dgower
asked on
lost internet access from domain controller
I haven't encountered this problem before...
I have a LAN domain with one domain controller and about 15 users. I had two switches: one 24-port PoE (Power over Ethernet) switch, and one plain 16 port switch. Today I replaced the plain 16-port switch with a brand new Dell PowerConnect PoE switch. I hooked the two PoE switches together with a single Ethernet cable connecting their gigagit ports.
Subsequent to the replacement all the user computers work normally and have access to the Internet, however the domain controller suddenly can't access Internet via either IE or Firefox. This is a problem because several services on the server can't obtain automatic updates from the Internet. The server also hosts Exchange, but email is still flowing.
I can ping www.yahoo.com from a DOS box on the server, which is strange, since I can't reach the Internet via a web browser. There is no software firewall running and I have tried disabling the antivirus program.
I think I need help with DNS to troubleshoot this?
Thanks.
I have a LAN domain with one domain controller and about 15 users. I had two switches: one 24-port PoE (Power over Ethernet) switch, and one plain 16 port switch. Today I replaced the plain 16-port switch with a brand new Dell PowerConnect PoE switch. I hooked the two PoE switches together with a single Ethernet cable connecting their gigagit ports.
Subsequent to the replacement all the user computers work normally and have access to the Internet, however the domain controller suddenly can't access Internet via either IE or Firefox. This is a problem because several services on the server can't obtain automatic updates from the Internet. The server also hosts Exchange, but email is still flowing.
I can ping www.yahoo.com from a DOS box on the server, which is strange, since I can't reach the Internet via a web browser. There is no software firewall running and I have tried disabling the antivirus program.
I think I need help with DNS to troubleshoot this?
Thanks.
First, Did you restart both switches after installing the new one? Second, is the cat5 jumper connecting the switches tested and in good order? If this didn't help, I think you should rule out a defective switch. Is connectivity restored when you replace the new switch with the old one (go back to the way it was)? Before we get into the DNS settings we should rule out the things you changed just before the connectivity failed.
ASKER
I'll be back at the site around 6am pst tomorrow morning.
In the meantime, here are my responses to your questions...
server has a static address, not dhcp
nickt25: I will try booting to safe mode, but what do you mean by open your document, I don't understand.
cmandala: yes, i restarted both switches. I also restarted the Linksys internet router. beyond that is a cisco switch where the t1 terminates. i did not restart the cisco, but will tomorrow morning.
I replaced the cat5 cable with a brand new one, but that didn't help.
I'm going to try replacing the new switch with the old one tomorrow morning.
Thanks guys.
In the meantime, here are my responses to your questions...
server has a static address, not dhcp
nickt25: I will try booting to safe mode, but what do you mean by open your document, I don't understand.
cmandala: yes, i restarted both switches. I also restarted the Linksys internet router. beyond that is a cisco switch where the t1 terminates. i did not restart the cisco, but will tomorrow morning.
I replaced the cat5 cable with a brand new one, but that didn't help.
I'm going to try replacing the new switch with the old one tomorrow morning.
Thanks guys.
ASKER
Hi.
I went on-site this morning.
The device path from the domain controller to the Internet is as follows...
DC >> Origingal PoE Switch >> Linksys RVS4000 broadbound router >> Cisco 2600 >> T1 >> ISP
I shut down all the devices, waited several minutes, and then brought them back online starting with the Cisco. This did not restore Internet access from the DC.
I then removed the new PoE switch and replaced it with the old 16-port switch and recabled everything. Then I shut everything down and brought it all back starting with the Cisco. Still no Internet from DC.
I was going to boot to Safe Mode but employees started showing up at 7AM and could not keep server offline.
nickt25: your post doesnt show the "document" you mentioned. Could you resend it? I will probably come in off-hours tomorrow Saturday and try this out.
In the meantime, what else can I try without rebooting the DC during office hours? Thanks.
I went on-site this morning.
The device path from the domain controller to the Internet is as follows...
DC >> Origingal PoE Switch >> Linksys RVS4000 broadbound router >> Cisco 2600 >> T1 >> ISP
I shut down all the devices, waited several minutes, and then brought them back online starting with the Cisco. This did not restore Internet access from the DC.
I then removed the new PoE switch and replaced it with the old 16-port switch and recabled everything. Then I shut everything down and brought it all back starting with the Cisco. Still no Internet from DC.
I was going to boot to Safe Mode but employees started showing up at 7AM and could not keep server offline.
nickt25: your post doesnt show the "document" you mentioned. Could you resend it? I will probably come in off-hours tomorrow Saturday and try this out.
In the meantime, what else can I try without rebooting the DC during office hours? Thanks.
Does your domain controller double as a DNS server and is this DNS server the primary for the client computers?
Could you pull the DNS settings for the server as well as the DNS settings on a client machine and post them?
If you ping www.yahoo.com and the address is resolved, DNS is resolving hostnames - if this machine also runs exchange and users have been able to send and receive mail then DNS and internet are working. If DNS was not functioning correctly, your users probably would be getting bounce backs because the domains could not be resolved.
Just for kicks though use IE to go to yahoo.com if it doesn't work then use nslookup to check name resolution, then use ping to verify you get a response back then use tracert to see if you can pinpoint an area of failure.
If there are no apparent points of failure you can try a winsock fix.
Otherwise you may want to run a winsock fix on it, http traffic may not be getting through correctly.
www.snapfiles.com/get/winsockxpfix.html - this is the link for the Winsock Fix Utility by Option Explicit
Could you pull the DNS settings for the server as well as the DNS settings on a client machine and post them?
If you ping www.yahoo.com and the address is resolved, DNS is resolving hostnames - if this machine also runs exchange and users have been able to send and receive mail then DNS and internet are working. If DNS was not functioning correctly, your users probably would be getting bounce backs because the domains could not be resolved.
Just for kicks though use IE to go to yahoo.com if it doesn't work then use nslookup to check name resolution, then use ping to verify you get a response back then use tracert to see if you can pinpoint an area of failure.
If there are no apparent points of failure you can try a winsock fix.
Otherwise you may want to run a winsock fix on it, http traffic may not be getting through correctly.
www.snapfiles.com/get/winsockxpfix.html - this is the link for the Winsock Fix Utility by Option Explicit
Lots of things can cause your issues:
1) SP1 has a problem that may shut down certain services. It has a bug in the programming that makes your MTU channels fragment data packets. So, a simple ping might go through, but much more than that might be blocked or time out. A fix to this is to download and install SP2.
2) If your preferred DNS server's lis it wrong, you can certainly knock down your DNS settings.
3) if your default gateway is not configured on your server, you could loose internet access but all else seems OK.
4) You could have a bad DNS cache record or a configured Host file on the server.
5) a multihomed Domain controller may cause this issue very easily. (This is what I think is your problem)
The best thing you can do for us to help you is run a few diagnostics and provide us with the errors:
At the command prompt:
Netdiag
DCdiag
In event logs look for 4004 and 4015 events. If so, provide those events.
Also a IPconfig /all will help us out a great deal.
1) SP1 has a problem that may shut down certain services. It has a bug in the programming that makes your MTU channels fragment data packets. So, a simple ping might go through, but much more than that might be blocked or time out. A fix to this is to download and install SP2.
2) If your preferred DNS server's lis it wrong, you can certainly knock down your DNS settings.
3) if your default gateway is not configured on your server, you could loose internet access but all else seems OK.
4) You could have a bad DNS cache record or a configured Host file on the server.
5) a multihomed Domain controller may cause this issue very easily. (This is what I think is your problem)
The best thing you can do for us to help you is run a few diagnostics and provide us with the errors:
At the command prompt:
Netdiag
DCdiag
In event logs look for 4004 and 4015 events. If so, provide those events.
Also a IPconfig /all will help us out a great deal.
ASKER
ChiefIT:
Hi. Thanks for everybody's help so far.
I think you're right about upgrading to SP2. The C drive on the server is a bit tight, but I've cleaned it up and now have 1.7GB free space on a 12GB drive. That should leave me a safe amount of space for SP2 do you think?
The domain controller IS multihomed. However the 2nd NIC interface is disabled. It's called simply "DONTUSE". You'll see that it doesn't show up on the IPCONFIG /ALL. However although it's disabled it currently is configured for dynamic IP. I could configure it for a different nonroutable address -- say 192.168.0.100 -- if you think that would make any difference?
Here are the diagnostics you requested: Netdiag, DCdiag, IPconfig /all. Also I checked both system and app event logs and neither shows anything for 4004 or 4015 events.
**************************
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FO
Starting test: Connectivity
......................... FORTSVR passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FO
Starting test: Replications
......................... FORTSVR passed test Replications
Starting test: NCSecDesc
......................... FORTSVR passed test NCSecDesc
Starting test: NetLogons
......................... FORTSVR passed test NetLogons
Starting test: Advertising
......................... FORTSVR passed test Advertising
Starting test: KnowsOfRoleHolders
......................... FORTSVR passed test KnowsOfRoleHolders
Starting test: RidManager
......................... FORTSVR passed test RidManager
Starting test: MachineAccount
......................... FORTSVR passed test MachineAccount
Starting test: Services
......................... FORTSVR passed test Services
Starting test: ObjectsReplicated
......................... FORTSVR passed test ObjectsReplicated
Starting test: frssysvol
......................... FORTSVR passed test frssysvol
Starting test: frsevent
......................... FORTSVR passed test frsevent
Starting test: kccevent
......................... FORTSVR passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 11/01/2008 09:50:13
(Event String could not be retrieved)
......................... FORTSVR failed test systemlog
Starting test: VerifyReferences
......................... FORTSVR passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : FORTPROPERTIES
Starting test: CrossRefValidation
......................... FORTPROPERTIES passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... FORTPROPERTIES passed test CheckSDRefDom
Running enterprise tests on : FORTPROPERTIES.COM
Starting test: Intersite
......................... FORTPROPERTIES.COM passed test Intersite
Starting test: FsmoCheck
......................... FORTPROPERTIES.COM passed test FsmoCheck
**************************
Windows IP Configuration
Host Name . . . . . . . . . . . . : fortsvr
Primary Dns Suffix . . . . . . . : FORTPROPERTIES.COM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : FORTPROPERTIES.COM
Ethernet adapter FORTLAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0D-56-BB-CF-F5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.205
DNS Servers . . . . . . . . . . . : 127.0.0.1
10.0.0.101
**************************
Computer Name: FORTSVR
DNS Host Name: fortsvr.FORTPROPERTIES.COM
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911567
KB911897
KB911927
KB912919
KB914388
KB914389
KB916281
KB917344
KB917422
KB917537
KB917734
KB917734_WMP9
KB917953
KB918118
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921503
KB921883
KB922582
KB922616
KB922760
KB922819
KB923191
KB923414
KB923689
KB923694
KB923980
KB924191
KB924496
KB924667
KB925398_WMP64
KB925486
KB925902
KB926122
KB926436
KB927891
KB928090
KB928255
KB928843
KB929123
KB929969
KB930178
KB931784
KB931836
KB932168
KB933360
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143
KB938127
KB938464
KB938829
KB939653
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338-v2
KB944533
KB944653
KB945553
KB946026
KB948590
KB949014
KB950749
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952954
KB953838
KB953839
KB956391
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : FORTLAN
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : fortsvr
IP Address . . . . . . . . : 10.0.0.101
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.0.205
Dns Servers. . . . . . . . : 127.0.0.1
10.0.0.101
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{9CF9B3D9-3FB0
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.101'.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{9CF9B3D9-3FB0
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{9CF9B3D9-3FB0
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Hi. Thanks for everybody's help so far.
I think you're right about upgrading to SP2. The C drive on the server is a bit tight, but I've cleaned it up and now have 1.7GB free space on a 12GB drive. That should leave me a safe amount of space for SP2 do you think?
The domain controller IS multihomed. However the 2nd NIC interface is disabled. It's called simply "DONTUSE". You'll see that it doesn't show up on the IPCONFIG /ALL. However although it's disabled it currently is configured for dynamic IP. I could configure it for a different nonroutable address -- say 192.168.0.100 -- if you think that would make any difference?
Here are the diagnostics you requested: Netdiag, DCdiag, IPconfig /all. Also I checked both system and app event logs and neither shows anything for 4004 or 4015 events.
**************************
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FO
Starting test: Connectivity
......................... FORTSVR passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FO
Starting test: Replications
......................... FORTSVR passed test Replications
Starting test: NCSecDesc
......................... FORTSVR passed test NCSecDesc
Starting test: NetLogons
......................... FORTSVR passed test NetLogons
Starting test: Advertising
......................... FORTSVR passed test Advertising
Starting test: KnowsOfRoleHolders
......................... FORTSVR passed test KnowsOfRoleHolders
Starting test: RidManager
......................... FORTSVR passed test RidManager
Starting test: MachineAccount
......................... FORTSVR passed test MachineAccount
Starting test: Services
......................... FORTSVR passed test Services
Starting test: ObjectsReplicated
......................... FORTSVR passed test ObjectsReplicated
Starting test: frssysvol
......................... FORTSVR passed test frssysvol
Starting test: frsevent
......................... FORTSVR passed test frsevent
Starting test: kccevent
......................... FORTSVR passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 11/01/2008 09:50:13
(Event String could not be retrieved)
......................... FORTSVR failed test systemlog
Starting test: VerifyReferences
......................... FORTSVR passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : FORTPROPERTIES
Starting test: CrossRefValidation
......................... FORTPROPERTIES passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... FORTPROPERTIES passed test CheckSDRefDom
Running enterprise tests on : FORTPROPERTIES.COM
Starting test: Intersite
......................... FORTPROPERTIES.COM passed test Intersite
Starting test: FsmoCheck
......................... FORTPROPERTIES.COM passed test FsmoCheck
**************************
Windows IP Configuration
Host Name . . . . . . . . . . . . : fortsvr
Primary Dns Suffix . . . . . . . : FORTPROPERTIES.COM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : FORTPROPERTIES.COM
Ethernet adapter FORTLAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0D-56-BB-CF-F5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.205
DNS Servers . . . . . . . . . . . : 127.0.0.1
10.0.0.101
**************************
Computer Name: FORTSVR
DNS Host Name: fortsvr.FORTPROPERTIES.COM
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911567
KB911897
KB911927
KB912919
KB914388
KB914389
KB916281
KB917344
KB917422
KB917537
KB917734
KB917734_WMP9
KB917953
KB918118
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921503
KB921883
KB922582
KB922616
KB922760
KB922819
KB923191
KB923414
KB923689
KB923694
KB923980
KB924191
KB924496
KB924667
KB925398_WMP64
KB925486
KB925902
KB926122
KB926436
KB927891
KB928090
KB928255
KB928843
KB929123
KB929969
KB930178
KB931784
KB931836
KB932168
KB933360
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143
KB938127
KB938464
KB938829
KB939653
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB944338-v2
KB944533
KB944653
KB945553
KB946026
KB948590
KB949014
KB950749
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952954
KB953838
KB953839
KB956391
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : FORTLAN
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : fortsvr
IP Address . . . . . . . . : 10.0.0.101
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.0.205
Dns Servers. . . . . . . . : 127.0.0.1
10.0.0.101
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{9CF9B3D9-3FB0
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.101'.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{9CF9B3D9-3FB0
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{9CF9B3D9-3FB0
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
ASKER
PS -
I'm beginning to wonder if the installing of the new PoE switch might be coincidental to the Internet going down on the server. I had complaints two days before from the site that the "system was running slow" and I remotely rebooted the server. I'm wondering if the server was already having DNS problems? I don't know either way for a fact, but I thought I'd mention that.
Thanks.
I'm beginning to wonder if the installing of the new PoE switch might be coincidental to the Internet going down on the server. I had complaints two days before from the site that the "system was running slow" and I remotely rebooted the server. I'm wondering if the server was already having DNS problems? I don't know either way for a fact, but I thought I'd mention that.
Thanks.
Now for the fixes:
1) Let's not use the loopback address for DNS. Use the DNS server's IP as the preferred DNS.
DNS Servers . . . . . . . . . . . : 127.0.0.1
2) Make sure you can ping the gateway. If not, post back.
3) Here is an explaination of what happens when you have SP1 installed. This fix recommends you call M$ for a hotfix for this. (An alternative fix and preferred method is to install SP2.)
https://www.experts-exchange.com/questions/23681992/Server-unresponsive-locks-up-may-be-related-to-Visual-Source-Safe-ver-6d.html
4) Now, look into Event logs and see if you can find Event 40960: SPNEGO, there are currently no logon servers available at this time. If so, that will be from your second NIC. You may have SRV records of that NIC in DNS. So, you may have to manually clean out those SRV records. If you do not see this error, disregard this comment.
https://www.experts-exchange.com/questions/23356031/There-are-currently-no-logon-servers-available-to-service-the-logon-request.html
__________________________
The rest of this is all DNS troubleshooting. Since your problems seem to be domain wide, it looks like it could be problems with the DNS server itself. I put together a book on how to quickly locate DNS problems and fix them. Here it is:
I would like to go over the chronology of a DNS query and how this is very similar to a WINS query. This helps track down records problems.
The client will try to resolve the query by itself:
1) The second place a client looks for is a cached entry. (To determine if this is the case, go to the command prompt of the client and type IPconfig /flushdns.) (For WINS cach, type NBTstat -rr)
3) Then if your client doesn't have the cached entry, it will look at the client's C:\Windows\system32\driver
After the client can't determine its own DNS query it will look at the prefered DNS server: (To determine the prefered DNS server, it will be the first on on the list in an IPconfig /all of the client). (For WINS, it will be the preferred WINS server)
1) The first place the server looks for DNS records is its own DNS cache. (You can flush the cash by again going to the command prompt and typing ipconfig /flushdns) (For WINS it you can flush it by purging the Server's WINS cache by using NBTstat -rr)
2) Then the server will look at its own C:\windows\system32\driver
2)Then, the DNS server will have a list of Host A records, Alias records also known as CNAME records and SRV (service)records. (For WINS, it will look at the WINS record, Netbios Alias record, and other server records)
3) If the DNS server can't find the Host A, it will make an attempt to contact an outisde server. There are two types of contacts. One is a recursive and the other is an iteration query. There are also two types of lists to contact the outside server. One is called a forwarder and the other is called roothints.
---brief explaination of each:
---Recursive lookup: A recursive lookup is handled by the server. It will go out to a distant server and try to resolve DNS queries that it can't do on for the client. In other words, if the DNS server can't find an internal address, it will go out to other servers and ask them to look for it. If a resolution is provided. The resolution will be passed down to the client from the server. It is recommended to turn off recursive lookups for security reasons and performance reasons.
--Iteration: Iteration is done when the server can't resolve the query and tells the client, "I can't do it, ask another DNS server." The resolution comes from the remote server, not the local server. So, this is basically passing the buck.
---forwarders: forwarders are manually configured DNS servers that your server will forward queries to if your server can't make the resolution. (most folks configure the ISP's DNS server as the forwarders)
---Root Hints: Root Hints are a list of public DNS servers that your server forwards DNS queries to if your server can't resolve the DNS query
WINS is not needed to contact the web so, it just contacts other servers to see if it can find the netbios names of remote sites.
__________________________
It is my guess you may have a couple small problems:
1) SP1 needs to be upgraded to SP2
2) You may have DNS records on the server that need straightening out. Specifically
a) SRV records of your second NIC
b) DNS cache have a bad record, or host files are configured
c) you are using the loopback address as the preferred DNS server.
1) Let's not use the loopback address for DNS. Use the DNS server's IP as the preferred DNS.
DNS Servers . . . . . . . . . . . : 127.0.0.1
2) Make sure you can ping the gateway. If not, post back.
3) Here is an explaination of what happens when you have SP1 installed. This fix recommends you call M$ for a hotfix for this. (An alternative fix and preferred method is to install SP2.)
https://www.experts-exchange.com/questions/23681992/Server-unresponsive-locks-up-may-be-related-to-Visual-Source-Safe-ver-6d.html
4) Now, look into Event logs and see if you can find Event 40960: SPNEGO, there are currently no logon servers available at this time. If so, that will be from your second NIC. You may have SRV records of that NIC in DNS. So, you may have to manually clean out those SRV records. If you do not see this error, disregard this comment.
https://www.experts-exchange.com/questions/23356031/There-are-currently-no-logon-servers-available-to-service-the-logon-request.html
__________________________
The rest of this is all DNS troubleshooting. Since your problems seem to be domain wide, it looks like it could be problems with the DNS server itself. I put together a book on how to quickly locate DNS problems and fix them. Here it is:
I would like to go over the chronology of a DNS query and how this is very similar to a WINS query. This helps track down records problems.
The client will try to resolve the query by itself:
1) The second place a client looks for is a cached entry. (To determine if this is the case, go to the command prompt of the client and type IPconfig /flushdns.) (For WINS cach, type NBTstat -rr)
3) Then if your client doesn't have the cached entry, it will look at the client's C:\Windows\system32\driver
After the client can't determine its own DNS query it will look at the prefered DNS server: (To determine the prefered DNS server, it will be the first on on the list in an IPconfig /all of the client). (For WINS, it will be the preferred WINS server)
1) The first place the server looks for DNS records is its own DNS cache. (You can flush the cash by again going to the command prompt and typing ipconfig /flushdns) (For WINS it you can flush it by purging the Server's WINS cache by using NBTstat -rr)
2) Then the server will look at its own C:\windows\system32\driver
2)Then, the DNS server will have a list of Host A records, Alias records also known as CNAME records and SRV (service)records. (For WINS, it will look at the WINS record, Netbios Alias record, and other server records)
3) If the DNS server can't find the Host A, it will make an attempt to contact an outisde server. There are two types of contacts. One is a recursive and the other is an iteration query. There are also two types of lists to contact the outside server. One is called a forwarder and the other is called roothints.
---brief explaination of each:
---Recursive lookup: A recursive lookup is handled by the server. It will go out to a distant server and try to resolve DNS queries that it can't do on for the client. In other words, if the DNS server can't find an internal address, it will go out to other servers and ask them to look for it. If a resolution is provided. The resolution will be passed down to the client from the server. It is recommended to turn off recursive lookups for security reasons and performance reasons.
--Iteration: Iteration is done when the server can't resolve the query and tells the client, "I can't do it, ask another DNS server." The resolution comes from the remote server, not the local server. So, this is basically passing the buck.
---forwarders: forwarders are manually configured DNS servers that your server will forward queries to if your server can't make the resolution. (most folks configure the ISP's DNS server as the forwarders)
---Root Hints: Root Hints are a list of public DNS servers that your server forwards DNS queries to if your server can't resolve the DNS query
WINS is not needed to contact the web so, it just contacts other servers to see if it can find the netbios names of remote sites.
__________________________
It is my guess you may have a couple small problems:
1) SP1 needs to be upgraded to SP2
2) You may have DNS records on the server that need straightening out. Specifically
a) SRV records of your second NIC
b) DNS cache have a bad record, or host files are configured
c) you are using the loopback address as the preferred DNS server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2. go to safemode with networking logon on your computer and tellme what happen..
3. open my document and on the search bar type www.google.com and tell what happens
answers goes towards answers :)
ll be wating ...