Workstations are still remembering the old DNS servers!

All of our workstations were set with static IP's until last friday. We had install new 2008 servers and moved our DNS from the 2003 server to the new 2008 server on Friday. Knowing that this would have to be changed on each workstation, we changed all of the machines to use DHCP on Thursday night. The problem is the machines are periodically losing their connection to the world. Not all of them are doing this and some are more trouble than others.

When we do ipconfig /all on the machine it shows the old DNS servers. If you go the GUI way and look at the TCP/IP properties both the IP address settings and the DNS section is set to use DHCP. Our Router has the correct Client DNS settings; that is verified by doing ipconfig /renew on the machine because this fixes the problem. Doing ipconfig /all again shows the proper DNS servers.

Where are the workstations getting the old IP addresses for the DNS servers?
neil1997Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Group Policy? It's possible to set them there.

Otherwise, check the Alternate Configuration on the computer, or search the registry for any reference to them.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
neil1997Author Commented:
I couldn't find anywhere in GP that it would be coming from. I did a search on an offending machine in the registry and found these entries with the IP of the old server.

HKey_local machine\system\controlset001\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters\interfaces\{f8e61....

They are all named "DHCPNameServer"

I am sure that this is what is causing the problem, but where is that number coming from. Shouldn't the DHCP server reset those registry entries with what it has?

Why would the machine just go back to that setting after it has gotten the proper ones from the DHCP server?

I would expect that these entries would cause a problem on reboot, but not while the machine is logged in. Any thought on this. How can I get those registry entries to be right?

0
Chris DentPowerShell DeveloperCommented:

Check the DHCPServer value? Or run "ipconfig /all" and verify the DHCP Server entry there? If there's another DHCP server giving out the details it could explain it.

Chris
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

neil1997Author Commented:
I have checked the registry entries for DHCPServer and the value of the DHCP Server with IPconfig. All point the right location.
0
neil1997Author Commented:
I have also checked for rouge dhcp servers with the dhcploc.exe utility. All looks normal there.
0
Chris DentPowerShell DeveloperCommented:

The two locations mentioned above are nothing to be concerned about, considering they're not CurrentControlSet (they're last known good configurations).

How about scripts? Did someone change the DNS servers before and have a NetSh script running somewhere to fix them? The registry being clear rules out any other policies.

Chris
0
neil1997Author Commented:
Do you mean like a logon script or something? Do you think that this script may be still running and causing this?
0
Chris DentPowerShell DeveloperCommented:

It's possible, you're already eliminated group policy, stale registry entries and rogue DHCP servers so it couldn't hurt to look.

Might also be worth a look at seeing if this happens on a brand new desktop build (if you can at all), and a machine not joined to the domain. They should help see if it's a domain resident problem, a problem with DHCP (pretty unlikely) or a problem with certain system builds.

Chris
0
neil1997Author Commented:
Process Monitor is showing that the svchost.exe process is deleting the proper DNS settings shortly after reading the registry keys for TCP/IP parameters in the "CurrentControlSet" (which are correct). And then it replaces "CurrentControlSet" registry keys for DHCPNameServer and NameServer to the old DNS IP address!

Any thoughts about this?
0
Chris DentPowerShell DeveloperCommented:

Did you manage to try a system which is not part of the domain?

Chris
0
neil1997Author Commented:
Somehow the entries in the current controlset in the registry were being reset to the previous control sets. We just stopped using DHCP to configure the workstations DNS servers. We just set them all statically as a workaround. After other things settle down, we will attempt to set them to DHCP again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.