Solved

lost internet access from domain controller

Posted on 2008-10-30
11
728 Views
Last Modified: 2012-05-05
I haven't encountered this problem before...

I have a LAN domain with one domain controller and about 15 users.  I had two switches:  one 24-port PoE (Power over Ethernet) switch, and one plain 16 port switch.  Today I replaced the plain 16-port switch with a brand new Dell PowerConnect PoE switch.  I hooked the two PoE switches together with a single Ethernet cable connecting their gigagit ports.  

Subsequent to the replacement all the user computers work normally and have access to the Internet, however the domain controller suddenly can't access Internet via either IE or Firefox.  This is a problem because several services on the server can't obtain automatic updates from the Internet.  The server also hosts Exchange, but email is still flowing.  

I can ping www.yahoo.com from a DOS box on the server, which is strange, since I can't reach the Internet via a web browser.  There is no software firewall running and I have tried disabling the antivirus program.  

I think I need help with DNS to troubleshoot this?

Thanks.
0
Comment
Question by:dgower
11 Comments
 
LVL 3

Expert Comment

by:nickt25
ID: 22847530
1. are you using dhcp or static ip ?
2. go to safemode with networking logon on your computer and tellme what happen..
3. open my document and on the search bar type www.google.com and tell what happens
answers goes towards answers :)
ll be wating ...
0
 

Expert Comment

by:cmandala
ID: 22847536
First, Did you restart both switches after installing the new one? Second, is the cat5 jumper connecting the switches tested and in good order? If this didn't help, I think you should rule out a defective switch. Is connectivity restored when you replace the new switch with the old one (go back to the way it was)?   Before we get into the DNS settings we should rule out the things you changed just before the connectivity failed.
0
 

Author Comment

by:dgower
ID: 22847601
I'll be back at the site around 6am pst tomorrow morning.

In the meantime, here are my responses to your questions...

server has a static address, not dhcp
nickt25:  I will try booting to safe mode, but what do you mean by open your document, I don't understand.
cmandala:  yes, i restarted both switches.  I also restarted the Linksys internet router.  beyond that is a cisco switch where the t1 terminates. i did not restart the cisco, but will tomorrow morning.
I replaced the cat5 cable with a brand new one, but that didn't help.
I'm going to try replacing the new switch with the old one tomorrow morning.

Thanks guys.
0
 

Author Comment

by:dgower
ID: 22850621
Hi.

I went on-site this morning.  

The device path from the domain controller to the Internet is as follows...

DC >> Origingal PoE Switch >> Linksys RVS4000 broadbound router >> Cisco 2600 >> T1 >> ISP

I shut down all the devices, waited several minutes, and then brought them back online starting with the Cisco.  This did not restore Internet access from the DC.

I then removed the new PoE switch and replaced it with the old 16-port switch and recabled everything.  Then I shut everything down and brought it all back starting with the Cisco.  Still no Internet from DC.

I was going to boot to Safe Mode but employees started showing up at 7AM and could not keep server offline.

nickt25:  your post doesnt show the "document" you mentioned.  Could you resend it?  I will probably come in off-hours tomorrow Saturday and try this out.

In the meantime, what else can I try without rebooting the DC during office hours?  Thanks.
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 22853221
Does your domain controller double as a DNS server and is this DNS server the primary for the client computers?

Could you pull the DNS settings for the server as well as the DNS settings on a client machine and post them?

If you ping www.yahoo.com and the address is resolved, DNS is resolving hostnames - if this machine also runs exchange and users have been able to send and receive mail then DNS and internet are working. If DNS was not functioning correctly, your users probably would be getting bounce backs because the domains could not be resolved.

Just for kicks though use IE to go to yahoo.com if it doesn't work then use nslookup to check name resolution, then use ping to verify you get a response back then use tracert to see if you can pinpoint an area of failure.

If there are no apparent points of failure you can try a winsock fix.

Otherwise you may want to run a winsock fix on it, http traffic may not be getting through correctly.
www.snapfiles.com/get/winsockxpfix.html - this is the link for the Winsock Fix Utility by Option Explicit
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 38

Expert Comment

by:ChiefIT
ID: 22856347
Lots of things can cause your issues:

1) SP1 has a problem that may shut down certain services. It has a bug in the programming that makes your MTU channels fragment data packets. So, a simple ping might go through, but much more than that might be blocked or time out. A fix to this is to download and install SP2.

2) If your preferred DNS server's lis it wrong, you can certainly knock down your DNS settings.

3) if your default gateway is not configured on your server, you could loose internet access but all else seems OK.

4) You could have a bad DNS cache record or a configured Host file on the server.

5) a multihomed Domain controller may cause this issue very easily. (This is what I think is your problem)

The best thing you can do for us to help you is run a few diagnostics and provide us with the errors:
At the command prompt:
Netdiag
DCdiag
In event logs look for 4004 and 4015 events. If so, provide those events.
Also a IPconfig /all will help us out a great deal.

0
 

Author Comment

by:dgower
ID: 22857851
ChiefIT:

Hi.  Thanks for everybody's help so far.

I think you're right about upgrading to SP2.  The C drive on the server is a bit tight, but I've cleaned it up and now have 1.7GB free space on a 12GB drive.  That should leave me a safe amount of space for SP2 do you think?

The domain controller IS multihomed.  However the 2nd NIC interface is disabled.  It's called simply "DONTUSE".  You'll see that it doesn't show up on the IPCONFIG /ALL.  However although it's disabled it currently is configured for dynamic IP.  I could configure it for a different nonroutable address -- say 192.168.0.100 -- if you think that would make any difference?

Here are the diagnostics you requested:  Netdiag, DCdiag, IPconfig /all.   Also I checked both system and app event logs and neither shows anything for 4004 or 4015 events.

********************************DCDIAG*******************************88


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\FORTSVR
      Starting test: Connectivity
         ......................... FORTSVR passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\FORTSVR
      Starting test: Replications
         ......................... FORTSVR passed test Replications
      Starting test: NCSecDesc
         ......................... FORTSVR passed test NCSecDesc
      Starting test: NetLogons
         ......................... FORTSVR passed test NetLogons
      Starting test: Advertising
         ......................... FORTSVR passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... FORTSVR passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... FORTSVR passed test RidManager
      Starting test: MachineAccount
         ......................... FORTSVR passed test MachineAccount
      Starting test: Services
         ......................... FORTSVR passed test Services
      Starting test: ObjectsReplicated
         ......................... FORTSVR passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... FORTSVR passed test frssysvol
      Starting test: frsevent
         ......................... FORTSVR passed test frsevent
      Starting test: kccevent
         ......................... FORTSVR passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/01/2008   09:50:13
            (Event String could not be retrieved)
         ......................... FORTSVR failed test systemlog
      Starting test: VerifyReferences
         ......................... FORTSVR passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : FORTPROPERTIES
      Starting test: CrossRefValidation
         ......................... FORTPROPERTIES passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... FORTPROPERTIES passed test CheckSDRefDom
   
   Running enterprise tests on : FORTPROPERTIES.COM
      Starting test: Intersite
         ......................... FORTPROPERTIES.COM passed test Intersite
      Starting test: FsmoCheck
         ......................... FORTPROPERTIES.COM passed test FsmoCheck


********************************IPCONFIG /ALL**********************



Windows IP Configuration



   Host Name . . . . . . . . . . . . : fortsvr

   Primary Dns Suffix  . . . . . . . : FORTPROPERTIES.COM

   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : Yes

   WINS Proxy Enabled. . . . . . . . : Yes

   DNS Suffix Search List. . . . . . : FORTPROPERTIES.COM



Ethernet adapter FORTLAN:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

   Physical Address. . . . . . . . . : 00-0D-56-BB-CF-F5

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 10.0.0.101

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 10.0.0.205

   DNS Servers . . . . . . . . . . . : 127.0.0.1

                                       10.0.0.101


*****************************************NETDIAG*****************************************




    Computer Name: FORTSVR
    DNS Host Name: fortsvr.FORTPROPERTIES.COM
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB908519
        KB908531
        KB910437
        KB911280
        KB911562
        KB911564
        KB911567
        KB911897
        KB911927
        KB912919
        KB914388
        KB914389
        KB916281
        KB917344
        KB917422
        KB917537
        KB917734
        KB917734_WMP9
        KB917953
        KB918118
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921503
        KB921883
        KB922582
        KB922616
        KB922760
        KB922819
        KB923191
        KB923414
        KB923689
        KB923694
        KB923980
        KB924191
        KB924496
        KB924667
        KB925398_WMP64
        KB925486
        KB925902
        KB926122
        KB926436
        KB927891
        KB928090
        KB928255
        KB928843
        KB929123
        KB929969
        KB930178
        KB931784
        KB931836
        KB932168
        KB933360
        KB933729
        KB933854
        KB935839
        KB935840
        KB935966
        KB936021
        KB936357
        KB936782
        KB937143
        KB938127
        KB938464
        KB938829
        KB939653
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB941693
        KB942763
        KB942830
        KB942831
        KB942840
        KB943055
        KB943460
        KB943484
        KB943485
        KB944338-v2
        KB944533
        KB944653
        KB945553
        KB946026
        KB948590
        KB949014
        KB950749
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952954
        KB953838
        KB953839
        KB956391
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : FORTLAN

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fortsvr
        IP Address . . . . . . . . : 10.0.0.101
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.205
        Dns Servers. . . . . . . . : 127.0.0.1
                                     10.0.0.101


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9CF9B3D9-3FB0-48C3-9644-643C99B2B2B0}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.101'.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9CF9B3D9-3FB0-48C3-9644-643C99B2B2B0}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9CF9B3D9-3FB0-48C3-9644-643C99B2B2B0}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully



0
 

Author Comment

by:dgower
ID: 22857865
PS -

I'm beginning to wonder if the installing of the new PoE switch might be coincidental to the Internet going down on the server.  I had complaints two days before from the site that the "system was running slow" and I remotely rebooted the server.  I'm wondering if the server was already having DNS problems?  I don't know either way for a fact, but I thought I'd mention that.

Thanks.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22858131
Now for the fixes:
1) Let's not use the loopback address for DNS. Use the DNS server's IP as the preferred DNS.
DNS Servers . . . . . . . . . . . : 127.0.0.1

2) Make sure you can ping the gateway. If not, post back.

3) Here is an explaination of what happens when you have SP1 installed. This fix recommends you call M$ for a hotfix for this. (An alternative fix and preferred method is to install SP2.)

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23681992.html

4) Now, look into Event logs and see if you can find Event 40960: SPNEGO, there are currently no logon servers available at this time. If so, that will be from your second NIC. You may have SRV records of that NIC in DNS. So, you may have to manually clean out those SRV records. If you do not see this error, disregard this comment.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23356031.html

__________________________________________________________________________
The rest of this is all DNS troubleshooting. Since your problems seem to be domain wide, it looks like it could be problems with the DNS server itself. I put together a book on how to quickly locate DNS problems and fix them. Here it is:

I would like to go over the chronology of a DNS query and how this is very similar to a WINS query. This helps track down records problems.

The client will try to resolve the query by itself:
1) The second place a client looks for is a cached entry. (To determine if this is the case, go to the command prompt of the client and type IPconfig /flushdns.) (For WINS cach, type NBTstat -rr)
3) Then if your client doesn't have the cached entry, it will look at the client's C:\Windows\system32\drivers\ect\Host file for resolution. (For WINS, you comptuer looks in the C:\Windows\system32\drivers\ect\LMHOST file(You can look at and edit the host file with word pad. Check and see that there are no entries, except 1.0.0.127 local host file in that file for the HOST file and no entries in LMHOST. These files are used if you don't have a DNS server or WINS server respectively. They can be configured to maintain a list of computers you want to contact via a DNS query or WINS query.)

After the client can't determine its own DNS query it will look at the prefered DNS server: (To determine the prefered DNS server, it will be the first on on the list in an IPconfig /all of the client). (For WINS, it will be the preferred WINS server)
1) The first place the server looks for DNS records is its own DNS cache. (You can flush the cash by again going to the command prompt and typing ipconfig /flushdns) (For WINS it you can flush it by purging the Server's WINS cache by using NBTstat -rr)
2) Then the server will look at its own C:\windows\system32\drivers\host file. (for WINS it will be the C:\windows\system32\drivers\LMHOST file
2)Then, the DNS server will have a list of Host A records, Alias records also known as CNAME records and SRV (service)records. (For WINS, it will look at the WINS record, Netbios Alias record, and other server records)
3) If the DNS server can't find the Host A, it will make an attempt to contact an outisde server. There are two types of contacts. One is a recursive and the other is an iteration query. There are also two types of lists to contact the outside server. One is called a forwarder and the other is called roothints.
---brief explaination of each:
---Recursive lookup: A recursive lookup is handled by the server. It will go out to a distant server and try to resolve DNS queries that it can't do on for the client. In other words, if the DNS server can't find an internal address, it will go out to other servers and ask them to look for it. If a resolution is provided. The resolution will be passed down to the client from the server. It is recommended to turn off recursive lookups for security reasons and performance reasons.
--Iteration: Iteration is done when the server can't resolve the query and tells the client, "I can't do it, ask another DNS server." The resolution comes from the remote server, not the local server. So, this is basically passing the buck.
---forwarders: forwarders are manually configured DNS servers that your server will forward queries to if your server can't make the resolution. (most folks configure the ISP's DNS server as the forwarders)
---Root Hints: Root Hints are a list of public DNS servers that your server forwards DNS queries to if your server can't resolve the DNS query

WINS is not needed to contact the web so, it just contacts other servers to see if it can find the netbios names of remote sites.

___________________________________________________________________________
It is my guess you may have a couple small problems:
1) SP1 needs to be upgraded to SP2
2) You may have DNS records on the server that need straightening out. Specifically
a) SRV records of your second NIC
b) DNS cache have a bad record, or host files are configured
c) you are using the loopback address as the preferred DNS server.


0
 

Accepted Solution

by:
dgower earned 0 total points
ID: 24638764
Sorry for long delay with this Open Question.

I eventually found that the blocked Internet was caused by an AVG server antivirus product which had gone haywire and was blocking its own network.  

I removed the product and replaced it with another and the problem was resolved.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
DNS on-premise and on-cloud 15 70
IPhone using PC internet 17 46
Nameserver and MX Record 2 46
DNS Name Pointing 6 31
Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Learn about cloud computing and its benefits for small business owners.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now