Solved

Active Directory & Pix & DNS & Lost Connection

Posted on 2004-03-30
8
283 Views
Last Modified: 2008-02-01
I'm having a weird problem right now with a setup at a business.

DSL > Pix 501 > win2k3SBS > Clients (win2k,xp,98)

Currently the win2k3 machine is hosting the DNS and is also the domain Controller.  The domain name is companyname.internal ....  so active directory did its thing and setup the dns server on the same machine.

The IP Address of the win2k3 machine is 192.168.5.3
The Gateway is 192.168.5.1 (Pix)
The DNS Server is 192.168.5.3

I checked the DNS Server on the win2k3 machine for the infamous "." zone and it wasn't there.  I also put my ISPs DNS Servers in the Forwarders

Right now the win2k3 machine is also the DHCP server and it's giving out client IPs in the form of

IP: 192.168.5.50 - 192.168.5.100
Gateway: 192.168.5.1
DNS: 192.168.5.3

Now - the entire internal network has been kind of flaky after the addition of the win2k3 machine.  It used to just be DSL > Pix > Clients and all was fine.

Now after joining the clients to the domain it seems like randomly they'll not be able to connect to the domain and also not be able to get any outside internet traffic.  They *always* have internal ip, ipconfig /renew/release always works, and they can ping anything on the internal network, just sometimes they'll say "Domain is not available" and hte like.  Now, the machines that are able to get onto the domain, every now and then for some random reason they'll lose internet connection.  what i mean is, you can do ping www.google.com and it'll resolve the IP through DNS for google, but all the requests will zero out... then suddenly it'll start working.  It's really strange.  I don't know if this is a pix problem (as it never happened before) or if this is b/c of the new win2k3 domain machine.  The win2k3SBS server has 5 CALs - they have 10 machines at this office, but 1/2 of them are just dummy machines that host UPS (shippers) printers and software, so i interpreted the CALs as user CALs.  Despite if this breaks any licensing agreements, would this be the reason the computers randomly lose connection?  are they fighting for licenses?  Is there a way to fix this by perhaps having the PIX give out the DHCP leases, so that only when the computer is trying to use the domain (shared drives) they fight for licenses?  It's just really mind boggling that the connection is in and out like that, one second they'll all be down, the next second they'll all be up, then later 1/3 will be up - it's just weird.

Any advice/suggestions would be nice.  I have an extra 5 pack of device CALs on the way to hopefully remedy this, but i'm doubtful that'll do it.

Thanks,
Nick
0
Comment
Question by:NickUA
8 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 10718473
Hi
Sounds like it may well be a licensing problem given how intermittent the problems are - you need to rule this out asap really. Any errors logged in the server event logs at all and/or clients? Post as much detail as you can
Licensing Overview for reference
http://www.microsoft.com/windowsserver2003/howtobuy/licensing/caloverview.mspx

Deb :))

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10718877
How many user licenses on the PIX 501?
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719483
The PIX 501 only supports 10 concurrent connections with the default license.  You say you have 10 machines on the LAN.  Are you counting the server, too?  Make sure you're not at 11, because the PIX will start dropping connections until you either up the license or get rid of some machines. :-)

Also, make sure your PCs are configured to only look at the domain controller for DNS.  If you have any external ISP DNS servers in the TCP/IP configuration of the workstations, that will cause those PCs to lose connectivity to the domain.
0
The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

 
LVL 1

Author Comment

by:NickUA
ID: 10719691
is the pix 10 outgoing connections?  they have a few network printers - they shouldn't be online though.

Nick

how do i check the user licenses on the pix?  show version?
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719714
Yes, it is limited to 10 outbound connections.  The network printers shouldn't matter.

Yes, "show version" will show the license info.  "show conn" will show the concurrent connections.
0
 
LVL 1

Author Comment

by:NickUA
ID: 10721678
10 outgoing IPs aka 10 computers or 10 connections?  as in lets say 1 computer is checking email and browsing web at same time?  i'm assuming it's the simpler of the two.
0
 
LVL 5

Accepted Solution

by:
visioneer earned 500 total points
ID: 10725569
10 hosts on the inside using the Internet through the PIX or getting their IPs from it via DHCP.
0
 
LVL 1

Author Comment

by:NickUA
ID: 10738692
okay - before i did the upgrade i did "show conn" and it said "10 current 10 most" or whatever the terminology is... then i did the upgrade and rebooted it and not 5min later i did "show conn" and it said like "14 current 21 max" or whatever...  they only have 14 computers?  i did some more tests and went crazy trying to connect to tons of things - it got up to 42 max...  now ...  i'm assuming the pix counts hosts as any outgoing connection on any port?  I didn't know this - i assumed it was per IP...  am i looking at the right info, everyone seems to be able to use the net now so they're happy, but if they're going to hit over 50 it's going to be a problem, and another 300$ upgrade i should have recommended...  am i accurate in this?

Thanks
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question