gspearman
asked on
Ping reply from different address
This one has me totally stumped. I have a couple of machines which I've lost the ability to remote into with Real VNC. I started looking for the reason and found that when I ping them I get replies from a different IP address. It doesn't matter if I ping them using the machine name or the IP address I get a return from a different IP.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---
C:\>ping board-dt
Pinging board-dt.TFI.intranet [172.16.11.104] with 32 by
Reply from 172.16.11.101: bytes=32 time=20ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Ping statistics for 172.16.11.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 20ms, Average = 14ms
C:\>ping 172.16.11.104
Pinging 172.16.11.104 with 32 bytes of data:
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Ping statistics for 172.16.11.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 13ms, Average = 13ms
-------------------------- ---------- ---------- ---------- ---------- ---------- --
Unsuccessful debugging steps:
I've tried issuing the pings using different machines with the same result.
There are no HOST entries on any of the machines I used to ping or the target.
I've cleared the DNS Forward Lookup entry for the target machine.
I've changed the NIC card in the target machine.
I've changed the name of the target machine.
I've hard-coded the IP address (a new previously unused address) to the target machine.
I've checked the DNS server to assure Scavenging was setup.
... and I've performed hundreds of Internet searches, apparently with the wrong criteria, desperately looking for a fix
--------------------------
C:\>ping board-dt
Pinging board-dt.TFI.intranet [172.16.11.104] with 32 by
Reply from 172.16.11.101: bytes=32 time=20ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Ping statistics for 172.16.11.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 20ms, Average = 14ms
C:\>ping 172.16.11.104
Pinging 172.16.11.104 with 32 bytes of data:
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Reply from 172.16.11.101: bytes=32 time=13ms TTL=255
Ping statistics for 172.16.11.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 13ms, Average = 13ms
--------------------------
Unsuccessful debugging steps:
I've tried issuing the pings using different machines with the same result.
There are no HOST entries on any of the machines I used to ping or the target.
I've cleared the DNS Forward Lookup entry for the target machine.
I've changed the NIC card in the target machine.
I've changed the name of the target machine.
I've hard-coded the IP address (a new previously unused address) to the target machine.
I've checked the DNS server to assure Scavenging was setup.
... and I've performed hundreds of Internet searches, apparently with the wrong criteria, desperately looking for a fix
Here's a link with a very detailed explanation of scavenging (with some best practices at the end).
Also, is it possible the target machine is configured with multiple IP addresses?
Open properties of network adapter, view properties of IPv4, click advanced, and see if there are more than one IP addresses listed in the 'IP addresses' list.
If only one is displayed, does the target machine have multiple NIC cards?
Open properties of network adapter, view properties of IPv4, click advanced, and see if there are more than one IP addresses listed in the 'IP addresses' list.
If only one is displayed, does the target machine have multiple NIC cards?
ASKER
I did execute Scavenge Now through both the GUI two days ago and the command-line yesterday. Still the same behavior.
Just realized I forgot the link in one of my previous comments regarding scavengin:
https://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?Redirected=true
https://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?Redirected=true
What Os are the machines?
Have your tried ipconfig /flushdns
do an ipconfig /all on the machine what does it show ? please post
What type of server is this ? OS ?
Have your tried ipconfig /flushdns
do an ipconfig /all on the machine what does it show ? please post
What type of server is this ? OS ?
Have you tried issuing the command ipconfig /all on the device you are trying to ping to determine if it has the IP that is responding?
Also check your ARP tables, to see if your MAC to IP bindings are correct when pinging the target machine.
G
Also check your ARP tables, to see if your MAC to IP bindings are correct when pinging the target machine.
G
ASKER
Target machine had only one onboard NIC. When I added the second NIC I disabled the 1st. When the machine was only using a single IP.
A couple of people have mentioned above but it really does sound like a DNS issue to me, and as such I would personally check to see if you have duplicate records for individual IP addresses listed in DNS before proceeding, I had a similar issue with a client and deleting the incorrect records seemed to resolve this.
ASKER
Target machine OS: Windows 7 Pro 64-bit
Client machine OS: Windows 7 Pro 64-bit
DNS Server OS: Windows Server 2008 R2 64-bit
I have literally done dozens of ipconfig /flushdns and ipconfig /registerdns on both the target machines, the client machines, and the DNS server. After every failed attempt I would flushdns to be sure then try again.
I've looked at the ARP table and the IP address I am trying to ping is mapped to the proper MAC address.
Client machine OS: Windows 7 Pro 64-bit
DNS Server OS: Windows Server 2008 R2 64-bit
I have literally done dozens of ipconfig /flushdns and ipconfig /registerdns on both the target machines, the client machines, and the DNS server. After every failed attempt I would flushdns to be sure then try again.
I've looked at the ARP table and the IP address I am trying to ping is mapped to the proper MAC address.
ASKER
There are no duplicates in my Forward Lookup table. I've seen that problem in the past and that was one of the first things I looked for. That lead me to check Scavenging which WAS turned off. Turning it on has not corrected the problem.
How about DNS dynamic updates? Is that configured properly?
are the computers registering into DNS? Or are you adding a host records?
Is this windows 2008 server a DC or member server?
If dc
lets run dcdiag make sure dns is working
dcdiag >dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN HERE>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
Is this windows 2008 server a DC or member server?
If dc
lets run dcdiag make sure dns is working
dcdiag >dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN HERE>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
ASKER
As for the dcdiag tests, it passes all four.
ASKER
Probably showing my ignorance but is it possible this could have something to do with a switch? It strikes me as very odd that I get the same IP reply even after I changed target machines, target IP addresses, and target machine names.
glad to here the the dcdiags are good.
what type of switches you have?
Maybe power cycle the switch
are the computers registering in DNS do you see them in there with new or old ip address?
what type of switches you have?
Maybe power cycle the switch
are the computers registering in DNS do you see them in there with new or old ip address?
Guys how can this be a DNS issue if the OP tried pinging by IP and the result was the same??
Can you show the ipconfig /all and tracert 172.16.11.104 command-line output?
Can you show the ipconfig /all and tracert 172.16.11.104 command-line output?
ASKER
Switches are HP 2810s.
All the DNS registrations seem to be doing fine. The IPs are associated with the appropriate PCs.
Plan on power cycling the switches this weekend immediately after our weekend backups complete.
All the DNS registrations seem to be doing fine. The IPs are associated with the appropriate PCs.
Plan on power cycling the switches this weekend immediately after our weekend backups complete.
Sounds like a plan keep us posted
It sounds like a virtual IP to me. The same behaviour is displayed when using HSRP on a Cisco switch (for example). You ping the virtual address but the reply comes from the active router's IP (so you can tell which one responded).
If you use the arp -a command at the command-line what MAC addresses are displayed for the two IP addresses?
If you use the arp -a command at the command-line what MAC addresses are displayed for the two IP addresses?
ASKER
The MAC addresses in the ARP table exactly match what SHOULD be returned in the ping replies.
So is the MAC different for 172.16.11.104 and 172.16.11.101?
If you're getting a response from a different machine then, what happens when you turn .101 off?
If you're getting a response from a different machine then, what happens when you turn .101 off?
ASKER
The MAC addresses are different for the two machines. The 101 machine IS off during my testing. In fact it's out of the country at the moment and I checked to make sure it is not connected through the VPN.
WE still would like to see an ipconfig /all and tracert
So the IP address you're pinging is through a router/firewall?
ASKER
No. Both machines are inside the same building in a Windows domain.
Ok. Can you provide the IPCONFIG and TRACERT as asked previously?
Ok lets try a DHCP reservation
Using the mac address of the computers nic go into your dhcp setup and set a dhcp reservation and assign a ip address
do you know how to setup a dhcp reservation?
then from the computer do ipconfig /release then wait a min do ipconfig /renew
after that do ipconfig /all post results
Using the mac address of the computers nic go into your dhcp setup and set a dhcp reservation and assign a ip address
do you know how to setup a dhcp reservation?
then from the computer do ipconfig /release then wait a min do ipconfig /renew
after that do ipconfig /all post results
ASKER
ipconfig /all results
Windows IP Configuration
Host Name . . . . . . . . . . . . : Board-DT
Primary Dns Suffix . . . . . . . : TFI.intranet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : TFI.intranet
TFI
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : {Valid MAC Address}
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . : 172.16.11.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Thursday, September 12, 2013 4:57:43 PM
Lease Expires . . . . . . . . . . : Friday, September 20, 2013 11:32:30 AM
Default Gateway . . . . . . . . . : 172.16.8.1
DHCP Server . . . . . . . . . . . : 172.16.8.22
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.16.8.24
172.16.8.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.TFI:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
tracert results
Tracing route to Board-DT.TFI.intranet [172.16.11.104]
over a maximum of 30 hops:
1 6 ms 4 ms 4 ms 172.16.11.101
Trace complete.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Board-DT
Primary Dns Suffix . . . . . . . : TFI.intranet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : TFI.intranet
TFI
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : {Valid MAC Address}
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . : 172.16.11.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Thursday, September 12, 2013 4:57:43 PM
Lease Expires . . . . . . . . . . : Friday, September 20, 2013 11:32:30 AM
Default Gateway . . . . . . . . . : 172.16.8.1
DHCP Server . . . . . . . . . . . : 172.16.8.22
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.16.8.24
172.16.8.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.TFI:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
tracert results
Tracing route to Board-DT.TFI.intranet [172.16.11.104]
over a maximum of 30 hops:
1 6 ms 4 ms 4 ms 172.16.11.101
Trace complete.
The ipconfig /all looks good
I see you have two DNS servers
Are they both working? When you update one does the other see the updates?
run the dcdiag again on both servers and post the output
I see you have two DNS servers
Are they both working? When you update one does the other see the updates?
run the dcdiag again on both servers and post the output
ASKER
Yes, both are accepting data posted to the other.
dcdiag results:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = TFIFS2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TF IFS2
Starting test: Connectivity
......................... TFIFS2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TF IFS2
Starting test: Advertising
......................... TFIFS2 passed test Advertising
Starting test: FrsEvent
......................... TFIFS2 passed test FrsEvent
Starting test: DFSREvent
......................... TFIFS2 passed test DFSREvent
Starting test: SysVolCheck
......................... TFIFS2 passed test SysVolCheck
Starting test: KccEvent
......................... TFIFS2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... TFIFS2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... TFIFS2 passed test MachineAccount
Starting test: NCSecDesc
......................... TFIFS2 passed test NCSecDesc
Starting test: NetLogons
......................... TFIFS2 passed test NetLogons
Starting test: ObjectsReplicated
......................... TFIFS2 passed test ObjectsReplicated
Starting test: Replications
......................... TFIFS2 passed test Replications
Starting test: RidManager
......................... TFIFS2 passed test RidManager
Starting test: Services
......................... TFIFS2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0003A9E
Time Generated: 09/15/2013 17:01:28
Event String:
Owner of the log file or directory C:\inetpub\logs\LogFiles\W 3SVC1\u_ex 130915.log is invalid. This could be because another user has already created the log file or the directory.
......................... TFIFS2 failed test SystemLog
Starting test: VerifyReferences
......................... TFIFS2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : TFI
Starting test: CheckSDRefDom
......................... TFI passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... TFI passed test CrossRefValidation
Running enterprise tests on : TFI.intranet
Starting test: LocatorCheck
......................... TFI.intranet passed test LocatorCheck
Starting test: Intersite
......................... TFI.intranet passed test Intersite
dcdiag results:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = TFIFS2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TF
Starting test: Connectivity
......................... TFIFS2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TF
Starting test: Advertising
......................... TFIFS2 passed test Advertising
Starting test: FrsEvent
......................... TFIFS2 passed test FrsEvent
Starting test: DFSREvent
......................... TFIFS2 passed test DFSREvent
Starting test: SysVolCheck
......................... TFIFS2 passed test SysVolCheck
Starting test: KccEvent
......................... TFIFS2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... TFIFS2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... TFIFS2 passed test MachineAccount
Starting test: NCSecDesc
......................... TFIFS2 passed test NCSecDesc
Starting test: NetLogons
......................... TFIFS2 passed test NetLogons
Starting test: ObjectsReplicated
......................... TFIFS2 passed test ObjectsReplicated
Starting test: Replications
......................... TFIFS2 passed test Replications
Starting test: RidManager
......................... TFIFS2 passed test RidManager
Starting test: Services
......................... TFIFS2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0003A9E
Time Generated: 09/15/2013 17:01:28
Event String:
Owner of the log file or directory C:\inetpub\logs\LogFiles\W
......................... TFIFS2 failed test SystemLog
Starting test: VerifyReferences
......................... TFIFS2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : TFI
Starting test: CheckSDRefDom
......................... TFI passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... TFI passed test CrossRefValidation
Running enterprise tests on : TFI.intranet
Starting test: LocatorCheck
......................... TFI.intranet passed test LocatorCheck
Starting test: Intersite
......................... TFI.intranet passed test Intersite
Ok now we now DNS is working
Have you power cycled the switches?
Something is still holding the old address
The machines are on the same lan as the servers and in the same building
Are these computers showing in DNS as a host records with correct address?
Have you power cycled the switches?
Something is still holding the old address
The machines are on the same lan as the servers and in the same building
Are these computers showing in DNS as a host records with correct address?
ASKER
We cycled the switches today. One kink is that one of the switches (not one that either of these machines are connected to) would not boot up.
The machines are on the same LAN and in the same building.
All the DNS entries look good.
The machines are on the same LAN and in the same building.
All the DNS entries look good.
Wow must have been a bad switch
Can you ping from the workstations to the servers by FQDN
And then from the server to the workstations by FQDN
What are the results
Can you ping from the workstations to the servers by FQDN
And then from the server to the workstations by FQDN
What are the results
It's still NOT DNS if this happens when you ping using IP.
Can you post the IPCONFIG of the machine with .104?
Can you post the IPCONFIG of the machine with .104?
ASKER
I can ping TO the server from the affected machine with no problem. The ping FROM any machine (including the server) gets the bad IP reply.
ASKER
The ipconfig of the .104 machine is in one of the earlier posts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Same behavior after clearing ARP table.
172.16.8.1 is a Sonicwall NSA 2400 firewall.
Do not have a network diagram. The problem machine and the servers are connected to the same HP 2810-48G switch.
ipconfig result:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Board-DT
Primary Dns Suffix . . . . . . . : TFI.intranet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : TFI.intranet
TFI
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : {Valid MAC Address}
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . : 172.16.11.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Monday, September 16, 2013 7:14:51 AM
Lease Expires . . . . . . . . . . : Monday, September 23, 2013 7:21:17 AM
Default Gateway . . . . . . . . . : 172.16.8.1
DHCP Server . . . . . . . . . . . : 172.16.8.22
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.16.8.24
172.16.8.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.TFI:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Route Print result:
========================== ========== ========== ========== ========== =========
Interface List
11...{Valid MAC Address} ......Broadcom NetLink (TM) Gigabit Ethernet
1......................... ..Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
========================== ========== ========== ========== ========== =========
IPv4 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.8.1 172.16.11.64 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.8.0 255.255.252.0 On-link 172.16.11.64 266
172.16.11.64 255.255.255.255 On-link 172.16.11.64 266
172.16.11.255 255.255.255.255 On-link 172.16.11.64 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.11.64 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.11.64 266
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
IPv6 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::4576:fcf9:9275:f3d5/ 128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
172.16.8.1 is a Sonicwall NSA 2400 firewall.
Do not have a network diagram. The problem machine and the servers are connected to the same HP 2810-48G switch.
ipconfig result:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Board-DT
Primary Dns Suffix . . . . . . . : TFI.intranet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : TFI.intranet
TFI
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : {Valid MAC Address}
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . : 172.16.11.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Monday, September 16, 2013 7:14:51 AM
Lease Expires . . . . . . . . . . : Monday, September 23, 2013 7:21:17 AM
Default Gateway . . . . . . . . . : 172.16.8.1
DHCP Server . . . . . . . . . . . : 172.16.8.22
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.16.8.24
172.16.8.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.TFI:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : TFI
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Route Print result:
==========================
Interface List
11...{Valid MAC Address} ......Broadcom NetLink (TM) Gigabit Ethernet
1.........................
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.8.1 172.16.11.64 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.8.0 255.255.252.0 On-link 172.16.11.64 266
172.16.11.64 255.255.255.255 On-link 172.16.11.64 266
172.16.11.255 255.255.255.255 On-link 172.16.11.64 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.11.64 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.11.64 266
==========================
Persistent Routes:
None
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::4576:fcf9:9275:f3d5/
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
==========================
Persistent Routes:
None
Why is the ip address 172.16.11.104 and your gateway is 172.16.8.1
You have different subnets here why?
You have different subnets here why?
ASKER
Our subnet mask is 255.255.252.0 which allows us to span from 172.16.8.1 to 172.16.11.255
Ok lets try pinging 172.16.11.104 from your router what's the response?
Do you have access to the router to test?
Do you have access to the router to test?
ASKER
The router belongs to our ISP and I do not have accept to it.
Would be nice to see if we can get a ping from the router to see what it thinks
Also the router may need to have its cache cleared.
contact they and explain your issue
Also the router may need to have its cache cleared.
contact they and explain your issue
ASKER
We are switching ISPs in 1 week. Not sure I would get a lot of cooperation. Also, not sure what the inability to ping from our interface to the outside world would prove. Neither DHCP or DNS are handled by the gateway.
The router can be causing this that's why we need to test from it.
Glad your changing ISP's if they don't help you I would get rid of them asap.
Glad your changing ISP's if they don't help you I would get rid of them asap.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In the end the problem turned out to be a driver incompatibility issue which only surfaced after a Microsoft update. The machine we initially had problems with originally had a 32-bit OS which we upgraded to a 64-bit OS. The drivers automatically updated and all was well until the MS update about 10 days ago. Unfortunately, when I decided to give up on that machine and replace it with a spare we had I chose a machine of the same model so the problem replicated itself once we did the upgrade. The solutions provided did not actually solve my problem but I really appreciate the guys hanging in there and TRYING to solve it.
Great effort guys.
Great effort guys.
How long (time frame) have you been getting this issue, and how long (since enabling/running scavenging) has it been?
DNS updates can take a fair amount of time