KB2923392 update BREAKS Gateway function on domain controller
Posted on 2014-03-20
We have three domain controllers that each can serve as a Gateway and DNS server to our client computers. We configure the workstations to list all three domain controllers under both DNS and Gateway settings, so if one goes down, the others are available.
I installed updates on two of the three domain controllers yesterday and some but not all client computers began having serious issues browsing the Internet. Some computers were unaffected, some could not browse out all; others could load pages but not all components on the page.
By reconfiguring TCP/IP on workstations to point to only one of the domain controllers we determined that one of them (which got updates) was no longer functional as a Gateway. The other domain controller that got updates continues to function. (The third was not updated.) We began removing updates, first KB2930275, which did not have any affect after the reboot. Then we removed KB2923392. After the reboot, the domain controller was again functional as a Gateway. BAD BAD BAD UPDATE!
1. We don't at all understand why the update did not affect the Gateway functionality of one domain controller but completely broke the Gateway function on the other domain controller. Both were completely up-to-date with updates.
2. We know the command "echo %logonserver%" to determine which domain controller was used to authenticate, but this does not seem to have any bearing on which domain controller is currently used as the Gateway and which the DNS server. We also don't know if a workstation picks a gateway and sticks with it or uses multiple gateways in a round robin manner, which might explain why some components of a web page displayed and others did not; and why some computers seemed unaffected. How does it work?
3. Assuming a workstation picks a Gateway and DNS server from its configured static list, and sticks with it, is there an equivalent command to determine which server is its current Gateway and which server is its current DNS server?