Thursday, June 2, 2016

Some Domains Not Resolving Until DNS Service Is Restarted On Windows Domain

I ran across an issue lately where it seems like sites like and a few others would just stop resolving on our local domain. Other sites would work just fine but only these few sites came up with a page could not be displayed-type error in the browsers on the network here.

The fix, though temporary, was to just restart the DNS service on our DC. I would typically have to do this once or twice per month so I knew something wasn't kosher.

After researching several things including the pros and cons of using root hints vs forwarders I came across an article on Microsoft's support page with a problem that matches mine almost exactly. I thought I would go ahead and write up a post about this so I don't forget in the future, and perhaps someone else will find this useful.

To resolve the issue and continue using root hints, change the MaxCacheTTL registry value to 2 days or greater.

Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

1.    Start Registry Editor (regedit.exe).

2.    Locate the following registry key:

3.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

4.    On the Edit menu, click New, click DWORD (32-bit) Value, and then add the following value:
  • Value: MaxCacheTTL
  • Data Type: DWORD
  • Data value: 0x2A300 (172800 seconds in decimal, or 2 days)

5.    Click OK.

6.    Quit Registry Editor.

7.    Restart the DNS Server service.

Tuesday, November 27, 2012

Slow Network Access Within Virtual Machines - Broadcom and Hyper-V

Time to update this old dusty thing! I figured this is worthy of a blog entry, as it's not exactly something you can google quickly at the time of this writing.

Let's talk about network speeds with Hyper-V. I have been testing Server 2008 R2 with Hyper-V enabled running a virtual Win7 'guest' and for the life of me couldn't figure out why a member server hosting file shares was getting a ping response time of 30 to over 200+ms. Doing my research pulled up a dozen or so similar instances of network slowness and everyone seemed to attribute that to the TCP chimney offloading and disabling this in the operating system as well as on the physical and virtual network adapters will correct the problem instantly.

Well, it didn't. Turns out after playing with several of the settings within the Broadcom network adapter and recreating the virtual network for the VM's half a dozen times that the real culprit is a feature called 'Virtual Machine Queues'. If any of you out there are running into any issues with your VMs' network functionality, you might try disabling this (along with the TCP offloading, or chimney offloading) and see how that works in your case. It made an immediate difference in mine and now my response time is <1ms as usual and as is seen in any physical box on the network.

I'll flesh this out a bit later if I have time, I just wanted to get this down here before I forget and hopefully I'll have helped a few others out. Turns out I may need to dig further as that feature should actually increase performance according to this whitepaper:

Tuesday, May 3, 2011

Group Policy based Drive Mapping and Windows 7

So I've been doing some research on why my drive mapping GPO will not work in Windows 7 environments.

Turns out this: \\servername\share\

is NOT the same as this: \\servername\share

Really Microsoft? Why is this? I've been puzzled for a while with this one.

Wednesday, August 25, 2010

Exchange 2007 Global Address List in Cached Mode

Basically the GAL works like this:

-Information is entered into an account in Active Directory.
-The Exchange GAL is then updated to reflect that change on the server at a set time, typically every 24 hours as seen in the Exchange Management Console under Organizational Configuration-Mailbox-Offline Address Book tab.
-A differential file is created on the Exchange server with the updates and the Outlook client must then connect to the Exchange Server at set intervals (typically every 720 minutes/12 hours) to pull the updates.

Note: The Hierarchy Table Recalculation is set on the DC at 720 minutes but is not recommended to be changed. NTDS\Parameters\Hierarchy Table Recalculation interval (minutes)

In cached mode, you won't immediately see the updates made to the GAL. You can however, force the update by going to Tools-Send/Receive-Download address book but this will only show changes once the Exchange Server has updated its Offline Address Book file for the client (Outlook) to download.

One could force the update on the Exchange server by using the Exchange Powershell (you cannot update the GAL from the Management Console)

Update-GlobalAddressList -Identity -DomainController

Note: Running this command only starts the process, it can take several hours to complete.

So essentially if you make changes to a user account in Active Directory, you can't really expect things to update across the network immediately. This is by design so that the network isn't clogged by numerous and frequent GAL downloads.

For more info see:

Administering the OAB in Outlook 2003 and 2007
Exchange General FAQ
Update the Global Address List

Wednesday, July 21, 2010

Windows 7 and Group Policy

I am now in the process of beginning the conversion to and testing of Windows 7 on our Server 2003 R2 Domain. The biggest hurdle I need to jump is getting Group Policy in order and get Windows 7 specific policies in place. Along with this will be our new wireless policy which still needs much testing. More on that to come.

So far I have my Windows 7 admin workstation, with it I have installed the Remote Administration Tools for Windows 7/2008. (You cannot manage Windows 7 Policy from a 2003/XP machine, it must be from Server 2008 or Windows 7) If you've never done this in Windows 7 before, once you install the package you must go to Control Panel, Programs and click 'Turn Windows Features On or Off'. Scroll down to Remote Server Administration Tools and check the tools you need. Only then can you access them using the MMC snap-ins. With this installed I do think the new design is nicer than XP/2003 MMC admin tools. Browsing through the GPO's I noticed several changes, for example, you can now manage your Wired and Wireless Domain policies separately for both Win 7 and XP.

My goals are as follows:

- Configure and test wireless policies using the updated Windows 7 Remote Server Administration Tools.
- Configure and test drive mapping as well as newer security policies using said tools.
- Configure and test field network interoperability between Windows 7 and Windows XP.

Once these are done I plan to gradually convert several team members to Windows 7 as a pilot crew. These folks work in the field a lot so call me crazy but I'd like to slowly introduce such an OS change into our environment rather than dump everyone on Windows 7 at once. I don't think my phone would ever stop ringing.

I will post progress as I go in parts relating to the above goals.