Outsourced
asked on
Can't Ping DC with name
Hello friends :-)
i added a new server on a network , there is around 10x more server exist
on new server i can ping all other servers , from all other servers i can ping new server too ( by name and by IP)
BUT ... from Domain Controler , i can't Ping the new server by name !!!
Roles on DC : DC is just DC + DHCP + DNS
in DNS ( dnsmgmnt ) i can see this new server's name + IP and all other servers !!!!
in TCP/IP config , on WINS tab , i can see it's set as "enable LMHOSTS lookup"
and NetBios Settings= Default : Use Netbios settings from DHCP server .... blah blah blah
will be happy if you guys help me step by step about this :-)
Regards
Outsourced
i added a new server on a network , there is around 10x more server exist
on new server i can ping all other servers , from all other servers i can ping new server too ( by name and by IP)
BUT ... from Domain Controler , i can't Ping the new server by name !!!
Roles on DC : DC is just DC + DHCP + DNS
in DNS ( dnsmgmnt ) i can see this new server's name + IP and all other servers !!!!
in TCP/IP config , on WINS tab , i can see it's set as "enable LMHOSTS lookup"
and NetBios Settings= Default : Use Netbios settings from DHCP server .... blah blah blah
will be happy if you guys help me step by step about this :-)
Regards
Outsourced
Disable your windows firewall and try once.
Rad, he states in the question that he can ping the server from everywhere but the DC. The windows firewall, even if configured on the DC, would not stop him from pinging out. Correct?
Jas,
correct, but some time it happens,
This following procedure can help you to find out the exact issue
1) ping 127.0.0.1, if fails
2) verify that the computer was restarted after TCP/IP was installed and configured
3) type - route print and share us the result
4) Ping the IP address of the default gateway
5) Ping the IP address of the DNS server
If all working, do a dcdiag test and see the report
6) from your new DC type - C:\>nltest /dsgetdc:(domain name) /force
7) Finally try to remove the A record from forward lookup zone from your DNS and Add once again and add an PTR record too and try.
correct, but some time it happens,
This following procedure can help you to find out the exact issue
1) ping 127.0.0.1, if fails
2) verify that the computer was restarted after TCP/IP was installed and configured
3) type - route print and share us the result
4) Ping the IP address of the default gateway
5) Ping the IP address of the DNS server
If all working, do a dcdiag test and see the report
6) from your new DC type - C:\>nltest /dsgetdc:(domain name) /force
7) Finally try to remove the A record from forward lookup zone from your DNS and Add once again and add an PTR record too and try.
are you assigning ip details via DHCP? Do you have the dns suffix configured?
this option can be configured within DHCP : Use Scope Option 135
this option can be configured within DHCP : Use Scope Option 135
windows firewall is a system state firewall. This means if the computer didn't start the conversation, it will block certain ports, (including ICMP echo (((menaing Ping))) and Netbios transaltion, meaning ping by name)
You will not be able to ping the server by clients and server, but you will be able to ping itself by name, because of the nature of a system state firewall.
RAD is right, disable or better yet make exceptions to the system state firewalls from blocking Netbios traffic. On windows firewall, allow it to provide file and print sharing. Another system state firewall is McAfee Total protection. Another one is ISA firewall, that blocks everything without manual edits to the firewall.
RAD is right that Windows firewall will prevent Other computers from pinging this server, but the server can ping itself.
You will not be able to ping the server by clients and server, but you will be able to ping itself by name, because of the nature of a system state firewall.
RAD is right, disable or better yet make exceptions to the system state firewalls from blocking Netbios traffic. On windows firewall, allow it to provide file and print sharing. Another system state firewall is McAfee Total protection. Another one is ISA firewall, that blocks everything without manual edits to the firewall.
RAD is right that Windows firewall will prevent Other computers from pinging this server, but the server can ping itself.
ASKER
Hi friends ....
thanks for help :-)
ok , let me answer some of your questions ...
i used static IP for that server ....
Windows Firewall is Down ( Disabled)
have "TrendMicro-Worry Free" as security on all servers
ping the 127.0.0.1 was successful
server restarted 3x times for installing updates , so it's OK ;-)
Route Print command have this result :
>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>> >>>>
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\administrator.TES T-DOMAIN.0 00>route print
IPv4 Route Table
========================== ========== ========== ========== ========== =========
Interface List
0x1 .......................... . MS TCP Loopback interface
0x10003 ...00 16 35 5c 48 4e ...... HP NC7782 Gigabit Server Adapter
0x10004 ...00 16 35 5c 48 4d ...... HP NC7782 Gigabit Server Adapter #2
========================== ========== ========== ========== ========== =========
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.45.0.1 10.45.0.15 20
10.45.0.0 255.255.255.0 10.45.0.15 10.45.0.15 20
10.45.0.15 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.45.0.15 10.45.0.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.244.167 169.254.244.167 10
169.254.244.167 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.244.167 169.254.244.167 10
224.0.0.0 240.0.0.0 10.45.0.15 10.45.0.15 20
224.0.0.0 240.0.0.0 169.254.244.167 169.254.244.167 10
255.255.255.255 255.255.255.255 10.45.0.15 10.45.0.15 1
255.255.255.255 255.255.255.255 169.254.244.167 169.254.244.167 1
Default Gateway: 10.45.0.1
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
C:\Documents and Settings\administrator.TES T-DOMAIN.0 00
<<<<<<<<<<<<<<<<<<<<<<<<<< <<<<<<<<<< <<<<
ping on default GateWay was successful (10.45.0.1)
Ping on DNS was successful (10.45.1.10)
so i should do couple more tests
will be happy to answer your questions :-)
btw , do you thing editing a Host record will help ? as you know add the server on ....\system32\drivers\etc\ lmhosts ?! <<< never done that befor , not sure about this part !
thanks for help :-)
ok , let me answer some of your questions ...
i used static IP for that server ....
Windows Firewall is Down ( Disabled)
have "TrendMicro-Worry Free" as security on all servers
ping the 127.0.0.1 was successful
server restarted 3x times for installing updates , so it's OK ;-)
Route Print command have this result :
>>>>>>>>>>>>>>>>>>>>>>>>>>
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\administrator.TES
IPv4 Route Table
==========================
Interface List
0x1 ..........................
0x10003 ...00 16 35 5c 48 4e ...... HP NC7782 Gigabit Server Adapter
0x10004 ...00 16 35 5c 48 4d ...... HP NC7782 Gigabit Server Adapter #2
==========================
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.45.0.1 10.45.0.15 20
10.45.0.0 255.255.255.0 10.45.0.15 10.45.0.15 20
10.45.0.15 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.45.0.15 10.45.0.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.244.167 169.254.244.167 10
169.254.244.167 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.244.167 169.254.244.167 10
224.0.0.0 240.0.0.0 10.45.0.15 10.45.0.15 20
224.0.0.0 240.0.0.0 169.254.244.167 169.254.244.167 10
255.255.255.255 255.255.255.255 10.45.0.15 10.45.0.15 1
255.255.255.255 255.255.255.255 169.254.244.167 169.254.244.167 1
Default Gateway: 10.45.0.1
==========================
Persistent Routes:
None
C:\Documents and Settings\administrator.TES
<<<<<<<<<<<<<<<<<<<<<<<<<<
ping on default GateWay was successful (10.45.0.1)
Ping on DNS was successful (10.45.1.10)
so i should do couple more tests
will be happy to answer your questions :-)
btw , do you thing editing a Host record will help ? as you know add the server on ....\system32\drivers\etc\
I'm still a bit confused if you can ping the DC by IP, just not by name? If you can ping it by IP, the hosts file could provide a temporary fix. You would edit system32\drivers\etc\host. Follow the format and enter the server name and IP address. If this is the case, you have to have some type of DNS issue going on. Can you please provide me with a printout of a tracert to that server name? Thanks.
Don't confuse DNS resolution with Netbios resolution.
The HOST record resolve DNS and shoud NEVER be configured if you have a DNS server. In fact, Win7 removes the HOST record from the operating sytem. There should be absolutely NO Need to configure a HOST file......
The LMHOST file is used for Netbios resolution. Yes by netbios name to IP. This should only be configured if you do not have a legitimate WINS server AND need to communicate to shares that are outside the broadcast domain. (Meaning on different LANS)
Let's try a couple easy tests:
Ping xxx.xxx.xxx.xxx
This ping is to show you can ping using the ARP table
Ping computername.domain.name
This ping show you that you can resolve DNS entries
Ping computername
This ping shows you can resolve Netbios name resolution.
The different context of ping provides three different things you are troubleshoting. If you can resolve by IP and DNS, then you have a problem with netbios.
The HOST record resolve DNS and shoud NEVER be configured if you have a DNS server. In fact, Win7 removes the HOST record from the operating sytem. There should be absolutely NO Need to configure a HOST file......
The LMHOST file is used for Netbios resolution. Yes by netbios name to IP. This should only be configured if you do not have a legitimate WINS server AND need to communicate to shares that are outside the broadcast domain. (Meaning on different LANS)
Let's try a couple easy tests:
Ping xxx.xxx.xxx.xxx
This ping is to show you can ping using the ARP table
Ping computername.domain.name
This ping show you that you can resolve DNS entries
Ping computername
This ping shows you can resolve Netbios name resolution.
The different context of ping provides three different things you are troubleshoting. If you can resolve by IP and DNS, then you have a problem with netbios.
ChiefIT is right. I was mistaken. Sorry about the confusion.
ASKER
@ Jsblanton:
yep , i can ping DC from new server by Name and IP
but from DC , i can't ping new server by name , can ping it by IP
from DC and new server i can ping all other servers by name and IP
yep , i can ping DC from new server by Name and IP
but from DC , i can't ping new server by name , can ping it by IP
from DC and new server i can ping all other servers by name and IP
ASKER
@ChiefIT:
test results :
1 - DC= it's OK , i can ping any other servers by IP !!!! Other servers = it's OK
2 - DC= just can ping it self by this method , not other servers !!!! Other servers = it's OK
3 - DC = can ping all servers but not new server !!!! Other servers = it's OK
btw , thanks for nice explaining for HOST and LMHOST , i didn't know that difference ;-) :-P
test results :
1 - DC= it's OK , i can ping any other servers by IP !!!! Other servers = it's OK
2 - DC= just can ping it self by this method , not other servers !!!! Other servers = it's OK
3 - DC = can ping all servers but not new server !!!! Other servers = it's OK
btw , thanks for nice explaining for HOST and LMHOST , i didn't know that difference ;-) :-P
The firewall is actually disabled, not just the service stopped right? Do you have any other software firewalls running? How about AV? Have you tried temporarily disabling it and seeing if you can ping then?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"ChiefIT:
oh , you was right about test 2
on DC , preferred DNS was router , so i changed it to 127.0.0.1 and now it works fine BUT still can't ping that new server with this method , can ping other servers
test 3 : in Connection Properties , i can see "File and Printer Sharing For Microsoft Networks" is checked on both servers
i couldn't find the "Browser" services under Administrative tools>Services
as i said , on Advanced TCP/IP Setting , on NetBios setting , it's set by : Use NetBios settings from the DHCP ..... attaching the image of it
hhmm , you are really good , your Guides is verry good too :-)
ok , so what's the next test / step i should do ? ;-) :-)
NetBios.png
oh , you was right about test 2
on DC , preferred DNS was router , so i changed it to 127.0.0.1 and now it works fine BUT still can't ping that new server with this method , can ping other servers
test 3 : in Connection Properties , i can see "File and Printer Sharing For Microsoft Networks" is checked on both servers
i couldn't find the "Browser" services under Administrative tools>Services
as i said , on Advanced TCP/IP Setting , on NetBios setting , it's set by : Use NetBios settings from the DHCP ..... attaching the image of it
hhmm , you are really good , your Guides is verry good too :-)
ok , so what's the next test / step i should do ? ;-) :-)
NetBios.png
ASKER
That is best / Easiest explaination i ever seen
ipconfig /flushdns
ipconfig /registerdns
See if you can ping it then. You may also want to make sure there is no manual entry for that IP in the hosts file. If that doesn't work, post the results of a tracert from the DC to the server in question.