Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2014-01-17) Bug In DC Locator Makes AD Client Use Siteless SRV Record Instead Of Site Based SRV Record

Posted by Jorge on 2014-01-17


Today while helping another Directory Services MVP regarding the troubleshooting of DC Locator in Windows 7 (also applies to W2K8R2 server), a bug was found. While the Windows 7 client knew the AD site it was in, it was still doing a DNS query for siteless SRV records instead of doing a DNS query for site based SRV records.

SYMPTOMS

When you restart a client computer that is running Windows 7 or Windows Server 2008 R2 in an Active Directory domain environment, the Net Logon service starts before the network interface is initialized. This behavior causes the status of the network adapter to change to intermediate. Additionally, this behavior causes the IP address to change even though the network adapter is assigned to the same IP address eventually. In this situation, the client computer uses site-less LDAP DNS Server (SRV) records (_ldap._tcp.DnsDomainName or _ldap._tcp.dc._msdcs.DnsDomainName) to locate the domain controller (DC).
If this issue occurs in an environment in which only the hub DCs for the site-less SRV records are registered in DNS, and if the client computer’s remote branch site is disconnected from the hub site, then the client computer cannot locate a DC. However, the local branch DCs are available in DNS when the hub DCs cannot be reached from the branch site. Therefore, the client computer does not recognize the local branch DCs as DCs.

CAUSE

This issue occurs because the Net Logon service invalidates the cached site information in the registry prematurely.

MORE DETAILED INFORMATION

If you enable debug logging for the Net Logon service by using the method that is described in Microsoft Knowledge Base (KB) article 109626, you receive a sequence that resembles the following. The sequence indicates how the site name is invalidated.

10/20 13:20:01 [SITE] Setting site name to 'MyCachedSiteName'
10/20 13:20:01 [SITE] Hint avoided. 31
10/20 13:20:01 [SESSION] \Device\NetBT_Tcpip_{6964FC65-C026-4EC4-A8B9-29C2019401AC}: Transport Added (169.254.237.187)
10/20 13:20:01 [CRITICAL] IPV6SocketAddressList is too small 0.
10/20 13:20:01 [SESSION] Winsock Addrs: 169.254.237.187 (1) Address changed.
10/20 13:20:01 [SESSION] V6 Winsock Addrs: (0) 
10/20 13:20:01 [CRITICAL] Address list changed since last boot. (Forget DynamicSiteName.)
10/20 13:20:01 [SITE] Setting site name to '(null)'

For more information about KB article 109626, click the following article number to view the article in the Microsoft Knowledge Base:

MS-KBQ109626 Enabling debug logging for the Net Logon service

If the hotfix is installed, you may also receive the new error messages that is mentioned in Microsoft Knowledge Base (KB) article 2654097. For more information about 2654097, click the following article number to view the article in the Microsoft Knowledge Base:

MS-KBQ2654097 New event log entries that track NTLM authentication delays and failures in Windows Server 2008 R2 are available

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

3 Responses to “(2014-01-17) Bug In DC Locator Makes AD Client Use Siteless SRV Record Instead Of Site Based SRV Record”

  1. Thanks for sharing this important information. Will we get the same issue in Windows Server 2012 or R2 environments?

  2. Colin said

    How do you fix this?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: