?
Solved

Workstations are still remembering the old DNS servers!

Posted on 2009-07-15
11
Medium Priority
?
875 Views
Last Modified: 2012-06-22
All of our workstations were set with static IP's until last friday. We had install new 2008 servers and moved our DNS from the 2003 server to the new 2008 server on Friday. Knowing that this would have to be changed on each workstation, we changed all of the machines to use DHCP on Thursday night. The problem is the machines are periodically losing their connection to the world. Not all of them are doing this and some are more trouble than others.

When we do ipconfig /all on the machine it shows the old DNS servers. If you go the GUI way and look at the TCP/IP properties both the IP address settings and the DNS section is set to use DHCP. Our Router has the correct Client DNS settings; that is verified by doing ipconfig /renew on the machine because this fixes the problem. Doing ipconfig /all again shows the proper DNS servers.

Where are the workstations getting the old IP addresses for the DNS servers?
0
Comment
Question by:neil1997
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24858265

Group Policy? It's possible to set them there.

Otherwise, check the Alternate Configuration on the computer, or search the registry for any reference to them.

Chris
0
 

Author Comment

by:neil1997
ID: 24858647
I couldn't find anywhere in GP that it would be coming from. I did a search on an offending machine in the registry and found these entries with the IP of the old server.

HKey_local machine\system\controlset001\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters\interfaces\{f8e61....

They are all named "DHCPNameServer"

I am sure that this is what is causing the problem, but where is that number coming from. Shouldn't the DHCP server reset those registry entries with what it has?

Why would the machine just go back to that setting after it has gotten the proper ones from the DHCP server?

I would expect that these entries would cause a problem on reboot, but not while the machine is logged in. Any thought on this. How can I get those registry entries to be right?

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24858658

Check the DHCPServer value? Or run "ipconfig /all" and verify the DHCP Server entry there? If there's another DHCP server giving out the details it could explain it.

Chris
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 

Author Comment

by:neil1997
ID: 24858805
I have checked the registry entries for DHCPServer and the value of the DHCP Server with IPconfig. All point the right location.
0
 

Author Comment

by:neil1997
ID: 24861786
I have also checked for rouge dhcp servers with the dhcploc.exe utility. All looks normal there.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24862052

The two locations mentioned above are nothing to be concerned about, considering they're not CurrentControlSet (they're last known good configurations).

How about scripts? Did someone change the DNS servers before and have a NetSh script running somewhere to fix them? The registry being clear rules out any other policies.

Chris
0
 

Author Comment

by:neil1997
ID: 24862204
Do you mean like a logon script or something? Do you think that this script may be still running and causing this?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24862245

It's possible, you're already eliminated group policy, stale registry entries and rogue DHCP servers so it couldn't hurt to look.

Might also be worth a look at seeing if this happens on a brand new desktop build (if you can at all), and a machine not joined to the domain. They should help see if it's a domain resident problem, a problem with DHCP (pretty unlikely) or a problem with certain system builds.

Chris
0
 

Author Comment

by:neil1997
ID: 24913346
Process Monitor is showing that the svchost.exe process is deleting the proper DNS settings shortly after reading the registry keys for TCP/IP parameters in the "CurrentControlSet" (which are correct). And then it replaces "CurrentControlSet" registry keys for DHCPNameServer and NameServer to the old DNS IP address!

Any thoughts about this?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24913739

Did you manage to try a system which is not part of the domain?

Chris
0
 

Author Closing Comment

by:neil1997
ID: 31603654
Somehow the entries in the current controlset in the registry were being reset to the previous control sets. We just stopped using DHCP to configure the workstations DNS servers. We just set them all statically as a workaround. After other things settle down, we will attempt to set them to DHCP again.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question