I had noticed a few minor network problems that started after I first attached the Mac to the Windows Domain: two instances of duplicate IP addresses, which I traced to the DHCP server on tomkins running when it should have been off, a few more “page not found” messages than seemed reasonable. I decided to investigate.
I ran nslookup on a workstation, and got the right address for LadyEdith when I pointed it at the DNS server on fifi, but an IP address from out in left field when I aimed it at the DNS server on tompkins.
I tried to look at the DNS server configuration on tompkins using an mmc snap-in on fifi, and the connection was refused. I tried to log into tompkins using remote desktop from several workstations, and it didn’t like any of the credentials I supplied. I tried to log into tompkins using the DRAC hardware, but the Java code supplied by the DRAC4 web server is not compatible with modern versions of Java.
Frustrated, I used DRAC to power cycle tompkins. When it came back up, I could ping it, and the DNS running on it was still running (but wrong). I couldn’t get to it at all with remote desktop.
I checked fifi’s error log, and there had been Kerberos problems with tompkins since the afternoon I first tried to join the Mac to the domain.
I shut down tompkins, took its IP address off the list of DNS servers in fifi’s DHCP scope options (it had been the first entry, since tompkins was otherwise lightly loaded, and I had been trying to even out the server loading), and rebooted several workstations so they wouldn’t try to use tompkins for DNS.
One thing I noticed in all this rebooting and checking to see what DNS servers the workstations were using is that there doesn’t seem to be a direct equivalent in the Mac world for the Windows command “ipconfig /all”. “ifconfig –a” gets you most of what you’re looking for, but not the DNS server.
What happened? Near as I can figure out, the Mac changed some DNS (and maybe some AD) settings in tompkins when I tried to join it to the domain. Remember that it tried to call itself tompkins then.
What to do about it? Tompkins is now in “hot pseudo-doorstop” mode. I can’t log into it with remote desktop or DRAC. It won’t talk to fifi. I have no easy way to connect an actual display to it. I will order a replacement, configure it, swap it with tompkins, and take tompkins to some place where I can take it apart. Its DNS appears to be working, but, as we have seen, it sometimes gives wrong answers.
After an hour or so, I noticed that one set of backups was throwing error messages. I poked around and found that one of the Synology file servers was using tompkins for its Active Directory DNS. I pointed it at fifi. I few hours later it happened with another Synology NAS box, and then with a third. I realized that tompkins had had the primary AD roles when I’d set up the NAS servers. One of the drawbacks to Synology’s AD implementation, I now realize, is that they make you choose one IP address (each) for DNS and AD. This singlemindedness makes it hard to implement any redundancy in those services.
Darned Mac.
Leave a Reply