Loses Authority

[Patrick Whittle]

When a Vista computer comes on the LAN, our DNS server has to look to the IP
address: 4.2.2.2 (forwarding) for a name server. Is this because
the number of computers that are powered-on, changes? It seems that Vista
is trying to take priority over DNS.

http://pwhittle.dlinkddns.com/gateway/NAT.htm

 

[Ace Fekay [MCT]]

When a Vista computer comes on the LAN, our DNS server has to look to the
IP address: 4.2.2.2 (forwarding) for a name server. Is this
because the number of computers that are powered-on, changes? It seems
that Vista is trying to take priority over DNS.

http://pwhittle.dlinkddns.com/gateway/NAT.htm

Since you posted the firewall logs in your link, I was curious as to what a
reverse lookup would provide on some of the IPs just to rule out any viruses
or bad sites. Running nslookup on a sample of some the IPs in the log,
(posted below), other than the ones that don't have a PTR, which I don't
know what sites they are (which would need to be queried at http://arin.net
for more info), the rest of the samples I used resolve to legit sites, such
as Facebook, Yahoo, Google, possibly Microsoft
(deploy.akamaitechnologies.com), uablerta, Frontiernet, etc. From what I've
found, it appears what you are seeing is legit. If this is all generated
from starting your Vista computer, it would appear there are many items
initializing at startup that are accessing the internet. Some things that
will generate this type of traffic can include instant messenger apps,
Windows Updates, an antivirus and/or antispyware app seeking updates from
their vendors, and other internet based apps.

Are you seeing any errors or problems on your Vista workstation?

64.208.176.34

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: 64-208-176-34.nas1.mon.ny.frontiernet.net
Address: 64.208.176.34

216.34.207.157

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: mojofarm.mediaplex.com
Address: 216.34.207.157

205.128.84.126

Server: london.nwtraders.msft
Address: 192.168.100.200

*** london.nwtraders.msft can't find 205.128.84.126: Non-existent domain

65.55.15.244

Server: london.nwtraders.msft
Address: 192.168.100.200

*** london.nwtraders.msft can't find 65.55.15.244: Non-existent domain

69.63.181.12

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: www-11-01-snc2.facebook.com
Address: 69.63.181.12

129.128.5.191

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: openbsd.sunsite.ualberta.ca
Address: 129.128.5.191

204.2.225.165

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: a204-2-225-165.deploy.akamaitechnologies.com
Address: 204.2.225.165

198.63.231.42

Server: london.nwtraders.msft
Address: 192.168.100.200

*** london.nwtraders.msft can't find 198.63.231.42: Non-existent domain

69.63.176.186

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: channel26.01.05.sf2p.facebook.com
Address: 69.63.176.186

8.18.94.122

Server: london.nwtraders.msft
Address: 192.168.100.200

*** london.nwtraders.msft can't find 8.18.94.122: Non-existent domain

74.125.53.190

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: pw-in-f190.google.com
Address: 74.125.53.190

98.136.113.251

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: webcs102.msg.ac4.yahoo.com
Address: 98.136.113.251

64.208.176.40

Server: london.nwtraders.msft
Address: 192.168.100.200

Name: 64-208-176-40.nas1.mon.ny.frontiernet.net
Address: 64.208.176.40

76.74.140.165

Server: london.nwtraders.msft
Address: 192.168.100.200

*** london.nwtraders.msft can't find 76.74.140.165: Non-existent domain

64.236.79.54

Server: london.nwtraders.msft
Address: 192.168.100.200

*** london.nwtraders.msft can't find 64.236.79.54: Non-existent domain
--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

 

[Patrick Whittle]

The only other problem on my Vista computer, is that Explorer.exe hangs
quite a bit, maybe 2or3 times a month; or more.

I am running a DNS Server on the same box as Domain Controller, so this is
the likely cause of my system prob last night. No computer was able to get
to the Internet. I cycled the server, logged into my router and did a
release/refresh for DHCP from my ISP. There are people that this made
happy, so I'm going to wait a couple of days before pointing them back to
Server 2003 for DHCP.

Do you know how to get less explorer.exe crashes?

 

[Ace Fekay [MCT]]

The only other problem on my Vista computer, is that Explorer.exe hangs
quite a bit, maybe 2or3 times a month; or more.

I am running a DNS Server on the same box as Domain Controller, so this is
the likely cause of my system prob last night. No computer was able to
get
to the Internet. I cycled the server, logged into my router and did a
release/refresh for DHCP from my ISP. There are people that this made
happy, so I'm going to wait a couple of days before pointing them back to
Server 2003 for DHCP.

Do you know how to get less explorer.exe crashes?

Kind of surprised that DNS is not working on the DC and that you had to
reboot it. Are there any errors on the server? Did you change anything from
the last time I set it up for you?

As for explorer crashing, that could be a dozen things causing it. It
depends on what you have installed on the workstation. The more installed on
it, the more complex and time consuming to determine what it is.

Ace

 

[Patrick Whittle]

No changes to DHCP, DNS nor WINS.

I have attached an event viewer log showing that my Vista computer is always
in contention to become master browser. The server accepts the demotion,
and logs it. This happens (Vista workstation is turned on usually more than
once) at least once a day.

\\HOME-XEON

 

[Ace Fekay [MCT]]

No changes to DHCP, DNS nor WINS.

I have attached an event viewer log showing that my Vista computer is
always
in contention to become master browser. The server accepts the demotion,
and logs it. This happens (Vista workstation is turned on usually more
than
once) at least once a day.

\\HOME-XEON

This can be caused by the server being multihomed. I don't remember if it
was or not. If it is, that is the culprit. Otherwise, it may be when the
Vista machine announces itself it;s trying to become master, so it initiates
the election process.

You can disable the browser service on the Vista machine. If the service is
already disabled, then you will have to disable the function in the
registry. Here's how:

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster".
Ensure that it is set to false. You probably have to reboot the machine to
make the change take place.

Read the following for more info.
http://eventid.net/display.asp?eventid=8003&eventno=680&source=MRxSmb&phase=1

Ace