| Author | Messages | |
skaufman-itt
Posts:23
 | | 08/07/2008 7:59 PM |
| To the guru's....
I've got a server (or possibly several) that are registering a SRV
records with an IP Address of 192.168.234.235. We have all Dell
PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99%
sure that a 26xx model DC with a DRAC II or III is registering this IP
Address for SRV records in DNS, but I cannot figure out which one. I've
enabled auditing and tried setting up network captures with specific
filters and all I've found so far is that "SYSTEM" registers this record
& my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but
would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating
this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| bdesmond
Posts:374
| | 08/07/2008 8:09 PM |
| I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| dwells
Posts:39
| | 08/07/2008 8:15 PM |
| Not sure I understand the recommendation here correctly but editing
NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or
reducing supportability); it represents what _has_ been registered . not
what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP
interface IIRC) has "register this connection in DNS" checked in its'
properties. Netlogon is doing this for you. Given this is a file you need to
edit, perhaps you can write a simple script to simply do the necessary token
replacement?
Have you been thinking about server refresh at all? These boxes are getting
old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL
Servers
Original Source can be found at ;
http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network
interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is
responsible for performing dynamic DNS registrations for the machine. On
each network properties page, there is a checkbox "register this connection
in DNS" that controls the DNS registration such that you can have a
dedicated monitoring or backup/restore LAN that is not used for normal
traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for
making the DNS registrations and it does not respect the setting of the
"register this connection in DNS" checkbox. This is normally something you
can work around through careful configuration of the secondary network
addresses, but it still results in extra records in the AD (_msdcs) that can
be confusing and increase replication. There is a specific issue that does
not have an obvious solution though - Dell servers with the DRAC cards
enabled have a virtual network interface for the remote console VNC session
connectivity. The address of this interface is 192.168.234.235 on /all/ Dell
servers. This causes problems with all the servers on the network because
when DNS queries are made for network logons, group policies, etc. one of
the results of the query is the 192.168.234.235 address, which is a valid
local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that
corrects the Netlogon service to properly respect the "register this
connection in DNS" checkbox on the network properties. KB 832478. To make
this work for the DRAC problem, there's one further trick once the hotfix is
installed. You must open the racdun.pbk file (double click it) which has the
network properties of the DRAC virtual interface and uncheck the "register
this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the
DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the
DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer
Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after
xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's..
I've got a server (or possibly several) that are registering a SRV records
with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers
for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model
DC with a DRAC II or III is registering this IP Address for SRV records in
DNS, but I cannot figure out which one. I've enabled auditing and tried
setting up network captures with specific filters and all I've found so far
is that "SYSTEM" registers this record & my network captures are coming up
empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but would
like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this
record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| skaufman-itt
Posts:23
| | 08/07/2008 8:29 PM |
| I've read that article & many others about dual nics in DCs. That's
what led me to how to solve the problem.
So that's exactly what I've been doing on all the servers, is
UN-checking the 'register this connection in dns' for the DRAC
interfaces. Depending on the installed firmware/driver & OMSA version,
sometimes just doing this in the NIC connection & bouncing the nic is
ok. Othertimes, I have to stop the drac service, then edit rac.dun.pbk
file to do the same thing.
I've tried using psexec with a DC list.txt file and netsh for this, but
have had mixed results. Mostly attributed to different versions of OMSA
being installed.
It would be nice to eliminate the DRAC, but the majority of our DC's are
at remote locations, and there are times when connecting via the DRAC is
a required.
Hardware replacement.... Yes, been talked about, recommended, designed,
etc... but get's put on hold due to cost & complexity of moving
data...... e.g. - they also act as F&P for the remote offices....
Something we're working on changing.
Scott Kaufman
Lead Network Administrator
ITT ESI, Inc.
Office: (317) 706-9266
Cell: (317) 201-0390
SKaufman@ITTESI.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC
PPP interface IIRC) has "register this connection in DNS" checked in
its' properties. Netlogon is doing this for you. Given this is a file
you need to edit, perhaps you can write a simple script to simply do the
necessary token replacement?
Have you been thinking about server refresh at all? These boxes are
getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL
Servers
Original Source can be found at ;
http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple
network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is
responsible for performing dynamic DNS registrations for the machine. On
each network properties page, there is a checkbox "register this
connection in DNS" that controls the DNS registration such that you can
have a dedicated monitoring or backup/restore LAN that is not used for
normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for
making the DNS registrations and it does not respect the setting of the
"register this connection in DNS" checkbox. This is normally something
you can work around through careful configuration of the secondary
network addresses, but it still results in extra records in the AD
(_msdcs) that can be confusing and increase replication. There is a
specific issue that does not have an obvious solution though - Dell
servers with the DRAC cards enabled have a virtual network interface for
the remote console VNC session connectivity. The address of this
interface is 192.168.234.235 on /all/ Dell servers. This causes problems
with all the servers on the network because when DNS queries are made
for network logons, group policies, etc. one of the results of the query
is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that
corrects the Netlogon service to properly respect the "register this
connection in DNS" checkbox on the network properties. KB 832478. To
make this work for the DRAC problem, there's one further trick once the
hotfix is installed. You must open the racdun.pbk file (double click it)
which has the network properties of the DRAC virtual interface and
uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via
the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of
the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase
xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer
Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after
xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV
records with an IP Address of 192.168.234.235. We have all Dell
PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99%
sure that a 26xx model DC with a DRAC II or III is registering this IP
Address for SRV records in DNS, but I cannot figure out which one. I've
enabled auditing and tried setting up network captures with specific
filters and all I've found so far is that "SYSTEM" registers this record
& my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but
would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating
this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| bdesmond
Posts:374
| | 08/07/2008 8:45 PM |
| Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or reducing supportability); it represents what _has_ been registered ... not what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| kurtbuff
Posts:26
| | 08/07/2008 8:47 PM |
| On Thu, Aug 7, 2008 at 4:58 PM, Scott Kaufman at HQ <SKaufman@ittesi.com> wrote:
> To the guru's….
>
>
>
> I've got a server (or possibly several) that are registering a SRV records
> with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers
> for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model
> DC with a DRAC II or III is registering this IP Address for SRV records in
> DNS, but I cannot figure out which one. I've enabled auditing and tried
> setting up network captures with specific filters and all I've found so far
> is that "SYSTEM" registers this record & my network captures are coming up
> empty.
>
>
>
> I've been slowly going through the 26xx DCs (~50 out of 120) with this
> configuration and configuring the DRAC per Dell's recommendation, but would
> like to figure out which server specifically is doing this.
>
>
>
> So, is there an easier solution to figure which DC would be creating this
> record, as I'm coming up empty searching on the web.
>
>
>
> Thanks,
>
> Scott
Query the arp tables on your switches, and find out which port the MAC
address coming from. From there, your network/switch/cable map (you do
have one, right?) should show you which server is plugged into the
port in question.
Kurt
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bdesmond
Posts:374
| | 08/07/2008 8:51 PM |
| Scott-
Based on this, have you considered starting with getting all your boxes on the same Dell firmware/driver version? You can deploy them with Dell IT Assistant (free).
I've got a lot of these older Dells in a customer environment and in general both with the DRAC in a large way and also the servers themselves, flashing firmware and upgrading drivers has been resolving a lot of issues. The DRACs in particular with old firmware have been very finicky. I've been seeing substantial stability improvements in boxes similar to yours that haven't been upgraded since they left the factory line.
If you get one version of OMSA across the board you may be able to reliably to script this.
A cheap trick in the short term would be to schedule a job on each DNS server to run every 5 minutes or whatever and delete the records in question if it's causing an issue. Dnscmd can do this easily. Schtasks.exe can make the job.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 7:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I've read that article & many others about dual nics in DCs. That's what led me to how to solve the problem.
So that's exactly what I've been doing on all the servers, is UN-checking the 'register this connection in dns' for the DRAC interfaces. Depending on the installed firmware/driver & OMSA version, sometimes just doing this in the NIC connection & bouncing the nic is ok. Othertimes, I have to stop the drac service, then edit rac.dun.pbk file to do the same thing.
I've tried using psexec with a DC list.txt file and netsh for this, but have had mixed results. Mostly attributed to different versions of OMSA being installed.
It would be nice to eliminate the DRAC, but the majority of our DC's are at remote locations, and there are times when connecting via the DRAC is a required.
Hardware replacement.... Yes, been talked about, recommended, designed, etc... but get's put on hold due to cost & complexity of moving data...... e.g. - they also act as F&P for the remote offices.... Something we're working on changing.
Scott Kaufman
Lead Network Administrator
ITT ESI, Inc.
Office: (317) 706-9266
Cell: (317) 201-0390
SKaufman@ITTESI.com<mailto:SKaufman@ITTESI.com>
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| skaufman-itt
Posts:23
| | 08/07/2008 9:12 PM |
| Brian,
Yes, we have ITA. We've been slowly upgrading the
servers with the latest firmware/drivers, and I've been installing OMSA
5.4 and setting the do not register on the ppp interface which is
resolving the issues. Was just hoping to figure out which server(s)
were doing it & get them updated quickly and continue working on the
rest.
Thank you for the idea about the scheduled task & dnscmd. I got caught
up in troubleshooting DC replication issues, slow logon times, DNS
anomalies that I didn't think about going down that road.
Thanks again!
Scott Kaufman
Lead Network Administrator
ITT ESI, Inc.
Office: (317) 706-9266
Cell: (317) 201-0390
SKaufman@ITTESI.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Scott-
Based on this, have you considered starting with getting all your boxes
on the same Dell firmware/driver version? You can deploy them with Dell
IT Assistant (free).
I've got a lot of these older Dells in a customer environment and in
general both with the DRAC in a large way and also the servers
themselves, flashing firmware and upgrading drivers has been resolving a
lot of issues. The DRACs in particular with old firmware have been very
finicky. I've been seeing substantial stability improvements in boxes
similar to yours that haven't been upgraded since they left the factory
line.
If you get one version of OMSA across the board you may be able to
reliably to script this.
A cheap trick in the short term would be to schedule a job on each DNS
server to run every 5 minutes or whatever and delete the records in
question if it's causing an issue. Dnscmd can do this easily.
Schtasks.exe can make the job.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Thursday, August 07, 2008 7:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I've read that article & many others about dual nics in DCs. That's
what led me to how to solve the problem.
So that's exactly what I've been doing on all the servers, is
UN-checking the 'register this connection in dns' for the DRAC
interfaces. Depending on the installed firmware/driver & OMSA version,
sometimes just doing this in the NIC connection & bouncing the nic is
ok. Othertimes, I have to stop the drac service, then edit rac.dun.pbk
file to do the same thing.
I've tried using psexec with a DC list.txt file and netsh for this, but
have had mixed results. Mostly attributed to different versions of OMSA
being installed.
It would be nice to eliminate the DRAC, but the majority of our DC's are
at remote locations, and there are times when connecting via the DRAC is
a required.
Hardware replacement.... Yes, been talked about, recommended, designed,
etc... but get's put on hold due to cost & complexity of moving
data...... e.g. - they also act as F&P for the remote offices....
Something we're working on changing.
Scott Kaufman
Lead Network Administrator
ITT ESI, Inc.
Office: (317) 706-9266
Cell: (317) 201-0390
SKaufman@ITTESI.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC
PPP interface IIRC) has "register this connection in DNS" checked in
its' properties. Netlogon is doing this for you. Given this is a file
you need to edit, perhaps you can write a simple script to simply do the
necessary token replacement?
Have you been thinking about server refresh at all? These boxes are
getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL
Servers
Original Source can be found at ;
http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple
network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is
responsible for performing dynamic DNS registrations for the machine. On
each network properties page, there is a checkbox "register this
connection in DNS" that controls the DNS registration such that you can
have a dedicated monitoring or backup/restore LAN that is not used for
normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for
making the DNS registrations and it does not respect the setting of the
"register this connection in DNS" checkbox. This is normally something
you can work around through careful configuration of the secondary
network addresses, but it still results in extra records in the AD
(_msdcs) that can be confusing and increase replication. There is a
specific issue that does not have an obvious solution though - Dell
servers with the DRAC cards enabled have a virtual network interface for
the remote console VNC session connectivity. The address of this
interface is 192.168.234.235 on /all/ Dell servers. This causes problems
with all the servers on the network because when DNS queries are made
for network logons, group policies, etc. one of the results of the query
is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that
corrects the Netlogon service to properly respect the "register this
connection in DNS" checkbox on the network properties. KB 832478. To
make this work for the DRAC problem, there's one further trick once the
hotfix is installed. You must open the racdun.pbk file (double click it)
which has the network properties of the DRAC virtual interface and
uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via
the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of
the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase
xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer
Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after
xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV
records with an IP Address of 192.168.234.235. We have all Dell
PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99%
sure that a 26xx model DC with a DRAC II or III is registering this IP
Address for SRV records in DNS, but I cannot figure out which one. I've
enabled auditing and tried setting up network captures with specific
filters and all I've found so far is that "SYSTEM" registers this record
& my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but
would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating
this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| dwells
Posts:39
| | 08/07/2008 9:22 PM |
| In my head . and it's not a recommendation that I recollect per se (other
than from me), it's just a behavior . try it . let me know what you find.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing
NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or
reducing supportability); it represents what _has_ been registered . not
what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP
interface IIRC) has "register this connection in DNS" checked in its'
properties. Netlogon is doing this for you. Given this is a file you need to
edit, perhaps you can write a simple script to simply do the necessary token
replacement?
Have you been thinking about server refresh at all? These boxes are getting
old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL
Servers
Original Source can be found at ;
http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network
interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is
responsible for performing dynamic DNS registrations for the machine. On
each network properties page, there is a checkbox "register this connection
in DNS" that controls the DNS registration such that you can have a
dedicated monitoring or backup/restore LAN that is not used for normal
traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for
making the DNS registrations and it does not respect the setting of the
"register this connection in DNS" checkbox. This is normally something you
can work around through careful configuration of the secondary network
addresses, but it still results in extra records in the AD (_msdcs) that can
be confusing and increase replication. There is a specific issue that does
not have an obvious solution though - Dell servers with the DRAC cards
enabled have a virtual network interface for the remote console VNC session
connectivity. The address of this interface is 192.168.234.235 on /all/ Dell
servers. This causes problems with all the servers on the network because
when DNS queries are made for network logons, group policies, etc. one of
the results of the query is the 192.168.234.235 address, which is a valid
local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that
corrects the Netlogon service to properly respect the "register this
connection in DNS" checkbox on the network properties. KB 832478. To make
this work for the DRAC problem, there's one further trick once the hotfix is
installed. You must open the racdun.pbk file (double click it) which has the
network properties of the DRAC virtual interface and uncheck the "register
this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the
DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the
DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer
Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after
xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's..
I've got a server (or possibly several) that are registering a SRV records
with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers
for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model
DC with a DRAC II or III is registering this IP Address for SRV records in
DNS, but I cannot figure out which one. I've enabled auditing and tried
setting up network captures with specific filters and all I've found so far
is that "SYSTEM" registers this record & my network captures are coming up
empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but would
like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this
record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| mschrisran
Posts:17
| | 08/07/2008 11:05 PM |
| Also netlogon.dns has nothing to do with A host records, that's all done with DHCP Client.
The recommendations below for enabling the "do not register in DNS" is the right approach, but we will only honor this in 2003 SP1 or newer.
If you don't need the card, then just disable it, otherwise set the do not register in dns setting.
Chris Ransom
Senior Premier Field Engineer - Active Directory
South Central District - San Antonio
US Central Premier Field Engineering
Email: chrisran@microsoft.com<mailto:chrisran@microsoft.com>
Cell: 210.482.0157
Fax: 425.708.5237
Blog: http://mschrisran.spaces.live.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or reducing supportability); it represents what _has_ been registered ... not what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| bdesmond
Posts:374
| | 08/07/2008 11:33 PM |
| Dean and I chatted offline on this - my post wasn't very clear. I was not suggesting anything about the netlogon.dns file.
There is a QFE for pre SP1 on that behavior linked in that blurb I pasted.
On the older model Dells, this virtual NIC is required for key functionality.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Ransom
Sent: Thursday, August 07, 2008 10:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Also netlogon.dns has nothing to do with A host records, that's all done with DHCP Client.
The recommendations below for enabling the "do not register in DNS" is the right approach, but we will only honor this in 2003 SP1 or newer.
If you don't need the card, then just disable it, otherwise set the do not register in dns setting.
Chris Ransom
Senior Premier Field Engineer - Active Directory
South Central District - San Antonio
US Central Premier Field Engineering
Email: chrisran@microsoft.com<mailto:chrisran@microsoft.com>
Cell: 210.482.0157
Fax: 425.708.5237
Blog: http://mschrisran.spaces.live.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or reducing supportability); it represents what _has_ been registered ... not what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| guyt76
Posts:11
| | 08/08/2008 2:33 PM |
|
Configuring DNS not to listen on the DRAC interface (as Dean already hinted) + unchecking "Register this connection in DNS" should fix this.
Guy
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Scott Kaufman at HQ
Sent: Fri 8/8/2008 3:29 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I've read that article & many others about dual nics in DCs. That's what led me to how to solve the problem.
So that's exactly what I've been doing on all the servers, is UN-checking the 'register this connection in dns' for the DRAC interfaces. Depending on the installed firmware/driver & OMSA version, sometimes just doing this in the NIC connection & bouncing the nic is ok. Othertimes, I have to stop the drac service, then edit rac.dun.pbk file to do the same thing.
I've tried using psexec with a DC list.txt file and netsh for this, but have had mixed results. Mostly attributed to different versions of OMSA being installed.
It would be nice to eliminate the DRAC, but the majority of our DC's are at remote locations, and there are times when connecting via the DRAC is a required.
Hardware replacement.... Yes, been talked about, recommended, designed, etc... but get's put on hold due to cost & complexity of moving data...... e.g. - they also act as F&P for the remote offices.... Something we're working on changing.
Scott Kaufman
Lead Network Administrator
ITT ESI, Inc.
Office: (317) 706-9266
Cell: (317) 201-0390
SKaufman@ITTESI.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| FreddyHARTONO
Posts:19
| | 09/08/2008 4:35 PM |
| With the Dell PE 2650 models I can't think why I would need RAC over VNC
access, since if the server is online you would be able to use RDP
anyway in GUI.
For our 2650 boxes I've been disabling the remote access item in the
device manager, as we used to have the same problems.
While for dead server access, for sure the older drac would still serve
its purpose.. (older drac cards doesn't do GUI redirection).
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 11:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean and I chatted offline on this - my post wasn't very clear. I was
not suggesting anything about the netlogon.dns file.
There is a QFE for pre SP1 on that behavior linked in that blurb I
pasted.
On the older model Dells, this virtual NIC is required for key
functionality.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Ransom
Sent: Thursday, August 07, 2008 10:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Also netlogon.dns has nothing to do with A host records, that's all done
with DHCP Client.
The recommendations below for enabling the "do not register in DNS" is
the right approach, but we will only honor this in 2003 SP1 or newer.
If you don't need the card, then just disable it, otherwise set the do
not register in dns setting.
Chris Ransom
Senior Premier Field Engineer - Active Directory
South Central District - San Antonio
US Central Premier Field Engineering
Email: chrisran@microsoft.com <mailto:chrisran@microsoft.com>
Cell: 210.482.0157
Fax: 425.708.5237
Blog: http://mschrisran.spaces.live.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing
NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or
reducing supportability); it represents what _has_ been registered ...
not what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC
PPP interface IIRC) has "register this connection in DNS" checked in
its' properties. Netlogon is doing this for you. Given this is a file
you need to edit, perhaps you can write a simple script to simply do the
necessary token replacement?
Have you been thinking about server refresh at all? These boxes are
getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL
Servers
Original Source can be found at ;
http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple
network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is
responsible for performing dynamic DNS registrations for the machine. On
each network properties page, there is a checkbox "register this
connection in DNS" that controls the DNS registration such that you can
have a dedicated monitoring or backup/restore LAN that is not used for
normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for
making the DNS registrations and it does not respect the setting of the
"register this connection in DNS" checkbox. This is normally something
you can work around through careful configuration of the secondary
network addresses, but it still results in extra records in the AD
(_msdcs) that can be confusing and increase replication. There is a
specific issue that does not have an obvious solution though - Dell
servers with the DRAC cards enabled have a virtual network interface for
the remote console VNC session connectivity. The address of this
interface is 192.168.234.235 on /all/ Dell servers. This causes problems
with all the servers on the network because when DNS queries are made
for network logons, group policies, etc. one of the results of the query
is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that
corrects the Netlogon service to properly respect the "register this
connection in DNS" checkbox on the network properties. KB 832478. To
make this work for the DRAC problem, there's one further trick once the
hotfix is installed. You must open the racdun.pbk file (double click it)
which has the network properties of the DRAC virtual interface and
uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via
the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of
the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase
xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer
Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after
xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV
records with an IP Address of 192.168.234.235. We have all Dell
PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99%
sure that a 26xx model DC with a DRAC II or III is registering this IP
Address for SRV records in DNS, but I cannot figure out which one. I've
enabled auditing and tried setting up network captures with specific
filters and all I've found so far is that "SYSTEM" registers this record
& my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but
would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating
this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| skaufman-itt
Posts:23
| | 09/08/2008 4:37 PM |
| Just to bring closure from my original post....
Updating the Bios, firmware & drivers for the DC's as well as installing
Dell's Open Manage System Administration (OMSA) v5.4 to these DC's has
resolved the problem I was experiencing.
In addition with the updates, the DCs that had an older Drac III card,
editing the .pbk file to not register in DNS.
There are times when out of band management becomes necessary, as many
other people have mentioned about not being to RDP to the server for
various reasons.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Tuesday, September 02, 2008 12:18 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Yeah though the VNC thing on the older DRACs doesn't kick in during
those scenarios.
--brian
________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Ransom
[chrisran@microsoft.com]
Sent: Tuesday, September 02, 2008 9:33 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Or an endless reboot scenario, or a SafeMode/DSRM reboot, or BIOS
Changes, or... there are lots of reasons why DRAC's are used...
Chris Ransom
Senior Premier Field Engineer - Active Directory
South Central District - San Antonio
US Central Premier Field Engineering
Email: chrisran@microsoft.com <mailto:chrisran@microsoft.com>
Cell: 210.482.0157
Fax: 425.708.5237
Blog: http://mschrisran.spaces.live.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Tuesday, September 02, 2008 8:18 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
When the IP on the NIC gets reset because of a bad driver update or
something you'll find it useful...
--brian
________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Freddy HARTONO
[Freddy.HARTONO@internationalsos.com]
Sent: Monday, September 01, 2008 8:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
With the Dell PE 2650 models I can't think why I would need RAC over VNC
access, since if the server is online you would be able to use RDP
anyway in GUI.
For our 2650 boxes I've been disabling the remote access item in the
device manager, as we used to have the same problems.
While for dead server access, for sure the older drac would still serve
its purpose.. (older drac cards doesn't do GUI redirection).
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 11:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean and I chatted offline on this - my post wasn't very clear. I was
not suggesting anything about the netlogon.dns file.
There is a QFE for pre SP1 on that behavior linked in that blurb I
pasted.
On the older model Dells, this virtual NIC is required for key
functionality.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Ransom
Sent: Thursday, August 07, 2008 10:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Also netlogon.dns has nothing to do with A host records, that's all done
with DHCP Client.
The recommendations below for enabling the "do not register in DNS" is
the right approach, but we will only honor this in 2003 SP1 or newer.
If you don't need the card, then just disable it, otherwise set the do
not register in dns setting.
Chris Ransom
Senior Premier Field Engineer - Active Directory
South Central District - San Antonio
US Central Premier Field Engineering
Email: chrisran@microsoft.com <mailto:chrisran@microsoft.com>
Cell: 210.482.0157
Fax: 425.708.5237
Blog: http://mschrisran.spaces.live.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing
NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or
reducing supportability); it represents what _has_ been registered ...
not what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC
PPP interface IIRC) has "register this connection in DNS" checked in
its' properties. Netlogon is doing this for you. Given this is a file
you need to edit, perhaps you can write a simple script to simply do the
necessary token replacement?
Have you been thinking about server refresh at all? These boxes are
getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL
Servers
Original Source can be found at ;
http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple
network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is
responsible for performing dynamic DNS registrations for the machine. On
each network properties page, there is a checkbox "register this
connection in DNS" that controls the DNS registration such that you can
have a dedicated monitoring or backup/restore LAN that is not used for
normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for
making the DNS registrations and it does not respect the setting of the
"register this connection in DNS" checkbox. This is normally something
you can work around through careful configuration of the secondary
network addresses, but it still results in extra records in the AD
(_msdcs) that can be confusing and increase replication. There is a
specific issue that does not have an obvious solution though - Dell
servers with the DRAC cards enabled have a virtual network interface for
the remote console VNC session connectivity. The address of this
interface is 192.168.234.235 on /all/ Dell servers. This causes problems
with all the servers on the network because when DNS queries are made
for network logons, group policies, etc. one of the results of the query
is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that
corrects the Netlogon service to properly respect the "register this
connection in DNS" checkbox on the network properties. KB 832478. To
make this work for the DRAC problem, there's one further trick once the
hotfix is installed. You must open the racdun.pbk file (double click it)
which has the network properties of the DRAC virtual interface and
uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via
the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of
the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase
xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer
Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after
xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV
records with an IP Address of 192.168.234.235. We have all Dell
PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99%
sure that a 26xx model DC with a DRAC II or III is registering this IP
Address for SRV records in DNS, but I cannot figure out which one. I've
enabled auditing and tried setting up network captures with specific
filters and all I've found so far is that "SYSTEM" registers this record
& my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this
configuration and configuring the DRAC per Dell's recommendation, but
would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating
this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
| robertsingers
Posts:150
| | 09/08/2008 4:41 PM |
| Just out of interest do you use the out of band SNMP Hardware monitoring
capabilities of your DRAC cards?
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Wednesday, 3 September 2008 5:10 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Just to bring closure from my original post....
Updating the Bios, firmware & drivers for the DC's as well as installing
Dell's Open Manage System Administration (OMSA) v5.4 to these DC's has
resolved the problem I was experiencing.
In addition with the updates, the DCs that had an older Drac III card,
editing the .pbk file to not register in DNS.
There are times when out of band management becomes necessary, as many
other people have mentioned about not being to RDP to the server for
various reasons.
#############################################################################################
This e-mail message has been scanned for Viruses and cleared by NetIQ MailMarshal.
##############################################################################################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
| | | |
| skaufman-itt
Posts:23
| | 09/08/2008 4:50 PM |
| I've always gotten those notifications from OMSA on the server via SNMP
traps to ITA, as well as the Drac sending the same thing. Sometimes
it's duplicate messages, but it's nice to get them.
Scott
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: Wednesday, September 03, 2008 7:21 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I always found it was extremely helpful to have the DRAC tell me when a
system disk had died :-)
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Thursday, 4 September 2008 10:39 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Yes, I've been slowly turning them on, and adding the IP Address of the
Drac to IT Assistant. The one thing that is annoying is the SNMP
community name is limited in the number of characters, so I have two
SNMP communities, one for Drac's and one for servers (the server one
being 25 characters or so).
It's been moderately helpful to have the SNMP traps from the Drac. IT
Assistant doesn't seem to use the DNS name configured on the network
settings, but uses RAC_systemtag. So, there is still a lookup in our IP
spreadsheet to identify the DRAC for a server at our colo facility. The
remote office servers have a dedicated IP for the Drac, and that scheme
is used throughout, so makes it easier.
Scott
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: Wednesday, September 03, 2008 5:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Just out of interest do you use the out of band SNMP Hardware monitoring
capabilities of your DRAC cards?
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman
at HQ
Sent: Wednesday, 3 September 2008 5:10 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Just to bring closure from my original post....
Updating the Bios, firmware & drivers for the DC's as well as installing
Dell's Open Manage System Administration (OMSA) v5.4 to these DC's has
resolved the problem I was experiencing.
In addition with the updates, the DCs that had an older Drac III card,
editing the .pbk file to not register in DNS.
There are times when out of band management becomes necessary, as many
other people have mentioned about not being to RDP to the server for
various reasons.
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal
________________________________
________________________________
Please Note:
The information contained in this email message and any attached files
may be confidential and subject to privilege. Any opinions expressed in
this message are not necessarily those of the Department of Building and
Housing. All technical opinions are offered on a 'no-liability' basis.
This message and any files transmitted with it are confidential and
solely for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure or copying
of this email is unauthorised. If you have received this email in
error, please notify us immediately by reply email and delete the
original and any attachment(s). Thank you.
________________________________
________________________________
Please Note:
The information contained in this email message and any attached files
may be confidential and subject to privilege. Any opinions expressed in
this message are not necessarily those of the Department of Building and
Housing. All technical opinions are offered on a 'no-liability' basis.
This message and any files transmitted with it are confidential and
solely for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure or copying
of this email is unauthorised. If you have received this email in
error, please notify us immediately by reply email and delete the
original and any attachment(s). Thank you.
________________________________
| | | |
|
|