Solved

Workstations are still remembering the old DNS servers!

Posted on 2009-07-15
11
867 Views
Last Modified: 2012-06-22
All of our workstations were set with static IP's until last friday. We had install new 2008 servers and moved our DNS from the 2003 server to the new 2008 server on Friday. Knowing that this would have to be changed on each workstation, we changed all of the machines to use DHCP on Thursday night. The problem is the machines are periodically losing their connection to the world. Not all of them are doing this and some are more trouble than others.

When we do ipconfig /all on the machine it shows the old DNS servers. If you go the GUI way and look at the TCP/IP properties both the IP address settings and the DNS section is set to use DHCP. Our Router has the correct Client DNS settings; that is verified by doing ipconfig /renew on the machine because this fixes the problem. Doing ipconfig /all again shows the proper DNS servers.

Where are the workstations getting the old IP addresses for the DNS servers?
0
Comment
Question by:neil1997
  • 6
  • 5
11 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24858265

Group Policy? It's possible to set them there.

Otherwise, check the Alternate Configuration on the computer, or search the registry for any reference to them.

Chris
0
 

Author Comment

by:neil1997
ID: 24858647
I couldn't find anywhere in GP that it would be coming from. I did a search on an offending machine in the registry and found these entries with the IP of the old server.

HKey_local machine\system\controlset001\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters
HKey_local machine\system\controlset003\services\tcpip\parameters\interfaces\{f8e61....

They are all named "DHCPNameServer"

I am sure that this is what is causing the problem, but where is that number coming from. Shouldn't the DHCP server reset those registry entries with what it has?

Why would the machine just go back to that setting after it has gotten the proper ones from the DHCP server?

I would expect that these entries would cause a problem on reboot, but not while the machine is logged in. Any thought on this. How can I get those registry entries to be right?

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24858658

Check the DHCPServer value? Or run "ipconfig /all" and verify the DHCP Server entry there? If there's another DHCP server giving out the details it could explain it.

Chris
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:neil1997
ID: 24858805
I have checked the registry entries for DHCPServer and the value of the DHCP Server with IPconfig. All point the right location.
0
 

Author Comment

by:neil1997
ID: 24861786
I have also checked for rouge dhcp servers with the dhcploc.exe utility. All looks normal there.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24862052

The two locations mentioned above are nothing to be concerned about, considering they're not CurrentControlSet (they're last known good configurations).

How about scripts? Did someone change the DNS servers before and have a NetSh script running somewhere to fix them? The registry being clear rules out any other policies.

Chris
0
 

Author Comment

by:neil1997
ID: 24862204
Do you mean like a logon script or something? Do you think that this script may be still running and causing this?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24862245

It's possible, you're already eliminated group policy, stale registry entries and rogue DHCP servers so it couldn't hurt to look.

Might also be worth a look at seeing if this happens on a brand new desktop build (if you can at all), and a machine not joined to the domain. They should help see if it's a domain resident problem, a problem with DHCP (pretty unlikely) or a problem with certain system builds.

Chris
0
 

Author Comment

by:neil1997
ID: 24913346
Process Monitor is showing that the svchost.exe process is deleting the proper DNS settings shortly after reading the registry keys for TCP/IP parameters in the "CurrentControlSet" (which are correct). And then it replaces "CurrentControlSet" registry keys for DHCPNameServer and NameServer to the old DNS IP address!

Any thoughts about this?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24913739

Did you manage to try a system which is not part of the domain?

Chris
0
 

Author Closing Comment

by:neil1997
ID: 31603654
Somehow the entries in the current controlset in the registry were being reset to the previous control sets. We just stopped using DHCP to configure the workstations DNS servers. We just set them all statically as a workaround. After other things settle down, we will attempt to set them to DHCP again.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
An article on effective troubleshooting
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question