tmoon
asked on
Strange DNS issue, Server 2008, Windows 7 clients
Strange thing happening for the last week. This office has 1 Server 2008 domain controller, approx 20 Win 7 clients. The only recent change was a switch change to a 24 port Cisco Meraki to provide POE to a few AP's. The Meraki is in 'dumb mode' operating at layer 2 only. The other switch is a Netgear ProSafe GB layer 2 switch.
A few days ago I was told that a few select users (approx 4) can't run a SQL based program where the database resides on the DC. Reboots sometimes fix and sometimes don't.
I have noticed that when things arent working, the client still has internet access but just cannot properly run their main app off the server.
When this error is happening I can ping things but not domain.local . Says cannot find host. Domain.local pings fine on a working PC.
I noticed that an NSLOOKUP reveals that the DNS on the client box is set to Google 8.8.8.8
IPCONFIG /ALL reveals that the DC is set as the DHCP server.
Checked the DC DHCP settings and only the servers private IP is listed as the DNS server to hand out in scope options and server options.
I can't find a reference to 8.8.8.8 in DHCP server settings anywhere.
On the client box I can't find a reference to 8.8.8.8 anywhere in IP properties either.
As a temp fix I have added the DC local IP to DNS IP settings on the client PC but left the IP to get automatically. This seems to correct the issue but it would be nice to get to the cause of it.
Any ideas?
Thanks.
A few days ago I was told that a few select users (approx 4) can't run a SQL based program where the database resides on the DC. Reboots sometimes fix and sometimes don't.
I have noticed that when things arent working, the client still has internet access but just cannot properly run their main app off the server.
When this error is happening I can ping things but not domain.local . Says cannot find host. Domain.local pings fine on a working PC.
I noticed that an NSLOOKUP reveals that the DNS on the client box is set to Google 8.8.8.8
IPCONFIG /ALL reveals that the DC is set as the DHCP server.
Checked the DC DHCP settings and only the servers private IP is listed as the DNS server to hand out in scope options and server options.
I can't find a reference to 8.8.8.8 in DHCP server settings anywhere.
On the client box I can't find a reference to 8.8.8.8 anywhere in IP properties either.
As a temp fix I have added the DC local IP to DNS IP settings on the client PC but left the IP to get automatically. This seems to correct the issue but it would be nice to get to the cause of it.
Any ideas?
Thanks.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I think there is another DHCP source that is showing up. I included a few screenshots. .1 is the gateway (Cisco ASA) configured by another vendor but is supposed to have DHCP turned off.
.1 is showing up as a rogue source.
The other strange thing is the 'authorized source' listed is 192.168.2.5 which was the old IP scheme and address of the server. The subnet had to be changed to 172.25.101.x for vendor / remote reasons. It has worked fine after and the change was done a few months ago. But why is the authorized IP still showing the old IP address??
Screenshot is of ipconfig/all from a client, and the rogue detection result.
DHCPresults.JPG
V1.JPG
.1 is showing up as a rogue source.
The other strange thing is the 'authorized source' listed is 192.168.2.5 which was the old IP scheme and address of the server. The subnet had to be changed to 172.25.101.x for vendor / remote reasons. It has worked fine after and the change was done a few months ago. But why is the authorized IP still showing the old IP address??
Screenshot is of ipconfig/all from a client, and the rogue detection result.
DHCPresults.JPG
V1.JPG
tmoon, it looks like 101.1 is the problem. I would verify that DHCP is turned off on that machine. The authorized DHCP server info is what's being picked up in AD. Just your server to see if there is still reference to the old IP scheme. Does the AD server still have the old IP assigned to one of it's interfaces, so that it still shows up in DHCP & DNS?
MO
MO
ASKER
Only has 2 interfaces. One is disabled but had 1.6 listed.
The active NIC did have DNS set to its loopback which I changed to the actual IP. I know there is some controversy over this but I think nowadays its common place to use the IP instead.
I couldn't find any reference to the old server IP 2.5. I did find some old DNS records using the old subnet which I deleted.
A quick registry search revealed only one key that had the old server IP listed. The key was:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\se rvices\{AF 4BC64C-955 A-4379-87C F-802C846B FD7A}\Para meters\Tcp ip.
I did not change or delete this at this time just to be safe.
I emailed the support company for the Cisco ASA to disable any DHCP and check to see why it was accidentally turned on.
The active NIC did have DNS set to its loopback which I changed to the actual IP. I know there is some controversy over this but I think nowadays its common place to use the IP instead.
I couldn't find any reference to the old server IP 2.5. I did find some old DNS records using the old subnet which I deleted.
A quick registry search revealed only one key that had the old server IP listed. The key was:
HKEY_LOCAL_MACHINE\SYSTEM\
I did not change or delete this at this time just to be safe.
I emailed the support company for the Cisco ASA to disable any DHCP and check to see why it was accidentally turned on.
ASKER
Great call. I believe it did boil down to a rogue DHCP server on the network even though the broken clients listed the correct DHCP server.
Thanks for the help!
Thanks for the help!
ASKER