Solved

Cannot resolve host names on Win2k machine

Posted on 2004-09-21
33
244 Views
Last Modified: 2012-05-05
I have a windows 2000 server that is dedicated to terminal server use for several years without any issues.  Suddenly we cannot resolve ANY host or domain names.  We can ping internal and external ip addresses wothout problem.  I have checked the system for ad/spyware applications and it looks clean (used adaware, hijack this & spybot).  I also ran winsockfix and netsh commands to reset winsock.  Still no luck.

With this problem our users cannot use the internet or Outlook for exchange server access.

I am at a loss what to do next.  I'll be looking forward to you assistnce.

Thanks,

Roy
0
Comment
Question by:rbrother
  • 13
  • 12
  • 4
  • +3
33 Comments
 
LVL 2

Expert Comment

by:tztrh
ID: 12120173
check your DNS settings for any changes.
0
 

Author Comment

by:rbrother
ID: 12121416
Been there & done that.  DNS settings are good. Our other servers on the network use the same DNS settings and communicate properly.  I have even tried changing the DNS settings to use our ISP's DNS servers with the same results.
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 12121463
any firewalls?
you can ping external ip addresses, but not by host names?
when you go to ping by host name does it resolve the ip address?
how about the hosts file?
try adding an entry or two in there (for a test) and see if it will resolve
0
 

Author Comment

by:rbrother
ID: 12122138
The hosts files are clean.  I tried entering several local & internet host names (in the hosts files) with the same results.  The exact response to the ping command is "unknown host zwh2". (zwh2 is the local server name).  I get the same response when I ping the ANY host or domain names.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12122441
try resolving internal and external names alike using "NSLOOKUP"
i.e. "NSLOOKUP Server1"
or  "NSLOOKUP www.google.com"

if that doesn't work then try specifying the ISP DNS server in the NSLOOKUP command
"NSLOOKUP www.google.com w.x.y.z"
where w.x.y.z is the ISP's DNS server

you can also run nslookup in exhaustive debug mode
 "NSLOOKUP -d2 www.google.com"
0
 
LVL 1

Expert Comment

by:RABEH
ID: 12126082

-Are you use DHCP?
if yes , try to assign static IP with internal DNS only in 2 workstations. and test.
- Are you install any securty software in wrokstations or DNS server? if yes What is it?
- Are you install new fiewall?
- try to ping full dns name FQDN for other local machines ¨ex: mymachinename.mydomain.com¨? what the result?
0
 

Author Comment

by:rbrother
ID: 12126416
Here are the results using nslookup
c:\>nslookup www.pcs407.com
*** can't fnd server name for address 222.222.222.10: no response from server
*** Default servers are not available
Server: UnKnown
Address 222.222.222.10

*** UnKnown can't find www.pcs407.com: no response from server

222.222.222.10 is our dhcp/dns server

We are behind a firewall and have 4 other servers and 25 workstations which are functioning properly.  From this server we can ping any and all IP addresses, but cannot resolve domain or host names.  This server is setup with a static IP address.  The problem is specific to this server.  I get the same results when I ping the FQDN. There has been no security software installed.  I cannot even pig "localhost" (the result is unknown host localhost).

Any more ideas?  I am in a real bind on this one.  With this being a terminal server, our remote users are not able to get their job done.

Roy
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12126525
are you sure that 222.222.222.10 is running DNS?  can you try the nslookup commands on the actual server? that error message is claiming that it cannot contact the DNS service on that server... Can the client ping it?
0
 

Author Comment

by:rbrother
ID: 12126599
The DNS server is running properly.  NSLOOKUP works on it.  All other machines use the DNS server without any problems.  I can PING the DNS server by IP address, but cannot resolve the host name (from this server).
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12126632
if you are sure that other computers are using that machine to resolve hostnames properly, and the ones that cannot use it are able to ping it, then there must be a device blocking port 53 between these  clients and the server.  That's my guess.
0
 

Author Comment

by:rbrother
ID: 12126724
There is no device on the network blocking the port.  All of our servers are directly connected to a 3com gigabyte switch.  This server was functioning one day and not the next.  

Any other ideas?

Roy
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12126769
I thought you said the server was functioning because other computer were using it?  can you go to any other computer and try an nslookup?  can you get it to work on any computer?  have you tried rebooting the DNS server?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12126809
i think you should explain your setup... how many servers you have, how many subnets, where the terminal servers are logging in from.. etc...

I don't really understand under what conditions it works and under what conditions it doesn't
0
 

Author Comment

by:rbrother
ID: 12127130
I believe you are getting confused.  This terminal server can be logged-in to and you can run programs on it.  You cannot use the internet or Outlook as an exchange client.  The problem is that you cannot reslove host or domain names.  You can ping local and internet IP addresses.  This is the ONLY machine on our network that has the problem.  The DNS server is functioning or the other 25 machines and 4 servers would not be functioning.  This machine is windows 2000 server SP-4 running in terminal server mode.  We normally have 5 to 15 users on this terminal server.  All Microsoft crutical updates are (and have been) installed.

Roy
0
 
LVL 1

Expert Comment

by:RABEH
ID: 12127466
Is there any logs in event viewer under DNS node in DNS server.
0
 

Author Comment

by:rbrother
ID: 12127560
I just checked the DNS/DHCP server (DNS Log) and the event log is clean.  No new events since it was last restarted on 9/2/04.  All events prior to that are informational only.  No errors.

Roy
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12127628
So this terminal server:

1. Is connected to the same switch as the DNS server.
2. Can ping the DNS server
3. Is configured with the DNS server's IP address as it's own DNS server

Other computer can resolve names using this server, and the terminal server cannot.  This is correct?
0
 
LVL 1

Expert Comment

by:RABEH
ID: 12127632
Are you test this :
assign manually IP with internal DNS  in 2 workstations. and test ping between them.
0
 

Author Comment

by:rbrother
ID: 12127717
Yes. same switch as DNS server, can ping the DNS server and it is configured with the DNS servers IP address as its own DNS server.  we have several other workstations & servers with static IP addresses (on the same switch) with the internal DNS setting and can ping host/domain names between them.

Please note... the configuration of this terminal server has not changed for several years.

Roy
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12127769
I've tested it, and "no response from server" signifies that the client is sending proper DNS requests.  I can only reproduce this error when I specify a DNS server that is not running DNS.

try this:

NSLOOKUP www.google.com 39.9.211.2.  That will perform a DNS search with my own DNS server.  if it works, then there is nothing wrong with the terminal server.

if not, then you may want to download and run spybot, adaware and most importantly HIJACKTHIS.  It's possible some piece of malware has hardcoded in a NameServer in the registry.

0
 
LVL 1

Expert Comment

by:RABEH
ID: 12127867
1-Are u have WINS?
2- try to change IP address for terminal server to any other FREE IP and check?
3- please post full details: how many machine u have , how many machine has the problem , how many machine use DHCP, The servers IP ,  DHCP rang, other machine(static IP) rang?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12128521
i just tried that DNS server from another location and it seems that only we can use that DNS server.  sorry.  anyway, i would also recommend clearning the cache on the server and running "ipconfig /flushdns" on the terminal server as well as the other clients, and go through another round of trying nslookup on all the machines.
0
 

Author Comment

by:rbrother
ID: 12129157
I think everyone is missing the basic point here.  This is the ONLY machine affected on our network. We CANNOT PING any HOST or DNS  names.  If I try to "ping localhost" I get the response "unknown host".  This is the same response when I try to ping ANY host or domain name be it internal or external to our network.  ALL of our other 4 servers and 25 workstations are functioning properly.  We have run spybot, hijack this and adaware and not found any problems.  We have also run winsockfix.

Roy
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12129195
what about pinging 127.0.0.1?
0
 

Author Comment

by:rbrother
ID: 12129223
As I have mentioned earlier, we can Ping ANY IP address either on the LAN or Internet.  WE CANNOT ping host or domain names.

Roy
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12129356
2 more things:

1. run services.msc and make sure that DNS Client is running.

2.
(maybe?)
 http://support.microsoft.com/default.aspx?scid=kb;EN-US;193209
0
 

Author Comment

by:rbrother
ID: 12129394
DNS Client is running & I do not think no. 2 is applicable to my problem.

I am starting to think it is time to format and reprogram this terminal server, uuuuuuugh!

Roy
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12129437
yeah, this is farther than I ever had to go to resolve a DNS issue.  My only suggestion before completetly reinstalling the OS would be to uninstall TCP/IP and reinstall.  If that doesn't work, you might have a few more options like running the System File Checker by running "sfc /scannow" in case a dll got corrupted.

Then you may want to try this, but I have no idea what it will do honestly...

Uninstall TCP/IP
Delete the registry Key HKLM\System\CurrentControlSet\Services\DnsCache
Reinstall TCP/IP

even though it says "DnsCache", it isn't just cache, it is the reigstry settings that the DNS Client service uses.  It sounds like that service is no longer functioning on your computer.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12129443
You may want to export that key before deleting it, if you would like to revert to the original settings.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12129449
hey do you have a backup of the system state anywhere?
0
 

Author Comment

by:rbrother
ID: 12225234
Please close this issue.

We had it setup using a static IP adddress and tried using DHCP and then received the following error when trying to renew the IP address; "An Operation Was Attempted on Something That Is Not a Socket".

It turned out to be corrupt winsock & winsock2 entries in the registry.  Please refer to these two Microsoft knowledgebase articles for the fix.  It worked perfectly.

Microsoft Knowledge Base Article - 817571 (I used method 2 in this article)
http://support.microsoft.com/default.aspx?scid=kb;en-us;817571&Product=win2000

Microsoft Knowledge Base Article - 318584
http://support.microsoft.com/default.aspx?scid=kb;en-us;318584&Product=win2000

In any case thank you for everyone's input.

Roy Brotherhood
PC Solutions
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13212053
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now