DNS IP address changes by itself

jasontisdale
jasontisdale used Ask the Experts™
on
I have a Windows 2008 R2 server with a static IP address.  When you go to the domain controller for DNS you have the A record and the Pointer record with the correct IP address.  Then when you can't find the server in windows explorer network, I go back to the DNS server and both A record and PTR record have changed IP address.  There are only 2 people that have access to DNS server with administrator privileges and neither one of us has changed it.  Any clues?  By manually changing the A Record and PTR record to the proper IP address corrects the problem.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Paul MacDonaldDirector, Information Systems

Commented:
Is this server multi-homed?

Author

Commented:
No it's not multi-homed.

Commented:
Is that server your DHCP server? Is it possible there is anything else on the network which has the same IP address or is sometimes assigned the same IP address which could be conflicting?
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Author

Commented:
Yes it is also the DHCP server.  The backup or 2nd Domain Controller has a static IP address, like all of our servers, and the server that changes takes on the 2nd Domain Controller IP address.

Commented:
The domain controller in question takes on the same IP as the second DC? Always that IP? That is strange. Did the server in question previously have that IP now assigned to the 2nd DC?
And do you use IPv6?

Author

Commented:
Our file server takes on the ip address of the second DC.  Yes always that IP.  The server in question has always had the same static ip.  It never had the IP of the second DC.  IPv6 no.

Commented:
When the IP address changes on the file server, is it still a static IP (I assume so).

When a problem is so strange, I have found that DNS misconfiguration is usually at least partially responsible, but in this case, resetting the TCP/IP stack might help. Microsoft offers information and a utility for download at: https://support.microsoft.com/en-gb/kb/299357

You wrote: "By manually changing the A Record and PTR record to the proper IP address corrects the problem." I assume you mean temporarily, how often does this occur?

Author

Commented:
It happened Saturday the 28th and today. When I got to work it was already changed so It changed sometimes from Saturday evening to today @ 7:00 am cdt.  Looked at the KB article, the server in question is one of our main production server.  About 90 people access this server all day long.  There is a network share for all users.  Will the reset remove its IP address? Will the users know that  something happened?  Will the users mapped network drive go away?

Commented:
I would not do it when users are logged in or have any open files on shared drives. And, since you are restoring the IP address to what it's supposed to be, there should be no affect on mapped drives (which are set on the client computers, not the server).

It would be interesting to see the Windows logs at the time the IP address changes. I don't suppose you've attempted to search them?

Do you have any network notification system set up, such that you could have it ping the file server's address continuously and notify you when it changes?

Author

Commented:
The IP address for mbfs1 changed this past weekend and the only event log (system) on the Primary Domain Controller/DNS server(mbdc01) was this:  Source: Security-Kerberos, Event ID: 4, User: N/A, OpCode: Info

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server mbdc02$. The target name used was cifs/mbfs1.michlesbooth.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (MICHLESBOOTH.LOCAL) is different from the client domain (MICHLESBOOTH.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

I then checked the KDC service on both the Primary Domain Controller(mbdc01) & the Backup Domain Controller(mbdc02) which both use the Local System Account.  The check box "Allow service to interact with desktop" is unchecked.

Author

Commented:
My last post showed an error.  Could that error be causing my problem.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial