Link to home
Start Free TrialLog in
Avatar of smtsol
smtsol

asked on

Local DNS not refreshing after reboot

Good day experts,

I have a large problem with the local DNS cache on about 1500 computers.

To get more specific:

The network was converted from Novell Netware 6 to Window Server 2008 Enterprise Education edition (ADDS, DNS)

Novell Client for Windows and all other TCP/IP add ons for Novell were removed

Each computer is statically set with IP, Subnet, Gateway, Primary DNS (DNS Server =  2008) and ISP DNS

Each NIC is set to register with DNS


Problem:

When the computers are rebooted, they lose the ability to resolve by DNS Hostname. The computers will ping the server by IP.  Thus, each computer has to have the connection repaired, an ipconfig /flushdns -> ipconfig /registerdns done every single time.

 This causes the mapped home folders (set in the profile tab or through a logon script) to not map.  All logon scripts set through GPO are not hitting either.

Doing a ipconfig /display DNS before the flush/register, shows that the hostname pinged, site and logon directories cannot be resolved.

I have used nslookup to try and troubleshoot. When I enter the hostname of the file server or DNS server, it returns the proper IP. I can also see the NameServers

I am at a loss and need to find an answer.  Any help will be GREATLY appreciated.
Avatar of IT-Monkey-Dave
IT-Monkey-Dave
Flag of United States of America image

When this happens, can the affected systems ping an outside host by name, like ping www.google.com ?  In other words is it only internal DNS that's failing but external DNS lookups work?
http://support.microsoft.com/kb/299357/en-us

reset windows tcip stack to defaults

guessing removal of Novell probably corrupted settings.
First off, I would suggest you remove the ISP DNS entry as the secondary DNS server.  You don't want your client computers querying the ISP's DNS for your local DC, which it will never find.  So, in your situation, you have only one DNS server and it is your DC.

Also, I assume your client computers are joined to the domain, and you are logging in to the computers with domain credentials, not local credentials.  Are those assumptions correct?
Avatar of Ben Personick (Previously QCubed)

Sounds like both the previous posts get part of this right.

First, as a band-aid, add these lines @ the begining of your logon batch script:

IPConfig /FlushDNS
IPConfig /RefreshDNS

At least that Will solve the immediate problem for most users.

Next because it's quickest, set the DHCP server setting your DNS settings on the clients to serve thE IP addresses of  your primary and secondary domain controllers.

 Also, set the DNS forwarding for Each DC's DNS server to be the ISP's DNS Server.

  Client requests sent to the ISP to register their NICs will be rejected, and may cause you issues with DNS.

Finally, whenever you un-install software which integrates with or extends TCP/IP on any machine, you should re-install the TCP/IP stack on that machine as best practice because there is a huge potential for problemS with a machine both immediately and later on if you do not.  


Avatar of smtsol
smtsol

ASKER

Hey experts.  Sorry for the delay in response.  Been trying to use your suggestions in the way given as well as finding different combinations and solutions, plus do the rest of the job.

IT-Monkey-Dave:
Yes they can all ping an outside IP.

Greg_Hejl:
I have tried repairing the TCP/IP Stack.  This worked on one computer.  As I continued to use this method the other computers that I touched were hit and miss on fixing the problem.

pmanno:
removing the DNS also seemed to increase the chances that someone would get their map drive and logon script, but it was still not consistent.  Yes they are all part of an ADDS domain and logging on with domain credentials.

QCubed:
As per the others, I tried repairing the TCP/IP stack, removing the DNS of the ISP, and also took a fresh install of a PC and put it on the network. There is still the problem with consistency of logging into the domain and getting the mapped network drive through the profile and getting the logon script.

There is also a new symptom.  Whenever someone with a GPO logs in, there is a bout a 35% chance that the policy will apply, whether it be a computer configuration or a user configuration. This is still a mystery.
If even a fresh install gives you issued the problem is on your servers or network infrastructure.

If you statically assign yourt DNS servers on the newly installed machine does that resolve the DNS issue?

How are your networks configured?

(  I know you said the client IPs are static, but I assume that you left DNS non-static.  If so how are you assigning the DNS servers network-wise - that is to say: ar you using DHCP forwarding or are you putting a DHCP server on each segment, or are you putting the DHCP server in the router for each segment.
?)
Time to break out the wireshark and check comms on the wire.  start with your AD servers and work around to the computers that are having issues

look at dns and ad traffic,  also dhcp services.

its easy to pick out the packets that are failing.  

run dCDiag /fix on your AD servers.  gpupdate /force will refresh GPO - shark this

if you upload the pcap's, we'll need a network diagram, with switch ports pls

also check event logs for failures relating to DNS, group policy, and dhcp
Is there a firewall between the workstations and the server?
Avatar of smtsol

ASKER

QCubed:
I have the DNS statically set on some computers that I am having issues with.  This will map their home folder set in the ADDS profile, but will not run the GPO.  We do not have any DHCP servers (Server 2008 or router) that are in play.  
We have:
4 locations
1 Server 2008 with ADDS and DNS installed at 3 locations
      - Sites and Services is configured under AD
      - Each location has its own DNS
1 Server 2008 with File and Application Services installed at same locations
Each site has multiple VLANS through a SGE2000 (configured L3)
The SGE2000 feeds to SRW2048's and some other legacy switches throughout the site
Each site has a RVS4000 router between the SGE2000 and the ISP
Avatar of smtsol

ASKER

pmanno:
The firewalls are all disabled
Avatar of smtsol

ASKER

Greg_Hejl:
Ran the DCDIAG /FIX
found some issues that were resolved.

Haven't got wireshark installed on anything yet.

Will work on it.
Avatar of smtsol

ASKER

QCubed:
The mapping of the profile home drive is after removing the ISP DNS entries on the computer.  That is now consistent.  Just working on the GPO problem.
smtsol: when you say that the firewalls are all disabled, are you talking about a software firewall or a hardware firewall?
Avatar of smtsol

ASKER

Greg_Hejl:
Installed WireShark on the DC.  Ran a capture with the filter set to DNS.  I am getting clean (as in not the wireshark marking them as bad) packets from my DC to the ISP DNS.  There are also clean packets that come with the lable of LMNR to computers that are on the network.

All other DNS packets are coming back as bad with the error of what is in the attached doc.
Doc1.doc
Avatar of smtsol

ASKER

pmanno:
Windows firewall on the computer....sorry for not clarifying.
Have you checked your NIC drivers in the server?  Are they up to date?  Do you have another network card in the server that you could try to use instead?
Avatar of smtsol

ASKER

All of the servers are brand new and up to date.  Have done a clean install with the drivers from the manufacturer.  I have tried using the other NIC's as the DNS but the same response.
smtsol: Sorry, I should have asked this question instead, are the workstations and the DC on the same subnet or is there a router/bridge between them?
Avatar of smtsol

ASKER

The workstations are all on VLANS.  Each is segmented into different subnets.  The DNS and File server are all on the management VLAN
okay, so DNS is resolved and drive mapping is resolved so your issues are only applying the GPO now, is that correct?
SOLUTION
Avatar of pmanno
pmanno
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of smtsol

ASKER

Thanks all.  These steps did not solve the initial problem, but have pointed me into the right direction to solve it.  I am drilling down into my network and checking all the configurations of the switches to see where I am dropping packets.  Weird, though, the computers seem to be holding group policy unless a totally new user logs in.  Then, it applies some group policy, but not all.  Will have to figure out.  Thanks again.