[joe2687]

Hi all,

I'm running two servers, both 2003 R2 one is a

(A) File and Print server 192.168.1.100
(B) AD, DNS, DHCP 192.168.1.2

Gateway is 192.168.1.1

Server A is also a backup DNS server.


We had a power cut over xmas and I have been having issues with DNS ever since.

Server A is fine. It's pointing to itself for DNS, and I can ping loopback, gateway, external.

Server B is the problem. This is the primary DNS server on our network, and is having connectivity issues. Cannot ping the gateway, or anything external, but can ping internal machines. Recursive queries are failing in tests, and nslookup is saying ''Can't find server name for address 192.168.1.2''.


I have tried opendns to get out, but no luck. Can anyone suggest some troubleshooting steps to get this sorted?

[Static M.e.]

Basic's.

On both server do "Ipconfig /all" and post back here.

On Server B. Check what the DNS Forwarders are

Are you sure the DNS Service is switched on?

[joe2687]

Server A:
Windows IP Configuration
Host Name . . . . . . . . . . . . : moatebs1
Primary Dns Suffix . . . . . . . : MBC.IT
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MBC.IT
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0D-60-16-C1-39
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2


Server B:
Windows IP Configuration
Host Name . . . . . . . . . . . . : moatebs2
Primary Dns Suffix . . . . . . . : MBC.IT
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : MBC.IT
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mbc.it
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
n
Physical Address. . . . . . . . . : 00-30-48-B8-34-B9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
192.168.1.1


Forwarders are set to: All other DNS zones. DNS service is running.

I believe I may have found the root of this issue. I suspect that another machine or an external laptop has the same static IP as the server. When I logged on this morning, I got an IP address conflict message at logon screen. As I have 200 nodes and about 30 external laptops I fear it's going to be a long day...

[Static M.e.]

Yeah that could be it all right..

You could always try and do a "ping -a x.x.x.x" and see if you get lucky.
Failing that check your switches for the 192.168.1.1 IP which should help to narrow it down to at least the right switch. If you find two ports with the same IP, kick one off. Sooner or later someone will ring the helpdesk to ask why?
Also because this is a new problem just look for the last people to enter the building site they most likely are the culprit

I noticed aswell that your second dns server is the same as your gateway..192.168.1.1. Is your gateway also giving out DNS settings?

While you are at it. Add the Eircom/BT/Smart/OpenDNS (Choose your ISP) into your forwarders list and check simple \ recursive queries against it.

[Static M.e.]

Just thinking.
You could probably go on to your gateway and get the MAC address of whatever laptop is using the server IP. Then you should be able to narrow down your search.

You could also clear the table of that address, get your own server to sync to it so the laptop would have the problem and not your server..

[joe2687]

Quote:

Originally Posted by Static M.e.

Just thinking.
You could probably go on to your gateway and get the MAC address of whatever laptop is using the server IP. Then you should be able to narrow down your search.

You could also clear the table of that address, get your own server to sync to it so the laptop would have the problem and not your server..

How would I go about that exactly? I took server B off the network and tried to ping 192.168.1.2 from Server A, if another machine was static with that IP should it not have replied? Also, server B reboot took about 45 mins, stuck on 'preparing network connections'..

[Static M.e.]

Quote:

Also, server B reboot took about 45 mins, stuck on 'preparing network connections'..

Yeah, thats not good. Sounds like DNS trying to connect to your gateway.

Remove the Gateway address from your DNS address and add some forwarders as above. Only have the .2 address and/or 127.0.0.1

[joe2687]

Quote:

Originally Posted by Static M.e.

Remove the Gateway address from your DNS address and add some forwarders as above. Only have the .2 address and/or 127.0.0.1

OK i have that done.. You said about going to my gateway to find the MAC of someone using the .2 address.. How would I go about this?

[Enigma IE]

I would suggest checking the arp tables on your switches, check the relevant Help or Admin guide for your particular switch for how to do it.

Look for the duplicate IP address, if you find it, disable the switch port that the rogue server/laptop is connected to.

[joe2687]

How do you check arp tables for a specific switch? I have run it from the server, thats it... If i could find the MAC address of the machine thats causing the trouble, i got filter it that way.

[Enigma IE]

Quote:

Originally Posted by joe2687

How do you check arp tables for a specific switch? I have run it from the server, thats it... If i could find the MAC address of the machine thats causing the trouble, i got filter it that way.

You need access to your switch, preferably via command line or web interface (browser).

Then to check the arp table, you need to check 'how' via the Help or Admin guide. On Cisco switches, it's simply:

sh arp (from the command line)

Gives you something like this. If you see duplicates, using the mac address, you should be able to track down exactly what switch port the rogue machine / mac-address is connected to.

Protocol Address Age (min) Hardware Addr Type Interfac
Internet 10.20.2.29 5 0011.0ac1.a1b2 ARPA Vlan1
Internet 10.20.2.29 9 000e.7fe3.b2a1 ARPA Vlan1

Identify your switch type, gain access to it, or someone who has access to it. Identify your duplicate IP addresses, mac-addresses. Disable the switch port that the rogue machine is connected to.

[joe2687]

Quote:

Originally Posted by Enigma IE

You need access to your switch, preferably via command line or web interface (browser).

OK that makes sense, when you say access to the switch do you mean plug directly into a certain switch? We runn 3com baseline 2024 switches in here so i will check the specific command for them.


Sorry if these seem like silly questions, I just dont have that much experience investigating these type of network problems.

[Enigma IE]

Quote:

Originally Posted by joe2687

OK that makes sense, when you say access to the switch do you mean plug directly into a certain switch? We runn 3com baseline 2024 switches in here so i will check the specific command for them.


Sorry if these seem like silly questions, I just dont have that much experience investigating these type of network problems.

There not silly questions if you don't know the answer. You don't need to physically plug into it, you just need to be able to remote control the switch. Managed switches typically have IP addresses assigned to them. You can therefore connect to the switch using either the CLI (commmand line interface) or web browser e.g. http://switchIPaddress.

Good luck.

[joe2687]

They are unmanaged switches, which means they can't be logged onto to view network statistics etc.

I have went around 200 machines, and all laptops, and none have a static IP. This is bugging me indeed.

[joe2687]

Server B is up and functioning. Ripped down the DNS and re-installed. For sh*ts and giggles, I enabled the 2nd onboard network card and switched to that one, everything working fine... Still have an IP address conflict, but would an conflict between 2 client machines show up at login on the server??