Ping reply from different address

Is it also safe to assume you've pressed the 'scavenge now' button on the DNS server to initiate that service immediately?

How long (time frame) have you been getting this issue, and how long (since enabling/running scavenging) has it been?

DNS updates can take a fair amount of time

Here's a link with a very detailed explanation of scavenging (with some best practices at the end).

Also, is it possible the target machine is configured with multiple IP addresses?

Open properties of network adapter, view properties of IPv4, click advanced, and see if there are more than one IP addresses listed in the 'IP addresses' list.

If only one is displayed, does the target machine have multiple NIC cards?

I did execute Scavenge Now through both the GUI two days ago and the command-line yesterday.  Still the same behavior.

Just realized I forgot the link in one of my previous comments regarding scavengin:

https://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?Redirected=true

What Os are the machines?

Have your tried  ipconfig /flushdns

do an ipconfig /all on the machine what does it show ? please post

What type of server is this ? OS ?

Have you tried issuing the command ipconfig /all on the device you are trying to ping to determine if it has the IP that is responding?

Also check your ARP tables, to see if your MAC to IP bindings are correct when pinging the target machine.


G

Target machine had only one onboard NIC.  When I added the second NIC I disabled the 1st.  When the machine was only using a single IP.

A couple of people have mentioned above but it really does sound like a DNS issue to me, and as such I would personally check to see if you have duplicate records for individual IP addresses listed in DNS before proceeding, I had a similar issue with a client and deleting the incorrect records seemed to resolve this.

Target machine OS: Windows 7 Pro 64-bit
Client machine OS: Windows 7 Pro 64-bit
DNS Server OS: Windows Server 2008 R2 64-bit

I have literally done dozens of ipconfig /flushdns and ipconfig /registerdns on both the target machines, the client machines, and the DNS server.  After every failed attempt I would flushdns to be sure then try again.

I've looked at the ARP table and the IP address I am trying to ping is mapped to the proper MAC address.

There are no duplicates in my Forward Lookup table.  I've seen that problem in the past and that was one of the first things I looked for.  That lead me to check Scavenging which WAS turned off.  Turning it on has not corrected the problem.

How about DNS dynamic updates? Is that configured properly?

are the computers registering into DNS? Or are you adding  a host records?

Is this windows 2008 server a DC or member server?

If dc

lets run dcdiag make sure dns is working

dcdiag >dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN HERE>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt

As for the dcdiag tests, it passes all four.

Probably showing my ignorance but is it possible this could have something to do with a switch?  It strikes me as very odd that I get the same IP reply even after I changed target machines, target IP addresses, and target machine names.

glad to here the the dcdiags are good.

what type of switches you have?

Maybe power cycle the switch

are the computers registering in DNS do you see them in there with new or old ip address?

Guys how can this be a DNS issue if the OP tried pinging by IP and the result was the same??

Can you show the ipconfig /all and tracert 172.16.11.104 command-line output?

Switches are HP 2810s.

All the DNS registrations seem to be doing fine.  The IPs are associated with the appropriate PCs.

Plan on power cycling the switches this weekend immediately after our weekend backups complete.

Sounds like a plan keep us posted

It sounds like a virtual IP to me.  The same behaviour is displayed when using HSRP on a Cisco switch (for example).  You ping the virtual address but the reply comes from the active router's IP (so you can tell which one responded).

If you use the arp -a command at the command-line what MAC addresses are displayed for the two IP addresses?

The MAC addresses in the ARP table exactly match what SHOULD be returned in the ping replies.

So is the MAC different for 172.16.11.104 and 172.16.11.101?

If you're getting a response from a different machine then, what happens when you turn .101 off?

The MAC addresses are different for the two machines.  The 101 machine IS off during my testing.  In fact it's out of the country at the moment and I checked to make sure it is not connected through the VPN.

WE still would like to see an ipconfig /all and tracert

So the IP address you're pinging is through a router/firewall?

No.  Both machines are inside the same building in a Windows domain.

Ok.  Can you provide the IPCONFIG and TRACERT as asked previously?

Ok lets try a DHCP reservation

Using the mac address of the computers nic go into your dhcp setup and set a dhcp reservation and assign a ip address
do you know how to setup a dhcp reservation?

then from the computer do ipconfig /release  then wait a min do ipconfig /renew

after that do ipconfig /all post results

ipconfig /all results


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Board-DT
   Primary Dns Suffix  . . . . . . . : TFI.intranet
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : TFI.intranet
                                       TFI

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : TFI
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : {Valid MAC Address}
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :  
   IPv4 Address. . . . . . . . . . . : 172.16.11.104(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Thursday, September 12, 2013 4:57:43 PM
   Lease Expires . . . . . . . . . . : Friday, September 20, 2013 11:32:30 AM
   Default Gateway . . . . . . . . . : 172.16.8.1
   DHCP Server . . . . . . . . . . . : 172.16.8.22
   DHCPv6 IAID . . . . . . . . . . . : 246983791
   DHCPv6 Client DUID. . . . . . . . :
   DNS Servers . . . . . . . . . . . : 172.16.8.24
                                       172.16.8.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.TFI:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : TFI
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


tracert results

Tracing route to Board-DT.TFI.intranet [172.16.11.104]
over a maximum of 30 hops:

  1     6 ms     4 ms     4 ms  172.16.11.101

Trace complete.

The ipconfig /all looks good

I see you have two DNS servers

Are they both working?  When you update one does the other see the updates?

run the dcdiag again on both servers and post the output

Yes, both are accepting data posted to the other.

dcdiag results:


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = TFIFS2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\TFIFS2
      Starting test: Connectivity
         ......................... TFIFS2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\TFIFS2
      Starting test: Advertising
         ......................... TFIFS2 passed test Advertising
      Starting test: FrsEvent
         ......................... TFIFS2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... TFIFS2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... TFIFS2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... TFIFS2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... TFIFS2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... TFIFS2 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... TFIFS2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... TFIFS2 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... TFIFS2 passed test ObjectsReplicated
      Starting test: Replications
         ......................... TFIFS2 passed test Replications
      Starting test: RidManager
         ......................... TFIFS2 passed test RidManager
      Starting test: Services
         ......................... TFIFS2 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0xC0003A9E
            Time Generated: 09/15/2013   17:01:28
            Event String:
            Owner of the log file or directory C:\inetpub\logs\LogFiles\W3SVC1\u_ex130915.log is invalid. This could be because another user has already created the log file or the directory.
         ......................... TFIFS2 failed test SystemLog
      Starting test: VerifyReferences
         ......................... TFIFS2 passed test VerifyReferences
   
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   
   Running partition tests on : TFI
      Starting test: CheckSDRefDom
         ......................... TFI passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... TFI passed test CrossRefValidation
   
   Running enterprise tests on : TFI.intranet
      Starting test: LocatorCheck
         ......................... TFI.intranet passed test LocatorCheck
      Starting test: Intersite
         ......................... TFI.intranet passed test Intersite

Ok now we now DNS is working

Have you power cycled the switches?

Something is still holding the old address

The machines are on the same lan as the servers and in the same building

Are these computers showing in DNS as a host records with correct address?

We cycled the switches today.  One kink is that one of the switches (not one that either of these machines are connected to) would not boot up.

The machines are on the same LAN and in the same building.

All the DNS entries look good.

Wow must have been a bad switch

Can you ping from the workstations to the servers by FQDN

And then from the server to the workstations by FQDN

What are the results

It's still NOT DNS if this happens when you ping using IP.

Can you post the IPCONFIG of the machine with .104?

I can ping TO the server from the affected machine with no problem.  The ping FROM any machine (including the server) gets the bad IP reply.

The ipconfig of the .104 machine is in one of the earlier posts.

Same behavior after clearing ARP table.

172.16.8.1 is a Sonicwall NSA 2400 firewall.

Do not have a network diagram.  The problem machine and the servers are connected to the same HP 2810-48G switch.

ipconfig result:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : Board-DT
   Primary Dns Suffix  . . . . . . . : TFI.intranet
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : TFI.intranet
                                       TFI

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : TFI
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : {Valid MAC Address}
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :  
   IPv4 Address. . . . . . . . . . . : 172.16.11.104(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Monday, September 16, 2013 7:14:51 AM
   Lease Expires . . . . . . . . . . : Monday, September 23, 2013 7:21:17 AM
   Default Gateway . . . . . . . . . : 172.16.8.1
   DHCP Server . . . . . . . . . . . : 172.16.8.22
   DHCPv6 IAID . . . . . . . . . . . : 246983791
   DHCPv6 Client DUID. . . . . . . . :
   DNS Servers . . . . . . . . . . . : 172.16.8.24
                                       172.16.8.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.TFI:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : TFI
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Route Print result:

===========================================================================
Interface List
 11...{Valid MAC Address} ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.8.1     172.16.11.64     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       172.16.8.0    255.255.252.0         On-link      172.16.11.64    266
     172.16.11.64  255.255.255.255         On-link      172.16.11.64    266
    172.16.11.255  255.255.255.255         On-link      172.16.11.64    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      172.16.11.64    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      172.16.11.64    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 11    266 fe80::4576:fcf9:9275:f3d5/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Why is the ip address 172.16.11.104 and your gateway is 172.16.8.1

You have different subnets here why?

Our subnet mask is 255.255.252.0 which allows us to span from 172.16.8.1 to 172.16.11.255

Ok lets try pinging 172.16.11.104 from your router what's the response?

Do you have access to the router to test?

The router belongs to our ISP and I do not have accept to it.

Would be nice to see if we can get a ping from the router to see what it thinks

Also the router may need to have its cache cleared.

contact they and explain your issue

We are switching ISPs in 1 week.  Not sure I would get a lot of cooperation.  Also, not sure what the inability to ping from our interface to the outside world would prove.  Neither DHCP or DNS are handled by the gateway.

The router can be causing this that's why we need to test from it.

Glad your changing ISP's if they don't help you I would get rid of them asap.

In the end the problem turned out to be a driver incompatibility issue which only surfaced after a Microsoft update.  The machine we initially had problems with originally had a 32-bit OS which we upgraded to a 64-bit OS.  The drivers automatically updated and all was well until the MS update about 10 days ago.  Unfortunately, when I decided to give up on that machine and replace it with a spare we had I chose a machine of the same model so the problem replicated itself once we did the upgrade.  The solutions provided did not actually solve my problem but I really appreciate the guys hanging in there and TRYING to solve it.

Great effort guys.