new DC doesnt allow clients to connect to resources on old subnet

AshridgeTechServices
AshridgeTechServices used Ask the Experts™
on
Hi Guys

This has been driving me mental because im sure i've forgot something.
Basicaly our offices in london are moving, and they are getting a new dc, which will do dhcp and dns for there branch office.

I have setup the dc, connected it to our current domain and replicated it with the other domain controllers. everything appeared to have gone fine, machines can be joined to the domain from the new domain controller, and i have been able to log in to the domain from a client attached to that domain controller.
However i cannot figure out why i cant ping any thing on the old subnet, despite nslookup resolving the names/ip's correctly i cannot connect to or ping anything on the other subnet. i simply get a request timed out error, there is also currently no firewall to prevent it working.

Ive been over the dc settings a million times, and everything appears to be setup correctly, but i must have missed something.

Any help would be much appreciated
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
bluntTonyHead of ICT
Top Expert 2009

Commented:
So the ping request is resolving the name correctly to the right IP, but the ping times out? So you can't ping by IP either?
How is your VPN set up between the two sites? What are you using for the VPN, and for the routing between the two subnets? Have you checked the routing tables on your routers to ensure they 'know' where the other subnets are?

Commented:
To resolve this problem... clean your dns client cache and netbios cache...run=> cmd => ipconfig /flushdns and use nbtstat -R

use this command on your others machines also.



Plus that is best to use a router when you have more than one subnet !
Thanks for the quick respones.

yes if you ping a name it resolves the correct ip, but all i get is request timed out.

Currently there is no vpn set as the kit is being assembled at our main office, so ive simply plugged a cable in from the live network onto the switch which will be used at the office. the vpn will be setup later.

running netstat -r on the domain controller does show the other subnet in the routing table, however doing so from the client does not.

While everything at first appeared to be fine, i have now found that running the monitor for the dns results in a failure for both simple and recursive querys.

Thanks again
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

bluntTonyHead of ICT
Top Expert 2009

Commented:
In order for the two subnets to talk to each other, you need some sort of routing in place.
When you say that the routing table is showing the other subnet on the DC, do you mean this is performing the routing then, i.e. two NICs, one on one subnet, one on the other, and you've got RRAS running on it?
Client's routing tables don't generally include other subnets, but they will need their default gateway set up. Then on the default gateway, the route has to be configured here. So if your using an RRAS server, your clients need to have the IP of the local NIC on the RRAS server as their default gateway, and then a static route needs to be added for the other subnet, sending traffic for that subnet out on the NIC connected to that subnet.
Simply connecting two different subnets into the same switch will not give you comms between them. Switches are layer 2 (at least classically) and you require layer 3 routing which is provided by a router.
Please let me know if I have misunderstood.
Tony.

Commented:
Try to set in a client static ip and set your DNS servers IP also.
Can you ping ?
Is your new DC in your DHCP scope ?
Yes the server is configured with 2 nics. i had also missed adding the static route, however i have now added it and still receive the same problem.

i must admit ive never really setup static routes before so ive probably got it wrong, the connection im trying to make is from 172.16.101.x on 255.255.254.0 with default gate 172.16.100.16 to 172.16.32.x on 255.255.224.0 with gate 172.16.32.3 .
bluntTonyHead of ICT
Top Expert 2009

Commented:

172.16.101.0 with a subnet mask of 255.255.254.0 is an invalid network ID. Part of that IP address is in the host portion so it can't be a network ID, it's actually a host address on the network 172.16.100.0 (255.255.254.0). Now if you made the subnet mask 255.255.255.0 that would make life easier!
Commented:
For the the network 172.16.100.0 The Host Address Range is : 172.16.100.1 - 172.16.101.254

For the the network 172.16.32.x with 255.255.224.0 subnet your Host Address Range is :172.16.32.1 - 172.16.63.254

Check these links:
http://krow.net/dict/subnet.html 
http://www.subnet-calculator.com/subnet.php?net_class=B  (IP calculator)

The only thing that is causing this is 99% the router so ...
You can view your workstations ARP table by typing arp a from a command prompt.
Deleting the ARP cache is just as simple and can be done from a command prompt by typing netsh interface ip delete arpcache.
Right so i changed the settings you suggested, changing the subnet etc, yet i still have exactly the same problem. did abit more reading on the routing and ive got it setup with static routes to and from the other network segment, i also setup the dhcp relay agent, to which ive noticed alot of rejected packets coming in from the other network. could this be causing the ping and connection fails?
bluntTonyHead of ICT
Top Expert 2009

Commented:
HI there, just to get things clear, could you post the exact setups of the two subnets? Example:
Network ID: 192.168.1.0 (255.255.255.0)
Default Gateway : 192.168.1.254
Then also post us ipconfig /all from one client on each subnet that you are trying to ping between?
I'm afraid it's quite hard to get a clear picture of what's going on without this info to hand. Also what would be great would be a screenshot of the routing table from the RRAS server showing the routes between the subnets.
Thanks!
Hi Guys,

Thanks for the help, timoros was closest to the actual fault. fixed it in the end.

Cheers

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial