Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 365
  • Last Modified:

Domain Controller internet connection is intermittently blocked

Hello,

Hope someone hear can help me solve this:

Here's the network layout:

Cable Modem --> Sonicwall TZ 200 --> Cisco 3560-X ---> ESXi Host --> hosting two VM's, a domain controller and a client.

Everyday, at what appears to be random times during the day, for different amounts of time, our office appears to lose internet connectivity.   the issue can last from anywhere from 5 minutes to over an hour.

Now, what I've found is that when this happens, the server isn't able to resolve any of the external DNS forwarders or the root hints.  Further investigation shows that when the issue is occurring, I can't ping any external address (e.g. 8.8.8.8 or anything else) from the domain controller, which is also my DNS server.  When everything is normal, I can ping external addresses from the domain controller.

Regardless of whether the issue is occurring or not, I can always ping out from a client.  For example, on the ESXi host, I have my 2012 DC and a windows 7 client.  I can always ping out to 8.8.8.8 from my client.  If I change my DNS settings on the client, I am able to browse the web again.

So the issue has something to do with the DC and it's connection being blocked.  I know the following:

1)  I can ping the gateway of my L3 switch (192.168.1.2)
2)  I can ping the internal interface of the firewall (192.168.1.1)
2a) I can ping the DC from my clients, and I can ping my clients from the DC
3)  Internal DNS looksup work properly, as I'm able to resolve internal names.
4)  Internet connectivity works, as I can RDP from an external location to that office, via IP address.
5)  I even tried pinging the default gateway of the FW, and I don't get a response when teh issue is occuring.

I've had Microsoft look at the DC/DNS server and they can't figure it out.  They've verified everything is working with DNS. They want me to change the IP address of the DC, which I'm planning to do tonight, but it's a real pain to do that.

I spoke with Sonicwall, now mind you the tech support guy wasn't good, so take all of this with a grain of salt, but he says that everything looks good on his end too, however he was running a packet capture at the time, and said that the pings were going through the firewall, but weren't being returned.  He says that nothing is blocking the DC.

Any thoughts on what else could be causing this?
0
Simplegrid Technology
Asked:
Simplegrid Technology
  • 9
  • 5
  • 3
  • +1
1 Solution
 
JBond2010Commented:
It there any Anti Virus on the DC? Check to see if this could be causing the issue. A lot of Anti Virus software have their own Fire/Wall which blocks traffic.
0
 
Simplegrid TechnologyAuthor Commented:
No Anti-Virus on the DC.

Also Windows Firewall is turned off on the DC too.
0
 
JBond2010Commented:
What is the make and model of your server? Check to make sure that the server hardware has the latest support pack. The support pack will have all the latest patches and firmware.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Simplegrid TechnologyAuthor Commented:
The server is a Dell R710.
0
 
JBond2010Commented:
Ok. So you can go on to the Dell website and download the latest support pack which will have all the update drivers and firmware.

Also, how old is the server? And is it still under support with Dell? Because you could also log a support call with Dell.
0
 
FinServCoCommented:
Can you access the host VMware server and the domain controller over the network?  It could be a physical connectivity problem, a bad cable, port, something like that. Does your NIC show connected at all times?
0
 
Simplegrid TechnologyAuthor Commented:
Unfortunately the server is not under warranty anymore.

I can access the host VMware server and DC over the network, even when the issue is occurring.  the NIC shows connected at all times.   Ping times to local sytems are very quick, no dropped packets.
0
 
tmoore1962Commented:
Check make sure power management turned off on the NICs of the host.
0
 
FinServCoCommented:
Your ISP may be having trouble with their DNS servers.  The next time this happens, set the DNS forwarder to point to 8.8.8.8 (since you know that works for your workstations) and see if the problem goes away.

Also, how many internal DNS servers do you have?  Is it just the one domain controller?  Ideally you should have at least 2 domain controllers.

That being said, is the domain controller pointing to itself for DNS?
0
 
Simplegrid TechnologyAuthor Commented:
Hi,

One domain controller and it does point to itself.  I've added 8.8.8.8 and 8.8.4.4 to the forwarders list but the issue stiil happens.

I've also discovered that rebooting the DC resolves the issues temporarily.  Restarting the dns server and client services on the DC has no effect.
0
 
FinServCoCommented:
Any errors in the event log, either the System or DNS logs?

You say you've added them, but where are they on the list?  If 8.8.8.8 isn't first, put it to the top.  If your ISP is having trouble with its DNS servers, they may be responding enough to prevent DNS from moving on to the next server in the list.
0
 
Simplegrid TechnologyAuthor Commented:
8.8.8.8 and 8.8.4.4 are the first and second addresses in my forwarders list.
0
 
Simplegrid TechnologyAuthor Commented:
Hey FinServCo - so taking DNS out of the equation for a second, I can't ping the external address from the DC, when this issue occurs.  When everything's working properly, then I am able to ping those external addresses from the domain controller.

I think solving that will resolve this issue, but not sure what is causing that "block" to happen.
0
 
FinServCoCommented:
Hmm.  I'm assuming that Microsoft wants you to change the IP because they suspect an IP conflict.  

If the Sonicwall people are seeing the pings go out but not come back, that sounds like there's a problem with either the inbound gateway or NAT.  

e.g., let's say you have two devices on two different subnets.  No. 1 has the correct gateway setting and No. 2 does not.  If you ping from No.1 to No.2 the ping will get there, but won't return.

What's the subnet of the cable modem?  Is that also 192.168.1.0?  I'm assuming you've power cycled the cable modem.

Edit:  Probably not NAT, it's probably the cable modem.
0
 
Simplegrid TechnologyAuthor Commented:
if the cable modem was a problem, wouldn't see the problem all the time?  And why would all of my clients except my domain controller be able to connect out even when the issue is occurring?  Right now, the internal inteface of the cable modem is 10.1.10.1.  The only device connected to it is the external interface of the sonicwall.
0
 
FinServCoCommented:
The reason why I am thinking it's the cable modem is that when you were having the problems, the SonicWall people said they didn't see the pings return.

It could be an arp cache or something that is or gets corrupted somehow.

You could try a different NIC port, or something like that, but as you said, everything can connect to the server it is just that one server that can't get to the internet.

Since everything can get to the server, it doesn't sound like the server is the problem.  Since SonicWall isn't seeing the pings return that points to the cable modem.  That is assuming that the SonicWall isn't just dropping the inbound ping packets and not logging it.
0
 
Simplegrid TechnologyAuthor Commented:
I wound up performing the following actions:

1)  Updated the NIC drivers on the host.

2)  Changing the IP address of the domain controller.

3)  Clearing the ARP cache on the firewall and the switch.

One (or a combination) or those three solved the issue for me.
0
 
Simplegrid TechnologyAuthor Commented:
The options I had originally proposed solved the issue.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 9
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now