asked on

Client Computers cannot ping gateway on LAN

Hello,

I'm having trouble with client computers getting on the internet through the gateway. Approx 150 clients.

DHCP server is issuing all the correct information to clients and AD is authorized and working properly. I noticed that:

1. Clients can ping servers and each other across the network just fine (multi-building campus)
2. Servers can ping clients without a problem
3. Servers can ping the Gateway (housed in another building away from the server farm) without a problem.
4. Clients drop 8 of 9 ping requests when trying to contact gateway with command promt: ping <gatewayIP> but the servers have no problem.
5. Clients located directly next to the gateway on the same switch drop 8 of 9 requests. Location on the network does not seem to matter.
6. All computers can ping DNS Server no problem.

Of Note:

XP Machines (while only successful pings 1 of 9 on average) can access the internet just fine as well as all LAN computers/servers.

Vista/7 Machines however will show the internet globe temporarily, occassionally a page, but then lose internet connection and become LAN only, "regaining" access later, to only have it disappear again. (originally thought this was an IPv6 or DNS problem, but now I think otherwise, disabling didn't fix the situation). Pinging from XP machines also had the non-responses.

Because of odd situation, I do not believe there is a failing NIC or Broadcast NIC out there on the LAN as the problem only applies to client PCs who also have no trouble contacting each other or the servers.

Hope someone has thoughts on this, it would be much appreciated...

Aaron Tomosky

What is the gateway? Can it handle 150 computers?

archmuk

Are the clients and servers on the same subnet? have you checked the firewall on windows 7 / Vista clients.
Can you give more info abt your network like how are the multi-building network connected to eachother & the gateway?

David Beveridge

I've seen this sort of thing happen when there is an IP address conflict.

PITCrewSolutions

ASKER

I have reconcidered my position a little on this, I am firm that it doesn't look like a switch issue, more like an ipv6 on server 2003 DNS issue.

Here's more info on DNS's

.190 is set IPv4 only
.165 (secondary) set for IPv6 and IPv4 with Tunneling interfaces

From Primary of 2 DNS Servers/ Domain Controllers

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.mc>netdiag /test:dns

Computer Name: MC15
DNS Host Name: MC15.mc.corp
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
List of installed hotfixes :
KB2079403
KB2115168...etc

Netcard queries test . . . . . . . : Passed

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Adapter : IPX Internal Interface
Netcard queries test . . . : Passed
Adapter : IpxLoopbackAdapter
Netcard queries test . . . : Passed
Adapter : NDISWANIPX
Netcard queries test . . . : Passed

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B1B565A2-F6A4-4B65-B3D5-BF8F9EC52541}
1 NetBt transport currently configured.

DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '172.68.1.190
' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '172.68.1.165
' and other DCs also have some of the names registered.

The command completed successfully

C:\Documents and Settings\Administrator.mc>

ipconfig /all

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.mc>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : mc15
Primary Dns Suffix . . . . . . . : mc.corp
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mc.corp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-21-9B-FB-34-7A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.68.1.190
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 172.68.0.1
DNS Servers . . . . . . . . . . . : 172.68.1.190
172.68.1.165

C:\Documents and Settings\Administrator.>

From scondary of 2 DNS Servers

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.mc>netdiag /test:dns

.........

Computer Name: mc14
DNS Host Name: mc14.mc.corp
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 23 Stepping 6, GenuineIntel
List of installed hotfixes :
KB2079403
...

Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Microsoft Tun Miniport Adapter' may not be working.

Per interface results:

Adapter : Local Area Connection
Netcard queries test . . . : Passed
Adapter : IPX Internal Interface
Netcard queries test . . . : Passed
Adapter : IpxLoopbackAdapter
Netcard queries test . . . : Passed
Adapter : NDISWANIPX
Netcard queries test . . . : Passed

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{4772D6BD-7471-4333-8632-A5A643FE1215}
1 NetBt transport currently configured.

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'mc14.mc.'. [RCODE_SERVER_FAILURE]
The name 'mc14.mc.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'mc14.mc.'. [RCODE_SERVER_FAILURE]
The name 'mc14.mc.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'mc14.mc.corp.'. [ERROR_TIMEOUT]
The name 'mc14.mc.corp.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'mc14.mc.'. [RCODE_SERVER_FAILURE]
The name 'mc14.mc.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'mc14.mc.'. [RCODE_SERVER_FAILURE]
The name 'mc14.mc.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'mc14.mc.corp.'. [ERROR_TIMEOUT]
The name 'mc14.mc.corp.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '0.0.0.0'. Please wait for 30 minutes for DNS server replication.
PASS - All the DNS entries for DC are registered on DNS server '172.68.1.190
' and other DCs also have some of the names registered.

The command completed successfully

C:\Documents and Settings\Administrator.mc>

IPCONFIG

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.mc>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : mc14
Primary Dns Suffix . . . . . . . : mc.corp
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mc.corp
mc
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mc
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-1E-C9-DB-B7-B4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.68.1.165
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : fec0:0:0:ffff::3%1
IP Address. . . . . . . . . . . . : fec0:0:0:ffff::2%1
IP Address. . . . . . . . . . . . : fec0:0:0:ffff::1%1
IP Address. . . . . . . . . . . . : fe80::21e:c9ff:fedb:b7b4%4
Default Gateway . . . . . . . . . : 172.68.0.1
DNS Servers . . . . . . . . . . . : 172.68.1.190
172.68.1.165
fec0:0:0:ffff::1%1
Primary WINS Server . . . . . . . : 172.68.1.165

Tunnel adapter Private:

Connection-specific DNS Suffix . : mc
Description . . . . . . . . . . . : Configured Tunnel Interface
Physical Address. . . . . . . . . : AC-44-01-A5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::6:ac44:1a5%6
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6to4 Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : mc
Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : AC-44-01-A5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 2002:ac44:1a5::ac44:1a5
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : mc
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : AC-44-01-A5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:172.68.1.165%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
NetBIOS over Tcpip. . . . . . . . : Disabled

PITCrewSolutions

ASKER

The gateway is a Watchguard 700 Firewall (probably only IPv4) enabled

I literally have only worked on this company's network for the last week or so, the prior IT staff made a real mess out of things so I'm slowly working my way through crazy issues

ASKER CERTIFIED SOLUTION

David Beveridge

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

PITCrewSolutions

ASKER

ok, I have completely removed IPv6 from DNS entries and DNS Server and the NIC on the secondary server, I still have the same problem. Vista, 7 machines with IPV6 installed cannot ping the gateway and can't get on the internet. Even disabling IPv6 on the boxes doesn't fix the problem.

PITCrewSolutions

ASKER

This looks like it could be what is happening... opinions on alternatives?

http://support.microsoft.com/kb/815768

David Beveridge

To determine if this is a DNS issue.
ping some.name.com
If it comes back with an IP address straight away, then your DNS is working

if you
ping 1.2.3.4 (or some other IP address) and you get packets dropped, then don't worry about DNS until your network is working well enough to make ping to ip address work.

PITCrewSolutions

ASKER

Thanks, after testing this out, it was determined the only packets dropping were coming from vista and windows 7 machines (even after IPv6) was uninstalled.

we are about to under-go a major network over-haul in December and unfortunately (I didn't like it) we put a temporary bandaid on it by insulating IPv6 machines from Server 2003 DNSs via routers with their own DHCP.

Even though the computers now exist on a different subnet, they can still access the servers and the internet, however the servers, WSUS can't get authorization on the client computers.

PITCrewSolutions

ASKER

This problem occurred when we took the domain from 2000 to 2003, including the DNSs, then the Windows 7 and Vista machines weren't able to get online because of incompatibility. It is amazing after all these years there still wasn't a "fix" for this from microsoft.