Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4887
  • Last Modified:

Ping doesnt work for entire domain but nslookup does

We have a couple computers recently that both cannot get to anything on our domain.  This includes exchange 2010 server, vpn server.  If I ping the host name I get "ping request cannot find host" however if I do a nslookup it resolves just fine.  If I ping by ip, I get replies as well.  So basically anything.ourdomain.com (outlook connecting to exchange, connecting to owa, connecting to internal websites or external websites) fails to resolve.

This is only happening on our active directory domain.  We have another domain we own and it does not happen to any websites on domain.  

Additionally if we take the computer off the domain, everything works as normal.  As soon as we put it back on it breaks again.  

Ideas?

Thanks,
Joey
0
joebass47
Asked:
joebass47
  • 14
  • 4
  • 4
  • +4
1 Solution
 
JAN PAKULACommented:
1 can you flush your dns resolver on this pc

ipconfig /flushdns
ipconfig /registerdns

check if ip is resolved to right name with that

ipconfig /displaydns

2 reset your interface

netsh int ip reset c:\resetlog.txt

3 dissable ipv6 and try

4 are you using direct access?

If all fails check it with wireshark

http://www.eng.tau.ac.il/~netlab/resources/booklet/Wireshark_DNS.pdf
0
 
Santosh GuptaCommented:
What i understand from above is, if you are adding any machine to domain. you are unable to ping by the host/FQDN name. but you can ping it by IP.

Go to command prompt type  PING -A domainname and check if it is resolving right IP.

if it resolving wrong IP then check the DNS forward lookup zone for duplicate A record.
0
 
joebass47Author Commented:
1-3 I have already done.

4.  I just installed the role for direct access but have not done any configuring yet.

I installed wireshark but I don't see any entries for dns.

SGupta:
"Ping request could not find host exchange. Please check the name and try again" Is what I get when I ping -a domain.com
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
joebass47Author Commented:
I am also getting event id 1014 in the event viewer:

Name resolution for the name mydomain.com timed out after none of the configured DNS servers responded.
0
 
Santosh GuptaCommented:
Go to command prompt type  PING -A FQDNservrname and check if it is resolving right IP.

if it resolving wrong IP then check the DNS forward lookup zone for duplicate or no A record.
0
 
JAN PAKULACommented:
is your dns a router or  windows dns server?
and if dns server is it on your premises or outside? (like iSP or public)
0
 
joebass47Author Commented:
It doesn't resolve anything with ping -a.
0
 
joebass47Author Commented:
MY dns is a windows dns server.

It is on premise.
0
 
MaheshArchitectCommented:
On affected computer please open Advanced Tcp/IP settings and check DNS Tab.
In DNS tab, check below settings.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution issues

Mahesh
0
 
joebass47Author Commented:
Mahesh-

This is all configured like you mentioned.
0
 
QlemoC++ DeveloperCommented:
Is that domain name reported in event log correct? Sounds as if the wrong DNS suffixes are appended. However that only fits if a FQDN works.
You can also try if stopping/restarting DNS cache service helps. NsLookup does not use it, but e.g. ping.
0
 
joebass47Author Commented:
Janpakula-
I did this and see the same results.

Qlemo-
The domain name reported in event log is correct, however there is an entry that has a random name.domain.com.

i.e. BRWC8a7aa.domain.com  timed out after none of the configured DNS servers responded and we have nothing named close to that on our domain.
I also tried to restart dns client service and that didn't help.
0
 
joebass47Author Commented:
no rogue servers found
0
 
Argenta_JeffCommented:
Is your local Active Directory domain the same as your public domain name like below:

FQ Computer Name:  computer1.websolutions.com
Public Website Domain: http://websolutions.com

If so, you must mirror all DNS records you have in your public DNS provider (Godaddy, Network Solutions, etc) to your internal DNS server. When the computer tries to resolve the IP for http://owa.websolutions.com, it will likely go to your local DNS server. The local DNS server will say, "Hey, I am in charge of websolutions.com and I don't have a record for that subdomain." It will fail.

When your computer does a NSLOOKUP, it will look at all available DNS servers to resolve the address. If it can't find it at your local DNS server, it can (if designed to) look at public DNS servers who will be able to resolve the IP address. Since the IP address is a live address, you can then ping it as you stated.

If you have www.websolutions.com pointing to 111.111.111.111 on your public DNS, then enter an A Record in your private DNS server for www -> 111.111.111.111
0
 
joebass47Author Commented:
THe other thing to consider is this domain doesn't work by name on premise or externally but does by ip.

I can get OWA to work internally if I go to the ip address/owa.
0
 
joebass47Author Commented:
Jeff-

That is how it is setup.  All other clients besides the two are working fine.
0
 
QlemoC++ DeveloperCommented:
The reported DNS suffixes can only result from the TCP/IP settings (static or DHCP), if not using FQDNs. It's very likely something is set up wrong there.
0
 
Santosh GuptaCommented:
pls try to run NSLOOKUP -a IPofanyserver

and see the if MAC address matched with correct IP and server.
0
 
CraigHerbert25Commented:
Hi,

I haven't read all the replies from people, but I know on Unix servers you can have a DNS Setup but not have the OS configured to use DNS correctly.
If the OS is configured to use local files only, and not DNS then any ping or tracert attempts will fail to resolve the FQDN. However running nslookup will still resolve the FQDN because it explicitly send the request via DNS. This could explain the behaviour you are seeing.
Can you try a tracert <fqdn> and see what happens.

Some of the Registry parameters that affect M node and H node behavior are found in the following Registry subkey:
In start menu enter : regedit
Navigate to:
\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\ServiceProvider

You can change four values DnsPriority, LocalPriority, HostsPriority, and NetbtPriority to change the order in which the name resolution methods occur

The current priority values are
Local cache 499
HOSTS file 500
DNS 2000
NetBIOS over TCP/IP â 2001

The lower the number, the higher the priority. So make sure DNS is higher than the others.
0
 
joebass47Author Commented:
nslookup -a isn't a valid command

I changed the value of DNS to 498 so it would be the highest priority and it still has the same results.

So far this has happened to three machines on our domain.  All of them are windows 7 ultimate.  Is there a setting that could have been pushed out via Group Policy when I enabled direct access on a 2012 r2 server?
0
 
MaheshArchitectCommented:
Can you please try to telnet from affected client machines to DNS server with IP and hostname on TCP 53 port ?

Also ensure that NetBIOS over tcp/ip is enabled in network card properties

Lastly disable antivirus to check if antivirus  is blocking it access to network
OR
Those machine access is getting restricted by any policy (Ex: NAP), software , virus etc
0
 
joebass47Author Commented:
Telnet worked by name and ip to the dns server.

I enabled NetBIOS and still same results.

Antivirus isn't blocking anything.

See attached photo:  Under Local area connection for all affected machines it says "Network" instead of mydomain.com like it does on machines that are working.
Network connections
0
 
MaheshArchitectCommented:
Can you please post Ip configuration of machine please

Ipconfig /all
0
 
joebass47Author Commented:
Host Name . . . . . . . . . . . . : tclark
  Primary Dns Suffix  . . . . . . . : mydomain.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : mydomain.com

ireless LAN adapter Wireless Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
  Physical Address. . . . . . . . . : C0-CB-38-14-44-68
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes

thernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connecti
n
  Physical Address. . . . . . . . . : 5C-26-0A-09-C5-A3
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : x.x.x.76(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Thursday, March 06, 2014 2:38:42 PM
  Lease Expires . . . . . . . . . . : Friday, March 07, 2014 2:38:42 PM
  Default Gateway . . . . . . . . . : x.x.x.7
  DHCP Server . . . . . . . . . . . : x.x.x.38
  DNS Servers . . . . . . . . . . . : x.x.x.38
                                      x.x.x.48
  NetBIOS over Tcpip. . . . . . . . : Enabled

unnel adapter isatap.{F88479BB-C1BB-4FC0-86AF-918F95E8E0A8}:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes

unnel adapter Local Area Connection* 9:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:34e1:1113:bd06:11fc(Pref
rred)
  Link-local IPv6 Address . . . . . : fe80::34e1:1113:bd06:11fc%14(Preferred)
  Default Gateway . . . . . . . . . : ::
  NetBIOS over Tcpip. . . . . . . . : Disabled

unnel adapter isatap.{FCCBC125-7F88-4741-956A-853780ED2686}:

  Media State . . . . . . . . . . . : Media disconnected
0
 
MaheshArchitectCommented:
Can you try to disable tunnel adapter local area connection 9 and check please
0
 
joebass47Author Commented:
Sorry it took so long to get back.  This was indeed caused by direct access.  I thought I had only pushed it out to a specific group but it went out to the default group
"domain computers".  I changed that and the domain is no longer blocked.
0
 
joebass47Author Commented:
The solution wasn't given by any of the experts.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 14
  • 4
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now