Solved

Ping doesnt work for entire domain but nslookup does

Posted on 2014-03-05
29
3,820 Views
Last Modified: 2014-03-17
We have a couple computers recently that both cannot get to anything on our domain.  This includes exchange 2010 server, vpn server.  If I ping the host name I get "ping request cannot find host" however if I do a nslookup it resolves just fine.  If I ping by ip, I get replies as well.  So basically anything.ourdomain.com (outlook connecting to exchange, connecting to owa, connecting to internal websites or external websites) fails to resolve.

This is only happening on our active directory domain.  We have another domain we own and it does not happen to any websites on domain.  

Additionally if we take the computer off the domain, everything works as normal.  As soon as we put it back on it breaks again.  

Ideas?

Thanks,
Joey
0
Comment
Question by:joebass47
  • 14
  • 4
  • 4
  • +4
29 Comments
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39907483
1 can you flush your dns resolver on this pc

ipconfig /flushdns
ipconfig /registerdns

check if ip is resolved to right name with that

ipconfig /displaydns

2 reset your interface

netsh int ip reset c:\resetlog.txt

3 dissable ipv6 and try

4 are you using direct access?

If all fails check it with wireshark

http://www.eng.tau.ac.il/~netlab/resources/booklet/Wireshark_DNS.pdf
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39907493
What i understand from above is, if you are adding any machine to domain. you are unable to ping by the host/FQDN name. but you can ping it by IP.

Go to command prompt type  PING -A domainname and check if it is resolving right IP.

if it resolving wrong IP then check the DNS forward lookup zone for duplicate A record.
0
 

Author Comment

by:joebass47
ID: 39907505
1-3 I have already done.

4.  I just installed the role for direct access but have not done any configuring yet.

I installed wireshark but I don't see any entries for dns.

SGupta:
"Ping request could not find host exchange. Please check the name and try again" Is what I get when I ping -a domain.com
0
 

Author Comment

by:joebass47
ID: 39907515
I am also getting event id 1014 in the event viewer:

Name resolution for the name mydomain.com timed out after none of the configured DNS servers responded.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39907525
Go to command prompt type  PING -A FQDNservrname and check if it is resolving right IP.

if it resolving wrong IP then check the DNS forward lookup zone for duplicate or no A record.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39907528
is your dns a router or  windows dns server?
and if dns server is it on your premises or outside? (like iSP or public)
0
 

Author Comment

by:joebass47
ID: 39907532
It doesn't resolve anything with ping -a.
0
 

Author Comment

by:joebass47
ID: 39907538
MY dns is a windows dns server.

It is on premise.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39907548
On affected computer please open Advanced Tcp/IP settings and check DNS Tab.
In DNS tab, check below settings.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution issues

Mahesh
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39907554
0
 

Author Comment

by:joebass47
ID: 39907566
Mahesh-

This is all configured like you mentioned.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39907587
Is that domain name reported in event log correct? Sounds as if the wrong DNS suffixes are appended. However that only fits if a FQDN works.
You can also try if stopping/restarting DNS cache service helps. NsLookup does not use it, but e.g. ping.
0
 

Author Comment

by:joebass47
ID: 39907614
Janpakula-
I did this and see the same results.

Qlemo-
The domain name reported in event log is correct, however there is an entry that has a random name.domain.com.

i.e. BRWC8a7aa.domain.com  timed out after none of the configured DNS servers responded and we have nothing named close to that on our domain.
I also tried to restart dns client service and that didn't help.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39907643
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:joebass47
ID: 39907668
no rogue servers found
0
 

Expert Comment

by:Argenta_Jeff
ID: 39907723
Is your local Active Directory domain the same as your public domain name like below:

FQ Computer Name:  computer1.websolutions.com
Public Website Domain: http://websolutions.com

If so, you must mirror all DNS records you have in your public DNS provider (Godaddy, Network Solutions, etc) to your internal DNS server. When the computer tries to resolve the IP for http://owa.websolutions.com, it will likely go to your local DNS server. The local DNS server will say, "Hey, I am in charge of websolutions.com and I don't have a record for that subdomain." It will fail.

When your computer does a NSLOOKUP, it will look at all available DNS servers to resolve the address. If it can't find it at your local DNS server, it can (if designed to) look at public DNS servers who will be able to resolve the IP address. Since the IP address is a live address, you can then ping it as you stated.

If you have www.websolutions.com pointing to 111.111.111.111 on your public DNS, then enter an A Record in your private DNS server for www -> 111.111.111.111
0
 

Author Comment

by:joebass47
ID: 39907727
THe other thing to consider is this domain doesn't work by name on premise or externally but does by ip.

I can get OWA to work internally if I go to the ip address/owa.
0
 

Author Comment

by:joebass47
ID: 39907730
Jeff-

That is how it is setup.  All other clients besides the two are working fine.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39907852
The reported DNS suffixes can only result from the TCP/IP settings (static or DHCP), if not using FQDNs. It's very likely something is set up wrong there.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39907912
pls try to run NSLOOKUP -a IPofanyserver

and see the if MAC address matched with correct IP and server.
0
 

Expert Comment

by:CraigHerbert25
ID: 39907970
Hi,

I haven't read all the replies from people, but I know on Unix servers you can have a DNS Setup but not have the OS configured to use DNS correctly.
If the OS is configured to use local files only, and not DNS then any ping or tracert attempts will fail to resolve the FQDN. However running nslookup will still resolve the FQDN because it explicitly send the request via DNS. This could explain the behaviour you are seeing.
Can you try a tracert <fqdn> and see what happens.

Some of the Registry parameters that affect M node and H node behavior are found in the following Registry subkey:
In start menu enter : regedit
Navigate to:
\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\ServiceProvider

You can change four values DnsPriority, LocalPriority, HostsPriority, and NetbtPriority to change the order in which the name resolution methods occur

The current priority values are
Local cache 499
HOSTS file 500
DNS 2000
NetBIOS over TCP/IP â 2001

The lower the number, the higher the priority. So make sure DNS is higher than the others.
0
 

Author Comment

by:joebass47
ID: 39910360
nslookup -a isn't a valid command

I changed the value of DNS to 498 so it would be the highest priority and it still has the same results.

So far this has happened to three machines on our domain.  All of them are windows 7 ultimate.  Is there a setting that could have been pushed out via Group Policy when I enabled direct access on a 2012 r2 server?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39910462
Can you please try to telnet from affected client machines to DNS server with IP and hostname on TCP 53 port ?

Also ensure that NetBIOS over tcp/ip is enabled in network card properties

Lastly disable antivirus to check if antivirus  is blocking it access to network
OR
Those machine access is getting restricted by any policy (Ex: NAP), software , virus etc
0
 

Author Comment

by:joebass47
ID: 39910489
Telnet worked by name and ip to the dns server.

I enabled NetBIOS and still same results.

Antivirus isn't blocking anything.

See attached photo:  Under Local area connection for all affected machines it says "Network" instead of mydomain.com like it does on machines that are working.
Network connections
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39910531
Can you please post Ip configuration of machine please

Ipconfig /all
0
 

Author Comment

by:joebass47
ID: 39910551
Host Name . . . . . . . . . . . . : tclark
  Primary Dns Suffix  . . . . . . . : mydomain.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : mydomain.com

ireless LAN adapter Wireless Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
  Physical Address. . . . . . . . . : C0-CB-38-14-44-68
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes

thernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connecti
n
  Physical Address. . . . . . . . . : 5C-26-0A-09-C5-A3
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : x.x.x.76(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Thursday, March 06, 2014 2:38:42 PM
  Lease Expires . . . . . . . . . . : Friday, March 07, 2014 2:38:42 PM
  Default Gateway . . . . . . . . . : x.x.x.7
  DHCP Server . . . . . . . . . . . : x.x.x.38
  DNS Servers . . . . . . . . . . . : x.x.x.38
                                      x.x.x.48
  NetBIOS over Tcpip. . . . . . . . : Enabled

unnel adapter isatap.{F88479BB-C1BB-4FC0-86AF-918F95E8E0A8}:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes

unnel adapter Local Area Connection* 9:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:34e1:1113:bd06:11fc(Pref
rred)
  Link-local IPv6 Address . . . . . : fe80::34e1:1113:bd06:11fc%14(Preferred)
  Default Gateway . . . . . . . . . : ::
  NetBIOS over Tcpip. . . . . . . . : Disabled

unnel adapter isatap.{FCCBC125-7F88-4741-956A-853780ED2686}:

  Media State . . . . . . . . . . . : Media disconnected
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39910589
Can you try to disable tunnel adapter local area connection 9 and check please
0
 

Accepted Solution

by:
joebass47 earned 0 total points
ID: 39923968
Sorry it took so long to get back.  This was indeed caused by direct access.  I thought I had only pushed it out to a specific group but it went out to the default group
"domain computers".  I changed that and the domain is no longer blocked.
0
 

Author Closing Comment

by:joebass47
ID: 39933750
The solution wasn't given by any of the experts.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now