Help with dns gateway issue

[I.AM.DB]

I have a small network with 2 domains. They are in one forest with to
different domain names ending in .local. Each has it's one DNS server. In
the root domain I have a server loaded with win2003 that has 2 nics; one is
a gateway to Internet. I had some problems with the DNS initially but
everything seems ok now. The main problem is this - quite often to get out
through the gateway on any client machine I have to ipconfig /release and
ipconfig /renew before IE will connect or another other app for that matter.
Usually it works, on occasion I have to do it in the middle of surfing.

What is happening?

 

[H.Vedvyas Choubay]

Hello,

Need some more information. I want know it the client machines is getting
IP address from DHCP server. And if it is getting IP address from DHCP then
intigrate the DHCP with DNS for dynamic updates.

Regards

Vedvyas
Microsoft

 

[I.AM.DB]

Yes all client machines are dhcp enabled and dynamic updates are
enabled(secure only). The servers are static all DNS going to forest PDC.

The gateway machine is static on internal (.local net) and DHCP on external
(Internet).

 

[H.Vedvyas Choubay]

Hello,

In the KB 317590 article look for Integration of DHCP with DNS. Read the
entire article ans you should be able to fix the issue.


317590 HOW TO: Configure DNS Dynamic Update in Windows 2000
http://support.microsoft.com/?id=317590

Regards

Vedvyas

Microsoft

 

[Ace Fekay [MVP]]

In

Yes all client machines are dhcp enabled and dynamic updates are
enabled(secure only). The servers are static all DNS going to forest
PDC.

The gateway machine is static on internal (.local net) and DHCP on
external (Internet).

I would also check to see if you are providing your clients with your ISP's
DNS addresses thru DHCP. If so, that is not recommended. REcommendation is
to only use your internal DNS for your clients and for your DCs only. On
your server with the two NICs, I would recommend both NICs ONLY use the
internal DNS IP and remove the ISP's DNS address. Make sure in the binding
order that the internal NIC is at the top (found under Net Dialup &
Connections, Adv/Adv settings). Disable NetBIOS, MS Client and F&P services
on the outer NIC. Tell DNS to listen only to internal IP under interfaces
tab.

If you want efficient Ineternet resolution, use a forwarder. If the option
to forward is grayed out, delete the root zone. If not sure how to proceed
with these steps, this article will show you how:
http://support.microsoft.com/?id=300202



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[I.AM.DB]

I will give these a try and let you know.

FYI - my forest DNS machine is a forwarder but the sub domain DNS machine is
not.
All client machines use DHCP with DNS servers listed as Forest DNS first and
sub DNS second. No outside DNS servers are listed expect in the Forwarder
area of the Forest DNS.
The Machine with the two NICs (Our Gateway to the Internet) is connected to
the Internet through a DSL Router that provides the DHCP for that NIC. That
NIC has Internet sharing enabled. I set it up according to an article about
preparing a machine for ISA server, although we did not install ISA. I can
reach the DSL Router from any machine without a problem, it seems to be
strictly a forwarding issue, but I am unsure because if I stay connected for
a while and things are going well and then it quits and I get page not found
errors. Sometimes I'm thinking it might be busy but there is no traffic but
mine???
Thanks again and I will review and try what you have suggested so far.

 

[I.AM.DB]

PS. FYI - The gateway NIC for the local net is set to a static IP for the
root domain, but I have enable an alternate IP for the subdomain. Both
domains are subnetted differently (i.e. only the 3 octet is different in the
host address (root)xxx.xxx.0.xx/24 and (sub)xxx.xxx.2.xx/24) I do have only
one site and the subnets are listed there. I put the second IP in because it
is one small LAN between 2 buildings with different subnets. All machines in
both subnets have their respective gateway set manually or with DHCP. The 2
IPs on the gateway machine appear in IPCONFIG /all.

 

[Ace Fekay [MVP]]

In

PS. FYI - The gateway NIC for the local net is set to a static IP
for the root domain, but I have enable an alternate IP for the
subdomain. Both domains are subnetted differently (i.e. only the 3
octet is different in the host address (root)xxx.xxx.0.xx/24 and
(sub)xxx.xxx.2.xx/24) I do have only one site and the subnets are
listed there. I put the second IP in because it is one small LAN
between 2 buildings with different subnets. All machines in both
subnets have their respective gateway set manually or with DHCP. The
2 IPs on the gateway machine appear in IPCONFIG /all.

I would suggest to disable ICS (Internet connection sharing) and configure
RRAS to use NAT. You are getting possible contentions with DNS and DHCP
services with ICS, they don;'t play well together since they have their own
mini services associated with ICS.

On a mutlihome machine, there must ONLY BE ONE gateway address. In this
case, it MUST be the outside NIC.

Honestly, it would be alot easier to get a 3rd party device for NAT
services. If you want ISA to do this, that is fine, but I suggest that this
machine would have no other services on it, nor Exchange, nor a DC and
preferrably a member server or just a standalone.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[I.AM.DB]

"Ace Fekay [MVP]"

In


I would suggest to disable ICS (Internet connection sharing) and configure
RRAS to use NAT. You are getting possible contentions with DNS and DHCP
services with ICS, they don;'t play well together since they have their own
mini services associated with ICS.

Sorry, but the RRAS is not translating for me. I have been studying these
things out, but have not got certified yet and have not had enough sleep
lately to recognize the abbrv.

On a mutlihome machine, there must ONLY BE ONE gateway address. In this
case, it MUST be the outside NIC.

The outside NIC is the only gateway on this machine; setup by the DHCP built
into the DSL router/NAT provider. The inside NIC is static with no gateway
and the DNS is pointing inside to the Forest DNS server.

Honestly, it would be alot easier to get a 3rd party device for NAT
services. If you want ISA to do this, that is fine, but I suggest that this
machine would have no other services on it, nor Exchange, nor a DC and
preferrably a member server or just a standalone.

The machine is standalone. ISA was not setup. I used ICS along with a
third-party firewall, but the firewall is configured properly to let me get
out from any machine to the router - which has an IP address within the
subnet. It seems to be only external IP's I have trouble reaching.

 

[Ace Fekay [MVP]]

In

"Ace Fekay [MVP]"

Sorry, but the RRAS is not translating for me. I have been studying
these things out, but have not got certified yet and have not had
enough sleep lately to recognize the abbrv.

The outside NIC is the only gateway on this machine; setup by the
DHCP built into the DSL router/NAT provider. The inside NIC is static
with no gateway and the DNS is pointing inside to the Forest DNS
server.


The machine is standalone. ISA was not setup. I used ICS along with a
third-party firewall, but the firewall is configured properly to let
me get out from any machine to the router - which has an IP address
within the subnet. It seems to be only external IP's I have trouble
reaching.

RRAS is Remote Routing Access Sevices. I believe ICS is creating the issue.
ICS has a built in mini DHCP service. IT is giving the gateway machine the
DNS 'proxy' IP, which means it';s sending it to what external DNS IP is on
the external NIC, but in reality since you have AD, you need to give your
clients the internal DNS IP address, and not this machine.

What I', suggesting is to disable ICS, goto RRAS, enable RRAS and choose to
be an Internet server and choose NAT as the method.

310357 - HOW TO Configure the NAT Service in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;310357

324264 - HOW TO Configure a NAT Server in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324264


Then internally setup DHCP with the proper DNS address in Option 006 (to be
ONLY your internal DNS) and in DNS, setup a forwarder to go to your ISP. IF
the option is grayed out, delte the Root zone and try again.
This article shows those two steps:
http://support.microsoft.com/?id=300202




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[I.AM.DB]

I cannot enable RRAS because of ICF. I have disabled it completely including
going into services and disabling it but it continues to tell me it is
enabled on that machine. Where is it looking and what can I do about it?

Thanks again

"Ace Fekay [MVP]"

 

[Kevin D. Goodknecht [MVP]]

In

I cannot enable RRAS because of ICF. I have disabled it completely
including going into services and disabling it but it continues to
tell me it is enabled on that machine. Where is it looking and what
can I do about it?

Did you disable both ICF and ICS?

 

[I.AM.DB]

Yes and tried to reenable and redisable them several times and RRAS
continues to tell me it is enabled.

 

[Ace Fekay [MVP]]

In

Yes and tried to reenable and redisable them several times and RRAS
continues to tell me it is enabled.

Disable both and restart your machine then try it again.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[I.AM.DB]

I tried that if you mean to disable both ICS & ICF.
I have not tried to disable both NICs
I have rebooted twice with both disabled and still get the same message.

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

I tried that if you mean to disable both ICS & ICF.
I have not tried to disable both NICs
I have rebooted twice with both disabled and still get the same
message.

Unusual that one would see what you're experiencing. If you disable ICF and
ICS, RRAS should not say that it's running.

Do you have anything else installed on your machine, such as a personal
firewall, antivirus, anything at all ? Disable all of them as well. Is there
anything like Sygate, Wingate or anything like that installed? A VPN
created?

Did you have anyother connection created when you enabled ICS? A previous
dialup connection, or something else, that you have enabled ICS, then you
unchecked ICS, but the connection still exists? It can also be a "hidden"
connection as well, such as a NIC that was in the machine,m then you changed
the machine, or ghosted to another machine, etc. Just giving you examples of
what to look for.

Here's look at this, these two people had the same problem....
http://www.windowsxpuser.com/forums/viewtopic.php?p=18501

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[I.AM.DB]

Turns out I had an old dial connection on that machine when I was
troubleshooting the connection with the phone company. I did not realized it
was marked for ICF. I'll give this a try.

Thanks

"Ace Fekay [MVP]"

 

[I.AM.DB]

I have them disabled and now it tells me to IC(Incoming Connections) is
enabled and I cannot find where or how to disable it.

 

[Ace Fekay [MVP]]

In

I have them disabled and now it tells me to IC(Incoming Connections)
is enabled and I cannot find where or how to disable it.

A dialup caused that? Hmm...

Do you have demand dial connections created?
Is the server accepting VPN connections?

What shows in Network & Dialup Connections? Is there a VPN created?

If you go to Control Panel, Add/Remove HARDWARE, choose to remove hardware,
then when the list appears, click on the bottom "show hidden devices" and
see if something is in there that may have it locked.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[I.AM.DB]

A dialup caused that? Hmm...
A dialup caused the ICF error. I removed it and then deleted the dialup

Do you have demand dial connections created?
Is the server accepting VPN connections?

There are no VPNs and all Dialup have been deleted.

What shows in Network & Dialup Connections? Is there a VPN created?

Only the two NICs show up.

If you go to Control Panel, Add/Remove HARDWARE, choose to remove hardware,
then when the list appears, click on the bottom "show hidden devices" and
see if something is in there that may have it locked.

I could find nothing to indicate a problem. Under network there are some wan
miniport drivers loaded that cannot be deleted??