Wednesday, April 29, 2009

Meta Data Clean UP Step By Step

Log into one of your Domain controllers and perform fallowing steps. Initially there process or overall understanding what is about to happen is explained in a simple way. You are logged into domain controller, by using NTDSUTIL you will go into .DIT database located on this domain controller and you will

  • modify the .dit database
  • remove all references in regards to failed DC
  • when you exit the changes will be replicated to all other DC’s assuming your replication is working and other domain controllers will get rid of from all references to failed DC.

From command line.

image

1. Ntdsutil

2. metadata cleanup

3. Connections

4. Connect to Server ServerName

5. Q

6. Select operation target

7. List domains

8. List sites

9. Select domain number

10. Select site number

11. List servers in site

12. Select server number

13. Q

14. Remove selected server

15. Q

Great now you have accomplish basic clean up in the active directory databaseCrying

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog

What is “Clean meta data” in active Directory

Metadata cleanup is one of the most serious task for network administrators as well as moving and seizing FSMO roles.

Before we talk briefly about metadata process I want to make sure you do understand the ADDS database ( .DIT) and its partitions. The ADDS database consist of below partitions

  • Domain
  • Configuration
  • Schema
  • Application

Now think about multi master replication model and what that mean is to you. When first domain controller introduced into forest/Domain , you now have domain controller which is authentication server waiting to provide ADDS directory services to its configured clients. Perfect when second DC is introduced into existing forest/domain ( DCpromo) now , .dit database from DC1 is copied into DC2 and DC2 become domain controller, authentication server as well.

image

So far so good, the replication amount these two domain controller keep both .dit database consistent and in sync stage and this is why when information is changed on DC1 reflects information on DC2 if the KCC on both domain controllers are happily replication delta changes.

What happen to FSMO roles, they got stuck on the first DC in this example and we will leave them there. Imagine you decided to have more redundancy and installed third DC into your forest/domain called DC3. Same story goes by .dit database is now reside on DC3 and thus DC3 become healthy domain controller.

What other services domain controllers provide, DNS, DHCP, WINS, File, Print service etc you name it and all these familiar to you.

Now imagine one day DC2 dies, due to hardware crash. Bad things happens and when they happen you release you never had any backup for the DC2, did I make you smile (-:

Okay how much we have to worry about losing DC2, if we are speaking of multi-master replication, can we purchase a new server and run DCPromo on it and replicate the .DIT database and its contend from DC1 or DC2?

Answer is of course this is why you would never have to worry about too much, because Active directory is redundant so does .dit database and its important contend.

Now you ordered new server name it DC2 just like the old one and you will run DCpromo to copy the .dit database from either one of the alive domain controller. You got couple problems doing this and you need to make some clean up if you are going to use same name for the new DC as DC2.

Let's see why?

The simple answer will be, remember we talked about .DIT database and its partitions. In those partitions there are may references to each DC. simply failed DC2 still exist in the ADDS database even when it's no longer physically connected to the network.

Just because it is no longer turned on does mean the database thinks it exist. Therefore replication from alive domain controllers to failed DC will be in trying state and will fail all the times. In a way thinking about pollution in the database.

why we need to clean this information? I just mentioned replication is having hard time, they try to locate the fail DC and obvious they cannot contact to it since it is not physically on the network. Many other dependency take will fail and you will end up having polluted .dit database.

So how we are going to get the garbage out the database is right thinking and metadata cleanup will be the way to do it for failed DC scenario.

once you clean up every information for the failed DC2 from .dit database, you will be able to bring new server with same name if you wish back to business with simple DCpromo

Now you know what "Clean meta data" mean is.smile_regular

Clean up server metadata

image

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Thursday, April 16, 2009

!!! Exchange 2010 is the Best version of ALL !!!!

I start blogging a lot about 2010 so much to talkclip_image001, all in once the best version of exchange in many aspects in my eyes. I am truly loving Exchange 2010 and can write one or more article per day , no jokeclip_image001, because Exchange 2010 has so much to talk about.

The changes in database tables, the new structure or DB, makes it more efficient ***Faster*** and goodbye SIS (- : ,goodbye SG (storage groups), another 70 percent reduction introduced in Exchange 2010,( maybe even more) on top of improvement have been introduced in exchange 2007, JBOD.

image

Finally off load the exchange off the SAN (huge savings to everyoneclip_image002) and first time in history fully redundant messaging experience with no third party or SAN solution right out the product itself.

The new power of Exchange start shining with DAG (data availability Group) will make your messaging environment fully redundant with two server, and fail over is handled by natively with the application. The user experience is blip most of the time.

Not to mention more is given with exchange, your compliant regulatory requirements, email archiving solution is also comes with the product. This is incredible value, better faster, and the most comprehensive version of messaging application with ***less*** complexity.

Well as I said so much to talk about 2010, I truly believe not upgrading to exchange 2010 will cause lost in revenue to the business and that is why exchange 2010 will be the best version and most powerful version ever in the MS messaging history.

I recommend download the public version and see the power with your own eyes, you will be amazed with all new futures and the power.

Download 2010 here

image

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

OWA Exchange 2010 and new futures quick look.

If you have not seen the new OWA in Exchange 2010 you are missing the beauty, the new OWA interface at first look seems to be very clear and easy to navigate. The navigating right Pane looks incredible useful  and user friendly beside its neat look. There are may improvements in the options. One of the most coolest one being able to see what happened the email by using “Delivery Reports” The idea behind this is to give users some sort of tool so that they can understand what happened to their mails. The report will show Message sent and transferred time.

image

I remember talking about this future with the Exchange team. Yes the future is real nice and hoping will reduce the help desk calls or least give sender some information what happened to their email. I would love to see message headers in this report maybe another click so users wont get confused Sad

The idea is to give support person full message header in a nice format so the support person can say, here is the SMTP hand shake the IP address we hand this over to destination e-mail server at this time and here is the response showing destination server has accepted the mail.

image

I think it would be great to see this on the first service pack for Exchange 2010 and nail all the administrators heart one and all (-:

Also I really like the section account information , those of you will remember GAL mode ( yes I am real old) OWA look real nice and giving users to modify their own contact information and the layout is pretty slick

image

I have not tested the mobile futures but you can sent text messaging to cell phone right from OWAsmile_secret

Also being able to create groups and add people is really cool , you can also request to join to a group. The futures here are very smart and enhance the user interaction and lessen the helpdesk work for sure. The exchange team seems to have done “INCREDABLE” work , thanks guys for providing the ***BEST*** version of exchange for most every aspect

image

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

 

 

530 5.7.1 Client was not authenticated Exchange 2010

Problem:

After new installation you are able to sent mail out but not able to receive emails.The sending host is receiving fallowing command on SMTP handshake from your mail server “530 5.7.1 Client was not authenticated”

Solution:

I had one of my previous post same issue with Exchange 2007, please do remember, the product exchange is being delivered to you totally secure, and even anonymous access has not been turned off, you as an Exchange administrator must turn it on .

To understand and see the your mail server response , you will need to open telnet session to your mail server and use standard SMTP commands to see the mail server response and what is going on so you can remedy the problems.

  • lets start installing
  • Telnet client first

Open DOS or PowerShell and type below

servermanagercmd -install telnet-client

image

Now on the same screen type

helo ( hit enter)
220 mail2.smtp25.org Microsoft ESMTP MAIL Service
250 mail2.smtp25.org Hello [10.10.10.10]
mail from:Telnet25@Gmail.com ( Use yours) hit enter
530 5.7.1 Client was not authenticated

As you see the server response is “530 5.7.1 Client was not authenticated

image

Now lets take care of that, open EMC , go under your Server configuration, hub transport server default receive connector, properties, click on last tab “permission Groups” place check mark into “Anonymous users” click apply and ok.

image

Now go back to DOS window we opened earlier,

telnet to your mail server on port 25 one more time,

this time you will get

Telnet mail3 25
220 mail3.smtp25.org
Helo
250 mail3.smtp25.org Hello
mail from:telnet25@Gmail.com
250 2.1.0 Sender OK

image
Now your mail server is ready to accept mails from outsidesmile_wink

Previous article

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com/ (Blog)

https://telnet25.spaces.live.com/ (Blog)

https://telnet25.worldpress.com/ (Blog)

WS Management could not connect to the specified destination Exchange 2010

Problem:

Accessing Exchange 2010 OWA received fallowing error.”Connecting to remote server failed with the fallowing error message: WS Management could not connect to the specified destination (mail3.smtp25.org:443)

image

Solution:

Check to make sure WWP (Worldwide publishing service is started) you can open DOS or Power Shell

Type “Services.msc” to open GUI services management console to see the state of the service.

If you are doing this from Power Shell

Restart-Service W3SVC

You can also use

Net stop W3SVC

Net Start W3SVC

image

Reference PowerShell Usage

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com/ (Blog)

https://telnet25.spaces.live.com/ (Blog)

https://telnet25.worldpress.com/ (Blog)

Wednesday, April 15, 2009

Exchange 2010 and Active Directory Data




Where does exchange keeps its information in active directory? This is one of the frequent question I am asked and I decide to give little information

Exchange keeps , stores its own information with in the .DIT database.

.DIT database and its partitions

image image

Domain Partition ( resident directory object)

  • Stores information default containers
  • Organizational units
  • The containers hold domain specific data
  • Users,Computers etc
  • Exchange updated the objects in this partition to support the exchange functionality
  • Recipient information

Configuration partition

  • Forest-wide information
  • This partition includes information,AD Sites ( Exchange uses to route the mail) Site base routing topology
  • Exchange Global settings
  • Transport settings
  • mailbox policies
  • UM dial plans
  • Address lists
  • Address and display templates
  • Administrative groups
  • Client access settings
  • Connections
  • Messaging records management, UM policies
  • Global settings
  • E-mail address policies

Schema Partition

  • Stores classes and attributes
  • Exchange prep work and installation changes the schema
  • Schema classes define all the types of objects which can be created and stored in AD
  • Exchange installation adds many classes and attributes to AD schema, these classes be used for exchange specific object agents connectors etc.

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com/ (Blog)

https://telnet25.spaces.live.com/ (Blog)

https://telnet25.worldpress.com/ (Blog)

Exchange 2010 Prerequisites

Below are the prep work need to be done before installation of exchange 2010.

image

CAS server

  • install .NET 3.25
  • install Windows remote management
  • PowerShell V2
  • KB951725

ServerManagerCmd -i RSAT-ADDS

ServerManagerCmd -i Web-Server

ServerManagerCmd -i Web-ISAPI-Ext

ServerManagerCmd -i Web-Metabase

ServerManagerCmd -i Web-Lgcy-Mgmt-Console

ServerManagerCmd -i Web-Basic-Auth

ServerManagerCmd -i Web-Windows-Auth

ServerManagerCmd -i Web-Dyn-Compression

ServerManagerCmd -i NET-HTTP-Activation

ServerManagerCmd -I RPC-over-HTTP-proxy

ServerManagerCmd -i Web-Digest-Auth

Mailbox server

ServerManagerCmd -i Web-Server

ServerManagerCmd -i Web-Metabase

ServerManagerCmd -i Web-Lgcy-Mgmt-Console

ServerManagerCmd -i Web-Basic-Auth

ServerManagerCmd -i Web-Windows-Auth

  • IF the mailbox server be clustered
ServerManagerCmd -i Failover-Clustering

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Exchange 2010 Improvements good by Storage Groups (-:, we wont miss you at all !!!!

well I am not sure how may posts I will need to do to talk about exchange 2010 and changes in regards (-:, it is so exciting to see the best version of exchange **Ever** in my opinion

  • Storage groups have been removed in exchange 2010
  • Mailbox databases no longer connected to the server object they become *Peers*
  • Database management has also been moved form Server configuration node in exchange console EMC
  • Storage groups functionality has been moved to the database, meaning database will have the logs
  • You can smell where this is going (-:, first time every if you install two exchange 2010 server you are 50 percent redundant, yes finally (-:
  • ESE has several improvements for HA ( high availability) performance and database mobility
  • No more RAID 0 + 1 or RAID 5
  • Exchange 2010 does not require expensive SAN to be redundant smile_regular, finally this version is getting exchange **OFF** the SAN JBOD ( Just bunch of disks). This is one of the most significant improvement in my opinion, just imagine how much you will save by running the fastest, fully redundant version of exchange without needing SAN

image 

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Full redundancy with two Exchange 2010 for your organization

image

Remember exchange 2007 had brought 70 percent I/O reduction , now you need to listed this, exchange 2010 has brought another 70 percent or even some more I/O reduction on table which to me the historical change for the product line.

I wanted to congratulate the people behind this hand up great job and ***incredible*** value to the product.

so how the messaging will be redundant with two servers? the key point or the value to see is “automatic, database-level failover capabilities” build into exchange 2010.

new engineering around exchange 2010 brought on a table continuous availability, remember fail over cluster , they in a way build into the product and it is seamless to the administrator.

The new architecture the fail over designed around the mailbox database level instead of Server level.This is known as **Database mobility** think about your mailbox is residing in the database and this database is located in a way amount two servers, if one server goes down, outlook clients will only see a blip and they get redirected to the available exchange server and therefore no mail interruption to the end user.

In a way remember AD and the story multi master replication model and how .DIT database is redundant and therefore if you loose one DC what you can do, get another server up and running run DC promo, hurray, you got .DIT database, your DNS information without suffering.

Think exchange 2010 in a same way. For those of you looking for business justification as I listed in the previous article

  • Cost
  • Cost
  • Cost

In a way if you don't upgrade beside so many build in futures you will be loosing $$$$ smile_regular

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Exchange 2010 and Business Reason to upgrade

It has been long time waiting being able to talk about Exchange 2010. I am going to list tree business reason why everyone will go for upgrading to Exchange 2010smile_regular, the business justification always been to driving factor behind the upgrades in my opinion and if you wont upgrade to exchange 2010 you will lose $$$$ (-:

Business Reasons

  1. COST
  2. COST
  3. COST

Yes, if you keep reading other posts coming soon you will understand how much you will save and how much benefits and improvements exchange 2010 is going to bring on the air (-:

I am so excited to talk about the **BEST** version of exchange ever, when you learn about the futures and the changes in exchange 2010, you will be very happy and upgrade your exchange to 2010 without loosing time (-:, just because it makes so much sense for upgrade!!!!!!

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Tuesday, April 14, 2009

Download Exchange 2010 Beta

I am lucky , I just saw the link couple minutes ago, and here is the official download link for Exchange 2010, get your hands dirty

Exchange14 image

Download Exchange 2010 Beta
Also here is little something, Exchange background for you

image 

Click on the picture smile_teeth

 

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Download Exchange 2010 Beta

I am lucky just saw the link couple minutes ago, and here is the official download link for Exchange 2010, get your hands dirty

Exchange14

Download Exchange 2010 Beta

Click on the picture smile_teeth, also here is Exchange 14 background if you like to download it click here on logo.

image

 

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Exchange 14 & very first information (-:

Okay this is  going to be very the shortest post I believe with no comments and adding into it (-:, I wanted to capture this on my blog to me it seems like first piece of information came out for Exchange 14, click here  and enjoy reading   smile_shades

There is a history in this Open-mouthed

Microsoft Brands Office 2010, Releases Exchange Betathumbs_up

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

Exchange 14 video

Those of you who have been asking about exchange 14, here is some informationTongue out and the video on the msexchangeteam website.

image

There is also a survey for e-mail support staff requirements and Cost which can be found on below link survey

Also here is another link for more videos including intro to outlook live, Exchange web services. You might be telling yourself isn't it too soon exchange 2007 just come out and yet there is another version is on the way (-:

Most of exchange 14 related information still remains under NDA and therefore we are not allowed to talk, but above videos at least can provide some understanding what is future going to be.smile_regular

I hope you enjoy the videos

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com/ (Blog)

http://telnet25.spaces.live.com/ (Blog)

http://telnet25.wordpress.com/ (Blog)

Monday, April 6, 2009

IT PRO TechNet Coming to HERNDON May 19

Guys , IT Pro Tiki Spring 2009 Road show is coming to Herndon.

James Chong will be one of the representer, along with many MS folks, Blain Barton also will be there, great information and put you in radar what is coming up in near future.

I have already sent invitation to all my students and friends , please forward this to anyone who might be interested in coming. I am the team lead for this event, and I believe I will have free T-Shirts and copy of Windows 7 give it away for those who will show up smile_wink

So if you like to network with us this is great opportunity come and join to our network, click here to register, sits are limitedsmile_sad

image

Event ID: 1032406332

Tuesday, May 19, 2009

6:00 PM–9:00 PM

Microsoft Office – Reston

12012 Sunset Hills Road

Reston, VA. 20190

Washington DC Area

See you all down there

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

http://telnet25.spaces.live.com/ (Blog)

Sunday, April 5, 2009

Migration Notes from Windows 2003 AD to Windows 2008

We have finished migration from AD 2003 to AD 2008 last week in our class. Here are the class notes for the migration.

image

We first introduce first windows 2008 DC into existing Forest/Domain Windows 2003. We had to perform Forest prep and domain prep, before bringing first 08 DC. The schema updates done on the existing Win03 DC which was the FSMO roles owner, and we used Windows 2008 CD to do the schema updates/ Forest prep was first one and we did domain prep.

  • adprep /forestprep

http://technet.microsoft.com/en-us/library/cc733027.aspx

Our forest/Domain contained over 20.000 objects, users groups and etc. After successful Schema updates we are able to run DCPromo on the new windows 2008 server.

Couple things to remember

Add the server into domain before DCPromo, this way server will register A record, PTR if reverse lookup zone exist.

Reboot the server log into Domain with sufficient privileges and make sure server has static IP and no other NIC interface, if there is any disable it. Make sure server is configured with correct preferred DNS servers ( don’t point it to itself yet) because the server is not a DNS server yet, thus choose existing DNS server for successful DCPromo.

http://smtp25.blogspot.com/2009/04/dns-basic-configuration-and-common_847.html

  • Run DCPromo, use integrated DNS and make the server GC as well. Remember distributing ADDS database logs and sysVol and use best practices all the times.
  • When DCPromo runs successfully reboot the server
  • Make sure DC/DNS functioning correctly
  • Verify SysVol is accessible and there Verify DNS is loaded Verify replication connections are working and replication is happening, give some time for KCC do its work
  • When replication is working point the preferred DNS to its own IP and select neighbor DC/DNS as alternate
  • At this point we have already replicated .Dit database and ready to move on with bringing additional DC’s.
  • In place migrations in not my favorite thing to do, I like to perform fresh install and that being said if there is opportunity to do hardware refresh as well go ahead and do it, if not first decommission existing 03 DC get it out the domain peacefully and stick windows 2008 CD and perform fresh installation
  • Finding in decommissioning existing 03 servers going forward
  • First thing we have notices if replication is not working DCPromo would fail

Steps we have taken

  • We fixed the replication issue and gone back to site and services deleted dynamic KCC connections and made sure, replication from source DC to destination was working
  • We also point the server which is about to be decommissioned to neighbor DC/DNS server as its primary DNS otherwise DC promo would fail
  • We made sure the time was syncing correctly with PDC emulator
  • We eventually were able to DCPromo out the exiting 03 servers move form domain, delete the computer object from AD and gone back to site and services and delete the orphan server object

Also do remember all existing services need to be transferred to new domain controllers, such as DHCP,WINS,Certificate services, FSMO roles etc.

You may want to preserve IP addresses and if this is the case you will need to do IP address swap, which is fairly safe, all it takes is to re-boot the domain controller to allow the new dynamic records to get register in DNS.

remember all basic things we needed to check to make most of the problems go away and achieved successful migration of ADDS.

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com (Blog)
http://telnet25.wordpress.com/ (Blog

DNS Basic Configuration and Common Mistakes DNS Setup

One of the most common  mistake administrators do when it comes to configure DNS is to point the DC/DNS servers to IPS DNS servers as their primary DNS server. I see everyday problems related to  mis-configured DNS and decided to post some of the best practices and basic DNS settings for domain controllers.

The misconception behind this mistake is to connect the DC/DNS servers to the internet and therefore the ISP DNS IP addresses are being added to DC/DNS servers and of course not understanding basic DNS concept.

if you your get on your DC/DNS and issue IPconfig /all and you are seeing similar output below, you need to keep reading, because your DG/DNS is not configured correctly.

if you like to download the video here it is

Video 1

Host Name . . . . . . . . . . . . : DC4
Primary Dns Suffix  . . . . . . . : smtp25.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : smtp25.org

Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.10.4(Preferred)
Subnet Mask . . . . . . . . . . . :255.255.255.0
Default Gateway . . . . . . . . . :10.10.10.1
DNS Servers . . . . . . . . . . . : 208.67.222.222 ( ISP DNS)
                                         208.67.220.220  (ISP DNS)
NetBIOS over Tcpip. . . . . . . . : Enabled

Here are the rules and Previous post I have donefingerscrossed

DNS configuration

1. Do not point your DC/DNS servers to your ISP DNS servers on their Preferred and alternate DNS configuration on the TCP/IP properties.

2.Make sure the server has configured correctly, the TCP/IP stack and DNS server is pointing to ***Existing DC/DNS***

3. One of the best practice ***most common*** configuration is point DC/DNS servers Preferred IP to ***Itself*** and alternate DNS to its closest neighbor who is also DC/DNS server

4. You should make all DC/DNS servers ***Active directory integrated DNS*** simple reason is Security, Redundancy, simplicity.

If you have one DC/DNS AD integrated server in your environment, the DNS data is being kept on the domain partition of active directly thus it is getting replicated to any other DC even they are not DNS servers and therefore make all of them AD/DNS servers and be done with good configuration.

5.Don't use more than 1 NIC card, DC's don't like multiple NIC cards, multi-homed DC’s are most likely going to cause ***Trouble*** if you do have multiple NIC on your DC, Disable the second NIC and take out the option “ Register this connection’s addresses in DNS” in case another admin enables this NIC Inadvertently, to prevent this interface to register in DNS.

image

6.Forward the recursive queries which your domain is not authoritative for to the ISP DNS servers and let them do the heavy work. ( watch the video to learn how to configure forwarders)

7.Go to your DNS, forward lookup zone locate _msdcs.yourDomain.org , go to properties , click on name servers and make sure all the servers listed there are domain controller and they are functioning properly

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com (Blog)
http://telnet25.wordpress.com/ (Blog