Solved

Child Domain Cannot Ping Parent

Posted on 2013-05-20
7
849 Views
Last Modified: 2013-05-22
I have a situations where we had a child DC go down and has to be rebuilt from scratch It was configured by the previous Network Admin a long time ago and there is zero info on how it was configured previously so it was lost with the system crash.  

So we have 2003dc and 2008dc let's say in the parent.com domain in the 192.168.0.x scope.  The child domain was in child.parent.com domain in the 192.170.0.x scope.  Nested in the parent.com DNS forward lookup zone I have a zone for child.parent.com with records for the child DC child.parent.com and I am able to ping the child DC.  I cannot ping either  2003dc.parent.com or 2008dc.parent.com.  The ip addresses of the two parent.com dc are in the fowarders for the child.parent.com domain but I still cannot ping or contact them either by ip or hostname.  I've tried adding a secondary zone and a stub zone but it's unable to validate the host/ip address.  Hopefully what was clear, any help would be appreciated.

Thanks,
Ronnie
0
Comment
Question by:nbccit
7 Comments
 
LVL 13

Expert Comment

by:Alexios
ID: 39184164
Hello
Your first step regarding DNS is correct, you also have to add a secondary ip to your servers. An ip from the other scope

Right click on Network icon on the Taskbar and then select Status. Then in the Status window, click on Properties. You can also open the Properties window from the Control Panel and then Network Connections and right click on the network icon and select Properties.

Then select the Internet Protocol (TCP/IP) and then click on Properties button. Then in this Properties Window, click on Advanced button and then in the IP Settings tab, click on Add button under IP addresses and add the IP address whatever you want.
advanced-tcpip-settings.png
0
 

Author Comment

by:nbccit
ID: 39185420
I've added an ip from the 192.168.0.x range from the parent domain in the Advanced IP Settings on Child DC  NIC and still no go on the ping ip/host.
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 333 total points
ID: 39185628
The ip addresses of the two parent.com dc are in the fowarders for the child.parent.com domain but I still cannot ping or contact them either by ip or hostname.
Putting the parent DCs in the forwarders for the child DC was correct, but if you can't ping the parent DCs by IP address, nothing you do in DNS will help.  It sounds like there's a more general network connectivity issue.  Is there a firewall between the child DC and parent DCs that could be blocking the ping traffic?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 167 total points
ID: 39186137
Is your firewall blocking Ping (ICMP echo reply)?

Ping doesn't necessarily work because of firewall blocks and ACLs on the router.
0
 

Author Comment

by:nbccit
ID: 39186325
I'll have to check in the morning but I've mirrored what the crashed dc settings where as far as I know, same child domain name, same server name, and same ip addresses.  So I would think that any firewall or router settings wouldn't be an issue.
0
 
LVL 25

Assisted Solution

by:DrDave242
DrDave242 earned 333 total points
ID: 39188249
When you try to ping a parent DC from the child DC, does it simply time out or give you some other kind of error, like "Destination host unreachable" or something like that?
0
 

Author Closing Comment

by:nbccit
ID: 39189482
It ended up being a firewall issue, we have a third party that manages our firewall and come to find out we are purposefully blocking traffic from child to parent.  Thanks for pointing me in the right direction of where to look.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now