Solved

Workstations are still remembering the old DNS servers!

Posted on 2009-07-15
11
861 Views
Last Modified: 2012-06-22
All of our workstations were set with static IP's until last friday. We had install new 2008 servers and moved our DNS from the 2003 server to the new 2008 server on Friday. Knowing that this would have to be changed on each workstation, we changed all of the machines to use DHCP on Thursday night. The problem is the machines are periodically losing their connection to the world. Not all of them are doing this and some are more trouble than others.

When we do ipconfig /all on the machine it shows the old DNS servers. If you go the GUI way and look at the TCP/IP properties both the IP address settings and the DNS section is set to use DHCP. Our Router has the correct Client DNS settings; that is verified by doing ipconfig /renew on the machine because this fixes the problem. Doing ipconfig /all again shows the proper DNS servers.

Where are the workstations getting the old IP addresses for the DNS servers?
0
Comment
Question by:neil1997
  • 6
  • 5
11 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24858265

Group Policy? It's possible to set them there.

Otherwise, check the Alternate Configuration on the computer, or search the registry for any reference to them.

Chris
0
 

Author Comment

by:neil1997
ID: 24858647
I couldn't find anywhere in GP that it would be coming from. I did a search on an offending machine in the registry and found these entries with the IP of the old server.

HKey_local machine\system\controlset001\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters\interfaces\{f8e61....

They are all named "DHCPNameServer"

I am sure that this is what is causing the problem, but where is that number coming from. Shouldn't the DHCP server reset those registry entries with what it has?

Why would the machine just go back to that setting after it has gotten the proper ones from the DHCP server?

I would expect that these entries would cause a problem on reboot, but not while the machine is logged in. Any thought on this. How can I get those registry entries to be right?

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24858658

Check the DHCPServer value? Or run "ipconfig /all" and verify the DHCP Server entry there? If there's another DHCP server giving out the details it could explain it.

Chris
0
 

Author Comment

by:neil1997
ID: 24858805
I have checked the registry entries for DHCPServer and the value of the DHCP Server with IPconfig. All point the right location.
0
 

Author Comment

by:neil1997
ID: 24861786
I have also checked for rouge dhcp servers with the dhcploc.exe utility. All looks normal there.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 24862052

The two locations mentioned above are nothing to be concerned about, considering they're not CurrentControlSet (they're last known good configurations).

How about scripts? Did someone change the DNS servers before and have a NetSh script running somewhere to fix them? The registry being clear rules out any other policies.

Chris
0
 

Author Comment

by:neil1997
ID: 24862204
Do you mean like a logon script or something? Do you think that this script may be still running and causing this?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24862245

It's possible, you're already eliminated group policy, stale registry entries and rogue DHCP servers so it couldn't hurt to look.

Might also be worth a look at seeing if this happens on a brand new desktop build (if you can at all), and a machine not joined to the domain. They should help see if it's a domain resident problem, a problem with DHCP (pretty unlikely) or a problem with certain system builds.

Chris
0
 

Author Comment

by:neil1997
ID: 24913346
Process Monitor is showing that the svchost.exe process is deleting the proper DNS settings shortly after reading the registry keys for TCP/IP parameters in the "CurrentControlSet" (which are correct). And then it replaces "CurrentControlSet" registry keys for DHCPNameServer and NameServer to the old DNS IP address!

Any thoughts about this?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24913739

Did you manage to try a system which is not part of the domain?

Chris
0
 

Author Closing Comment

by:neil1997
ID: 31603654
Somehow the entries in the current controlset in the registry were being reset to the previous control sets. We just stopped using DHCP to configure the workstations DNS servers. We just set them all statically as a workaround. After other things settle down, we will attempt to set them to DHCP again.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now