failed

NSLookup still showing IP of demoted Domain Controller

So had an interesting issue today where a Domain Controller (DC) was demoted yet the IP of the demoted DC was still showing up when running nslookup internaldomain.local

Demoted DC: MWDC04 / IP: 10.14.111.111

I had done the metadata cleanup and tried many suggestions when googling the subject. To my surprise none of the solutions I found worked.

I had removed the IP address from the Primary DNS Server and saw entries for:

(same as parent folder) Host(A)  10.14.111.111
(same as parent folder) NameServer (NS)  10.14.111.111

I also looked under internaldomain.local > _msdcs and deleted entries from there.

After clearing the cache and waiting for replication, did a nslookup again and the IP was still there.

Well, there are some good and bad things about Microsoft DNS.

The BAD:

You cannot search DNS values in DNS Management. You are limited to searching just the names.

THE GOOD:

All DNS entries are stored in a flat file on the DNS Server “C:\WINDOWS\system32\dns\internaldomain.local.dns” (The default location). JACKPOT!

I opened it up in Notepad++, did a search for IP and DNS name of the demoted server(MWDC04-10.14.111.111) and started deleting matched entries. I was so surprised to find entries that were deeply buried under “domaindnszones” & “forestdnszones” and a few other subzones.

Cleared the cache again and waited for replication. Once replication completed I tried nslookup internaldomain.local and this time it didn’t list the demoted DC anymore.

I hope this saves others time, because finding a record in DNS might be like searching for a needle in a haystack!

ConfigMgr 2012 R2 – WSUS sync fails with HTTP 503 errors

Ran into this issue with ConfigMgr 2012 R2 where it was unable to synchronize Software Update Point with the WSUS server. A review of the component status messages for the SMS_WSUS_SYNC_MANAGER component on the primary site server reveals errors related to WSUS synchronization which are similar to the following:
Message ID: 6703 WSUS Synchronization failed. Message: The request failed with HTTP status 503: Service Unavailable. Source: Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer.
Got the following error when trying to open Update Services on the WSUS server

Error: Connection Error An error occurred trying to connect to the WSUS server. This error can happen for a number of reasons. Please contact your network administrator if the problem persists. Click the Reset Server Node to connect to the server again.

In addition to the above, attempts to access the URL for the WSUS Administration website (i.e., http://CMCASSERVER:8530) fails with the error:

HTTP Error 503. The service is unavailable

In this situation, the most likely cause is that the WsusPool Application Pool in IIS is in a stopped state, as shown below.

Also, the Private Memory Limit (KB) for the Application Pool is probably set to the default value of 1843200 KB.

If you encounter this problem, increase the Private Memory Limit to 4GB (4000000 KB) and restart the Application Pool. To increase the Private Memory Limit, select the WsusPool Application Pool and click Advanced Settings under Edit Application Pool. Then set the Private Memory Limit to 4GB (4000000 KB).

After the Application Pool has been restarted, monitor the SMS_WSUS_SYNC_MANAGER component status, wcm.log and wsyncmgr.log for failures. Please note that it may be necessary to increase the Private Memory Limit to 8GB (8000000 KB) or higher depending on the environment.

Now WSUS is back online!