1

I have a Hub and Spoke configuration. The spokes can never see another spoke.

SCOM is reporting errors that GPO can't access \company.com probably because every Domain Controller has an NS record, and the NS for company.com is ALL DC's.

I'm more concerned if this is an issue for all clients rather than just a SCOM test script.

Question

Is it an issue for spoke sites to have NS records they can't reach in company.com's lookup?

How should I resolve this? I can't remove DNS from all servers, since they need local name resolution in the event of WAN failure.

makerofthings7
  • 8,911
  • 34
  • 121
  • 197
  • 2
    `1.` I'm assuming that the DNS servers at each site are also DC's. Is that the case? `2.` I'm also assuming that you have Active Directory Sites and Services setup for each site and subnet. Is that the case? – joeqwerty Dec 17 '14 at 22:12
  • @joeqwerty 1 - Each DC is a DNS server, 2. I have sites setup with a site link bridge to the two hub sites – makerofthings7 Dec 18 '14 at 00:11
  • OK, so that takes care of AD replication, but more specifically do you have subnets associated with each of those sites for client "affinity"? – joeqwerty Dec 18 '14 at 01:55
  • Yes all subnets are configured, and verified for the sites in error – makerofthings7 Dec 18 '14 at 01:57
  • No it does not hurt for all DCs to have NS records. Just as long as all clients only use DNS resolvers that they can actually talk to in their NIC configurations. I can't quite figure out what "errors that GPO can't access company.com" means though. Maybe a full copy of the event log message would help. – Ryan Ries Dec 18 '14 at 03:41

0 Answers0