DHCP slow
Hi,
We have W2K3 installed and we're finding DHCP is slow - it takes around 75 seconds for a client to pick up an address following an ipconfig /renew. Clients are not picking up an address during the normal OS startup (all are XP Pro) and so group policy is not being applied. I've tried the MS knowledgebase and good ole experts exchange with no success...
Any thoughts?
Thanks!
We have W2K3 installed and we're finding DHCP is slow - it takes around 75 seconds for a client to pick up an address following an ipconfig /renew. Clients are not picking up an address during the normal OS startup (all are XP Pro) and so group policy is not being applied. I've tried the MS knowledgebase and good ole experts exchange with no success...
Any thoughts?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
verify if you have conigured a dns server in the tcpip settings of your dc and dhcp server
also check if you have enabled dynamic dns under the properties of your reverse and forward lookup zone
ASKER
It appears to be correctly set...
I get the same message on the DNS server. What the??
I get the same message on the DNS server. What the??
ASKER
Dynamic updates is set to Secure Only on forward and reverse lookup zones.
what is your full domain name and the name from your forward and reverse lookup zone?
ASKER
AD: home.munge.com.au
Internet: munge.com.au (I know - bad practice but it's already been done and can't readily be changed)
Reverse lookup: workstation.home.munge.com
Forward lookup: WORKSTATION
Internet: munge.com.au (I know - bad practice but it's already been done and can't readily be changed)
Reverse lookup: workstation.home.munge.com
Forward lookup: WORKSTATION
why
------>workstation.<-----h
------>workstation.<-----h
ASKER
workstation = the name of any of the workstations on the corporate LAN. I'd rather not identify the company.
i think the name is wrong. you have configured it manually right?
i dont know if you can create a new zone now but i would do this and configure
"home.munge.com.au" as name from it (the same as your domain name)
i dont know if you can create a new zone now but i would do this and configure
"home.munge.com.au" as name from it (the same as your domain name)
ASKER
Ahh. Just noticed - the DNS lookup works OK if I use the FQDN (since my laptop is not a member of the domain, that's OK). My mistake - a bit of a red herring, that...
>I get the same message on the DNS server. What the??
And if I'd not mis-typed the server name, that would have worked....
Is there an emoticon for "Whoops! I'm embarrassed?" :-)
>I get the same message on the DNS server. What the??
And if I'd not mis-typed the server name, that would have worked....
Is there an emoticon for "Whoops! I'm embarrassed?" :-)
ah ok!!!! :)
maybe this... :/
but the problem is still there???
maybe this... :/
but the problem is still there???
ASKER
DHCP slow -- yep.
have your conigured a dns suffix in your dhcp scope options?
ASKER
Yes - it's home.munge.com.au
i think an dns server is configured, too in the scope options?
ASKER
Yes - both a primary and a secondary.
i just found this thread post: may you test it!!!
**************************
First, make sure you are running WINS. Its real easy. Just start the service on your DC and have all of the workstations enter the DC's ip in the WINS portion of your Network properties. If you have multiple DC's, you can just use one, or have two of them run WINS so you have a primary and a secondary.
Second, i recommend running an internal DNS between your workstations to provide for faster replication between your whole network. For instance, have your DC's run DNS. Set the primary DNS on your DC(s) as its own ip. Set the secondary DNS as the "static" ip that will provide for internet connectivity. Now, set all of your workstations as using the internal DC's ip as their primary DNS. So, ultimately, what will happen is, the workstations will always look to the DC's ip first for name resolution, then, from there they will have the gateway to the internet. This is how our internal network is set up at work. But, there may be differences between mine and yours. All of the internal boxes have an ip of 10.50.2.x, or 10.50.1.x. There are 4 DCs. The DCs use each other for primary DNS, and they use the 63.x.x.x.(i am not going to reveal this string) as secondary DNS. This way the internal network is very quick. The DCs also have each other entered into the lmhosts file to provide for faster replication between them.
**************************
**************************
First, make sure you are running WINS. Its real easy. Just start the service on your DC and have all of the workstations enter the DC's ip in the WINS portion of your Network properties. If you have multiple DC's, you can just use one, or have two of them run WINS so you have a primary and a secondary.
Second, i recommend running an internal DNS between your workstations to provide for faster replication between your whole network. For instance, have your DC's run DNS. Set the primary DNS on your DC(s) as its own ip. Set the secondary DNS as the "static" ip that will provide for internet connectivity. Now, set all of your workstations as using the internal DC's ip as their primary DNS. So, ultimately, what will happen is, the workstations will always look to the DC's ip first for name resolution, then, from there they will have the gateway to the internet. This is how our internal network is set up at work. But, there may be differences between mine and yours. All of the internal boxes have an ip of 10.50.2.x, or 10.50.1.x. There are 4 DCs. The DCs use each other for primary DNS, and they use the 63.x.x.x.(i am not going to reveal this string) as secondary DNS. This way the internal network is very quick. The DCs also have each other entered into the lmhosts file to provide for faster replication between them.
**************************
check if you have dns srv records with the same ip addy
if there are old not used entries...delete them cause old srv entries could make your clients confuse
ASKER
That's pretty much how this network is set up. But name resolution isn't the problem (well, it wasn't until I came along :-) ). The problem that I have is that clients aren't getting an IP address...
yes i know but i think this is an resolution problem. The clients may not find the right dhcp server immediately because its not right resolved!!! i would check the dns entries for old one!!!
If you want!!!
;)
If you want!!!
;)
ASKER
Ok...
DNS names/addresses all look OK...
DNS names/addresses all look OK...
ok then finally check up this (if this doesnt work, i cant help you further) :)
i just found in this article!!!
https://www.experts-exchange.com/questions/20936114/Slow-login-to-Domain-probable-cause-is-DNS.html
**************************
Ok so it sounds like there's no " . " zone which is good, because you can't use forwarders if it's there. In dns, right click the server listed immediately above the forward lookup zone folder, then click properties. This will bring up a box with numerous tabs. In interfaces, specify it's own IP address, ie that of the dns server you're working on. Click the forwarders tab, check enable forwarders and here enter the dns server ip addresses of your isp.
In the TCP/IP properties on the network connection for the server, again check that in the dns server list only it's own ip address is listed.
Then configure the client pc's to be supplied ONLY with the address of this dns server, not the isp. The forwarders enables the server to check the isp's dns servers for any names it can't resolve - ie it forwards the query. On the clients call up a command prompt -> start, run, cmd enter, and release and renew the ip's ie at the command prompt type ipconfig /release (enter - to reloease the ip) than type ipconfig /renew to pick the ip address up again from the firewall. To check type again at the client at a command prompt ipconfig /all to check the the isp's dns servers are no longer lited as dns servers for the client. Hopefully this should sort you out!
**************************
i just found in this article!!!
https://www.experts-exchange.com/questions/20936114/Slow-login-to-Domain-probable-cause-is-DNS.html
**************************
Ok so it sounds like there's no " . " zone which is good, because you can't use forwarders if it's there. In dns, right click the server listed immediately above the forward lookup zone folder, then click properties. This will bring up a box with numerous tabs. In interfaces, specify it's own IP address, ie that of the dns server you're working on. Click the forwarders tab, check enable forwarders and here enter the dns server ip addresses of your isp.
In the TCP/IP properties on the network connection for the server, again check that in the dns server list only it's own ip address is listed.
Then configure the client pc's to be supplied ONLY with the address of this dns server, not the isp. The forwarders enables the server to check the isp's dns servers for any names it can't resolve - ie it forwards the query. On the clients call up a command prompt -> start, run, cmd enter, and release and renew the ip's ie at the command prompt type ipconfig /release (enter - to reloease the ip) than type ipconfig /renew to pick the ip address up again from the firewall. To check type again at the client at a command prompt ipconfig /all to check the the isp's dns servers are no longer lited as dns servers for the client. Hopefully this should sort you out!
**************************
ASKER
Unfortunately, that all checks out OK :-(
Many thanks for your efforts mero.
Many thanks for your efforts mero.
your very welcome :)
note: you as "Storage Guru" certainly know a dns and dhcp guru colleague!!!
:)
good luck!!!
mero
note: you as "Storage Guru" certainly know a dns and dhcp guru colleague!!!
:)
good luck!!!
mero
ASKER
Arrrrrrrrrrrrrrrrrghhh!
It was spanning tree on the switches!
It was spanning tree on the switches!
nooooo!!!
a loop with your switches!!! no spanning tree protocol??
thx for the points!
a loop with your switches!!! no spanning tree protocol??
thx for the points!
ASKER
Spanning tree enabled on every port by default. Turned off spanning tree and now it all works just like it should....
As we say here in Orstraya: Bobby-dazzler!
As we say here in Orstraya: Bobby-dazzler!
:)
I fixed this by turning spanning-tree portfast on every port with a workstation. DCHP went from 30 secs at the Ctrl-Alt-Del screen to 3 secs
ASKER
Hmmmm.... Name resolution works fine for internet domains but I get "non-existant domain" for local domain names...
Any ideas?