OpsMgr R2 by Example: The DNS MP

The Windows DNS Server management pack is available as a single download that contains different libraries to monitor Windows DNS on Server 2000, 2003 and 2008 operating systems.

How to Install the DNS MP

  1. Download the Windows Server DNS management pack from the Management Pack Catalog. The Windows Server DNS Management Pack Guide is included in the download and labeled “OM2007_MP_DNS2008_2003.doc.”
  2. Read the Management Pack guide for topics such as configuring the URL for external DNS monitoring, configuring the global zone resolution monitor, and configuring the forwarder availability monitor.
  3. Import the Windows Server DNS management pack (using either the Operations console or PowerShell).
  4. Enable Agent Proxy configuration on all Domain Controllers identified from the groups. This is in the Administration space, under Administration -> Device Management -> Agent Managed. Right-click each domain controller, select Properties, click the Security tab, and then check the box labeled “Allow this agent to act as a proxy and discover managed objects on other computers.” Perform this action for every DNS server, even if the DNS server is added after your initial configuration of OpsMgr.
  5. Create a DNSServer_Overrides management pack to contain any overrides required for the MP.

Agentless monitoring is not supported by the Windows Server DNS management pack.

DNS MP Tuning / Alerts to look for

The following alerts were encountered and resolved while tuning the Windows Server DNS management pack (listed in alphabetical order by Alert name):

Alert: Core Service File Writing

Issue: Alert created when adding a new reverse zone.

Resolution: This error will occur once after adding the new reverse zone. Logged into the servers reporting the error and verified the new zone was created and populated correctly. It can be closed out, and is not an issue unless it recurs.]

Alert: Core Service Zone Transfer Error

Issue: Alert created when adding a new reverse zone.

Resolution: This error will occur once after adding the new reverse. Logged into the servers reporting the error and verified that the new zone was created and populated correctly. It can be closed out, and is not an issue unless it recurs.

Alert: An exception was thrown while processing GetRelationshipTypesByCriteria for session id

Issue: Check if you have installed DNS MP in RTM version.

Resolution: Upgrade to DNS for 2000/2003/2008 (6.0.6278.27)

Submitted By: ziembor

Alert: DNS 2003 AD DS Load Alert

Issue: Error caused by the conversion of a zone from secondary to AD integrated. This occurred only once on the server as the conversion occurred.

Resolution: Closed the alert.

Alert: DNS 2003 Configure Authoritative Servers Alert

Issue: A secondary zone defined on a server had two different systems that it was configured to request zone transfers from. One of these two systems did not allow zone transfers and was failing and causing this error.

Resolution: Allow zone transfers on the primary DNS server that was not configured to allow zone transfers.

Alert: DNS 2003 Configure Authoritative Servers Alert

Issue: Alert generated by a system that had a secondary copy of the DNS zone. DNS had just been restarted on the server indicated in the alert as having refused the zone transfer.

Resolution: Closed the alert, as this is an expected condition when the DNS zone is down on the server that is configured to allow zone replication.

Alert: DNS 2003 Correct Master Server Problem Alert

Issue: An event of 6527 occurred in the DNS event log indicating that the zone had expired before it could obtain a successful zone transfer or update and that the zone was shut down.

Resolution: Logged into the server and reviewed the event logs, and found an event number 3150 that the same zone had since had a new version of it written. Used nslookup to verify that the server was able to provide resolution for the zone was listed as shut down. Closed the alert because the monitor did not have an event defined that would move it to a healthy state.

Alert: DNS 2003 delete zone copy alert

Issue: abc.xyz.com zone was previously loaded from a directory partition MicrosoftDNS but another copy was found in the DomainDnsZones. The server will ignore the new copy of the zone. In this case, there was an inconsistency for this zone on the General tab for the DNS zone. Some were configured with the second option (To all DNS servers in the Active Directory domain abc.com) and some were configured for the third option (To all domain controllers in the Active Directory domain abc.com). These are caused by DNS events of 4515 in the DNS event log. Details on this issue are available at http://support.microsoft.com/kb/867464.

Resolution: Convert the current Active Directory integrated zone to a standard primary zone and backup the file. Delete the AD integrated zone and allow the deletion to replicate. After the change has replicated convert the standard primary zone into an Active Directory integrated zone.

Another option is to using ADSIEdit to remove the partition stored in the MicrosoftDNS section.

Did the first option listed above and then closed the alerts, restarted DNS services on the server that was reporting the warnings to verify that they did not reappear.

Alert: DNS 2003 Resolution Time Alert

Issue: Large numbers of alerts are generated that indicate issues with performing a test of an a query to the 127.0.0.1 system across the environment. Based on seeing the performance counters on these items (highlight the alert, right-click and choose Performance View, select the DNS Server object, Counter Response Time) these are alerting at values over 5 (which were overridden from the default value of 1) very frequently, which is the default threshold in this version of the management pack (6.0.6480.0). The implication is that this value is 5 seconds but during testing have not seen a single nslookup query that took more than a second. From the All DNS Performance View (Monitoring -> Microsoft Windows DNS Server -> Performance -> All DNS Performance Data) it is apparent that for this environment 90% of the resolutions occur in less than a value of 20.

Resolution: Changed alert threshold to 20 seconds. See Kevin Holman’s blog for additional details at http://blogs.technet.com/kevinholman/archive/2009/02/24/dns-mp-noisy-resolution-time-alerts-and-how-to-deal-with-them.aspx

Alert: DNS 2003 Server External Addresses Resolution Alert

Issue: The rule performs a DNS query of type “NS” (as provided in the Query Type parameter), which means the query is search for the name servers of the domain provided in the Host parameter. The problem here is that the domain name provided is “www.microsoft.com”. Since this is a host name rather than a domain, the query returns a referral rather than a list of DNS servers. This results in the error message referenced above.

Resolution: You can fix the error in one of two ways (pick one, not both):

  • Set the Host parameter to “microsoft.com” (without the quotes). Then the query returns a list of DNS servers for the microsoft.com domain OR
  • Set the Query Type parameter to “A”. Then the query returns the IP address(es) for www.microsoft.com

Alert: DNS 2008 Correct the Configuration File Alert

Issue: Removal of the cache.dns file was taking place as part of the process to remove the root hints for this server.

Resolution: Closed the alerts, since this was an expected situation as part of the process to remove the root hints for the DNS server.

Alert: DNS 2008 Correct Master Server Problem Alert

Issue: The alert context screen provided additional information in the description field that specified that the: Zone (zonename) expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down. This came from an eventid of 6527. This occurred on an active directory integrated stub zone.

Resolution: Logged into the server reporting the problem and verified the zone did exist and populated with what appears to be valid information. This was caused by the removal of a DNS zone from the master server that was defined for the zone. While investigating this, found there was a single master server defined for the zone. Added a second master server to provide additional redundancy to avoid issues with communicating with a single master server.

Alert: DNS 2008 Forwarder Availability Alert

Issue: DNS forwarders for the systems existed in another physical location and network connectivity was lost between the locations. This is identified by the DNS 2008 Forwarder Availability Monitor, which executes every 900 seconds (15 minutes).

Resolution: Specified a DNS forwarder in the same site as the system that was reporting the forwarder availability alert. For another time that this occurred, saw the alert and re-tested the forwarder configuration but it was no longer erroring out. After 15 minutes, OpsMgr automatically closed the alert.

Alert: DNS 2008 Forwarder Availability Alert

Issue: The DNS server was configured to conditionally forward resolutions to other DNS servers in other forests. However, the remote server was unable to be connected to via UDP port 53 so this alert was occurring.

Resolution: Worked with the firewall team to open UDP port 53 from the DNS server to the DNS server receiving the forward zone lookups.

Alert: DNS 2008 Monitor Zone Resolution Alert

Issue: The specific reverse lookup zone that was creating the alert had been deleted.

Resolution: Manually closed the alerts.

Alert: DNS 2008 Free Memory or other System Resources Alert

Issue: Removal of the cache.dns file taking place as part of the process to remove the root hints for this server.

Resolution: Closed the alerts, as this was an expected situation as part of the process to remove the root hints for the DNS server.

Alert: DNS 2008 Free Memory Or Other System Resources Alert

Issue: This error occurred along with a large number of other active directory and DNS related alerts. This one however was the key to identifying the core issue that was occurring. After logging into the system, verified that the server was unable to see its own file shares including \\localhost and \\{ip address}. In the alert description field, it said, “The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid “any address” configuration in which all configured IP addresses on the computer are available for use. Rebooting the server with this issue would temporarily resolve the issue.

Restart the DNS server or reboot the computer.”

Resolution: Tracked this down eventually to a Microsoft hotfix #961775, which is required for multiple processor systems running Windows Server 2008 (or Vista) with Anti-Virus software installed.

Alert: DNS 2008 Monitor Zone Resolution Alert

Issue: Occurs for some Active Directory Integrated Stub zones DNS zones hosted on the server whenever the server is rebooted. This does not appear to occur for either regular stub zones, or Active Directory-Integrated Primary zones.

Resolution: Alerts automatically closed when the server was fully back online.

Alert: DNS 2008 Resolution Time Alert

Issue: The DNS 2008 response time monitor checks for the speed of DNS resolutions every 15 minutes. If the response time is greater than 1 second, it generates an alert. The server responded to the DNS query in 1.061 seconds.

Resolution: Tracked the performance of this counter (object = DNS Server, Counter = Response Time), available by right-clicking on the alert and opening the performance view then setting the Look For to select Items by Text Search and typing in Response. This counter tracked between 0-10 seconds over a seven-day timeframe. The environment being tested is a brand new environment with no user load currently. Created an override for all DNS Servers to increase the ThresholdsSeconds counter from 1 second to 20 seconds and stored it in the management pack created to store the DNS overrides (MicrosoftWindowsDNS2008Server_Overrides). This now matches the override created for the same alert in the DNS 2003 management pack (DNS 2003 Resolution Time Alert). Kevin Holman discusses this in more detail at http://blogs.technet.com/kevinholman/archive/2009/02/24/dns-mp-noisy-resolution-time-alerts-and-how-to-deal-with-them.aspx.

Alert: DNS 2008 Server External Addresses Resolution Alert

Issue: The firewall product was blocking external connectivity to the forwarders that were defined for the DNS server.

Resolution: Removed the firewall restriction to block the IPs defined as forwarders for the DNS server.

Alert: DNS 2008 Troubleshoot AD DS And Restart DNS Server Alert

Issue: DNS was not functional until the domain controller was back online. This domain controller running DNS has been rebooted and this warning was reported.

Resolution: Closed the error after verifying via nslookup that DNS was working. This monitor (DNS 2008 Troubleshoot AD DS and restart the DNS service Server Service monitor) does not appear to return to green state automatically.

Alert: DNS 2008 Check Zone File Alert

Issue: Removal of the cache.dns file was taking place as part of the process to remove the root hints for this server.

Resolution: Closed the alerts as this was an expected situation as part of the process to remove the root hints for the DNS server.

Alert: DNS 2008 Zone Not Running Alert

Issue: Occurs for each DNS zone hosted on the server whenever the server is rebooted for each Active Directory stub zone on the server. This does not appear to occur for either regular stub zones, or Active Directory-Integrated Primary zones.

Resolution: Alerts automatically closed when the server was fully back online.

Alert: Resolution Time Alert

Issue: The DNS 2008 response time monitor checks for the speed of DNS resolutions every 15 minutes. If the response time is greater than 1 second, it generates an alert. The server responded to the DNS query in 1.061 seconds.

Resolution: Tracked the performance of this counter (object = DNS Server, Counter = Response Time), available by right-clicking on the alert and opening the performance view then setting the Look For to select Items by Text Search and typing in Response. This counter tracked between 0-3.5 seconds over a seven-day timeframe. The environment being tested is a brand new environment with no user load currently. Created an override for all DNS Servers to increase the ThresholdsSeconds counter from 1 second to 5 seconds and stored it in the management pack created to store the DNS overrides (MicrosoftWindowsDNS2008Server_Overrides).

Alert: Script or Executable Failed to run

Issue: For the script DNS2008ComponentDiscovery.vbs.

Resolution: Requires the DNS server(s) to have agent proxy configured (set in the OpsMgr Console -> Device Management -> Agent Managed -> Properties of the system, check the box on the Security tab).

DNS Management Pack Evolution

The default settings for DNS response time should most likely be increased from 1 second to more like 20 seconds due to average DNS response times seen in various environments.

Additionally, the ability to compare what zones exist one each DNS server and to report inconsistencies in what zones exist on what servers would be very useful when attempting to debug why name resolution is inconsistent in an environment.

Advertisements
This entry was posted in Tuning and Configuration. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s