Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net
Course Of The Month
7 days, 19 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
DNS resolution
Posted on 2014-01-28
DNS resolution
I have seen scenarios where I use RDP to access a computer, but after accessing the computer and run Hostname command I see different hostname than the one I used to RDP to.
for instance, I open up RDP window, and type Computer1 , It will prompt me for domain user and password, I type domain credentials and login. when I am in I open Command line window, type hostname command it will give me computer2.
after doing some research, I found out it is Windows cluster with 2 nodes. but I still do not understand how this is tied up together.
Computer1 has IP= 10.40.9.158
I check I P configuration and saw this:
Ethernet adapter Public:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-53-58-12
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.40.9.159
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.40.9.158
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.40.9.157
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.40.9.161
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.40.9.1
DNS Servers . . . . . . . . . . . : 10.40.9.88
10.40.9.89
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Heartbeat:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-18-8B-53-58-14
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
I have seen scenarios where I use RDP to access a computer, but after accessing the computer and run Hostname command I see different hostname than the one I used to RDP to.
for instance, I open up RDP window, and type Computer1 , It will prompt me for domain user and password, I type domain credentials and login. when I am in I open Command line window, type hostname command it will give me computer2.
after doing some research, I found out it is Windows cluster with 2 nodes. but I still do not understand how this is tied up together.
Computer1 has IP= 10.40.9.158
I check I P configuration and saw this:
Ethernet adapter Public:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-53-58-12
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.40.9.159
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.40.9.158
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.40.9.157
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.40.9.161
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.40.9.1
DNS Servers . . . . . . . . . . . : 10.40.9.88
10.40.9.89
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Heartbeat:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-18-8B-53-58-14
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
8-
5
13 Comments
With a cluster you have one or more virtual servers "fronting" the physical servers. One node (physical server) will show as active for one or more services while the other will be passive (on stand-by). In your case, you could have two physical servers, Computer1 and Computer3 both acting as Computer2 as needed. So you might try to access Computer2, and at that moment Computer1 is acting as Computer2.
If you were to take Computer1 down, wait a minute, and try to RDP in again, you'll probably connect to the other server in the cluster, and its real name would be different from Computer1 or Computer2 (it would be Computer3 in my example).
If you were to take Computer1 down, wait a minute, and try to RDP in again, you'll probably connect to the other server in the cluster, and its real name would be different from Computer1 or Computer2 (it would be Computer3 in my example).
You could also have active-active clusters where both nodes are active for different services (like one could be active for certain file shares, and the other could be active for other file shares. But that's besides the point of what you are seeing.
Also, to explain the two network interfaces... one is for communication on the network and the other is for communication between the cluster nodes... the heartbeat. This is how one node would know that the other has gone down and it must become the active node for the services that the other was providing.
Also, to explain the two network interfaces... one is for communication on the network and the other is for communication between the cluster nodes... the heartbeat. This is how one node would know that the other has gone down and it must become the active node for the services that the other was providing.
Active 2 days ago
the cluster has 2 nodes..
computer2 and computer3 the cluster name is ComputerX
I am not sure how the computer1 name got there
computer2 and computer3 the cluster name is ComputerX
I am not sure how the computer1 name got there
Sorry, my first explanation might have been a little confusing... in your description Computer1 would be the virtual server that one of the two physical servers (let's call them Computer2 and Computer3) could be providing services for.
I switched the names around in my explanation such that Computer2 is the virtual server and Computer1 and Computer3 were the physical. But the concept is the same.
You RDP's into a virtual server (the could be more than one virtual server) called Computer1 but in reality connected to Computer2.
I switched the names around in my explanation such that Computer2 is the virtual server and Computer1 and Computer3 were the physical. But the concept is the same.
You RDP's into a virtual server (the could be more than one virtual server) called Computer1 but in reality connected to Computer2.
The cluster name is not necessarily the name of the virtual server, and it's very likely that the virtual server name is Computer1 - regardless of the cluster name.
You should be able to use cluster administrator to view the details and find the virtual server names.
You should be able to use cluster administrator to view the details and find the virtual server names.
Active 2 days ago
<<You should be able to use cluster administrator to view the details and find the virtual server names. >>>
where can I find that ?
I have windows 2003 cluster
where can I find that ?
I have windows 2003 cluster
Active 2 days ago
I mean I open up Cluster Administrator, there are 2 node names and the one that show up on the top of cluster Administrator left pane.
ComputerX (on the top)
computer2 (node1)
computer3 (Node2)
however when I used RDP I used computer1
and when logged in and typed hostname command ,it shows computer2 (it got to be the Active node)
to my understanding:
ComputerX is the virtual name of the cluster
computer 2 is the active node
computer3 is another active or passive node (I am not sure I need to find out)
But computer1 , You would think it might have DNS name pointing to computerX, but I cannot find that info in DNS
ComputerX (on the top)
computer2 (node1)
computer3 (Node2)
however when I used RDP I used computer1
and when logged in and typed hostname command ,it shows computer2 (it got to be the Active node)
to my understanding:
ComputerX is the virtual name of the cluster
computer 2 is the active node
computer3 is another active or passive node (I am not sure I need to find out)
But computer1 , You would think it might have DNS name pointing to computerX, but I cannot find that info in DNS
I believe that you have a virtual server defined in the cluster configuration called Computer1 (this is not the same as the name of the cluster). It looks to the network like a real server, and even though you didn't resolve the name via DNS, it's netbios name is broadcast on the network and that's how you are able to resolve the name. The actual server providing the services for Computer1 at the moment is Computer2... so when you RDP'd to Computer1 you actually connected to Computer2, because right now they are the same thing.
Oh I'm sorry. I misinterpreted your statement "But computer1 , You would think it might have DNS name pointing to computerX, but I cannot find that info in DNS" to mean that you found nothing in DNS for Computer1.
This is fine too. You can have virtual IP addresses in a cluster. Odds are that the IP address assigned to Computer1 is a cluster resource that shifts to whatever server is active.
This is fine too. You can have virtual IP addresses in a cluster. Odds are that the IP address assigned to Computer1 is a cluster resource that shifts to whatever server is active.
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
OfficeMate Freezes on login or does not load after login credentials are input.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software.
Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 19 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.