Archive for the 'DNS Server' Category

Handy DNS Troubleshooting Tool: MXToolBox

Published January 5, 2012 Cloud , DNS Server Comment
Tags: , , ,

I often use the Microsoft NSlookup utility to get DNS information when I’m troubleshooting DNS issues. Once in a while, though, our internal network configuration causes inaccurate results because of VPN configuration settings. Today I worked with a handy online DNS troubleshooting tool, the MXToolBox SuperTool, and came away very impressed with its speed, capability and ease of use.

The MXToolBox SuperTool allows you to query and filter record types for any domain, including NS records, MX records and even WHOIS records. You can also verify connectivity over different protocols like TCP, HTTP and HTTPS! Give the tool a try if you need DNS troubleshooting as I’ve found it quite handy and easy to use.

Run IIS Web Applications on a Windows Member Server and Not a Domain Controller

Published August 17, 2011 Active Directory , DNS Server , Exchange , IIS , Microsoft Active Directory , SQL 2008 , SQL Server , Virtualization , VMWare , Windows Server 2008 , Windows Server 2008 R2 Leave a Comment
Tags: , , , , , , , , ,

Most of our software products run on Microsoft’s IIS web server. In our product installation guides, we specify in the system requirements to install our web applications on a member server instead of a domain controller. Recently, a prospect asked us why we recommend this since WebAD products connect to Active Directory. Is it really a best practice to use a Windows member server instead of a domain controller to run IIS web applications and other services like SQL Server or Exchange?

In short, it’s best to run web applications and other functional roles on a member server instead of a domain controller. Yes, Microsoft does have offerings like Windows Small Business Server (SBS) that combine seemingly myriad roles on a single server but these scenarios are really only intended for small businesses with simple needs. For many organizations, separating domain controller functions from member servers running other services allows you to maintain the health of your Active Directory environment without interference from oddities brought on through other services and applications. You can still combine roles on member servers to share hardware and software resources but there is no need to clutter your DC with unnecessary services that might interfere with AD operations.

The following snippet from an excellent discussion at ServerFault provides great insight.

“Splitting out your server roles to separate boxes does put you in a very nice position where you can do maintenance on one box without affecting the others. Also, putting weird and flaky third party software (I’m talking printer drivers here) on a DC doesn’t chime well with my sensibilities. Thirdly, you want your DC event logs to be squeaky clean, you don’t want a minor heart attack any time you get a security or system warning from one of those!”

Another great comment from the same discussion provides more fodder to separating domain controller functions from other roles and services, although there are a few roles like DHCP and DNS that can work quite well on a domain controller.

“Multi-Role Domain controllers are pretty common. Although, most roles they perform are network infrastructure roles. Good examples are File Servers, DHCP and DNS. They are poor choices for things like Terminal servers (Users do not have rights to log into a Domain Controller and giving them said rights grants requires Domain Admins), Web Application Servers, Line of Business App Servers, Firewall/Proxy/ISA servers, etc. In my environments, I prefer to have all internal DNS Servers running on Domain Controllers as well as my DHCP services. This seems to be a good mix of roles on the DCs to reduce cost and make the best use of the hardware possible.”

With the advent of virtualization, the need to combine roles on domain controllers really goes away since the cost to spin up a new virtual machine instance is very cheap. Make it easy on yourself and keep your domain controllers pure while combining roles and services on member servers.

ARGH! Microsoft, Why do you vex me?

Published May 28, 2010 DNS Server , Microsoft , VMWare , vSphere , Windows Server 2008 Leave a Comment
Tags: , , , , ,

So a little background.  After a power failure and realizing that my DNS server for my ESX/vSphere cluster was a virtual machine and that VMware ESX clusters and a lack of DNS don’t work well I decided to add to move DNS to a physical server in my environment. I loaded the DNS server on Windows 2008 SP1 and added a secondary IP address for the DNS server the ESX hosts were already using to that W2K8 server.  This server was already my VMware vCenter server and I didn’t want to change the IP address for the whole server.

So a few weeks go by and one of my ESX hosts is showing disconnected.  Reconnecting it or trying to add it as a new host don’t succeed and in looking at the error logs on my ESX host I see that the request to the host from the vCenter server is coming from the secondary IP address I added to the vCenter/DNS server…hmmmmm….

So I double-checked everything and even tried looking at the routes setup on the Windows 2008 server but to no avail I can’t change the source IP address it is using.  After much searching around the web I found an article from Microsoft saying that they changed the way source IP’s are selected between Windows 2003 and 2008….no kidding….lol

http://blogs.technet.com/networking/archive/2009/04/24/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

Basically Windows using the IP source address “closest” to the destination address, oh goody…

Well hang on, here’s the solution.  Update to Windows 2008 SP2 then download the hotfix in the below article and install it, reboot, remove the secondary IP address then add it using netsh as documented in the KB article.  Note…there is no hotfix for Windows 2008 R2….great…not

http://support.microsoft.com/kb/975808

Hope this helps someone and if you’re using more than 1 IP address on a Windows 2008+ host you should definitely be aware of this behavior/feature…. cough cough.  I love Microsoft most of the time but this one was a pain to find.

Slipstick Systems Outlook and Exchange Solutions Center
Utilities, how to's and other solutions for Microsoft Outlook and Microsoft Exchange users, administrators and developers

Share this blog

Facebook Twitter More...

Enter your email address to subscribe to WebActiveDirectory blog via email.

Join 243 other followers

Web Active Directory Products

Download PDF product data sheets:
Follow

Get every new post delivered to your Inbox.

Join 243 other followers