Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio slow boot on w2k3
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Hi

I have installed our Kerio on a w2k3 server that is a part of a domain.

Kerio server is 10.0.0.1 and print-server is 10.0.0.2 .. This is my domain.

When i want to log into w2k3 it takes forever and looking at some topics found on google it seems that slow login usually points to DNS problems.

I have Kerio running the DNS service and have not enabled the DNS server on w2k3 ..

So it seems that i must disable kerio DNS server and make w2k3 server take over that task.

Is this right ??

Hmadsen
  •  
Adjuster

Messages: 48

Karma: -1
Send a private message to this user
Version of KWF?

____________________________
Excuse me for my english...
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Newest version of kerio..

6.7.1 patch 2 it's called if i am not mistaken.

Hmadsen
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi Hmadsen,

You should use your Domain Controller's IP address as DNS IP on your KWF Server's (which is joined to your domain) LOCAL Network Interface.

FYI, all of your member servers and client computers are always must use Domain Controller's Local IP Address as DNS IP on their Local Network Interfaces.

Kürşad Ölmez
  •  
subnet

Messages: 133
Karma: 0
Send a private message to this user
Try using the NSlookup command and post a screenshot. I think there is a DNS timeout.
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
@kurzad

I checked and the servers and this is the setting.

Kerio server 10.0.0.1
Print server 10.0.0.2

Both servers have the following entered in the intenal nic setup

DNS server : 10.0.0.1
Gateway 10.0.0.1

So this should be right ?

@Cliffjag

NSLookup

On a client machine i get 10.0.0.1

On print server 10.0.0.2 i get 10.0.0.1

On kerio server 10.0.0.1 i get the ip adress of the ISP ..

The internet nic of the kerio server is set to automatic ip and dns

Can you see any problems with these settings ?

Hmadsen
  •  
subnet

Messages: 133
Karma: 0
Send a private message to this user
Could you please also check your eventviewer for any DNS errors. TO be sure though
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Please bear with me, about 6-8 years ago i was trained in setting up and running a windows NT 4.0 server and then a year ago someone decided that i was the best suited for the task of making this new network with logging and whatnot..

I checked eventviewer.

There are 2 things that looks strange.

EventID 5719 - ERROR

This computer was not able to set up a secure session with a domain controller in domain VKOFRH due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Found a website that suggested that if the server was using a Gigabit lancard it could be because some service started too quick. it had a guide on what to change in the registry database and i made that change but it did not help on the error message, it still has this error every time i reboot the server.


Then there is the other which is "only" a warning but this looks like it is DNS related as it is called "dnsapi"

EventID 11165 - Warning

The system failed to register host (A) resource records (RRs) for network adapter
with settings:

Adapter Name : {51967409-A8B0-43DC-B478-2F5ECA502FF8}
Host Name : VKDK0
Primary Domain Suffix : VKOFRH.INET
DNS server list :
193.162.153.XXX, 192.168.XXX.1
Sent update to server : <?>
IP Address(es) :
192.168.128.XXX

The reason the system could not register these RRs was because either (a) the DNS server does not support the DNS dynamic update protocol, or (b) the authoritative zone for the specified DNS domain name does not accept dynamic updates.

To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I have anonymised the IP's but only where there is XXX ...

Honestly i am not able to figure out what this means and how to correct it.

I now see that this problem most likely is not a kerio problem but rather a windows 2003 server (operator Smile ) problem but if you can help anyway it would be appreciated.

Hmadsen
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hmadsen,

I don't know your detailed network configuration but I absolutely think that your problem is about Mis-configured DNS IP on the server which is KWF installed.

I write a sample network configuration that likes yours.

- 1 Domain Controller (Active Directory, DNS Service Installed) Server with IP: 192.168.0.1

- 1 KWF Server (Joined to your Domain) with IP's
- Local NIC: 192.168.0.2
- Internet NIC: 10.0.0.2 (Auto assigned by Modem's DHCP)

- Your Client Computers with IPs: 192.168.0.xxx

- Print Server with IP: 192.168.0.3 (I don't know whether it's a device or computer with shared printers)



Your IP settings of Server's and Client's Computers NICs should be like that:

- Domain Controller Local NIC
IP Address: 192.168.0.1
Gateway: 192.168.0.2 (KWF Server's Local NIC IP Address)
Preferred DNS Server: 127.0.0.1 or 192.168.0.1
Alternate DNS Server: Optional or you can set public DNS IP like OpenDNS.com

- KWF Server Local NIC
IP Address: 192.168.0.2
Gateway: NO IP ADDRESS
Preferred DNS Server: 192.168.0.1 (Domain Controller's Local NIC Address)
Alternate DNS Server: Optional or you can set public DNS IP like OpenDNS.com

- KWF Server Interner NIC
Can be configured to assigned by modem's DHCP

- Client Computer's Local NIC
IP Address: 192.168.0.xxx
Gateway: 192.168.0.2 (KWF Server's Local NIC IP Address)
Preferred DNS Server: 192.168.0.1 (Domain Controller's Local NIC Address)
Alternate DNS Server: Optional or you can set public DNS IP like OpenDNS.com
NOTE: If your Print Server is a computer than you should configure it's NIC as client computer

You can configure your DNS Service to forward unresolved domain lookups to Public DNS Service Providers IP by setting up Forwarders. So, you can only enter your Domain Controller's DNS IP to your computers (and domain joined member servers) and your DNS Service will handle domain name lookup job.


I hope this network configuration almost same with yours and hope it will help you to understand how Active Directory Authentication and DNS issues works on Windows Server Domains.

BTW, did you installed DNS Service on your Domain Controller?
or do you have a Local DNS Service on your network?








[Updated on: Fri, 28 May 2010 20:25]

  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Hi KurzadOlmez

Well my configuration seems ok if i compare it to yours.

My setup is as follows.

Domain controller with internal IP of 10.0.0.1 and 2 NIC's for external internet from 2 different DSL lines set up as failover.

Print server 10.0.0.2, also domain controller. Has about 20 printer queue's...

You ask :

BTW, did you installed DNS Service on your Domain Controller?
or do you have a Local DNS Service on your network?

I did not install DNS service on the Domain controller because i use the DNS of Kerio. I dont know if this is wrong or if the kerio program is misconfigured but kerio is serving about 70 users and there is no problem with this part

I dont know if i must install DNS service of windows and disable kerio DNS when running with this configuration of servers.

If this is the answer, how do i configure kerio to know that it must use the server 2003 DNS ...

Hmadsen

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi Hmadsen,

How can you install Active Directory without installing DNS that supports Active Directory? Smile

Microsoft DNS Service is an important service for Active Directory. You should read those articles about Active Directory Requirements and Active Directory Installation.

http://www.petri.co.il/active_directory_installation_require ments.htm

http://www.petri.co.il/how_to_install_active_directory_on_wi ndows_2003.htm



Kursad

[Updated on: Mon, 31 May 2010 23:51]

Previous Topic: Web Filter Issue
Next Topic: Kerio Control Uninstallation error
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 03:47:54 CET 2017

Total time taken to generate the page: 0.00562 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.