8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
1/25
Module 10:
Troubleshooting AD DS,DNS, and ReplicationIssues
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
2/25
Module Overview
Troubleshooting Active Directory Domain Services
Troubleshooting DNS Integration with AD DS
Troubleshooting AD DS Replication
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
3/25
Lesson 1: Troubleshooting Active DirectoryDomain Services
Introduction to AD DS Troubleshooting
Discussion: How to Troubleshoot AD DS Issues
Troubleshooting User Access Errors
Demonstration: Tools for Troubleshooting UserAccess Errors
Troubleshooting Domain Controller Performance Issues
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
4/25
Introduction to AD DS Troubleshooting
AD DS troubleshooting begins when:
Users report authentication or authorization errors
AD DS related events appear in the Event Viewer
Domain controller performance is degraded
An alert is generated by a monitoring system
Data is not being replicated between domain controllers
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
5/25
Discussion: How to Troubleshoot AD DS Issues
What tools would you use?
How would you verify that your solution worked?
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
6/25
Troubleshooting User Access Errors
User access errors may be the result of:
Network access errors
Authentication errors
Authorization errors
To address user access errors, verify:
Network connectivity
Time synchronization
Domain controller availability
User account and userlockout settings
Group memberships
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
7/25
Demonstration: Tools for Troubleshooting UserAccess Errors
In this demonstration, you will see how to troubleshootuser access errors using Windows tools
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
8/25
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
9/25
Troubleshooting Domain ControllerPerformance Issues
Most common performance issues include:
High CPU utilization
High network utilization
To resolve performance issues:
Identify the processes withhigh CPU utilization
Move applications or servicesto another server
Monitor application-specificnetwork traffic
Distribute AD DSand DNS roles acrossmultiple servers
Review and modify thereplication topology
Deploy domain controllerswith 64-bit hardware
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
10/25
Lesson 2: Troubleshooting DNS Integrationwith AD DS
Overview of DNS and AD DS Troubleshooting
Troubleshooting DNS Name Resolution
Troubleshooting DNS Name Registration
Troubleshooting DNS Zone Replication
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
11/25
Overview of DNS and AD DS Troubleshooting
Troubleshoot DNS and AD DS integration when: Users cannot log on to AD DS
AD DS replication is failing
AD DS installation fails
To troubleshoot DNS and AD DS integration, verify:
DNS client and server configurations
DNS name registration
DNS zone replication
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
12/25
Troubleshooting DNS Name Resolution
DNS name resolution may fail due to:
Network connectivity issues
Client configuration errors
DNS server availability
Name registration or DNS replication issues
To troubleshoot DNS name resolution:
Test network connectivity by pinging the DNS serverby IP address
Use IPconfig to examine the client configuration
Use NSlookup to verify server availability
Flush the DNS cache
Use NSlookup to verify SRV records
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
13/25
Troubleshooting DNS Name Registration
DNS name registration may fail due to:
Client configuration errors
DNS server availability
DNS zone configuration
To troubleshoot DNS name registration:
Verify that the client is configured to register in DNS
Test DNS server availability
Verify that the DNS zone is configured fordynamic updates
Test DNS by using the DCDiag /Test:DNS command
Register the SRV records by restarting theNetlogon service
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
14/25
Troubleshooting DNS Zone Replication
Investigate DNS zone replication issues when:
DNS-related issues are specific to certainDNS server clients
Zone information is not consistent on differentDNS servers
DNS server availability is not consistent
There are DNS replication or name registration issues
Troubleshoot AD DS replication for AD DSintegrated zones
To troubleshoot standard zone transfer issues:
Verify network connectivity
Verify primary server and secondary server configuration
Verify Start of Authority record
Verify zone transfer configuration
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
15/25
Lesson 3: Troubleshooting AD DS Replication
AD DS Replication Requirements
Common Replication Issues
What Is the Repadmin Tool?
What Is the DCDiag Tool?
Identifying the Cause of Replication Errors Discussion: Troubleshooting Inter-Site AD DSReplication Issues
Troubleshooting Distributed File Replication Issues
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
16/25
AD DS Replication Requirements
AD DS replication requires:
Routable IP infrastructure DNS name resolution
RPC or Simple Mail Transfer Protocol (SMTP)connectivity between domain controllers
Kerberos v5 authentication
Lightweight Directory Access Protocol (LDAP)connectivity to install new domain controllers
File Replication Service or Distributed FileSystem Replication
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
17/25
Common Replication Issues
Replication greatlyincreases networktraffic
Possible causes
Replication doesnot finish or occur
Replication is slow
Client computersreceive a slowresponse
Symptom
Sites not connected by site links
No bridgehead server in the site group
No domain controller onlinein client site
Not enough domaincontrollers
Inefficient site topologyand schedule
Insufficient bandwidth
Incorrect site topology
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
18/25
What Is the Repadmin Tool?
Use the Repadmin command-line tool to:
View and manually create the replication topology
Force replication events between domain controllers
View the replication metadata
Syntax:repadmin command arguments [/u:[domain\]user pw:{password|*}]
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
19/25
What Is the DCDiag Tool?
Use the Dcdiag command-line tool to:
Analyze the state of a domain controller, and reportany problems
Perform a series of tests to verify differentsystem areas
Syntax:dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
20/25
Identifying the Cause of Replication Errors
System monitor NTDS counters
Testing method
Sites are notconnected bysite links
No bridgeheadserver in the site
Inefficient sitetopology andschedule
Possible causes
Dcdiag /test:Topology
Repadmin /bridgeheads
Repadmin /latency
No domain controlleronline in the site
Dcdiag /test:Replication
Dcdiag /test:Connectivity
Not enough domain
controllers
Incorrect sitetopology
AD DS Sites and Services
Repadmin /latency
V Dcdiag /test:Intersite
Disc ssion T o bleshooting Inte Site AD DS
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
21/25
Discussion: Troubleshooting Inter-Site AD DSReplication Issues
What steps would you take to troubleshoot an AD DSreplication issue?
How would you verify that your solution worked?
Troubleshooting Distributed File
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
22/25
Troubleshooting Distributed FileReplication Issues
Windows Server 2008 uses FRS or DFSR to replicate theSYSVOL directory between domain controllers
Both FRS and DFSR require LDAP and RPC connectivitybetween domain controllers
Use Ntfrsutl and FRSDiag to troubleshoot FRS replication
Use DFSRAdmin to troubleshoot DFRS replication
Lab: Troubleshooting AD DS DNS and
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
23/25
Lab: Troubleshooting AD DS, DNS, andReplication Issues
Exercise 1: Troubleshooting Authentication andAuthorization Errors
Exercise 2: Troubleshooting the Integration of DNS andAD DS
Exercise 3: Troubleshooting AD DS Replication
Logon information
Virtual machine NYC-DC1, NYC-CL1
User name AdministratorPassword Pa$$w0rd
Estimated time: 60 minutes
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
24/25
Lab Review
If the Los Angeles office was configured as a separate site,what additional steps would you need to take to
troubleshoot Trouble Ticket #5?
What AD DS troubleshooting issues do you think you willneed to deal with most often in your organization?
8/14/2019 6425A_10 Troubleshooting AD DS, DNS, And Replication Issues
25/25
Module Review and Takeaways
Considerations
Tools
Review questions