Ok, so I've read several of the other posts and it sounds like for the majority of users the answers apply.
Multi-home dc's with dns not supported pick and interface and ip - not applicable
TDI hotfix for r2 http://support.microsoft.com/kb/2028827 - not applicable
Potential SCOM Agent, uninstall Agent - problem persists
Set zone to non DI - Not tried, relevance?
Change order of DNS servers in DNS tab on interface - problem persists
So for starters, I have 7 DC's in three sites. Two of my DC's are also DNS Servers, each of these DNS servers have multiple adapters, all adapters but one are disabled. Each server has a single statically assigned IP address. I have gone through the BPA for DNS and am down to just a single issue, i need to enable scavenging which is how this all started.
I was getting ready to turn on scavenging and popped into the dns logs to see what was what and was presented with thousands of little red dots :( lots of 404's and 408's. As I started looking into this I saw a very promising article that it may be a bug in TDI, and found a relevant hotfix for 2008R2, sadly this hotfix doesn't apply to my servers, most likely because they are sp1. The fileversion info didn't match up, so the fix wouldn't apply.
I then started to make sure that between the two servers they are were set up the same. Each server lists itself as the primary dns server, it's partner as secondary, our campus dns (slave) as third and 127.0.0.1 as fourth. Now I included the loopback because the BPA said it should be in there just not as first, when I re-ran the BPA it said hey, put the loopback in there just not as first...see the loop?
Then I started looking at the zones, and made sure that the config for each zone was the same. We host 4 zones for child and external domains. All zones were setup the same, and all are AD Integrated. One recommendation was to disable AD Integration and see what happens, which seems silly to me, they obviously are working new computers can be added without any issue.
I set the socketpoolsize and cachelockingpercent to be identical for each server.
dnscmd /Config /SocketPoolSize 10000
dnscmd /Config /CacheLockingPercent 100
I have set each server to listen to it's IP on it's adapter, I have bounced DNS several times.
Some things to note, i occasionally get a report that RPC is not available. We have an hourly cron that checks replication status and errors, and on occasion I will get an email that lists one of the DNS servers as not being available.
I have run dcdiag and not seen any errors that seem to relate back to this, mostly I get messages about about missing trusts from client computers, some differences in zones because this domain was recently upgraded to 2008 r2, i think they changed how the _msdcs zones show up.
I am also seeing some odd messages from schannel, but I don't know if it's related. The following fatal alert was received 48. I've not seen anything about that as pertains to a DC mostly just your iis server has an invalid cert. I've checked certs on the DC's and they look ok to me...but i'm not entirely sure what i should be looking for.
I will be happy to upload any info anybody requests. I think what a lot of folks tend to ask for first is ipconfig so here it is from both servers. I'm going to change hostnames, domain names, and ip addresses.
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC-04
Primary Dns Suffix . . . . . . . : ku.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ku.edu
Ethernet adapter Public Network [192.168.3.66]:
Connection-specific DNS Suffix . : ku.edu
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #8
Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.3.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 192.168.3.94
DNS Servers . . . . . . . . . . . : 192.168.3.66
192.168.4.200
192.168.2.1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledWindows IP Configuration
Host Name . . . . . . . . . . . . : DC-06
Primary Dns Suffix . . . . . . . : ku.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ku.edu
Ethernet adapter Public Network [192.168.4.200]:
Connection-specific DNS Suffix . : ku.edu
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #12
Physical Address. . . . . . . . . : BB-CC-DD-EE-FF-AA
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.4.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 192.168.4.254
DNS Servers . . . . . . . . . . . : 192.168.4.200
192.168.3.66
192.168.2.1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledJeffrey S. Patton Jeffrey S. Patton Systems Specialist, Enterprise Systems University of Kansas 1001 Sunnyside Ave. Lawrence, KS. 66045 (785) 864-0242 | http://patton-tech.com