vtexeira
asked on
New DHCP Server Install
We just migrated to Windows DHCP from Netware 6.5. We are one of many departments in a county. We only use DNS here but point to the Main County office for some WINs resolutions and even some DNS resolution. So far everyone is getting the correct IP info from the new DHCP server but we cannot get to the websites that our county main office uses - which is what we need the Wins servers for. If I type in the ip and Wins settings manually on these PCs I can get to the sites. In the DHCP Server I am pushing option 44 with the county office's WINs server addresses and option 46 - I have tried the value 0x1 and 0x8 unsuccessfully. This worked perfect in Netware with those 2 options. I am not sure what else I can try and would really appreciate any help. Thanks in advance
Also when setting our scope we have a subnet mask of 255.255.240.0 but in my range of Ips to pass out I only setup 10.150.20.1 - 10.150.21.255 with a subnet mask of 255.255.240.0 and then I did not setup any exclusions. Should I have defined the whole subnet 10.150.16.1 - 10.150.31.255 and the setup the exclusions I wanted? Could this be my problem?
Also when setting our scope we have a subnet mask of 255.255.240.0 but in my range of Ips to pass out I only setup 10.150.20.1 - 10.150.21.255 with a subnet mask of 255.255.240.0 and then I did not setup any exclusions. Should I have defined the whole subnet 10.150.16.1 - 10.150.31.255 and the setup the exclusions I wanted? Could this be my problem?
ASKER
1. I cannot ping the ip address or the server name as long as I use a dhcp address. If I manually put an address in, in the same IP range I can ping the ip but not the name. If I then put the address of the wins server in - manually - I can ping by name. The site I need to get to includes the server name in the address ie; http://servername/finance/cmd=login.
2. I cannot ping using ping -a either.
3. The browser does not work however if I substitute //servername with //ipaddress they can get to the site currently that is my work around just not sure how long it will hold up.
4. I cannot telnet on port 80 but I was not surprised as this is not our network could be blocked.
5. Having to put WINS server address manually in the TCPIP settings before I can ping by name made me think it was a WINS issue, and we used to have a lot more trouble connecting to the downtown resources until I started pushing their WINs servers and using DNS forwarding in our DNS server.
I have a permanent connection to the downtown building we do not need VPN, this was put in place just for this system. This was all working fine on friday on a Netware 6.5 server running the DHCP service and we have always used Microsoft DNS.
thanks for the response
2. I cannot ping using ping -a either.
3. The browser does not work however if I substitute //servername with //ipaddress they can get to the site currently that is my work around just not sure how long it will hold up.
4. I cannot telnet on port 80 but I was not surprised as this is not our network could be blocked.
5. Having to put WINS server address manually in the TCPIP settings before I can ping by name made me think it was a WINS issue, and we used to have a lot more trouble connecting to the downtown resources until I started pushing their WINs servers and using DNS forwarding in our DNS server.
I have a permanent connection to the downtown building we do not need VPN, this was put in place just for this system. This was all working fine on friday on a Netware 6.5 server running the DHCP service and we have always used Microsoft DNS.
thanks for the response
The inability to ping by IP means they either disabled ICMP, or they are on another subnet.
Wins is needed for Netbios to go through NAT to the other server. It will be required for your browser service.
What you have problems with is DNS. DNS uses forwarders to forward to an outside server. Though you have a direct connection to this site, DNS Port 53 must be open for DNS to work. If you can't telnet to port 53, then you will have a problem with DNS. Similar to HTTP port 80. DNS is used to contact by domain names. Your issue is a firewall issue between the sites.
-You may have DNS disabled on port 53, probably on the remote site.
-You have ICMP configured to not respond to IP pings. (most likely on the remote side firewall.)
-You might have IP version 6 enabled on the DHCP server. That could hose up your DHCP. To check for this, go to the command prompt and type IPconfig /all. If you see an alpha numeric IP address and something that says torredo tunnel, then IPv6 is enabled. There is an article to make DNS friendly with IP version 6. However, IPv6 requires an IPv6 router. Before we provide the article, consider using IPv4 and decide if your network is compatible with IPv6.
-Then, you need a HOST A record of the web site on your local DNS server. So, you will need it's ip through your direct connection.
Wins is needed for Netbios to go through NAT to the other server. It will be required for your browser service.
What you have problems with is DNS. DNS uses forwarders to forward to an outside server. Though you have a direct connection to this site, DNS Port 53 must be open for DNS to work. If you can't telnet to port 53, then you will have a problem with DNS. Similar to HTTP port 80. DNS is used to contact by domain names. Your issue is a firewall issue between the sites.
-You may have DNS disabled on port 53, probably on the remote site.
-You have ICMP configured to not respond to IP pings. (most likely on the remote side firewall.)
-You might have IP version 6 enabled on the DHCP server. That could hose up your DHCP. To check for this, go to the command prompt and type IPconfig /all. If you see an alpha numeric IP address and something that says torredo tunnel, then IPv6 is enabled. There is an article to make DNS friendly with IP version 6. However, IPv6 requires an IPv6 router. Before we provide the article, consider using IPv4 and decide if your network is compatible with IPv6.
-Then, you need a HOST A record of the web site on your local DNS server. So, you will need it's ip through your direct connection.
ASKER
I understand what you are saying but every piece was working just 2 days ago and the only difference is I switched to Win 2003 DHCP. The weird thing is if I type in all of the TCPIP settings manually on any PC on the network using the exact same subnet information,DNS servers, and Wins server information everything starts working like it should. So it looks like all of the routing and ports we need open are already in place. I can also ping everything on their end by name and by IP so ICMP must be working. It is only when the PCs get the information from the new 2003 DHCP server everything stops working. We have had this setup for a couple of years now the only thing that has changed is the DHCP server on Friday. I was hoping there was some setting I was missing. The server is not running IPv6. I have used DNS forwarding for the same 2 or 3 years and have never needed any A records on the DNS server. And even when I put the server info in a couple of the HOSTS files on some problem PCs it didn't help. I am baffled and am contemplating going back to Netware DHCP. It just feels like we are so close to having this work we just can't get our finger on that last piece.
Thanks for the response
Thanks for the response
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Could this be a local Windows Firewall issue?
Windows can turn its firewall off when assigned a static IP. Try with/without.
Windows can turn its firewall off when assigned a static IP. Try with/without.
ASKER
Well here is where I am at, I have all of the scope options defined, I tried them as server options and as scope options this did not work. I have tried disabling the firewall did not work. I spent 6 hours on the phone with Microsoft and still nothing. I am now working with our Cisco guys - we have a contract for all of our Cisco work - to see what could be blocking the traffic. They do not think anything is blocked but are still checking. For now I have assigned the old range of IPs that the original Netware server was passing out and seems like everything is working again. Something has got to be blocking traffic somewhere just not sure where yet.
I appreciate all of the comments this is a strange problem
thanks again
I appreciate all of the comments this is a strange problem
thanks again
So, DHCP is not working as it should. What service pack are you on? There is a known issue with SP1 that could block the server from communicating and it can knock down DHCP.
https://www.experts-exchange.com/questions/23306595/Windows-2003-R2-Sp1Server-has-intermittant-freezes.html
We should concentrate on DHCP first:
The website is a DNS problem, I swear it. We will fix that as soon as DHCP is 100%
https://www.experts-exchange.com/questions/23306595/Windows-2003-R2-Sp1Server-has-intermittant-freezes.html
We should concentrate on DHCP first:
The website is a DNS problem, I swear it. We will fix that as soon as DHCP is 100%
ASKER
I am on SP2 for Win2k3. When I went back to the old leases from the Netware server things started working here. Even the web apps we were having trouble with. Under Address Leases however it shows quite a bit of computers with "BAD_ADDRESS" under the name heading and the description of course says, "this address is already in use". It looks like it has tried to use all 500 addresses in my range but I know I don't have that many devices coming up. I just refreshed and now it says out of 511 addresses I have 343 in use and 168 Available but still several of the BAD_ADDRESS entries. NOt sure what is going on but so far we are working. I plan to bring up another DHCP server in case this one fails I am just not trusting how everything is running right now.
Thanks again for the response
Thanks again for the response
So, you have DHCP records of computers that no longer exist. It sounds like you have to set your Lease duration. DHCP will hold onto those leases until the duration of the lease expires. Set it to eight days, (that is the default setting and shouldn't interfere with Dynamic DNS HOST A scavenging, If applicable in your domain)
http://technet.microsoft.com/en-us/library/cc780476.aspx
http://technet.microsoft.com/en-us/library/cc780476.aspx
OOPS, hold on a second: ((What was I thinking))
You are bringing up DHCP server after DHCP server. If a DHCP server has the same scope and address pool, they will conflict and knock eachother down. You may also get the same IP assigned to multiple clients.
Knowing that, what DHCP server do you want to supply DHCP? Let's get that one running.
When you bring up this second DHCP server, do NOT give it the same scope and address pool as the second one.
DHCP best practices:
https://www.experts-exchange.com/questions/23061654/Split-DHCP-Server-question.html
You are bringing up DHCP server after DHCP server. If a DHCP server has the same scope and address pool, they will conflict and knock eachother down. You may also get the same IP assigned to multiple clients.
Knowing that, what DHCP server do you want to supply DHCP? Let's get that one running.
When you bring up this second DHCP server, do NOT give it the same scope and address pool as the second one.
DHCP best practices:
https://www.experts-exchange.com/questions/23061654/Split-DHCP-Server-question.html
Let's see where the communication fault lies:
1)Can you ping the website by IP address?
2)Can you ping the website by the following way?
Ping -a IPaddress.
3)Can you go to the browser and access the website by going to its domain unc path?
example: http:\\servername.domain.name
4)Can you telnet to the server on port 80? If not on port 80: what port is it on and is the firewall not blocking that port?
5)The only thing that uses WINS any more is the Browser service.
This is all based off the assumption that you have a VPN connection to the remote site.