Solved

ARP/DNS Issues after AD implementation

Posted on 2006-11-20
12
300 Views
Last Modified: 2007-12-19
I am not sure what category to post this in, as it may relate to multiple network devices, but I will try here first.

We are a small co (roughly 300 users) operating under a much larger umbrella co.  Our larger co. recently upgraded to AD, forcing us to do the same (From good old NT4).

All of our clients run XP and DHCP, and we use all Cisco routers & switches.  Locally here in IL we have 10 sites, all connected via WAN and all authenticate to our AD controller locally, and that same box runs DHCP for all the clients.  The primary DNS boxes are at our corp office, and it just pushes down all the DNS to our local controller.

Implementation went pretty smooth, and shortly thereafter we start getting a lot of calls about people not being able to get into many critical applications.  We realized all the XP clients had their firewalls reactivated.  So we set up policy to turn all of those off.  Then we began getting calls about critical web sites not being able to function.  After looking closer at our XP clients, we noticed the clients had pulled all the new DHCP info, but were also retaining as a primary an old DNS box that no longer exists.  We double and triple checked our DHCP box, and it is and has been configured perfectly for all our sites.  We reset all our routers and switches, and had everyone restart their machines.  This did not fix anything.  The only "quick fix" is to do an "arp clear" locally and then "ipconfig/renew".  This fixed the issues for some time, and then they get the wrong info right away.

This is starting to become a daily annoyance and has been driving our help desk insane for the past week since AD was rolled out.  

We have also restarted DNS services, and cleared ARP on the server as well.

Anyone have any ideas why this could be happening?  Keep in mind there are over 20 other sites like ours connecting to our corporate office, and we are the only ones having these issues, which makes it that much more frustrating.

Any help would be appreciated.

thanks
0
Comment
Question by:integramed
  • 7
  • 4
12 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 125 total points
Comment Utility
Could there be a policy in place which is replacing them?

http://support.microsoft.com/default.aspx?scid=kb;en-us;294785

have a look at the policies applie to the machines with

gpresult /v
or
gpresult /z

to check

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
if you do

netsh dhcp server dump > dhcp.txt
start dhcp.txt

on your dhcp server is there any mention of the wrong dns server entry -- this will dump all dhcp settings out to a text file

Steve
0
 
LVL 1

Author Comment

by:integramed
Comment Utility
Steve,

Thanks for the suggestions.

I checked the gpresult and the only policy on all clients is a computer policy which is the one we use to disable all the firewalls.

I also did the dhcp dump as you suggested, and it gave me all the settings for our dhcp scopes, etc.  I did a text search in there for the "incorrect DNS IP" address that has been affecting the clients and did not find any traces of it in there.  

Is there something else in that file I need to look at you think?

I was thinking would it be appropriate to put this command in our login script, if not permanently maybe temporarily?

"netsh interface ip delete arpcache"

This seems to fix the problem, and then a ipconfig/renew after that brings the corrent dhcp settings into the client.




0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
You could try but users may not be able to run that unless they are local admins.

It does sound particularly odd but at least we've ruled out some odd setting in a GPO or DHCP.

Does that happen on all w/s or just some, could it be statically assigned to another NIC on these, a dialup connection or VPN etc pointng at old DNS servers?

Steve
0
 
LVL 1

Author Comment

by:integramed
Comment Utility
This is happening on over half of them.  It is not dependant on client hardware, OS, or location from what we can see at this point.
The group policy script worked but it took way too long for users to log in, so I removed it.  

I created a simple batch file using pstools to remotely clear the arp cache and do a ipconfig/renew, and all my tech has to do is input the PC name and it will take care of the rest.  Seems very low tech but it does the trick for now.  

This even has my guys at our corp office stumped.  We have reset the routers/switches again at both our hub site and spoke sites.  All machines only have 1 NIC, we run a 99% Dell shop.  Mostly Optiplexes, small and medium form factors.  VPN is not installed on any clients withing the organization.  Also no dialup connections configured on any of the machines.

Is now a good time to increase the point value? :)
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Will look back tomorroe... late now

Steve
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
OK silly question time and some more unlikelies... when you do ipconfig /all on the machine that is effected does it have the correct dhcp server specified, could be someone has got a server setup locally or the dhcp /ip helper addresses on your routers are pointing to an old server too?

When the wrong value is showing up suggest giving a search on the machine with regedit.exe and see what keys it appears under -- i.e. another value under the dhcp cached settings against the NIC or somewhere else.


Steve
0
 

Assisted Solution

by:dshlyam
dshlyam earned 125 total points
Comment Utility
I agree with the previous poster. Did you check for a possible rogue DHCP server on your network?

Next time PC gets incorrect info run ipconfig /all and take a note of a DHCP server address. If it's not the one in Purchase, there is your culprit.

It is possible that some server at your location is setup as DHCP and you just dont' know about it. I mean, everything is possible at INMD. :)

--
Daniel Shlyam
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Exactly... easily done even some mobile phone syncing software and such like installs a little DHCP server, as do of course wireless access points etc. that people sometimes like plugging in...

Steve
0
 
LVL 1

Author Comment

by:integramed
Comment Utility
Checked for rogue server...did not find anything.  When we get the wrong dns on a client, it still shows my DHCP server.   Access points are all WRT56G Linksys, all of them have static IP.  Nobody is allowed to install any software on the local machines, so there is no phone or palm syncing software out there.

i did peek onto the server at corp. and saw that our DHCP scope are still in there but de-activated, do I need to delete them? Does it matter?

What other devices could possibly be giving out an outdated DNS address?  It is driving me crazy.  I had half our sites reboot their routers and switches, but then the issue still persists, over and over, on those sites.

How you been Daniel?  Did you just reply because you saw Integramed on the name? :)

Chris

0
 
LVL 1

Author Comment

by:integramed
Comment Utility
Thanks for everyones help.  Finally got this resolved.  We didnt quite nail it on the head but one of our guys wrote a script to force DHCP updates of DNS & WINS information when the machines are started up.  This seems to have fixed the issue, along with power cycling all of our routers.

What a pain in the rear!!

-Chris

0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Very odd and a bit of a bodge fix but if it works... :-)

Steve
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now