strange DNS Issue after Update Tuesday

    All of the SRV records are pointing to the correct domain controller (there is only one!).

    gpresult after logon reveals that the client computer is only part of the following security groups "NULL SID" & "NT AUTHORITY\NETWORK". As it is not getting membership of "NT AUTHORITY\authenticated users", etc., it is denied read permissions on the GPO's.

    If I run gpresult on a client that has been connected for some time after refreshing group policy, the computer security group membership is OK.

    I tried putting a record for the DC in the HOSTS file but that doesn't help.


    • #3
      Re: Strange DNS Issue after Update Tuesday

      This is not connected to update Tuesday. I didn't see any problems because all of the event logs which I check every day on the DC look normal, and all network resources are available from the users' point of view.

      I have run netdiag /fix, netdiag /test for DNS, Kerberos, & LDAP, and dcdiag /test:dns all with no errors detected. I have also manually checked all of the SRV records manually against those of a similar virtual test environment. I conclude that DNS is configured correctly.

      When clients log-on they are getting the user setting GPOs but not the Computer setting GPOs. After logon they don't get internet name resolution from my DNS but from secondary DNS servers configured on their machines. After a undetermined delay normality resumes and they are able to resolve from the DNS on the DC again.

      Yesterday I enrolled a new machine on the domain, I didn't have a problem with the enrollment, GPOs for the machine didn't process until eventually after several hours the computer setting GPOs did get processed at logon.

      The network infrastructure is OK fileshres on the same server are available at all times.

      Any ideas???


      • #4
        Re: Strange DNS Issue after Update Tuesday

        Have you tried uninstalling the patch after which this prob has been seen ?

        You can also check if there is any exemption made in the GPO users' group has been denied of reading certain GPOs then this may happen.

        Can you provide some screen shot of the user group permission (null_sid) etc...just to know the prob better...