Gregg Brooke
asked on
TCP/IP Settings Work with Static IPs but Not DHCP
Our firewall died. No big deal. Replaced it without fuss and got things up and running. Almost. After booting up the new firewall, the workstations could not connect to the Internet. The two servers could, though. Realizing that the servers had static IP addresses, as a test, I put a static IP on one of the workstations and it was able to connect. When I set it back to DHCP, nothing. During the firewall replacement, I made no changes to DHCP which is running off the Windows Server 2003. When setting the static IP, I used the exact same settings that the DHCP server was dishing out. Why will it not work with DHCP now after only replacing a firewall? For the time being, I have the workstations on static IPs (small network - 15 computers, 2 servers) but I would rather have DHCP operational. Any thoughts?
What is the IP address of your new firewall?
What is the IP address of your (internal?) dns server?
What is the IP address of your (internal?) dns server?
have you tried to do a
ipconfig /release
ipconfig /renew
can you paste a ipconfig /all from a static pc and dhcp pc?
ipconfig /release
ipconfig /renew
can you paste a ipconfig /all from a static pc and dhcp pc?
what's the make of your router? DHCP isn't running the router too, right?
ASKER
The router is a Cisco unit from Covad. DHCP is not running on it.
I tried ipconfig /release and /renew. No dice.
I will paste the settings from the machines as soon as I have an opportunity. I may have to go onsite to do this.
I tried ipconfig /release and /renew. No dice.
I will paste the settings from the machines as soon as I have an opportunity. I may have to go onsite to do this.
based on your story, it has to be problem with the router / firewall.
you wanna make sure it can pass the dhcp traffic through. ( from server to clients)
if same model of router use for replacement, make sure you compare the config and no settings are different.
The config you'll be looking for will be something like: ip-helper address <dhcp server>
hope this help..
you wanna make sure it can pass the dhcp traffic through. ( from server to clients)
if same model of router use for replacement, make sure you compare the config and no settings are different.
The config you'll be looking for will be something like: ip-helper address <dhcp server>
hope this help..
ASKER
Need to clarify:
The Covad router is NOT the firewall appliance. It is simply bringing the T1 connection into the building.
The firewall is IP Cop v1.4.18 and it is running on a PC, i.e., separate from the Covad router.
The Covad router is on the outside of the firewall and everything else is on the inside.
DHCP is not running on either machine.
The settings on the firewall are as close to the original configuration as I could make it. I had taken copious notes and screen captures on the setup of the firewall just in case something like this happened. I say "as close to the original configuration as I could make it" because there was one screen capture missing from my notes although it was for VPN set up which we have never used.
The Covad router is NOT the firewall appliance. It is simply bringing the T1 connection into the building.
The firewall is IP Cop v1.4.18 and it is running on a PC, i.e., separate from the Covad router.
The Covad router is on the outside of the firewall and everything else is on the inside.
DHCP is not running on either machine.
The settings on the firewall are as close to the original configuration as I could make it. I had taken copious notes and screen captures on the setup of the firewall just in case something like this happened. I say "as close to the original configuration as I could make it" because there was one screen capture missing from my notes although it was for VPN set up which we have never used.
I can only say that your DHCP is giving out bad values - we're waiting for the following (which you have to go on site for).
"can you paste a ipconfig /all from a static pc and dhcp pc?"
"can you paste a ipconfig /all from a static pc and dhcp pc?"
May want to check to make sure there aren't any software updates for your firewall(ipcop). If there isn't something wrong with the config...could be a bug...
Also, have you tried restarting the DHCP server service? maybe even reboot the server...
Also, have you tried restarting the DHCP server service? maybe even reboot the server...
ASKER
I did restart the DHCP server a couple of times and rebooted the server a couple of times. No dice.
I am considering deleting the scope and making a new one. I'll wait on that, though, to see if the problem can be resolved some other way.
I am considering deleting the scope and making a new one. I'll wait on that, though, to see if the problem can be resolved some other way.
ASKER
Here are the settings that were requested. As a note, when using DHCP, internal network functions still work, i.e., workstation can get to resources on the servers and can print to network printers. They just can't get out to the Internet.
192.168.52.3 - Windows Server 2003 Domain Controller (runs DNS and DHCP)
192.168.52.1 - IP Cop Firewall
64.150.202.138 - Covad Primary DNS Server
64.105.199.74 - Covad Secondary DNS Server
Static IP config that works, meaning can get out to the Internet and access internal network resources.
C:\Documents and Settings\Administrator.ADF NET>ipconf ig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : frontdesk2
Primary Dns Suffix . . . . . . . : ADFNET.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ADFNET.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-0B-DB-B9-EC-CA
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.52.81
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.52.1
DNS Servers . . . . . . . . . . . : 192.168.52.3
64.150.202.138
DHCP Settings from same machine - doesn't work, meaning can not get out to Internet but can still access internal network resources.
C:\Documents and Settings\Administrator.ADF NET>ipconf ig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : frontdesk2
Primary Dns Suffix . . . . . . . : ADFNET.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ADFNET.local
adfnet.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : adfnet.local
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-0B-DB-B9-EC-CA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.52.151
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.52.1
DHCP Server . . . . . . . . . . . : 192.168.52.3
DNS Servers . . . . . . . . . . . : 192.168.52.3
64.105.202.138
64.105.199.74
Primary WINS Server . . . . . . . : 192.168.52.3
Lease Obtained. . . . . . . . . . : Thursday, November 13, 2008 6:15:00 PM
Lease Expires . . . . . . . . . . : Thursday, November 20, 2008 6:15:00 PM
192.168.52.3 - Windows Server 2003 Domain Controller (runs DNS and DHCP)
192.168.52.1 - IP Cop Firewall
64.150.202.138 - Covad Primary DNS Server
64.105.199.74 - Covad Secondary DNS Server
Static IP config that works, meaning can get out to the Internet and access internal network resources.
C:\Documents and Settings\Administrator.ADF
Windows IP Configuration
Host Name . . . . . . . . . . . . : frontdesk2
Primary Dns Suffix . . . . . . . : ADFNET.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ADFNET.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-0B-DB-B9-EC-CA
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.52.81
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.52.1
DNS Servers . . . . . . . . . . . : 192.168.52.3
64.150.202.138
DHCP Settings from same machine - doesn't work, meaning can not get out to Internet but can still access internal network resources.
C:\Documents and Settings\Administrator.ADF
Windows IP Configuration
Host Name . . . . . . . . . . . . : frontdesk2
Primary Dns Suffix . . . . . . . : ADFNET.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ADFNET.local
adfnet.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : adfnet.local
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-0B-DB-B9-EC-CA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.52.151
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.52.1
DHCP Server . . . . . . . . . . . : 192.168.52.3
DNS Servers . . . . . . . . . . . : 192.168.52.3
64.105.202.138
64.105.199.74
Primary WINS Server . . . . . . . : 192.168.52.3
Lease Obtained. . . . . . . . . . : Thursday, November 13, 2008 6:15:00 PM
Lease Expires . . . . . . . . . . : Thursday, November 20, 2008 6:15:00 PM
A couple of thoughts:
-When you replace a router with SBS, even if the settings are the same, it is recommended you re-run the CEICW (server management | Internet and e-mail | connect to the Internet). Did you do so?
-It may be a DNS issue. After a PC is assigned an IP using DHCP try accessing a web page using the IP such as Google http://64.233.187.99/ If that works it is definitely DNS, which is what I suspect.
In a windows domain your internal DNS server/s (SBS) must be the ONLY IP assigned to any server or PC for DNS. The ISP's DNS should be only added to the server's forwarders list within the DNS management console. Where it is SBS, do not add it to the forwarders manually but rather use the CEICW.
Windows does not behave as expected by going through the list of DNS servers on a PC in a logical order. As a result you can get very odd name resolution issues. You may find with your current configuration you are even getting slow logons to PC's.
Let us know if that helps.
-When you replace a router with SBS, even if the settings are the same, it is recommended you re-run the CEICW (server management | Internet and e-mail | connect to the Internet). Did you do so?
-It may be a DNS issue. After a PC is assigned an IP using DHCP try accessing a web page using the IP such as Google http://64.233.187.99/ If that works it is definitely DNS, which is what I suspect.
In a windows domain your internal DNS server/s (SBS) must be the ONLY IP assigned to any server or PC for DNS. The ISP's DNS should be only added to the server's forwarders list within the DNS management console. Where it is SBS, do not add it to the forwarders manually but rather use the CEICW.
Windows does not behave as expected by going through the list of DNS servers on a PC in a logical order. As a result you can get very odd name resolution issues. You may find with your current configuration you are even getting slow logons to PC's.
Let us know if that helps.
ps- Where DHCP is assigning the workstations the ISP's DNS you will likely have to remove that from the DHCP scope, though the CEICW may do that for you automatically, I am not sure.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Rob. I will use that DNS article from here on out.
Thanks gbrooke.
Cheers !
--Rob
Cheers !
--Rob
What is an example of a static IP you have assigned and worked?
Please provide:
- IP Address
- Subnet Mask
- Default Gateway IP
- DNS server(s)
Go back to DHCP mode on a pc,
- Start->run->cmd, type in "ipconfig /all"
- Copy-paste the contents in here.