Announcement

Collapse
No announcement yet.

Broken DNS on Windows 2008 R2 DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Broken DNS on Windows 2008 R2 DC

    I have a part-time job as Director of IT of a small college. On Sunday afternoon the student network server spontaneously developed a problem that essentially hung it: It began writing large numbers of warnings to the System event log to the effect that the MAC address of one of its two network cards couldn't be set dynamically to a particular value because that value was "pinned" to something else. (I don't remember the exact text of the warning, and I can't look it up because I'm not there now and the server is still offline so I can't access it remotely.) I finally managed to get the server into Safe Mode, ran Event Viewer, quickly found the warnings and googled the event. I learned that the warning was associated with a Hyper-V malfunction. That made no sense to me, as we don't use Hyper-V or any other sort of virtualization on that server. (The role was installed - probably one of the many checkboxes in the wizard when I set the server up as a DC - but not set up.) What's more, the fixes I found for the problem weren't applicable because the server doesn't use Hyper-V. Not knowing what else to do, I go the server back into Safe Mode, opened Device Manager and removed the network adapters from there, then I scanned for hardware changes to make the server re-detect them. I then had to reset the static IP address for the network adapter that's actually plugged into the network. (The second network adapter is waiting for me to find some time to install the Lenovo server monitoring and diagnostic system, at which point it will be used for that.) While I was at it, I uninstalled the Hyper-V role, since we don't use it anyway, in hopes that doing so would prevent a recurrence of the problem. That stopped the wacky, "pinned MAC address" warnings, and I was then able to get the server to respond properly at the console.

    But I still have a major problem: Now the server's network connectivity yo-yo's constantly, Active Directory network functions aren't working and the server isn't responding to network clients. From the stream of DNS errors now appearing in the System event log, I surmise that my fix for the "pinned MAC address" problem broke DNS. I am completely at a loss as to how to fix this. I'm not a DNS expert by any stretch of the imagination, and my knowledge of setting it up on a Windows server is pretty basic.

    The DNS errors in the event log indicate that DNS queries aren't being answered in a timely manner and are timing out, which doesn't offer me much information other than to tell me that DNS isn't working properly.

    Turning back to Google, I learned about tools like DCDiag and a few netsh commands that could be used to fix problems that DCDiag has found for some people out there. Nothing looked particularly relevant to the problems I'm experiencing, though.

    My next thought was that since this is a solitary domain controller on its own domain, and since nothing but the student network depends on it, maybe there's a way to reset DNS to a blank slate and set it up all over again? But I can find no online resource that tells me how to do that. Most administrators' DNS servers are very important to their organizations, so there's lots of info that tells how to tweak them, optimize them and surgically fix them, but nothing that says how to completely reinitialize them.

    I thought maybe I could try removing the DNS role from the server and putting it back in hopes that the DNS setup wizard would recreate the DNS server from scratch. However, the one post I found from someone who tried that said that all he accomplished was to make things worse.

    Can anyone out there tell me how to fix this, or at least point me in the direction of how to diagnose the exact problem and fix it?

    TIA!

    Mark Lebowitz, Owner
    Lebowitz IT Services LLC
    Chicago, IL

  • #2
    Re: Broken DNS on Windows 2008 R2 DC

    Removing DNS and then reinstalling it on a DC should work. I have done this a few times with an old 2003 server that was also a DC. You make sure the DNS role is AD integrated, it reads the network and should be OK. You may need to use a command such as ipconfig /registerdns from clients to force each client's DNS info to be registered and stored on the DNS server.

    But, luckily, I have not had to do this on a 2008 server. However, as active directory is broken if DNS is not working, what have you got to lose?

    Have you also tried removing the Hyper-V role (and anything else you don't use)?

    Just make sure you have a backup of everything on the server before you start.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: Broken DNS on Windows 2008 R2 DC

      Thanks. The soonest I can get back on site will be early next week, but I will give your suggestion a try and post back with the result.

      Mark Lebowitz, Owner
      Lebowitz IT Services LLC
      Chicago, IL

      Comment


      • #4
        Re: Broken DNS on Windows 2008 R2 DC

        I finally succeeded in fixing the problem, and my student network is back up. I did not need to rebuild the server. In fact, the problem turned out to be outside of the server.

        It turned out that my student network had a bad case of student tampering. A student had unplugged one end of a network cable from one of the computers in the lab and plugged that end into another network jack in the wall. This created a loopback that brought down the whole network. As soon as I found the offending cable and unplugged it, DNS - as well as everything else on the network - worked properly again.

        I don't know if the original problem with the "pinned" MAC address was caused by the network cable loopback or if students in the lab started playing around with the cables after the server developed the problem and went offline. I probably never will know. But I am in the process of recommending some dire disciplinary actions to be taken against students who move wires around in the lab.

        - Mark

        Comment


        • #5
          Re: Broken DNS on Windows 2008 R2 DC

          Switchports where individual devices (PCs, printers, etc.) connect to are considered 'access ports.' As such, they never expect to connect to another switch. In Cisco devices, the default port action is to dynamically configure themselves as 'access' or 'trunk' ports, based on what is connected at the moment. You can hard-code this on a by-port setting to prevent a recurrence of just this sort of thing.

          Two commands should do it:
          'switchport mode access' and 'spanning-tree bpduguard enable'. The first prevents the port from changing it's mode of operation, and the second causes it to shut down if it receives spanning-tree traffic from another switch (even itself). You can issue these commands to ranges of ports at one time to save on typing, as well.

          Hopefully the switches you're using, if not Cisco, have equivalent settings available. In addition to the disciplinary issues with students, lock the configs down.
          *RicklesP*
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **

          Comment

          Working...
          X