Solved

DNS access issue over a corporate LAN

Posted on 2011-03-07
16
990 Views
Last Modified: 2012-05-11
We have two networks, two separate domains connected via an MPLS connection.  On either side of the network is an ASA firewall and on my side of the network this simply acts as a router sending all internal Internet traffic out to our ISP and all other traffic to the other network.  Both networks carry the other sides DNS added locally as a secondary zone.  On my side we push out a domain suffix list via group policy including both domains.  Based on this we access a JDE ERP system in the second network and connect via IE over the MPLS to the servers in the second network.  

The problem arrives with users on our network that has fixed IP addresses.  At seemingly random intervals they lose connection to the ERP servers in the other network.  This issue always resolves itself after a brief loss of connection but can happen several times a day or hour.  When I look at these stations IP and DNS seem fine and I can resolve pings to the other network but cannot access the JDE servers.  Users on DHCP are not affected.

This seems like a DNS issue but I am struggling to resolve it.  

Any thoughts or ideas are welcome.      
0
Comment
Question by:DHPBilcare
  • 7
  • 5
  • 2
  • +1
16 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
I suspect it is not DNS-related since presumably the DHCP and non-DHCP clients are using the same DNS servers. Check the NIC properties on the problem clients to be sure that "Enable NetBIOS over TCP/IP" is checked.  
0
 
LVL 18

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 150 total points
Comment Utility
It doesn't really sound like DNS to me. I would check the TCP/IP settings on all your statically configured computers to make sure they have the proper IP addresses and subnets. Also check for IP conflicts and make sure there are exclusions in DHCP for any statically configured nodes. The intermittent problems with the static computers make me think this might be the issue.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
By any chance is the network bandwidth maxing out? This would explain the random and short loss of connectivity. Is it only one site experiencing this issue, if not, maybe its the link where the JDE servers are.
0
 
LVL 17

Expert Comment

by:OriNetworks
Comment Utility
Also agree with above. Make sure there are no IP conflicts and that DHCP has exclusions for the ranges that you have static IP assigned.
0
 

Author Comment

by:DHPBilcare
Comment Utility
Thanks for the quick responses,

I will check the NetBios settings and potential conflicts tomorrow.  

There is only one remote site to the JDE servers and that's us.  If it were a timeout issue with the link presumably this would affect all clients and not just the ones on fixed IP?    
0
 

Author Comment

by:DHPBilcare
Comment Utility
We dont currently have exclusions for the IP's in question but they are out of range of the pool of available IP's for DHCP.
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
Comment Utility
As long as they're out of the range then you should be fine. Can you shutdown one of the computers that is having issues and then ping it's IP address and see if anything responds? (Ideally you would do this for all the computers having issues)
0
 

Author Comment

by:DHPBilcare
Comment Utility
Definetly not an IP conflict.

Not sure what else I can test.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 350 total points
Comment Utility
What you need to do first is to be sure that all workstations are using the same TCP/IP settings (DNS, NetBios, domain suffixes, etc.). What I would recommend if possible  is to use DHCP reservations for the workstations that need static IPs, instead of using manually assigned static IPs. That way, those workstations would still get the benefit of the DHCP scope options, and you would be assured that TCP/IP settings are consistent across all workstations. Once you've done that, if those workstations are still having problems, then we need to look elsewhere to figure out what's happening.
0
 

Author Comment

by:DHPBilcare
Comment Utility
Interesting...

I push out a DNS suffix list to all clients which includes the two domains.  

One one of the affected coputers I added the suffix list locally and for a week know it has not had any issues.  However the other affected clients are all on Windows 7 and the options to amend the local suffix is greyed out...  
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
You'd definitely have to have administrator rights to change these settings, but I assume you are logged on with local admin rights and it's still greyed out?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
See if this thread is helpful - it seems to have some suggestions on how to enable this:

http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/76d07f31-62d6-4648-a3e2-7e6e16791363
0
 

Author Comment

by:DHPBilcare
Comment Utility
Thanks for that.  The options are still greyed out on the MS7 client.  
0
 

Author Comment

by:DHPBilcare
Comment Utility
Can't explain why but the user reports that the problem has seemingly resolved itself with no explanation as to why??  

The only thing that has changed is that he has installed SP1??  

I will watch how this goes for a few more days and then close the question.  
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
Weird. I wonder if SP1 has some sort of update to the NLA function or something like that.  I have experienced some strange problems with NLA on Vista machines but haven't ever had an issue with a Windows 7 workstation.
0
 

Author Comment

by:DHPBilcare
Comment Utility
The problem has resurfaced after two days.

I've added the affected user onto a DHCP reservation and see if this works.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now