| Author | Messages | |
PARRIS
Posts:97
 | | 08/08/2008 1:52 AM |
| England awakes.
From my experience with the DRACs is that in server assistant you can change basic info about the drac such as it's IP address but to you have to edit it via the BIOS to get to the really interesting stuff - of which one section is about DNS and its registration. This of course may be editable elsewhere - but I've never found it.
Regards,
Mark Parris
-----Original Message-----
From: Brian Desmond <brian@briandesmond.com>
Date: Fri, 8 Aug 2008 03:30:49
To: ActiveDir@mail.activedir.org<ActiveDir@mail.activedir.org>
Subject: AD: RE: [ActiveDir] DC DNS Registrations
Dean and I chatted offline on this - my post wasn't very clear. I was not suggesting anything about the netlogon.dns file.
There is a QFE for pre SP1 on that behavior linked in that blurb I pasted.
On the older model Dells, this virtual NIC is required for key functionality.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Chris Ransom
Sent: Thursday, August 07, 2008 10:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Also netlogon.dns has nothing to do with A host records, that's all done with DHCP Client.
The recommendations below for enabling the "do not register in DNS" is the right approach, but we will only honor this in 2003 SP1 or newer.
If you don't need the card, then just disable it, otherwise set the do not register in dns setting.
Chris Ransom
Senior Premier Field Engineer - Active Directory
South Central District - San Antonio
US Central Premier Field Engineering
Email: chrisran@microsoft.com<mailto:chrisran@microsoft.com>
Cell: 210.482.0157
Fax: 425.708.5237
Blog: http://mschrisran.spaces.live.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, August 08, 2008 8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Dean-
Where is this recommendation?
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dean Wells
Sent: Thursday, August 07, 2008 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
Not sure I understand the recommendation here correctly but editing NETLOGON.DNS serves little purpose (beyond perhaps documentation and/or reducing supportability); it represents what_has_ been registered ... not what will be.
--
Dean Wells
* Email: limeypride@gmail.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, August 07, 2008 8:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC DNS Registrations
I just Googled this and learned that the DRAC virtual interface (the RAC PPP interface IIRC) has "register this connection in DNS" checked in its' properties. Netlogon is doing this for you. Given this is a file you need to edit, perhaps you can write a simple script to simply do the necessary token replacement?
Have you been thinking about server refresh at all? These boxes are getting old.
http://www.adminnotes.com/index/windows_2003_/
Dual NIC problems with Netlogon and DNS
Here is an very interesting blog from Andy on Dual NIC problems on DELL Servers
Original Source can be found at ; http://cameron-webb.com/blog/archive/2004/04/15/165.aspx
There's a long-standing issue with domain controllers with multiple network interfaces and DNS.
On a normal workstation, or member server, the DHCP Client service is responsible for performing dynamic DNS registrations for the machine. On each network properties page, there is a checkbox "register this connection in DNS" that controls the DNS registration such that you can have a dedicated monitoring or backup/restore LAN that is not used for normal traffic and is not listed in DNS.
On a domain controller, however, the Netlogon service is responsible for making the DNS registrations and it does not respect the setting of the "register this connection in DNS" checkbox. This is normally something you can work around through careful configuration of the secondary network addresses, but it still results in extra records in the AD (_msdcs) that can be confusing and increase replication. There is a specific issue that does not have an obvious solution though - Dell servers with the DRAC cards enabled have a virtual network interface for the remote console VNC session connectivity. The address of this interface is 192.168.234.235 on /all/ Dell servers. This causes problems with all the servers on the network because when DNS queries are made for network logons, group policies, etc. one of the results of the query is the 192.168.234.235 address, which is a valid local address!
There are two possible resolutions to this problem:
1. There is now a hotfix available from Microsoft for Windows 2003 that corrects the Netlogon service to properly respect the "register this connection in DNS" checkbox on the network properties. KB 832478. To make this work for the DRAC problem, there's one further trick once the hotfix is installed. You must open the racdun.pbk file (double click it) which has the network properties of the DRAC virtual interface and uncheck the "register this connection in DNS" checkbox.
note that if you don't need the remote VNC connection to the console via the DRAC, you can simply disable the DRAC PPP device in Device Manager
2. The racadm utility from Dell can be used to change the IP address of the DRAC virtual interface.
"racadm config -g cfgRacTuning -o cfgRacTuneMnNwIpAddrBase xxx.xxx.xxx.xxx"
Set HKU\.DEFAULT\Software\Dell Computer Corporation\OpenManage\RacWinVnc3\HostIPAddress to be the next IP after xxx.xxx.xxx.xxx on the same network (class C)
restart the server
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Scott Kaufman at HQ
Sent: Thursday, August 07, 2008 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC DNS Registrations
To the guru's....
I've got a server (or possibly several) that are registering a SRV records with an IP Address of 192.168.234.235. We have all Dell PowerEdge servers for DC's (26xx to 29xx models) with DRAC's. I'm 99% sure that a 26xx model DC with a DRAC II or III is registering this IP Address for SRV records in DNS, but I cannot figure out which one. I've enabled auditing and tried setting up network captures with specific filters and all I've found so far is that "SYSTEM" registers this record & my network captures are coming up empty.
I've been slowly going through the 26xx DCs (~50 out of 120) with this configuration and configuring the DRAC per Dell's recommendation, but would like to figure out which server specifically is doing this.
So, is there an easier solution to figure which DC would be creating this record, as I'm coming up empty searching on the web.
Thanks,
Scott
| | | |
|
|