Network connectivity/communication issues
We are having a strange issue that is killing us. Spent the better half of the last 2 days putting out fires.....
2 Domain Controllers--Win2K8.
Yesterday morning they could not 'find' each other--no communication, no ping, no tracert etc. Nothing at all. Subsequently other machines (but not all) lost the ability to communicate w/these servers. Start/Stopped DNS, DHCP, Firewall etc. After restarting the firewall they immediately started communicating. Brought the servers down/back up--allowed users to access the network--all seemed fine.
Today we are still having some strange issues: DC2 (file-print services) cannot talk to 2 (only 2) of the printers. Cannot ping the IP-not sending print jobs. DC1 can ping/connect/print to these printers. Pulled one printer off DC2-did a factory reset, assigned different IP still no difference.
It is like the firewall is blocking certain addresses from DC2-but that is not the case, we even created a rule in the firewall to allow all communication from the local ip range to see if that made any difference. We can see the printer IP in DNS (the new one) so this is getting updated. We are seeing no DNS/IP issues/errors on the DC.
Any thoughts-this strangeness is killing us. Thanks in advance.
2 Domain Controllers--Win2K8.
Yesterday morning they could not 'find' each other--no communication, no ping, no tracert etc. Nothing at all. Subsequently other machines (but not all) lost the ability to communicate w/these servers. Start/Stopped DNS, DHCP, Firewall etc. After restarting the firewall they immediately started communicating. Brought the servers down/back up--allowed users to access the network--all seemed fine.
Today we are still having some strange issues: DC2 (file-print services) cannot talk to 2 (only 2) of the printers. Cannot ping the IP-not sending print jobs. DC1 can ping/connect/print to these printers. Pulled one printer off DC2-did a factory reset, assigned different IP still no difference.
It is like the firewall is blocking certain addresses from DC2-but that is not the case, we even created a rule in the firewall to allow all communication from the local ip range to see if that made any difference. We can see the printer IP in DNS (the new one) so this is getting updated. We are seeing no DNS/IP issues/errors on the DC.
Any thoughts-this strangeness is killing us. Thanks in advance.
ASKER
Just a little more info.....
It is now looking like these certain workstations only have these issues w/Win28K servers.
So I can communicate with DC1 (2K8) but not DC2 and other various 2K8 servers. I can communicate w/all 2K3 servers.
It is now looking like these certain workstations only have these issues w/Win28K servers.
So I can communicate with DC1 (2K8) but not DC2 and other various 2K8 servers. I can communicate w/all 2K3 servers.
1) What does tracert look like? Do they connect to a particular router / switch / etc?
2) Try looking into the route using route print, check if there is a mismatch in the routes.
3) Also, what lies between these system and servers - any firewall / router / switch?
4) Can you add these server - FQDN - IPs to host files on machines and check if it helps?
Hope we get some information before we hit NetMon traces.
Cheers,
Exchange_Geek
2) Try looking into the route using route print, check if there is a mismatch in the routes.
3) Also, what lies between these system and servers - any firewall / router / switch?
4) Can you add these server - FQDN - IPs to host files on machines and check if it helps?
Hope we get some information before we hit NetMon traces.
Cheers,
Exchange_Geek
ASKER
Thanks--
tracert times out, these machines/printers etc have been scattered all over the network-multiple switches.
routing table looks OK
these machines are all internal--firewalls have been turned on/off in testing
Adding to the hosts file has produced no results
Just more info--
when pinging from these machines DNS lookup works-but ping times out.
It is interesting--I cannot use DC2 for nslookup--I can setserver= DC1 and perform NSLookup on DC2 if I setserver=DC2 and lookup DC2 it times out. Make any sense?
Today we have 2 workstations and 2 printers that are in this strange state.
tracert times out, these machines/printers etc have been scattered all over the network-multiple switches.
routing table looks OK
these machines are all internal--firewalls have been turned on/off in testing
Adding to the hosts file has produced no results
Just more info--
when pinging from these machines DNS lookup works-but ping times out.
It is interesting--I cannot use DC2 for nslookup--I can setserver= DC1 and perform NSLookup on DC2 if I setserver=DC2 and lookup DC2 it times out. Make any sense?
Today we have 2 workstations and 2 printers that are in this strange state.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\Users\administrator.XXX
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = VNA-DC3
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VN
Starting test: Connectivity
......................... VNA-DC3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VN
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... VNA-DC3 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : 38elm
Running enterprise tests on : 38elm.local
Starting test: DNS
Test results for domain controllers:
DC: VNA-DC3.38elm.local
Domain: 38elm.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone 38elm.local
TEST: Records registration (RReg)
Network Adapter [00000012] vmxnet3 Ethernet Adapter:
Warning:
Missing AAAA record at DNS server 140.176.30.217:
VNA-DC3.38elm.local
Warning:
Missing AAAA record at DNS server 140.176.30.217:
gc._msdcs.38elm.local
Warning:
Missing AAAA record at DNS server 140.176.30.218:
VNA-DC3.38elm.local
Warning:
Missing AAAA record at DNS server 140.176.30.218:
gc._msdcs.38elm.local
Warning:
Missing AAAA record at DNS server ::1:
VNA-DC3.38elm.local
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.38elm.local
Warning: Record Registrations not found in some network adapters
VNA-DC3 PASS WARN PASS PASS WARN WARN n/a
......................... 38elm.local passed test DNS
C:\Users\administrator.38E
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = VNA-DC3
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VN
Starting test: Connectivity
......................... VNA-DC3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VN
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... VNA-DC3 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : 38elm
Running enterprise tests on : 38elm.local
Starting test: DNS
Test results for domain controllers:
DC: VNA-DC3.38elm.local
Domain: 38elm.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone 38elm.local
TEST: Records registration (RReg)
Network Adapter [00000012] vmxnet3 Ethernet Adapter:
Warning:
Missing AAAA record at DNS server 140.176.30.217:
VNA-DC3.38elm.local
Warning:
Missing AAAA record at DNS server 140.176.30.217:
gc._msdcs.38elm.local
Warning:
Missing AAAA record at DNS server 140.176.30.218:
VNA-DC3.38elm.local
Warning:
Missing AAAA record at DNS server 140.176.30.218:
gc._msdcs.38elm.local
Warning:
Missing AAAA record at DNS server ::1:
VNA-DC3.38elm.local
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.38elm.local
Warning: Record Registrations not found in some network adapters
VNA-DC3 PASS WARN PASS PASS WARN WARN n/a
......................... 38elm.local passed test DNS
C:\Users\administrator.38E
ASKER
So I see DNS problems.....
ASKER
Also--scope is good, no changes on any of the machines.
concerned about this
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone 38elm.local
do you have dynamic updates enabled on the zone listed with this error?
try this command: NLTEST /DSREGDNS - Force registration of all DC-specific DNS records
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone 38elm.local
do you have dynamic updates enabled on the zone listed with this error?
try this command: NLTEST /DSREGDNS - Force registration of all DC-specific DNS records
ASKER
for 38.elm.local dynamic updates (secure and nonsecure) are allowed.
C:\Users\administrator.38E
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
Thanks!
C:\Users\administrator.38E
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for michael_landsittel's comment #37667641
for the following reason:
Issue had to do with faulty equipment on site.
Accepted answer: 0 points for michael_landsittel's comment #37667641
for the following reason:
Issue had to do with faulty equipment on site.
Why would I not get points for this, my first post I wrote, "Have you reset your switch(s)? If it's a managed switch check logs, could be a port broadcasting or a number of things going on here, sounds like you have more than one. Central point of failure so I would do a hard reset to eliminate / see what happens."
ASKER
This AM, there are certain workstations that cannot connect to certain servers (not only DCs). So workstation X can connect to everything in network but server Y. Everybody else is functioning normally.
Too strange.......