DNSClient registry key

[Bill Minser]

Okay, this one is wierd:

We put up a firewall/NAT server and switched our entire domain to
non-routable IPs. We updated the DHCP server and the DNS server and
everything works except...

Something is pushing a registry key to all of our XP clients
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\NameServer
with the previous IP address of the DC (which is also the DNS server).

The XP clients are ignoring the DNS settings from DHCP and using this
registry value as the primary DNS server.

We have searched the registry, the group policy objects, even done a
full-text search of the files on the DC and cannot find this value anywhere.
Everytime we fix the value on the XP clients, something sets it back. The
Win98 clients work fine.

Any suggestions would be helpful. Please....

Bill

 

[Ace Fekay [MVP]]

In

Okay, this one is wierd:

We put up a firewall/NAT server and switched our entire domain to
non-routable IPs. We updated the DHCP server and the DNS server and
everything works except...

Something is pushing a registry key to all of our XP clients
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\NameServer
with the previous IP address of the DC (which is also the DNS server).

The XP clients are ignoring the DNS settings from DHCP and using this
registry value as the primary DNS server.

We have searched the registry, the group policy objects, even done a
full-text search of the files on the DC and cannot find this value
anywhere. Everytime we fix the value on the XP clients, something
sets it back. The Win98 clients work fine.

Any suggestions would be helpful. Please....

Bill

Can you post an ipconfig /all from a client for us to take a look at?
Thanks

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Bill Minser]

I will gladly post the ipconfig /all...


Windows IP Configuration
Host Name . . . . . . . . . . . . : bills_xp
Primary Dns Suffix . . . . . . . : ourdomain.wisc.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ourdomain.wisc.edu

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ourdomain.wisc.edu
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-08-74-35-99-B0
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.75
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.6
DNS Servers . . . . . . . . . . . : 192.168.1.5
Primary WINS Server . . . . . . . : 192.168.1.5
Lease Obtained. . . . . . . . . . : Thursday, March 25, 2004 2:55:41
PM
Lease Expires . . . . . . . . . . : Friday, April 02, 2004 2:55:41
PM

Looks good, right. But if I run, say "nslookup yahoo.com", I get this
(where xxx.xxx.xxx.xxx is the old ip address of our DC/DNS server) ...

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: xxx.xxx.xxx.xxx

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Just as a check of DNS, I ran "nslookup yahoo.com 192.168.1.5" and it worked
just fine. XP has the DNS settings from DHCP - its listed in the ipconfig
stuff. But it is choosing to use xxx.xxx.xxx.xxx instead. I searched my
entire computer and registry and only found the old ip value in
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\NameServer. And if I
change that registry value, it just comes back the next time group policy
updates itself. (I can force it with gpupdate)

So we looked thru all of our (known) group policy objects and can't find
this setting anywhere. Anyone have any ideas where it is or how I can get
rid of it?

 

[Ace Fekay [MVP]]

In

I will gladly post the ipconfig /all...


Windows IP Configuration
Host Name . . . . . . . . . . . . : bills_xp
Primary Dns Suffix . . . . . . . : ourdomain.wisc.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ourdomain.wisc.edu

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ourdomain.wisc.edu
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
Network Connection
Physical Address. . . . . . . . . : 00-08-74-35-99-B0
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.75
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.6
DNS Servers . . . . . . . . . . . : 192.168.1.5
Primary WINS Server . . . . . . . : 192.168.1.5
Lease Obtained. . . . . . . . . . : Thursday, March 25, 2004
2:55:41 PM
Lease Expires . . . . . . . . . . : Friday, April 02, 2004
2:55:41 PM

Looks good, right. But if I run, say "nslookup yahoo.com", I get this
(where xxx.xxx.xxx.xxx is the old ip address of our DC/DNS server) ...

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: xxx.xxx.xxx.xxx

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Just as a check of DNS, I ran "nslookup yahoo.com 192.168.1.5" and it
worked just fine. XP has the DNS settings from DHCP - its listed in
the ipconfig stuff. But it is choosing to use xxx.xxx.xxx.xxx
instead. I searched my entire computer and registry and only found
the old ip value in HKLM\Software\Policies\Microsoft\Windows
NT\DNSClient\NameServer. And if I change that registry value, it
just comes back the next time group policy updates itself. (I can
force it with gpupdate)

So we looked thru all of our (known) group policy objects and can't
find this setting anywhere. Anyone have any ideas where it is or how
I can get rid of it?

Thanks for posting that.

Yes, it does look fine, and I do agree, this is strange. The only thing I
can think of in a GPO is in this section that would push out a reg key:
Computer Config\Windows Settings\Security Settings\Registry.

Not sure why one would want to alter that for a network config. After
looking at the key from your previous post, it looks like a globa config.
Look in your GPO(s) for such a setting.

Only other thing I can think of is a logon or startup script populating that
key. I first thought virus, but then again, I can't imagine this being a
virus or anything like that, after all, if it were, it wouldn'tpopulate your
old DC/DNS settings but rather their own malicious DNS address.

Did someone else setup the system prior to your arrival?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Bill Minser]

Well, it appears to be fixed. We tried a bunch of different things, but we
think one of the following solved the problem.

Our domain was operating in Windows2K mixed mode. Switched it to Win2K
native mode. And we found old IP address in the WINS settings of our
forward lookup zone in the DNS server. (Both the new and the old IP
addresses were listed.)

Why either of these bits would result in a group policy registry key is
beyond me. But the problem is solved. Our XP clients now boot up in
seconds rather than minutes. (XP would eventually resolve to the DC somehow.
Named pipes?) We added a new machine to the domain, and the problem
registry key doesn't even exist. On old machines we have to delete the key,
but then the key stays deleted. Weird.

Word to the wise: don't try to switch IP addresses if you only have one DC.
They say it is easy. They lie.

--Bill



"Ace Fekay [MVP]"

 

[Kevin D. Goodknecht [MVP]]

In

Word to the wise: don't try to switch IP addresses if you only have
one DC. They say it is easy. They lie.

You are correct you shouldn't just switch IP addresses on a DC, add the new
address first, then after every thing is configure and registration errors
are gone, remove the old address.
This is the standard answer I give everyone.

 

[Ace Fekay [MVP]]

In

In

You are correct you shouldn't just switch IP addresses on a DC, add
the new address first, then after every thing is configure and
registration errors are gone, remove the old address.
This is the standard answer I give everyone.

Good advise!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Well, it appears to be fixed. We tried a bunch of different things,
but we think one of the following solved the problem.

Our domain was operating in Windows2K mixed mode. Switched it to
Win2K native mode. And we found old IP address in the WINS settings
of our forward lookup zone in the DNS server. (Both the new and the
old IP addresses were listed.)

Why either of these bits would result in a group policy registry key
is beyond me. But the problem is solved. Our XP clients now boot up
in seconds rather than minutes. (XP would eventually resolve to the
DC somehow. Named pipes?) We added a new machine to the domain, and
the problem registry key doesn't even exist. On old machines we have
to delete the key, but then the key stays deleted. Weird.

Word to the wise: don't try to switch IP addresses if you only have
one DC. They say it is easy. They lie.

--Bill

Bet it had something to do with the Native mode change (just a wager...).
But I agree, not sure why it would do that...??
Glad you got it resolved.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory