tag:blogger.com,1999:blog-3920347219421157797.post1299042892253941392..comments2024-03-27T21:55:28.163-07:00Comments on Clint Boessen's Blog: NLB Installed on DNS Servers IssuesClint Boessenhttp://www.blogger.com/profile/11156487394562821934noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-3920347219421157797.post-61036003255222671942013-06-27T09:07:05.471-07:002013-06-27T09:07:05.471-07:00I had this same issue on my 2012 DCs. I have two ...I had this same issue on my 2012 DCs. I have two Server 2012 domain controllers which also serve as my DNS servers. Installed NLB on them in order to set up Federation Services and everything broke. Logins, replication, group policy. Bunches of issues. Clint's fix works, BUT if you ever need to change the IP address of the DC/DNS server, then you will need to remember to change this registry key too. The fix I found was to go into my DNS Server properties, and choose to only listen for DNS requests on the IP address of the server (uncheck the cluster IP address). As soon as I did that, my duplicate entries went away and everything was good again.JaybirdOSUhttps://www.blogger.com/profile/04216685756000526171noreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-86020757786476422092012-09-03T22:28:41.445-07:002012-09-03T22:28:41.445-07:00Although I haven't tested it myself, I'd v...Although I haven't tested it myself, I'd venture to say yes. The reason some of your clients are unable to authenticate is because DNS is randomly returning the NLB address to the clients when looking up the domain controllers' IP addresses. So, any client that unluckily received the NLB address in a DNS query reply would be unable to authenticate (because only 443 is allowed through your NLB).<br /><br />Opening NLB to all traffic might fix it, but I feel that Clint's fix is a safer bet. The only problem is that you will need to remember to update the key in the event the DC's IP address has changed. It's not a common thing to change DC's IP addresses, but because it's so infrequent and this registry change is so obscure, it could cause a lot of headaches in the future. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-5531916543227234032012-07-25T07:50:58.940-07:002012-07-25T07:50:58.940-07:00This was a huge help with configuring NLB on two o...This was a huge help with configuring NLB on two of our DCs. Thank you!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-55223861529904459122012-06-25T13:13:08.729-07:002012-06-25T13:13:08.729-07:00Clint,
Awesome fix. Just what I was looking for.
...Clint,<br />Awesome fix. Just what I was looking for.<br />But..... I have to ask is this all that you did? I have the exact same scenario. Two DC's that I want to put Fed Services on along with the NLB. I setup the NLB to ignore all but port 443. Because of the fix, the NLB IP is not getting registered in DNS. The issues, once I have the NLB configured and enabled, nothing can authenticate on my domain. DNS, netlogon, time-service and group policy processing all go down on the two DC's. Any suggestions?<br />Thanks,Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-86839138779507745962012-01-29T21:33:42.664-08:002012-01-29T21:33:42.664-08:00Great Post....
DNS30 Professional Edition provides...Great Post....<br />DNS30 Professional Edition provides you an easy interface to interact with Amazon Route 53 service. It is a highly available and scalable DNS web service. Web Interface for the same is also available.<br />http://www.dns30.com/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-52451653567938651622011-12-14T06:02:55.998-08:002011-12-14T06:02:55.998-08:00He added a string value called publishaddresses wi...He added a string value called publishaddresses with the IPAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-43295843524595851832011-12-14T05:30:30.988-08:002011-12-14T05:30:30.988-08:00What is the change you made in registry?What is the change you made in registry?Gulabhttp://exchangeranger.blogspot.com/noreply@blogger.com