Thursday, March 8, 2012

DNS Matters... ALOT

DNS reminder for Active Directory experts.

I recently worked with a client spent 10 hours on the phone with a well known consulting company trying to resolve GPO, COM+, WinRM SPN creation, ip6.arpa and replication issues. After spending thousands of dollars looking at errors and warnings in event logs and performing internet searches for possible fixes, the call ended with nothing resolved.

So, I got the call to give it a shot. Obviously, my client was very skeptical about my ability to help after witnessing the strikeout of the previous consultant.I spent a few hours reviewing all AD health tests and best practices. I discovered, as I often do, that the client had configured both domain controllers pointed to loopback for the primary DNS client setting and pointed at the other domain controller for the secondary DNS client setting.

We reconfigured this by using the Microsoft best practice of configuring all (both) of the domain controllers' primary DNS client setting to point at the PDC and then to the other domain controller, but, before we got around to going through the Active Directory health checks again, which were scheduled for 2 days later, he changed one of the servers BACK ... after the call… He apparently did not agree with my opinion (that is to say, MICROSOFT's opinion) on DNS best practices.

After spending a little time going through health checks on the next appointment, I discovered the change. After a little coaxing, I got him to point both DC’s to PDC for primary DNS client setting and then the other DC for secondary. And guess what?

Within 15 minutes every health check was clean and group policy was working perfectly.

Check and VERIFY DNS first… and check it again if you have to call back. It really is a best practice. It could save thousands of dollars and keep you from being on the phone all night, like my unlucky client.

The last thing I asked him before finishing the call was, “What is the most important configuration in your environment?”

What do you think he said? J

- Peter Trast, MCITP DBA, MCITP EA, MCT LinkIn with Peter 

No comments:

Post a Comment