Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ARP/DNS Issues after AD implementation

Posted on 2006-11-20
12
Medium Priority
?
331 Views
Last Modified: 2007-12-19
I am not sure what category to post this in, as it may relate to multiple network devices, but I will try here first.

We are a small co (roughly 300 users) operating under a much larger umbrella co.  Our larger co. recently upgraded to AD, forcing us to do the same (From good old NT4).

All of our clients run XP and DHCP, and we use all Cisco routers & switches.  Locally here in IL we have 10 sites, all connected via WAN and all authenticate to our AD controller locally, and that same box runs DHCP for all the clients.  The primary DNS boxes are at our corp office, and it just pushes down all the DNS to our local controller.

Implementation went pretty smooth, and shortly thereafter we start getting a lot of calls about people not being able to get into many critical applications.  We realized all the XP clients had their firewalls reactivated.  So we set up policy to turn all of those off.  Then we began getting calls about critical web sites not being able to function.  After looking closer at our XP clients, we noticed the clients had pulled all the new DHCP info, but were also retaining as a primary an old DNS box that no longer exists.  We double and triple checked our DHCP box, and it is and has been configured perfectly for all our sites.  We reset all our routers and switches, and had everyone restart their machines.  This did not fix anything.  The only "quick fix" is to do an "arp clear" locally and then "ipconfig/renew".  This fixed the issues for some time, and then they get the wrong info right away.

This is starting to become a daily annoyance and has been driving our help desk insane for the past week since AD was rolled out.  

We have also restarted DNS services, and cleared ARP on the server as well.

Anyone have any ideas why this could be happening?  Keep in mind there are over 20 other sites like ours connecting to our corporate office, and we are the only ones having these issues, which makes it that much more frustrating.

Any help would be appreciated.

thanks
0
Comment
Question by:integramed
  • 7
  • 4
12 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 375 total points
ID: 17983194
Could there be a policy in place which is replacing them?

http://support.microsoft.com/default.aspx?scid=kb;en-us;294785

have a look at the policies applie to the machines with

gpresult /v
or
gpresult /z

to check

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17983205
if you do

netsh dhcp server dump > dhcp.txt
start dhcp.txt

on your dhcp server is there any mention of the wrong dns server entry -- this will dump all dhcp settings out to a text file

Steve
0
 
LVL 1

Author Comment

by:integramed
ID: 17987851
Steve,

Thanks for the suggestions.

I checked the gpresult and the only policy on all clients is a computer policy which is the one we use to disable all the firewalls.

I also did the dhcp dump as you suggested, and it gave me all the settings for our dhcp scopes, etc.  I did a text search in there for the "incorrect DNS IP" address that has been affecting the clients and did not find any traces of it in there.  

Is there something else in that file I need to look at you think?

I was thinking would it be appropriate to put this command in our login script, if not permanently maybe temporarily?

"netsh interface ip delete arpcache"

This seems to fix the problem, and then a ipconfig/renew after that brings the corrent dhcp settings into the client.




0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17988087
You could try but users may not be able to run that unless they are local admins.

It does sound particularly odd but at least we've ruled out some odd setting in a GPO or DHCP.

Does that happen on all w/s or just some, could it be statically assigned to another NIC on these, a dialup connection or VPN etc pointng at old DNS servers?

Steve
0
 
LVL 1

Author Comment

by:integramed
ID: 17996148
This is happening on over half of them.  It is not dependant on client hardware, OS, or location from what we can see at this point.
The group policy script worked but it took way too long for users to log in, so I removed it.  

I created a simple batch file using pstools to remotely clear the arp cache and do a ipconfig/renew, and all my tech has to do is input the PC name and it will take care of the rest.  Seems very low tech but it does the trick for now.  

This even has my guys at our corp office stumped.  We have reset the routers/switches again at both our hub site and spoke sites.  All machines only have 1 NIC, we run a 99% Dell shop.  Mostly Optiplexes, small and medium form factors.  VPN is not installed on any clients withing the organization.  Also no dialup connections configured on any of the machines.

Is now a good time to increase the point value? :)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17999697
Will look back tomorroe... late now

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18001547
OK silly question time and some more unlikelies... when you do ipconfig /all on the machine that is effected does it have the correct dhcp server specified, could be someone has got a server setup locally or the dhcp /ip helper addresses on your routers are pointing to an old server too?

When the wrong value is showing up suggest giving a search on the machine with regedit.exe and see what keys it appears under -- i.e. another value under the dhcp cached settings against the NIC or somewhere else.


Steve
0
 

Assisted Solution

by:dshlyam
dshlyam earned 375 total points
ID: 18003702
I agree with the previous poster. Did you check for a possible rogue DHCP server on your network?

Next time PC gets incorrect info run ipconfig /all and take a note of a DHCP server address. If it's not the one in Purchase, there is your culprit.

It is possible that some server at your location is setup as DHCP and you just dont' know about it. I mean, everything is possible at INMD. :)

--
Daniel Shlyam
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003714
Exactly... easily done even some mobile phone syncing software and such like installs a little DHCP server, as do of course wireless access points etc. that people sometimes like plugging in...

Steve
0
 
LVL 1

Author Comment

by:integramed
ID: 18029328
Checked for rogue server...did not find anything.  When we get the wrong dns on a client, it still shows my DHCP server.   Access points are all WRT56G Linksys, all of them have static IP.  Nobody is allowed to install any software on the local machines, so there is no phone or palm syncing software out there.

i did peek onto the server at corp. and saw that our DHCP scope are still in there but de-activated, do I need to delete them? Does it matter?

What other devices could possibly be giving out an outdated DNS address?  It is driving me crazy.  I had half our sites reboot their routers and switches, but then the issue still persists, over and over, on those sites.

How you been Daniel?  Did you just reply because you saw Integramed on the name? :)

Chris

0
 
LVL 1

Author Comment

by:integramed
ID: 18102192
Thanks for everyones help.  Finally got this resolved.  We didnt quite nail it on the head but one of our guys wrote a script to force DHCP updates of DNS & WINS information when the machines are started up.  This seems to have fixed the issue, along with power cycling all of our routers.

What a pain in the rear!!

-Chris

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18102306
Very odd and a bit of a bodge fix but if it works... :-)

Steve
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question