[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Active Directory & Pix & DNS & Lost Connection

Posted on 2004-03-30
8
Medium Priority
?
287 Views
Last Modified: 2008-02-01
I'm having a weird problem right now with a setup at a business.

DSL > Pix 501 > win2k3SBS > Clients (win2k,xp,98)

Currently the win2k3 machine is hosting the DNS and is also the domain Controller.  The domain name is companyname.internal ....  so active directory did its thing and setup the dns server on the same machine.

The IP Address of the win2k3 machine is 192.168.5.3
The Gateway is 192.168.5.1 (Pix)
The DNS Server is 192.168.5.3

I checked the DNS Server on the win2k3 machine for the infamous "." zone and it wasn't there.  I also put my ISPs DNS Servers in the Forwarders

Right now the win2k3 machine is also the DHCP server and it's giving out client IPs in the form of

IP: 192.168.5.50 - 192.168.5.100
Gateway: 192.168.5.1
DNS: 192.168.5.3

Now - the entire internal network has been kind of flaky after the addition of the win2k3 machine.  It used to just be DSL > Pix > Clients and all was fine.

Now after joining the clients to the domain it seems like randomly they'll not be able to connect to the domain and also not be able to get any outside internet traffic.  They *always* have internal ip, ipconfig /renew/release always works, and they can ping anything on the internal network, just sometimes they'll say "Domain is not available" and hte like.  Now, the machines that are able to get onto the domain, every now and then for some random reason they'll lose internet connection.  what i mean is, you can do ping www.google.com and it'll resolve the IP through DNS for google, but all the requests will zero out... then suddenly it'll start working.  It's really strange.  I don't know if this is a pix problem (as it never happened before) or if this is b/c of the new win2k3 domain machine.  The win2k3SBS server has 5 CALs - they have 10 machines at this office, but 1/2 of them are just dummy machines that host UPS (shippers) printers and software, so i interpreted the CALs as user CALs.  Despite if this breaks any licensing agreements, would this be the reason the computers randomly lose connection?  are they fighting for licenses?  Is there a way to fix this by perhaps having the PIX give out the DHCP leases, so that only when the computer is trying to use the domain (shared drives) they fight for licenses?  It's just really mind boggling that the connection is in and out like that, one second they'll all be down, the next second they'll all be up, then later 1/3 will be up - it's just weird.

Any advice/suggestions would be nice.  I have an extra 5 pack of device CALs on the way to hopefully remedy this, but i'm doubtful that'll do it.

Thanks,
Nick
0
Comment
Question by:NickUA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 10718473
Hi
Sounds like it may well be a licensing problem given how intermittent the problems are - you need to rule this out asap really. Any errors logged in the server event logs at all and/or clients? Post as much detail as you can
Licensing Overview for reference
http://www.microsoft.com/windowsserver2003/howtobuy/licensing/caloverview.mspx

Deb :))

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10718877
How many user licenses on the PIX 501?
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719483
The PIX 501 only supports 10 concurrent connections with the default license.  You say you have 10 machines on the LAN.  Are you counting the server, too?  Make sure you're not at 11, because the PIX will start dropping connections until you either up the license or get rid of some machines. :-)

Also, make sure your PCs are configured to only look at the domain controller for DNS.  If you have any external ISP DNS servers in the TCP/IP configuration of the workstations, that will cause those PCs to lose connectivity to the domain.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 1

Author Comment

by:NickUA
ID: 10719691
is the pix 10 outgoing connections?  they have a few network printers - they shouldn't be online though.

Nick

how do i check the user licenses on the pix?  show version?
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719714
Yes, it is limited to 10 outbound connections.  The network printers shouldn't matter.

Yes, "show version" will show the license info.  "show conn" will show the concurrent connections.
0
 
LVL 1

Author Comment

by:NickUA
ID: 10721678
10 outgoing IPs aka 10 computers or 10 connections?  as in lets say 1 computer is checking email and browsing web at same time?  i'm assuming it's the simpler of the two.
0
 
LVL 5

Accepted Solution

by:
visioneer earned 1500 total points
ID: 10725569
10 hosts on the inside using the Internet through the PIX or getting their IPs from it via DHCP.
0
 
LVL 1

Author Comment

by:NickUA
ID: 10738692
okay - before i did the upgrade i did "show conn" and it said "10 current 10 most" or whatever the terminology is... then i did the upgrade and rebooted it and not 5min later i did "show conn" and it said like "14 current 21 max" or whatever...  they only have 14 computers?  i did some more tests and went crazy trying to connect to tons of things - it got up to 42 max...  now ...  i'm assuming the pix counts hosts as any outgoing connection on any port?  I didn't know this - i assumed it was per IP...  am i looking at the right info, everyone seems to be able to use the net now so they're happy, but if they're going to hit over 50 it's going to be a problem, and another 300$ upgrade i should have recommended...  am i accurate in this?

Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question