1

I just got a request asking if I could volunteer/help out a local shelter with their network. They're having a "bunch of issues" / slowness /etc. They had a SBS 2k3 server with about 40 domain clients. A consultant told them that 2k3 and exchange was the problem. They paid to move email to Google and upgrade the Server to 2012R2.. and guess what.. the issues are still there (and apparently things are worse). Could I please help?

Sure!...

Get there, fixed a bunch of things... but this last one is a head scratcher (for me at least)

They own the BxCx.org domain (names changed to protect the innocent). Their public website is www.BxCx.org. The last computer expert set their 2k3 AD domain name to Bx.Cx.org (notice that extra period...). Thus, the server registers as Server.Bx.Cx.org. Each device on the network is registering on the network as Device1.Bx.Cx.org.... However, I'm watching domain requests at the firewall for Device1.Cx.org, Device2.Cx.org, Printer1.Cx.org, Switch1.Cx.org, etc... Somehow, there are DNS queries to devices that keep heading out to Cx.org trying to resolve until they error out. Its quite a fun mess..

FWIW, the don't own the domain Cx.org - thats a whole other organization.

I have a few ideas to fix this .. in linux. I -think- I have some ideas about how to fix this in Windows...

Should I just register Cx.org in DNS? Try to change the AD domain name? or ?

I'm sharp enough to know when its better to ask than assume I've an answer. Hopefully, someone might've seen this before or tell me that there is an easier/different fix?

My background - I was a Linux (mostly) & Windows admin for 20 years - but switched careers around 2010-2011. I admit to not being an expert on Windows Server 2012 or 2016 - Hence the plea for help.

Thanks in advance! Charlie

Ethixan
  • 11
  • 3
  • If the AD domain is Bx.Cx.org why are the domain members registering as device.Cx.org? They should be registering as device.Bx.Cx.org. Fix that and you'll fix your problem. – joeqwerty Oct 21 '17 at 22:13
  • Joe - I didn't explain it well before. The devices are registering correctly in AD... I think.. I'm seeing unusual domain requests at the firewall that I'm trying to figure out? – Ethixan Oct 21 '17 at 22:48
  • Where are those requests coming from? Do you have any logs that list the source? – Cory Knutson Oct 22 '17 at 00:00
  • 1
    You probably have your DNS search list or DNS suffix mis configured. That is handed out by DHCP. If you do an `ipconfig /all` you'll see Cx.org in the suffix list. That means Windows will append Cx.org to all requests. The suffix should be Bx.Cx.org. – Appleoddity Oct 22 '17 at 02:24

1 Answers1

0

The problem was attributable to migration from win2k3 AD to Win2k12 AD, during the process the AD domain Bx.Cx.org carried out successfully. host.subdomain.TLD is acceptable even in Win2k12 while configuring a DC & AD domain.

Temporary fix is to add CNAME and domain controller (name server) entries in Domain regitrar's DNS entries (like : CNAME Bx.Cx.org -> www.BxCx.org)

Permanent remedy is to change the AD domain to BxCx.org and cleaning up DNS entries to reflect the change on domain controller on site.

IITC
  • 41
  • 5