Sysadminsblog.com Anything for sysadmins!

20May/110

DNS doesn’t resolve on Windows 2008

Someone asked me why the domain viewtrip.com wasn't working on our network. IE was returning that it couldn't find the server. This soon pointed in the direction of DNS. The nslookup of the domain also failed. The Global Logs in the DNS Manager returned some 5504 events.

The DNS server encountered an invalid domain name in a packet from 216.113.128.62. The packet will be rejected. The event data contains the DNS packet.

After hitting Google with this event it soon gave me a couple of options to solve it. A big thank you goes to Shilpesh Desai! Source

  1. Check following registry key and value set for it:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters\DisableAutoReverseZones

    According to KB 198410 it should have a non-zero value

  2. Packet was forwarded to non-recursive DNS server. I will recommend to switch to forwarders for few days to check if that helps.
  3. Server is quering for DNAME record, which is not supported. Reponses containing DNAME (rrtype - 0x0027) record.
  4. Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn't support EDNS or have it enabled. An easy workaround is to disable EDNS.
    dnscmd /Config /EnableEDnsProbes 0

One disadvantage of this solution is that DNSSEC is not possible anymore as this relies on the EDNS principle.

More info on EDNS

More info on DNSSEC

12May/110

Unusual computer account icon

Today I discovered a weird/unfamiliar looking computer account icon my AD.

Normally I would say that this is a disabled computer account, however experience told me that it should have a read circle with a white cross in it.

After checking the attribute editor I came to the conclusion that the account is indeed disabled.

The computer has been in storage for quite some time, so I figured that the computer hasn't authenticated for too long causing the machine password to expire and thus disabling the account. If you have any other reason why it might disable itself please comment below!

10May/110

Can’t edit all code on a SharePoint 2010 page with SharePoint Designer 2010

One of the most basic things you would want to do with SharePoint Designer 2010 is editing the layout of the page. This seems easy enough, but when SharePoint Designer 2010 blocks access to the yellowish parts of the code it becomes quite impossible.

To gain access to all of the page's code you'll have to enable the advanced mode. The button can be found in the ribbon when editing a page.