XP client loses contact with DC (2000)

Hi All,

I've already searched EE for hours but can't quite find a solution to my exact problem, so thought I better post my dilemma.

I have a Windows 2000 DC (don't ask) with AD, DNS, DHCP, etc and 120 XP clients. Things have been running happily without issue until recently when a small number of random XP clients would lose their connection with the domain. I think I've narrowed it down to (some) PC's that have been shutdown for a week or more (staff on holidays, or not in use).

Once powered on, the affected PC takes 20+ mins to login, after which the user discovers that they can't access any AD resources (login script, email, etc). Upon further inspection, the affected PC can ping other network devices/servers by IP address, but not by name. BUT, the weird thing is that it can't ping the DC by IP (and vice versa)! Other servers can ping the affected PC's by both name and IP... just not the DC.

The affected clients can still renew their IP via the DHCP. The AD server has been set as the sole DNS server on all client NICs (and the server NIC itself). DHCP leasing is set to 4 days. Nslookup fails (timeout) on the affected PC's. The PC's still have an entry in DNS.

To get around it in the interim, I re-image a spare PC for them (which logs in fine afterwards) but I can't keep that up for much longer. I'm sure its DNS-related (or maybe DHCP's interaction with DNS?), but I'm not sure which steps to take to resolve it.

I'd appreciate any clues/feedback.
Cheers

 
russco76Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

conradjonesCommented:
as it can't ping the server, it is unlikely to be able to resolve DNS queries. so yes this is definately your issue.

can you telnet onto any ports on the server from the affected workstation? telnet server.domain.local 53

can you post here a ipconfig /all

from the server
from the affected workstation
and from the working workstation
0
russco76Author Commented:
thanks for your quick response conradjones - just leaving the office but will provide extra info in the morning.
0
dnebraskiCommented:
On the problem computers set a static IP address and gateway. See if your connectivity comes back. I have experienced certain situations where DHCP fails on the client side. Update your network drivers and make sure all operating systems have the latest service packs including the servers.

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

russco76Author Commented:
@dnebraski: thanks for your feedback. Assigning a static IP (then rebooting) did allow it to connect back to the domain (and ping server names, etc). Am in the process of updating the NIC driver then will try DHCP again and post the result.

so until then, my next question is: how did this issue occur in the first place (and how can it be avoided)? is it purely driver-related, or hardware-related (ie. dud NIC)? All of my desktops are the same make/model,  are only 3 years old, and use the same XP image (ghost) with the same drivers... yet only a small handful encounter this problem.
0
russco76Author Commented:
ok - the affected xp client already had the most up to date nic driver, and patches are all good... but still no luck when switching back to DHCP.

I then applied a static ip to the PC using the same IP address that DHCP usually gave it (192.168.x.52) - the connectivity was lost again. So I set a reservation for that IP (so it would not be re-allocated), then renewed the IP address of the client so its now got 192.168.x.191. Domain connectivity was restored.

I then checked the DNS on the DC, and found that the Reverse Lookup Zone had this new record, BUT the Forward Lookup Zone didn't. The Forward zone still contained the entry for the previous IP address (192.168.x.52). So when you try to ping this PC's hostname from another client, it would look for 192.168.x.52.

I then ran the cmd from the PC ipconfig /flushdns, then /registerdns and the client had the following error in Event Vwr (Source: Dnsapi, EventID: 11163):

===========
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
   Host Name : WKSxxxxxxx
   Primary Domain Suffix : xx.local
   DNS server list :
           192.168.x.10
   Sent update to server : 192.1.1.1
   IP Address(es) :
     192.168.x.191

 The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

 You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
==========

I'm not sure where 192.1.1.1 is coming from, as the DNS/DC server is 192.168.x.10???




0
dnebraskiCommented:
I believe the address 192.1.1.1 has no relevence, but is part of the EventID message. Searching this event myself turned up this link:

http://www.eventid.net/display.asp?eventid=11163&eventno=1746&source=DnsApi&phase=1

DHCP is your problem, so you might try the steps toward the end of the page. Let me know how it works out for you.  Good Luck!
0
dnebraskiCommented:
One more thing I just thought of. I have resolved this issue by removing the suspect computer from the domain, and after a reboot, add it back in. I think it was related to a cloned machine. Give it try.
0
russco76Author Commented:
@dnebraski: yep, DHCP was definitely acting strange and your tips got me on the right track. I tried manually removing from domain, rebooting, then re-attaching - but that didn't really work (due to the problem DHCP-assigned IP not finding the DC). In the end, I manually removed all DNS and DHCP entries relating to the affected PC's, deleted them from the domain, then re-imaged them and they connected to the domain and correctly updated the DNS, etc.

Cheers for the help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.