Solved

Workstations are still remembering the old DNS servers!

Posted on 2009-07-15
11
856 Views
Last Modified: 2012-06-22
All of our workstations were set with static IP's until last friday. We had install new 2008 servers and moved our DNS from the 2003 server to the new 2008 server on Friday. Knowing that this would have to be changed on each workstation, we changed all of the machines to use DHCP on Thursday night. The problem is the machines are periodically losing their connection to the world. Not all of them are doing this and some are more trouble than others.

When we do ipconfig /all on the machine it shows the old DNS servers. If you go the GUI way and look at the TCP/IP properties both the IP address settings and the DNS section is set to use DHCP. Our Router has the correct Client DNS settings; that is verified by doing ipconfig /renew on the machine because this fixes the problem. Doing ipconfig /all again shows the proper DNS servers.

Where are the workstations getting the old IP addresses for the DNS servers?
0
Comment
Question by:neil1997
  • 6
  • 5
11 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

Group Policy? It's possible to set them there.

Otherwise, check the Alternate Configuration on the computer, or search the registry for any reference to them.

Chris
0
 

Author Comment

by:neil1997
Comment Utility
I couldn't find anywhere in GP that it would be coming from. I did a search on an offending machine in the registry and found these entries with the IP of the old server.

HKey_local machine\system\controlset001\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters\interfaces\{f8e61....

They are all named "DHCPNameServer"

I am sure that this is what is causing the problem, but where is that number coming from. Shouldn't the DHCP server reset those registry entries with what it has?

Why would the machine just go back to that setting after it has gotten the proper ones from the DHCP server?

I would expect that these entries would cause a problem on reboot, but not while the machine is logged in. Any thought on this. How can I get those registry entries to be right?

0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Check the DHCPServer value? Or run "ipconfig /all" and verify the DHCP Server entry there? If there's another DHCP server giving out the details it could explain it.

Chris
0
 

Author Comment

by:neil1997
Comment Utility
I have checked the registry entries for DHCPServer and the value of the DHCP Server with IPconfig. All point the right location.
0
 

Author Comment

by:neil1997
Comment Utility
I have also checked for rouge dhcp servers with the dhcploc.exe utility. All looks normal there.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

The two locations mentioned above are nothing to be concerned about, considering they're not CurrentControlSet (they're last known good configurations).

How about scripts? Did someone change the DNS servers before and have a NetSh script running somewhere to fix them? The registry being clear rules out any other policies.

Chris
0
 

Author Comment

by:neil1997
Comment Utility
Do you mean like a logon script or something? Do you think that this script may be still running and causing this?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

It's possible, you're already eliminated group policy, stale registry entries and rogue DHCP servers so it couldn't hurt to look.

Might also be worth a look at seeing if this happens on a brand new desktop build (if you can at all), and a machine not joined to the domain. They should help see if it's a domain resident problem, a problem with DHCP (pretty unlikely) or a problem with certain system builds.

Chris
0
 

Author Comment

by:neil1997
Comment Utility
Process Monitor is showing that the svchost.exe process is deleting the proper DNS settings shortly after reading the registry keys for TCP/IP parameters in the "CurrentControlSet" (which are correct). And then it replaces "CurrentControlSet" registry keys for DHCPNameServer and NameServer to the old DNS IP address!

Any thoughts about this?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Did you manage to try a system which is not part of the domain?

Chris
0
 

Author Closing Comment

by:neil1997
Comment Utility
Somehow the entries in the current controlset in the registry were being reset to the previous control sets. We just stopped using DHCP to configure the workstations DNS servers. We just set them all statically as a workaround. After other things settle down, we will attempt to set them to DHCP again.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Resolve DNS query failed errors for Exchange
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now