ARP/DNS Issues after AD implementation

I am not sure what category to post this in, as it may relate to multiple network devices, but I will try here first.

We are a small co (roughly 300 users) operating under a much larger umbrella co.  Our larger co. recently upgraded to AD, forcing us to do the same (From good old NT4).

All of our clients run XP and DHCP, and we use all Cisco routers & switches.  Locally here in IL we have 10 sites, all connected via WAN and all authenticate to our AD controller locally, and that same box runs DHCP for all the clients.  The primary DNS boxes are at our corp office, and it just pushes down all the DNS to our local controller.

Implementation went pretty smooth, and shortly thereafter we start getting a lot of calls about people not being able to get into many critical applications.  We realized all the XP clients had their firewalls reactivated.  So we set up policy to turn all of those off.  Then we began getting calls about critical web sites not being able to function.  After looking closer at our XP clients, we noticed the clients had pulled all the new DHCP info, but were also retaining as a primary an old DNS box that no longer exists.  We double and triple checked our DHCP box, and it is and has been configured perfectly for all our sites.  We reset all our routers and switches, and had everyone restart their machines.  This did not fix anything.  The only "quick fix" is to do an "arp clear" locally and then "ipconfig/renew".  This fixed the issues for some time, and then they get the wrong info right away.

This is starting to become a daily annoyance and has been driving our help desk insane for the past week since AD was rolled out.  

We have also restarted DNS services, and cleared ARP on the server as well.

Anyone have any ideas why this could be happening?  Keep in mind there are over 20 other sites like ours connecting to our corporate office, and we are the only ones having these issues, which makes it that much more frustrating.

Any help would be appreciated.

thanks
LVL 1
integramedAsked:
Who is Participating?
 
Steve KnightConnect With a Mentor IT ConsultancyCommented:
Could there be a policy in place which is replacing them?

http://support.microsoft.com/default.aspx?scid=kb;en-us;294785

have a look at the policies applie to the machines with

gpresult /v
or
gpresult /z

to check

Steve
0
 
Steve KnightIT ConsultancyCommented:
if you do

netsh dhcp server dump > dhcp.txt
start dhcp.txt

on your dhcp server is there any mention of the wrong dns server entry -- this will dump all dhcp settings out to a text file

Steve
0
 
integramedAuthor Commented:
Steve,

Thanks for the suggestions.

I checked the gpresult and the only policy on all clients is a computer policy which is the one we use to disable all the firewalls.

I also did the dhcp dump as you suggested, and it gave me all the settings for our dhcp scopes, etc.  I did a text search in there for the "incorrect DNS IP" address that has been affecting the clients and did not find any traces of it in there.  

Is there something else in that file I need to look at you think?

I was thinking would it be appropriate to put this command in our login script, if not permanently maybe temporarily?

"netsh interface ip delete arpcache"

This seems to fix the problem, and then a ipconfig/renew after that brings the corrent dhcp settings into the client.




0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Steve KnightIT ConsultancyCommented:
You could try but users may not be able to run that unless they are local admins.

It does sound particularly odd but at least we've ruled out some odd setting in a GPO or DHCP.

Does that happen on all w/s or just some, could it be statically assigned to another NIC on these, a dialup connection or VPN etc pointng at old DNS servers?

Steve
0
 
integramedAuthor Commented:
This is happening on over half of them.  It is not dependant on client hardware, OS, or location from what we can see at this point.
The group policy script worked but it took way too long for users to log in, so I removed it.  

I created a simple batch file using pstools to remotely clear the arp cache and do a ipconfig/renew, and all my tech has to do is input the PC name and it will take care of the rest.  Seems very low tech but it does the trick for now.  

This even has my guys at our corp office stumped.  We have reset the routers/switches again at both our hub site and spoke sites.  All machines only have 1 NIC, we run a 99% Dell shop.  Mostly Optiplexes, small and medium form factors.  VPN is not installed on any clients withing the organization.  Also no dialup connections configured on any of the machines.

Is now a good time to increase the point value? :)
0
 
Steve KnightIT ConsultancyCommented:
Will look back tomorroe... late now

Steve
0
 
Steve KnightIT ConsultancyCommented:
OK silly question time and some more unlikelies... when you do ipconfig /all on the machine that is effected does it have the correct dhcp server specified, could be someone has got a server setup locally or the dhcp /ip helper addresses on your routers are pointing to an old server too?

When the wrong value is showing up suggest giving a search on the machine with regedit.exe and see what keys it appears under -- i.e. another value under the dhcp cached settings against the NIC or somewhere else.


Steve
0
 
dshlyamConnect With a Mentor Commented:
I agree with the previous poster. Did you check for a possible rogue DHCP server on your network?

Next time PC gets incorrect info run ipconfig /all and take a note of a DHCP server address. If it's not the one in Purchase, there is your culprit.

It is possible that some server at your location is setup as DHCP and you just dont' know about it. I mean, everything is possible at INMD. :)

--
Daniel Shlyam
0
 
Steve KnightIT ConsultancyCommented:
Exactly... easily done even some mobile phone syncing software and such like installs a little DHCP server, as do of course wireless access points etc. that people sometimes like plugging in...

Steve
0
 
integramedAuthor Commented:
Checked for rogue server...did not find anything.  When we get the wrong dns on a client, it still shows my DHCP server.   Access points are all WRT56G Linksys, all of them have static IP.  Nobody is allowed to install any software on the local machines, so there is no phone or palm syncing software out there.

i did peek onto the server at corp. and saw that our DHCP scope are still in there but de-activated, do I need to delete them? Does it matter?

What other devices could possibly be giving out an outdated DNS address?  It is driving me crazy.  I had half our sites reboot their routers and switches, but then the issue still persists, over and over, on those sites.

How you been Daniel?  Did you just reply because you saw Integramed on the name? :)

Chris

0
 
integramedAuthor Commented:
Thanks for everyones help.  Finally got this resolved.  We didnt quite nail it on the head but one of our guys wrote a script to force DHCP updates of DNS & WINS information when the machines are started up.  This seems to have fixed the issue, along with power cycling all of our routers.

What a pain in the rear!!

-Chris

0
 
Steve KnightIT ConsultancyCommented:
Very odd and a bit of a bodge fix but if it works... :-)

Steve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.