dcdiag DNS test - Missing AAAA records

-

we're seeing warnings in dcdiag's dns test aaaa records.  when running test on of our 2008 r2 sp1 domain controllers warnings like:

  <pre>  test: records registration (rreg)                    network adapter [00000019] basp virtual adapter:                       warning:                        missing aaaa record @ dns server x.y.99.160:                        dc1.company.com                                              warning:                        missing aaaa record @ dns server x.y.97.54:                        dc1.company.com                                              warning:                        missing aaaa record @ dns server x.y.97.55:                        dc1.company.com  </pre>

network traces show dns queries being asked , answered, including aaaa answers.

running dcdiag /test:dns /v shows dcdiag has picked local-link ipv6 address. 

  <pre>   adapter [00000025] basp virtual adapter:                         mac address f0:4d:a2:09:e0:a9                       ip address static                        ip address: x.y.144.150, fe80::7d39:ba63:bc8b:d012  </pre>

servers public addresses have 6t04 adapter, , register 6to4 address dynamically in dns.  6to4 address seen in network trace answer returned dns queries.

our best guess test fails because dcdiag expecting see local-link ipv6 address in answer.  , because it's 6to4 address registered in dns, causes warning. 

this looks might bug?

hi,

post "ipconfig /all" of problem dc. make sure ipv6 configured dynamic (automatically).

(obtain dns server addresses automatically

 and:

please, do not use 127.0.0.1 dns client setting , do not disable  ipv6 (read article).

should disable ipv6? no... (ace fekay - mvp)

now next---

ip configuration best practice on dc , clients/member servers:
-->>multihoming domain controllers not recommended, results in multiple problems.
------------------------------------
1. domain controllers should not multi-homed
2. being vpn server , running rras makes multi-homed.
3. dns itself, better on single homed machine.
4. domain controllers pdc role automatically domain master browser. master browsers should not multi-homed

272294 - active directory communication fails on multihomed domain controllers http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

191611 - symptoms of multihomed browsers
http://support.microsoft.com/default.aspx?scid=kb;en-us;191611

-->> ip configuration on domain controller:
------------------------------------------
1. each dc / dns server points private ip address primary dns server , other internal/remote dns servers secondary dns in tcp/ip property.
2. each dc has 1 ip address , 1 network adapter enabled (disable unused nics).
3. if multiple nics (enabled , disabled) present on server, make sure active nic should on top in nic binding.
4. contact isp , valid dns ips them , add in forwarders, not set public dns server in tcp/ip setting of dc.

-->> ip configuration on clients , member servers:
-----------------------------------
1. each workstation/member server should point local dns server primary dns , other remote dns servers secondary.
2. not set public dns server in tcp/ip setting of ws.

once done above, run "ipconfig /flushdns & ipconfig /registerdns", restart dns server , netlogon service on each dc.

abhijit waikar - mcsa 2003|mcsa 2003:messaging|mcts|mcitp:sa


Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more