integramed
asked on
ARP/DNS Issues after AD implementation
I am not sure what category to post this in, as it may relate to multiple network devices, but I will try here first.
We are a small co (roughly 300 users) operating under a much larger umbrella co. Our larger co. recently upgraded to AD, forcing us to do the same (From good old NT4).
All of our clients run XP and DHCP, and we use all Cisco routers & switches. Locally here in IL we have 10 sites, all connected via WAN and all authenticate to our AD controller locally, and that same box runs DHCP for all the clients. The primary DNS boxes are at our corp office, and it just pushes down all the DNS to our local controller.
Implementation went pretty smooth, and shortly thereafter we start getting a lot of calls about people not being able to get into many critical applications. We realized all the XP clients had their firewalls reactivated. So we set up policy to turn all of those off. Then we began getting calls about critical web sites not being able to function. After looking closer at our XP clients, we noticed the clients had pulled all the new DHCP info, but were also retaining as a primary an old DNS box that no longer exists. We double and triple checked our DHCP box, and it is and has been configured perfectly for all our sites. We reset all our routers and switches, and had everyone restart their machines. This did not fix anything. The only "quick fix" is to do an "arp clear" locally and then "ipconfig/renew". This fixed the issues for some time, and then they get the wrong info right away.
This is starting to become a daily annoyance and has been driving our help desk insane for the past week since AD was rolled out.
We have also restarted DNS services, and cleared ARP on the server as well.
Anyone have any ideas why this could be happening? Keep in mind there are over 20 other sites like ours connecting to our corporate office, and we are the only ones having these issues, which makes it that much more frustrating.
Any help would be appreciated.
thanks
We are a small co (roughly 300 users) operating under a much larger umbrella co. Our larger co. recently upgraded to AD, forcing us to do the same (From good old NT4).
All of our clients run XP and DHCP, and we use all Cisco routers & switches. Locally here in IL we have 10 sites, all connected via WAN and all authenticate to our AD controller locally, and that same box runs DHCP for all the clients. The primary DNS boxes are at our corp office, and it just pushes down all the DNS to our local controller.
Implementation went pretty smooth, and shortly thereafter we start getting a lot of calls about people not being able to get into many critical applications. We realized all the XP clients had their firewalls reactivated. So we set up policy to turn all of those off. Then we began getting calls about critical web sites not being able to function. After looking closer at our XP clients, we noticed the clients had pulled all the new DHCP info, but were also retaining as a primary an old DNS box that no longer exists. We double and triple checked our DHCP box, and it is and has been configured perfectly for all our sites. We reset all our routers and switches, and had everyone restart their machines. This did not fix anything. The only "quick fix" is to do an "arp clear" locally and then "ipconfig/renew". This fixed the issues for some time, and then they get the wrong info right away.
This is starting to become a daily annoyance and has been driving our help desk insane for the past week since AD was rolled out.
We have also restarted DNS services, and cleared ARP on the server as well.
Anyone have any ideas why this could be happening? Keep in mind there are over 20 other sites like ours connecting to our corporate office, and we are the only ones having these issues, which makes it that much more frustrating.
Any help would be appreciated.
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Steve,
Thanks for the suggestions.
I checked the gpresult and the only policy on all clients is a computer policy which is the one we use to disable all the firewalls.
I also did the dhcp dump as you suggested, and it gave me all the settings for our dhcp scopes, etc. I did a text search in there for the "incorrect DNS IP" address that has been affecting the clients and did not find any traces of it in there.
Is there something else in that file I need to look at you think?
I was thinking would it be appropriate to put this command in our login script, if not permanently maybe temporarily?
"netsh interface ip delete arpcache"
This seems to fix the problem, and then a ipconfig/renew after that brings the corrent dhcp settings into the client.
Thanks for the suggestions.
I checked the gpresult and the only policy on all clients is a computer policy which is the one we use to disable all the firewalls.
I also did the dhcp dump as you suggested, and it gave me all the settings for our dhcp scopes, etc. I did a text search in there for the "incorrect DNS IP" address that has been affecting the clients and did not find any traces of it in there.
Is there something else in that file I need to look at you think?
I was thinking would it be appropriate to put this command in our login script, if not permanently maybe temporarily?
"netsh interface ip delete arpcache"
This seems to fix the problem, and then a ipconfig/renew after that brings the corrent dhcp settings into the client.
You could try but users may not be able to run that unless they are local admins.
It does sound particularly odd but at least we've ruled out some odd setting in a GPO or DHCP.
Does that happen on all w/s or just some, could it be statically assigned to another NIC on these, a dialup connection or VPN etc pointng at old DNS servers?
Steve
It does sound particularly odd but at least we've ruled out some odd setting in a GPO or DHCP.
Does that happen on all w/s or just some, could it be statically assigned to another NIC on these, a dialup connection or VPN etc pointng at old DNS servers?
Steve
ASKER
This is happening on over half of them. It is not dependant on client hardware, OS, or location from what we can see at this point.
The group policy script worked but it took way too long for users to log in, so I removed it.
I created a simple batch file using pstools to remotely clear the arp cache and do a ipconfig/renew, and all my tech has to do is input the PC name and it will take care of the rest. Seems very low tech but it does the trick for now.
This even has my guys at our corp office stumped. We have reset the routers/switches again at both our hub site and spoke sites. All machines only have 1 NIC, we run a 99% Dell shop. Mostly Optiplexes, small and medium form factors. VPN is not installed on any clients withing the organization. Also no dialup connections configured on any of the machines.
Is now a good time to increase the point value? :)
The group policy script worked but it took way too long for users to log in, so I removed it.
I created a simple batch file using pstools to remotely clear the arp cache and do a ipconfig/renew, and all my tech has to do is input the PC name and it will take care of the rest. Seems very low tech but it does the trick for now.
This even has my guys at our corp office stumped. We have reset the routers/switches again at both our hub site and spoke sites. All machines only have 1 NIC, we run a 99% Dell shop. Mostly Optiplexes, small and medium form factors. VPN is not installed on any clients withing the organization. Also no dialup connections configured on any of the machines.
Is now a good time to increase the point value? :)
Will look back tomorroe... late now
Steve
Steve
OK silly question time and some more unlikelies... when you do ipconfig /all on the machine that is effected does it have the correct dhcp server specified, could be someone has got a server setup locally or the dhcp /ip helper addresses on your routers are pointing to an old server too?
When the wrong value is showing up suggest giving a search on the machine with regedit.exe and see what keys it appears under -- i.e. another value under the dhcp cached settings against the NIC or somewhere else.
Steve
When the wrong value is showing up suggest giving a search on the machine with regedit.exe and see what keys it appears under -- i.e. another value under the dhcp cached settings against the NIC or somewhere else.
Steve
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Exactly... easily done even some mobile phone syncing software and such like installs a little DHCP server, as do of course wireless access points etc. that people sometimes like plugging in...
Steve
Steve
ASKER
Checked for rogue server...did not find anything. When we get the wrong dns on a client, it still shows my DHCP server. Access points are all WRT56G Linksys, all of them have static IP. Nobody is allowed to install any software on the local machines, so there is no phone or palm syncing software out there.
i did peek onto the server at corp. and saw that our DHCP scope are still in there but de-activated, do I need to delete them? Does it matter?
What other devices could possibly be giving out an outdated DNS address? It is driving me crazy. I had half our sites reboot their routers and switches, but then the issue still persists, over and over, on those sites.
How you been Daniel? Did you just reply because you saw Integramed on the name? :)
Chris
i did peek onto the server at corp. and saw that our DHCP scope are still in there but de-activated, do I need to delete them? Does it matter?
What other devices could possibly be giving out an outdated DNS address? It is driving me crazy. I had half our sites reboot their routers and switches, but then the issue still persists, over and over, on those sites.
How you been Daniel? Did you just reply because you saw Integramed on the name? :)
Chris
ASKER
Thanks for everyones help. Finally got this resolved. We didnt quite nail it on the head but one of our guys wrote a script to force DHCP updates of DNS & WINS information when the machines are started up. This seems to have fixed the issue, along with power cycling all of our routers.
What a pain in the rear!!
-Chris
What a pain in the rear!!
-Chris
Very odd and a bit of a bodge fix but if it works... :-)
Steve
Steve
netsh dhcp server dump > dhcp.txt
start dhcp.txt
on your dhcp server is there any mention of the wrong dns server entry -- this will dump all dhcp settings out to a text file
Steve