• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1671
  • Last Modified:

DNS error Event: 11050

I have an eleven machine domain, one Vista box, one Win2k box and the rest are XP.

The domain controllers are both W2k3 Standard, right now SP1...will be SP2 tonight when I restart.

One machine, the Win2k machine, has decided it doesn't want to access the internet.  If you start the computer up, Internet Explorer will connect to the home page just fine.  But if you close IE and restart, it will not hit anything...by url or ip address (which is curious as I'm sure this is a dns issue).  Sometimes it might let you get to two websites before it craps out.

There are two nics on the machine, one fiber, the other an onboard rj-45.  The problem is identical with both cards.

I have uninstalled/re-installed tcp/ip, both by unchecking the box next to it in properties and restarting and using the uninstall button, neither worked.  I have done this on both cards.

I have four different dns servers running, two inside and two outside my firewall (people inside the building and remote users).  We have also tried using two outside dns servers.  The problem is identical with all six servers.

I cleared the system log in event viewer and restarted the computer, then replicated the problem.  As expected, I received Event 11050 in the system log:

The DNS Client service could not contact any DNS servers for a repeated number of attempts. For the next 30 seconds the DNS Client service will not use the network to avoid further network performance problems. It will resume its normal behavior after that. If this problem persists, verify your TCP/IP configuration, specifically check that you have a preferred (and possibly an alternate) DNS server configured. If the problem continues, verify network conditions to these DNS servers or contact your network administrator.

The DC passed netdiag and dcdiag.  

There have been no changes in the domain, firewall or network topography.  I have to believe the issue is specific to this machine as it's the only one displaying the problem.

After allowing the computer to sit for the timeout period, I can ping the inside dns servers.  I then open IE and get the homepage, close/reopen IE and don't get the homepage.  If I then try to ping the dns server, I get destination host unreachable.

As you can imagine, this needs to be resolved, but I'm running out of paths to follow.  Any thoughts would be appreciated.

Jonathan

0
UHLS
Asked:
UHLS
1 Solution
 
ocon827679Commented:
If you do a ping -t from the box to another box on the network, do you have any problems?  (the ping -t will do a continuous ping)  If you see packets fail, then you need to fix the network.

Do you need both NICs operational?  Can you disable one to ensure that only one path is being utilized for network traffic.

Are all of the DNS servers using forwarders or are you using root hints?
0
 
UHLSAuthor Commented:
Thanks ocon, but both nics aren't operational, I tested one at a time.  None of the servers use forwarders either.  

Howerver...the situation has changed.  I did some more digging and found the problem is in fact the Auto-Block rule feature in Internet Worm Protection from Norton 2005.

I added a rule specifically to allow all traffic (TCP and UDP) from both of my internal dns servers, unblocked them, restart the computer and after surfing a handful of sites, they get blocked again.

Also, autoprotect starts as disabled...I check the box to enable it, restart the machine, and it's disabled again.

Beyond get rid of Norton, anyone have any advice?

Jonathan
0
 
netnounoursCommented:
Just curious...are the other machines using the same version of Norton ? shouldn't it be upgraded to something more recent ?
0
 
UHLSAuthor Commented:
I've asked for this question to be deleted.

Just so you know, it turned out to be Norton Anti-Virus 2005.  There is a feature under Internet Worm Protection called autoblock.  For some reason, even though there is a default rule to allow dns traffic, and I created another one to allow all traffic from my two dns servers, it still caused the problem, even when it was turned off.

I uninstalled Norton and went with AVG.

Jonathan
0
 
Vee_ModCommented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now