raisharad
asked on
Windows 2008 Network issue
Hi,
We are switching to new T1 provider. We were testing the new T1 by changing the F/W WAN IP. All of the Windows XP/Vista and Windows 2003 32 bit machines are able to ping the new gateway address, except Windows 2008 and Win2K3 "R2" 64Bit machines. Since Win2K8 is also a DNS server, it brings the entire network down when we connect it to the new T1. Windows clients can't connect to Internet with internal DNS address(es), but when changed to public DNS addresses, they do...
All these machines are on the same IP subnet, yet only these two "R2" and 64Bit machines can't ping the new Internet Gateway address. It can however ping IP on the LAN side of the F/W, but not beyond that.
Am I missing steps here? Since this is urgent I need some expert help desperately!!!
Thanks,
Sharad
We are switching to new T1 provider. We were testing the new T1 by changing the F/W WAN IP. All of the Windows XP/Vista and Windows 2003 32 bit machines are able to ping the new gateway address, except Windows 2008 and Win2K3 "R2" 64Bit machines. Since Win2K8 is also a DNS server, it brings the entire network down when we connect it to the new T1. Windows clients can't connect to Internet with internal DNS address(es), but when changed to public DNS addresses, they do...
All these machines are on the same IP subnet, yet only these two "R2" and 64Bit machines can't ping the new Internet Gateway address. It can however ping IP on the LAN side of the F/W, but not beyond that.
Am I missing steps here? Since this is urgent I need some expert help desperately!!!
Thanks,
Sharad
ASKER
Hi Stefankamp,
My Win2K8 DNS server when on new T1 does not ping the new gateway address which is on the vendor's router. Since the new gateway is unpingable from this server, it gets no Internet connection. I see RED cross sign on the Internet connection. TRied disabling/enabling, nothing works.
I'm sure as soon as this server is able to see the Internet, it will also start resolving external DNS addresses. Remember, two other older Windows 2003 servers can ping any addresses with no problem.
I hope I'm clear.
Thanks,
Sharad
My Win2K8 DNS server when on new T1 does not ping the new gateway address which is on the vendor's router. Since the new gateway is unpingable from this server, it gets no Internet connection. I see RED cross sign on the Internet connection. TRied disabling/enabling, nothing works.
I'm sure as soon as this server is able to see the Internet, it will also start resolving external DNS addresses. Remember, two other older Windows 2003 servers can ping any addresses with no problem.
I hope I'm clear.
Thanks,
Sharad
I would try as Stefan suggested and try to do a traceroute to an external IP. 4.2.2.1 always works. The traceroute will show you at what point the connection is failing. To do a traceroute open a command prompt and type "tracert 4.2.2.1" and post the results here.
I would also verify the IP settings of the server and ensure that it's using the correct Default Gateway.
If the traceroute works, I would verify that the DNS server has it's forwarders configured with your new ISP's DNS servers, if you still have the old settings resolution won't work.
I would also verify the IP settings of the server and ensure that it's using the correct Default Gateway.
If the traceroute works, I would verify that the DNS server has it's forwarders configured with your new ISP's DNS servers, if you still have the old settings resolution won't work.
ASKER
Hi AlwaysOn_IT,
I forgot to mention that I had done multiple traceroutes on this server. It goes up to the router and then all asterisks. From the Cisco router, I can ping this server.
Every other Windows computers ping except the Windows R2 and Windows 2008 64 bit machines. Strange!!!
Thanks,
Sharad
I forgot to mention that I had done multiple traceroutes on this server. It goes up to the router and then all asterisks. From the Cisco router, I can ping this server.
Every other Windows computers ping except the Windows R2 and Windows 2008 64 bit machines. Strange!!!
Thanks,
Sharad
You are almost clear to me :)
- Are you able to ping the Windows 2008 server (from another host ofcourse)?
- if you do an ipconfig /all on the working 2003 machine, is the result exactly the same when you do ipconfig /all on the windows 2008 machine (except for it's own IP address)?
- does the "route print" give the same results for both machines?
- is the private address of your vendors router in your network (same subnet as your client/servers)?
- Are you able to ping the Windows 2008 server (from another host ofcourse)?
- if you do an ipconfig /all on the working 2003 machine, is the result exactly the same when you do ipconfig /all on the windows 2008 machine (except for it's own IP address)?
- does the "route print" give the same results for both machines?
- is the private address of your vendors router in your network (same subnet as your client/servers)?
ASKER
Hi StefanKamp,
- Yes, I can ping this server from other client machines incl. router
- ipconfig /all result is similar in all client PCs since they get it from the local DHCP server
- "route print" produces the same result on all machines
- Yes, they provided me a sheet with these addresses. (All other computers connect to the Internet if I use public DNS addresses instead of the internal ones)
I can ping any IP and Internet names from the Firewall while being on the new T1 connection.
Thanks,
Sharad
- Yes, I can ping this server from other client machines incl. router
- ipconfig /all result is similar in all client PCs since they get it from the local DHCP server
- "route print" produces the same result on all machines
- Yes, they provided me a sheet with these addresses. (All other computers connect to the Internet if I use public DNS addresses instead of the internal ones)
I can ping any IP and Internet names from the Firewall while being on the new T1 connection.
Thanks,
Sharad
Wow, quite strange behaviour. are you sure that the Windows 2008 server has only one NIC, and maybe you could (temporary) try to change the IP address and default gateway of the Windows2008 server with an address which is absolutely working (for example, you know that at least the workstation are able to get outside, turn off that computer, use that IP address on the Windows2008 server and see what happens?
Do a ipconfig /all on the R2 server post results.
ASKER
Hi dariusg,
We are back to the old T1 and everything is working currently. Here are the outputs of the ipconfig /all from the R2 and Win2K8 servers:
Win2K8:
Windows IP Configuration
Host Name . . . . . . . . . . . . : FS4-EXCH2K7-HS
Primary Dns Suffix . . . . . . . : steiner.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : steiner.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-21-5A-D7-1D-6E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.2.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IPv4 Address. . . . . . . . . . . : 10.2.1.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.2.1.1
DNS Servers . . . . . . . . . . . : 10.2.1.13
10.1.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Win2K3 R2:
Windows IP Configuration
Host Name . . . . . . . . . . . . : fs3-shpoint-hs
Primary Dns Suffix . . . . . . . : steiner.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : steiner.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-18-71-E6-7F-70
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.2.1.23
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 10.2.1.22
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 10.2.1.21
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.2.1.1
DNS Servers . . . . . . . . . . . : 10.2.1.13
10.1.1.2
Thanks, Sharad
We are back to the old T1 and everything is working currently. Here are the outputs of the ipconfig /all from the R2 and Win2K8 servers:
Win2K8:
Windows IP Configuration
Host Name . . . . . . . . . . . . : FS4-EXCH2K7-HS
Primary Dns Suffix . . . . . . . : steiner.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : steiner.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-21-5A-D7-1D-6E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.2.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IPv4 Address. . . . . . . . . . . : 10.2.1.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.2.1.1
DNS Servers . . . . . . . . . . . : 10.2.1.13
10.1.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Win2K3 R2:
Windows IP Configuration
Host Name . . . . . . . . . . . . : fs3-shpoint-hs
Primary Dns Suffix . . . . . . . : steiner.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : steiner.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-18-71-E6-7F-70
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.2.1.23
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 10.2.1.22
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 10.2.1.21
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.2.1.1
DNS Servers . . . . . . . . . . . : 10.2.1.13
10.1.1.2
Thanks, Sharad
So, your 2008 Servers are DNS servers as well, right? They really should be pointing to themselves for primary.
What does the Windows 2003 server do?
When you change the default gateway when you do an ipconfig /all do you see the correct default gateway in there for the Windows 2008 servers? Is the new default gateway on the same subnet?
What does the Windows 2003 server do?
When you change the default gateway when you do an ipconfig /all do you see the correct default gateway in there for the Windows 2008 servers? Is the new default gateway on the same subnet?
ASKER
Hi dariusg,
Yes, 2K8 server is a DNS server and pointing to itselve. The other DNS (10.1.1.2) is on a different subnet on a different location and is a old 2K3 server with AD / DNS acting as a secondary DC. Users on this subnet successfully connects to the Internet via the new T1. These two locations are connected via a private fiber optic connection. The R2 and Win2K8 servers are together on 10.2.x.x subnet. There are two other old Win2K3 servers on the same 10.2.x.x subnet that experience no problems during the switch.
>> What does the Windows 2003 server do?
- Win2K3 R2 server is a member server hosts SharePoint.
I do not touch/change internal gateway address anywhere or on any server. This gateway is the public IP on the vendor's router ourside our firewall. This is the actual gateway to the Internet.
Thanks, Sharad
Yes, 2K8 server is a DNS server and pointing to itselve. The other DNS (10.1.1.2) is on a different subnet on a different location and is a old 2K3 server with AD / DNS acting as a secondary DC. Users on this subnet successfully connects to the Internet via the new T1. These two locations are connected via a private fiber optic connection. The R2 and Win2K8 servers are together on 10.2.x.x subnet. There are two other old Win2K3 servers on the same 10.2.x.x subnet that experience no problems during the switch.
>> What does the Windows 2003 server do?
- Win2K3 R2 server is a member server hosts SharePoint.
I do not touch/change internal gateway address anywhere or on any server. This gateway is the public IP on the vendor's router ourside our firewall. This is the actual gateway to the Internet.
Thanks, Sharad
An ipconfig /all of a working host running on your new T1 line may become handy now, ... along with a route print from both working and not working hosts, as for as far i can see now there seems no issues.
ASKER
Hi Stefankamp,
I will post those two results when I switch to new T1 in next 2 hours. However, I am curious if there is something in R2 and Win2K8 servers that we are overlooking...
That's so bizzare to have such effect only on these two servers and not on every other...
Thanks,
I will post those two results when I switch to new T1 in next 2 hours. However, I am curious if there is something in R2 and Win2K8 servers that we are overlooking...
That's so bizzare to have such effect only on these two servers and not on every other...
Thanks,
Doesn't seem that the 28K server is pointing to itself for DNS but the ipconfig /all above doesn't show that.
Have you tried rebooting the server once you switched over to the new T1
Have you tried rebooting the server once you switched over to the new T1
ASKER
That's what I am planning to do now. I will post the results later.
Thanks,
Thanks,
ASKER
Rebooted the server, no luck. Rechecked routes, ipconfigs etc. no difference... yet these two servers don't ping the new internet gateway address.
Have called MS Pro support and awaiting their call now... Will post how it goes..
Sharad
Have called MS Pro support and awaiting their call now... Will post how it goes..
Sharad
Do these two servers provide any external services? You mentioned sharepoint on one of them, perhaps the FW is still NATing them to the old IPs while your WAN IP is on the new T1?
ASKER
Yes Kuoh,
I do have one-to-one NAT-ing on the firewall which I do not change or remove when I'm just testing the Internet connectivity on the new T1. In other words, when I switch F/W WAN IP to the new one, I leave the One-to-One NAT to the same old IP addresses.
OtO NAT table also includes one Win2K3 web server which does ping the new gateway. Strange!!
Thanks,
Sharad
I do have one-to-one NAT-ing on the firewall which I do not change or remove when I'm just testing the Internet connectivity on the new T1. In other words, when I switch F/W WAN IP to the new one, I leave the One-to-One NAT to the same old IP addresses.
OtO NAT table also includes one Win2K3 web server which does ping the new gateway. Strange!!
Thanks,
Sharad
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Kuoh,
I do have one-to-one NAT going including the addresses from the working servers. However, I will try removing all the NAT-ing from the firewall when I test it out again today.
I will post the result later. I have extended my old T1 service by another week.
Thanks,
Sharad
I do have one-to-one NAT going including the addresses from the working servers. However, I will try removing all the NAT-ing from the firewall when I test it out again today.
I will post the result later. I have extended my old T1 service by another week.
Thanks,
Sharad
ASKER
You were right on the money Kuoh!! One-to-One NAT was the issue. Disabled it and bingo, both the servers started pinging the new gateway...
Did not occur to me...
Thanks,
Sharad
Did not occur to me...
Thanks,
Sharad
Let's clear up that the DNS issue for your clients is due to the fact that the Windows 2008 DNS server is not able to query for any records outside its zone, as it is not able to contact an external DNS server. So yes, when you change the DNS settings on your clients, the would be able to resolve, as you are bypassing your own DNS server.
You say that networkconectivity is OK, as you can ping the inside NIC of your gateway. Not sure what the problem exactly is; but at least you should check the following conditions:
1. From your win2k8: do a traceroute to an external address, see if the next hop is your new gateway. if not; your default gateway on the NIC has been set incorrectly. To be sure, do a route print and look for any misconfigured routes which may have been entered manually in the past.
2. check if the firewall allows traffic from your Windows 2008 machine to outside. See the logs for any dropped packages.