Solved

One Client on Windows Domain Intermittently Drops Good IP and gets 169. IP

Posted on 2014-11-25
16
209 Views
Last Modified: 2014-12-02
Small Windows domain with one DC. DC is the only DHCP server on network. One client on the network is randomly dropping (multiple times throughout the day) its IP and then coming up with a 169. IP thereby dropping the network connection. ipconfig /renew just hangs. Disable/enable the network adapter comes up with a good IP again.

MODEM ---->  FIREWALL (10.0.0.1) -----> SERVER (10.0.0.2) -----> DHCP CLIENTS (.50-.99)

Background: Recent issues with server/network in last month. Blue screens and network dropouts. I think possible power outage related. Maybe a half-fried network port (on-board) on server (not yet replaced) and a half-fried switch (which we've since replaced). I was trying to plan for a possible replacement of the server with new hardware so I virtualized our existing server (bad idea). I think in the process I may have confused the hell out of our network (suddenly had 2 DHCP servers on the network). I fixed those issues but now have this one remaining problem client. Any help much appreciated.
0
Comment
Question by:jpfulton
  • 8
  • 6
  • 2
16 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
Comment Utility
There are a number of underlying issues as you note.

For the one client machine, you might try TCP/IP Reset and Flush DNS.

Open cmd.exe with Run as Administrator
Then  netsh int ip reset c:\resetlog.txt
Also, ipconfig /flushdns followed by net stop dnscache followed by net start dnscache
Then restart the computer
0
 
LVL 12

Expert Comment

by:FarWest
Comment Utility
did you try to uninstall/install the network card (using device manager)
do you have issues like two clients has the same IP?
0
 

Author Comment

by:jpfulton
Comment Utility
I'd like to attach the client's system event log which I saved immediately after the most recent drop. Is that a security risk?
0
 

Author Comment

by:jpfulton
Comment Utility
Won't be able to troubleshoot more until a little later --- the computer is currently in use. I can say that I just today noticed in DHCP on the server that there was one entry just named "BAD_ADDRESS" and in the description it said that the IP was already in use (though it didn't tell me what the IP is or what the name is). I deleted it from DHCP and it has not reappeared.

I have not tried uninstalling and reinstalling the network card (assuming you meant on the client?) but as I mentioned, just disable/enable prompts a DHCP request that results in a good IP.

I'll try to run those couple commands on the client asap and see where that gets me.
0
 
LVL 12

Expert Comment

by:FarWest
Comment Utility
I wish you quick good luck,
regarding system event log, there is no need for that at the moment,
0
 

Author Comment

by:jpfulton
Comment Utility
Okay, re: event log. I'm finding the following leading up to the drop:

First this:
Event ID 7038 The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
Logon failure: the specified account password has expired.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Open in new window


Then this:
Event ID 7000 The NVIDIA Update Service Daemon service failed to start due to the following error: 
The service did not start due to a logon failure.

Open in new window


Seems like that would be extremely relevant, right?

Not sure why it's saying the account password has expired... b/c it hasn't.
0
 
LVL 12

Expert Comment

by:FarWest
Comment Utility
I think not, but maybe it is a surface of a bigger problem
make sure that the NVIDIA Update Service Daemon is running on local system account
if yes, then dis-join the computer from AD and re-join it again
0
 

Author Comment

by:jpfulton
Comment Utility
It was stopped but set to use UpdateusUser. I changed it to Local system account, hit start and got a message that "some services won't start if not currently in use" or something. I'm thinking after a reboot this might solve THAT particular error appearance.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:jpfulton
Comment Utility
I have not gotten another user reported network drop since doing a TCP/IP reset, flushdns and tweaking the nvidia update service logon credentials. It's been about 20 hours though the majority of that time has been non-work hours.

In looking through the system event log I don't see any evidence of network drop with the exception of one particular event:

Event ID 1006, Error Code 49 -- The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Open in new window


Under the EventData heading on the Details tab it says "ErrorDescription: Invalid Credentials".
0
 
LVL 12

Expert Comment

by:FarWest
Comment Utility
I think It is better now to rejoin the client computer to the domain
0
 

Author Comment

by:jpfulton
Comment Utility
i was afraid of that... will that mess up user profiles... outlook/desktop/documents folder etc or will it be pretty seamless?
0
 
LVL 12

Expert Comment

by:FarWest
Comment Utility
it did not happened to me, but I'cant give guarantee (this is Microsoft :))
Ok, try to reset computer account
check this
http://redmondmag.com/articles/2014/04/21/domain-trust-issues.aspx
0
 

Author Comment

by:jpfulton
Comment Utility
Anbody know exactly what the reset function does?
0
 
LVL 12

Expert Comment

by:FarWest
Comment Utility
there is some explanation in the URL I've sent to you, reset the security key (password) of the computer that to communicate with AD
0
 

Author Closing Comment

by:jpfulton
Comment Utility
It appears that John Hurst's suggestions were the fix (or one of them was). Can't completely verify which one or if either did the trick since I was simultaneously trying a number of things and since it has been an intermittent problem, but it has been a few days and the problem has not recurred. Thanks!
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@jpfulton - Thanks for the update and I was happy to help.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Managing 24/7 IT Operations is a hands-on job and indeed a difficult one. Over the years I have found some simple tips and techniques to increase the efficiency of the overall operations. The core concept has always been on continuous improvement; a…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now