As there are a few techies on here, I thought I'd see if anyone has any insight on the below issue.
2 MS Domains, a forest root (aa.local), and a child domain (bb.aa.com)
aa.local has 2 DC's with AD Integrated Zones set to replicate with all DC's in that domain. DNS is installed on both. This is an empty root as per MS best practice with nothing other than the 2 DC's in there.
bb.aa.local has 3 DC's, DNS on all, AD Integrated Zones set to replicate with all DC's in that domain. A stub zone has been created to point to aa.local to allow complete resolution.
Originally I had DNS set to AD Integrated in all domains and set to replicate at forest level but this was causing a 15 min logon when rebooting a DC. After attending a Microsoft course, the instructor actually changed the settings to the those above which resolved the logon issue.
Everything seemed to clear down and dcdiag showed as being clear.
Unfortunately now, when I reboot dc1 in bb.aa.local, it takes 15 mins to log on but DNS fails to start with error codes ranging from 4000, 4004 and 4015. As they are AD Integrated, this obviously has a knock on effect with other services starting such as AV, ADUC which all use Active Directory accounts.
If I leave the server for 10 mins, DNS finally starts! Rebooting the other DC's in that domain are fine, as per the root domain. The only thing I've done is removed Symantec AV and installed Kaspersky across the domain.
I'm completely stuck and am looking for ideas!
Thanks
2 MS Domains, a forest root (aa.local), and a child domain (bb.aa.com)
aa.local has 2 DC's with AD Integrated Zones set to replicate with all DC's in that domain. DNS is installed on both. This is an empty root as per MS best practice with nothing other than the 2 DC's in there.
bb.aa.local has 3 DC's, DNS on all, AD Integrated Zones set to replicate with all DC's in that domain. A stub zone has been created to point to aa.local to allow complete resolution.
Originally I had DNS set to AD Integrated in all domains and set to replicate at forest level but this was causing a 15 min logon when rebooting a DC. After attending a Microsoft course, the instructor actually changed the settings to the those above which resolved the logon issue.
Everything seemed to clear down and dcdiag showed as being clear.
Unfortunately now, when I reboot dc1 in bb.aa.local, it takes 15 mins to log on but DNS fails to start with error codes ranging from 4000, 4004 and 4015. As they are AD Integrated, this obviously has a knock on effect with other services starting such as AV, ADUC which all use Active Directory accounts.
If I leave the server for 10 mins, DNS finally starts! Rebooting the other DC's in that domain are fine, as per the root domain. The only thing I've done is removed Symantec AV and installed Kaspersky across the domain.
I'm completely stuck and am looking for ideas!
Thanks
