Strange Problem with Computer Name Pinging

[mcp6453]

A non-profit that I support has a Windows 2003 Server with workstations
with XP and Win2K. The system has been working well for a couple of
years. All of a sudden, when a particular machine pings the server at
192.168.1.10, the reply comes from the public web site. (Unfortunately,
the domain and and domain name are the same.) When this problem happens,
an application on the machine will not work.

In ignorance, I changed the problem program to access the server with IP
address instead of server name. The application started working, but the
application modified the server installation such that no other machine
running that application can access it.

A few hours later, with no changes to the network, the problem machine
would get a reply from the server instead of the external web site. That
is, the problem cleared itself.

While some of this post may seem off-topic for this newsgroup, although
I hope it isn't, here is the question. Why would the machine suddenly
start getting a reply from the external site and then clear itself?

 

[Steven L Umbach]

I would check that the DNS infrastructure is configured correctly where the
domain controller points ONLY to itself as it's preferred DNS server and
that the domain computers point ONLY to the domain controller as their DNS
server whether it be by static IP configuration or by DHCP scope from the
domain controller. You can use the command ipconfig /all to see what a
computer is using as it's DNS servers. Using ISP DNS servers for domain
computers is a big NO NO particularly if the domain name used is also on the
internet as when ISP DNS server is used the name will resolve to an internet
IP and when the DNS on the domain controller is used it will resolve to an
internal IP assuming DNS zone is configured correctly on the domain
controller. Also verify that any internet router/firewall used has DHCP
disabled on it or if it is being used as the only DHCP server [not the best
of ideas] that it shows the domain controlled only as the DNS server for the
LAN. Running the support tool netdiag on the domain controller and domain
computers would also be a good idea to check general domain networking
health.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 ---
Active Directory DNS FAQ
http://technet2.microsoft.com/windo...87ea-4f7a-9806-0b54e1c00a771033.mspx?mfr=true
--- netdiag

Steve

 

[mcp6453]

Thanks for the response. I can confirm that DHCP is disabled on the
router. DNS is handled exclusively by the server. Even when a
workstation has a problem with resolution of the server name, ipconfig
/all shows that the DNS server is 192.168.1.10, which is correct. It is
as if the workstation is requesting DNS info from the server but not
getting the right information. There is a zone (correct name?) in the
DNS server that points the server name to the IP address.

I will read the article below, and I will experiment with netdiag to see
what it does. For now, I have added an LMHOSTS file, which seems to have
solved the problem. Unfortunately I don't know what other problems out
there might be looming.

I would check that the DNS infrastructure is configured correctly where the
domain controller points ONLY to itself as it's preferred DNS server and
that the domain computers point ONLY to the domain controller as their DNS
server whether it be by static IP configuration or by DHCP scope from the
domain controller. You can use the command ipconfig /all to see what a
computer is using as it's DNS servers. Using ISP DNS servers for domain
computers is a big NO NO particularly if the domain name used is also on the
internet as when ISP DNS server is used the name will resolve to an internet
IP and when the DNS on the domain controller is used it will resolve to an
internal IP assuming DNS zone is configured correctly on the domain
controller. Also verify that any internet router/firewall used has DHCP
disabled on it or if it is being used as the only DHCP server [not the best
of ideas] that it shows the domain controlled only as the DNS server for the
LAN. Running the support tool netdiag on the domain controller and domain
computers would also be a good idea to check general domain networking
health.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 ---
Active Directory DNS FAQ
http://technet2.microsoft.com/windo...87ea-4f7a-9806-0b54e1c00a771033.mspx?mfr=true
--- netdiag

Steve

A non-profit that I support has a Windows 2003 Server with workstations
with XP and Win2K. The system has been working well for a couple of years.
All of a sudden, when a particular machine pings the server at
192.168.1.10, the reply comes from the public web site. (Unfortunately, the
domain and and domain name are the same.) When this problem happens, an
application on the machine will not work.

In ignorance, I changed the problem program to access the server with IP
address instead of server name. The application started working, but the
application modified the server installation such that no other machine
running that application can access it.

A few hours later, with no changes to the network, the problem machine
would get a reply from the server instead of the external web site. That
is, the problem cleared itself.

While some of this post may seem off-topic for this newsgroup, although I
hope it isn't, here is the question. Why would the machine suddenly start
getting a reply from the external site and then clear itself?

 

[Steven L Umbach]

Looks like the domain networking is good to go from what you describe. If
DNS is working the way it should it should only return IPs from records in
the local domain zone though you may want to browse through those records to
make sure they all show IPs from the local network. Using lmhosts may be a
good solution. If you see the problem again try referring to your server by
it's fully qualified domain name [as in server.mydomain.com] instead of
server to see if that makes a difference and if so you may need to specify
FQDN instead of host name in mapped drives, etc. I suppose DNS cache
pollution could also be a possibility and the link below will show to verify
that the DNS server is configured to secure against cache pollution which
should be the default setting.

Steve

http://support.microsoft.com/kb/241352

Thanks for the response. I can confirm that DHCP is disabled on the
router. DNS is handled exclusively by the server. Even when a workstation
has a problem with resolution of the server name, ipconfig /all shows that
the DNS server is 192.168.1.10, which is correct. It is as if the
workstation is requesting DNS info from the server but not getting the
right information. There is a zone (correct name?) in the DNS server that
points the server name to the IP address.

I will read the article below, and I will experiment with netdiag to see
what it does. For now, I have added an LMHOSTS file, which seems to have
solved the problem. Unfortunately I don't know what other problems out
there might be looming.

I would check that the DNS infrastructure is configured correctly where
the domain controller points ONLY to itself as it's preferred DNS server
and that the domain computers point ONLY to the domain controller as
their DNS server whether it be by static IP configuration or by DHCP
scope from the domain controller. You can use the command ipconfig /all
to see what a computer is using as it's DNS servers. Using ISP DNS
servers for domain computers is a big NO NO particularly if the domain
name used is also on the internet as when ISP DNS server is used the name
will resolve to an internet IP and when the DNS on the domain controller
is used it will resolve to an internal IP assuming DNS zone is configured
correctly on the domain controller. Also verify that any internet
router/firewall used has DHCP disabled on it or if it is being used as
the only DHCP server [not the best of ideas] that it shows the domain
controlled only as the DNS server for the LAN. Running the support tool
netdiag on the domain controller and domain computers would also be a
good idea to check general domain networking health.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 ---
Active Directory DNS FAQ
http://technet2.microsoft.com/windo...87ea-4f7a-9806-0b54e1c00a771033.mspx?mfr=true
--- netdiag

Steve

A non-profit that I support has a Windows 2003 Server with workstations
with XP and Win2K. The system has been working well for a couple of
years. All of a sudden, when a particular machine pings the server at
192.168.1.10, the reply comes from the public web site. (Unfortunately,
the domain and and domain name are the same.) When this problem happens,
an application on the machine will not work.

In ignorance, I changed the problem program to access the server with IP
address instead of server name. The application started working, but the
application modified the server installation such that no other machine
running that application can access it.

A few hours later, with no changes to the network, the problem machine
would get a reply from the server instead of the external web site. That
is, the problem cleared itself.

While some of this post may seem off-topic for this newsgroup, although
I hope it isn't, here is the question. Why would the machine suddenly
start getting a reply from the external site and then clear itself?

 

[mcp6453]

We *may* have discovered the problem, although it is not clear to me. I
always thought that when a static IP is entered, at least two DNS
entries were required. The two that I have are the local DNS server and
an external one. My colleague said the external one is probably causing
the problem. I don't know why that would be the case, but I am going to
remove the external one and try that.

Cache pollution does sound like a viable explanation. Thanks for the
link below. I will check it out.

Looks like the domain networking is good to go from what you describe. If
DNS is working the way it should it should only return IPs from records in
the local domain zone though you may want to browse through those records to
make sure they all show IPs from the local network. Using lmhosts may be a
good solution. If you see the problem again try referring to your server by
it's fully qualified domain name [as in server.mydomain.com] instead of
server to see if that makes a difference and if so you may need to specify
FQDN instead of host name in mapped drives, etc. I suppose DNS cache
pollution could also be a possibility and the link below will show to verify
that the DNS server is configured to secure against cache pollution which
should be the default setting.

Steve

http://support.microsoft.com/kb/241352

Thanks for the response. I can confirm that DHCP is disabled on the
router. DNS is handled exclusively by the server. Even when a workstation
has a problem with resolution of the server name, ipconfig /all shows that
the DNS server is 192.168.1.10, which is correct. It is as if the
workstation is requesting DNS info from the server but not getting the
right information. There is a zone (correct name?) in the DNS server that
points the server name to the IP address.

I will read the article below, and I will experiment with netdiag to see
what it does. For now, I have added an LMHOSTS file, which seems to have
solved the problem. Unfortunately I don't know what other problems out
there might be looming.

I would check that the DNS infrastructure is configured correctly where
the domain controller points ONLY to itself as it's preferred DNS server
and that the domain computers point ONLY to the domain controller as
their DNS server whether it be by static IP configuration or by DHCP
scope from the domain controller. You can use the command ipconfig /all
to see what a computer is using as it's DNS servers. Using ISP DNS
servers for domain computers is a big NO NO particularly if the domain
name used is also on the internet as when ISP DNS server is used the name
will resolve to an internet IP and when the DNS on the domain controller
is used it will resolve to an internal IP assuming DNS zone is configured
correctly on the domain controller. Also verify that any internet
router/firewall used has DHCP disabled on it or if it is being used as
the only DHCP server [not the best of ideas] that it shows the domain
controlled only as the DNS server for the LAN. Running the support tool
netdiag on the domain controller and domain computers would also be a
good idea to check general domain networking health.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 ---
Active Directory DNS FAQ
http://technet2.microsoft.com/windo...87ea-4f7a-9806-0b54e1c00a771033.mspx?mfr=true
--- netdiag

Steve



A non-profit that I support has a Windows 2003 Server with workstations
with XP and Win2K. The system has been working well for a couple of
years. All of a sudden, when a particular machine pings the server at
192.168.1.10, the reply comes from the public web site. (Unfortunately,
the domain and and domain name are the same.) When this problem happens,
an application on the machine will not work.

In ignorance, I changed the problem program to access the server with IP
address instead of server name. The application started working, but the
application modified the server installation such that no other machine
running that application can access it.

A few hours later, with no changes to the network, the problem machine
would get a reply from the server instead of the external web site. That
is, the problem cleared itself.

While some of this post may seem off-topic for this newsgroup, although
I hope it isn't, here is the question. Why would the machine suddenly
start getting a reply from the external site and then clear itself?

 

[Steven L Umbach]

Only one DNS server is needed. That is why I earlier emphasized that ISP DNS
servers must not be used on a domain computer and that appears to be the
case in your situation which explains a lot because if the client used the
external DNS server it would receive replies that resolved to the internet
domain name and not the local . Glad you got it sorted out. The link below
on AD FAQ from Microsoft will explain in more detail.

Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 --- AD
DNS FAQ

Question: What are the common mistakes that are made when administrators set
up DNS on network that contains a single Windows 2000 or Windows Server 2003
domain controller?

Answer: The most common mistakes are: . The domain controller is not
pointing to itself for DNS resolution on all network interfaces.
. The "." zone exists under forward lookup zones in DNS.
. Other computers on the local area network (LAN) do not point to the
Windows 2000 or Windows Server 2003 DNS server for DNS.


Question: Should I point the other Windows 2000-based and Windows Server
2003-based computers on my LAN to my ISP's DNS servers?

Answer: No. If a Windows 2000-based or Windows Server 2003-based server or
workstation does not find the domain controller in DNS, you may experience
issues joining the domain or logging on to the domain. A Windows 2000-based
or Windows Server 2003-based computer's preferred DNS setting should point
to the Windows 2000 or Windows Server 2003 domain controller running DNS. If
you are using DHCP, make sure that you view scope option #15 for the correct
DNS server settings for your LAN.

We *may* have discovered the problem, although it is not clear to me. I
always thought that when a static IP is entered, at least two DNS entries
were required. The two that I have are the local DNS server and an
external one. My colleague said the external one is probably causing the
problem. I don't know why that would be the case, but I am going to remove
the external one and try that.

Cache pollution does sound like a viable explanation. Thanks for the link
below. I will check it out.

Looks like the domain networking is good to go from what you describe. If
DNS is working the way it should it should only return IPs from records
in the local domain zone though you may want to browse through those
records to make sure they all show IPs from the local network. Using
lmhosts may be a good solution. If you see the problem again try
referring to your server by it's fully qualified domain name [as in
server.mydomain.com] instead of server to see if that makes a difference
and if so you may need to specify FQDN instead of host name in mapped
drives, etc. I suppose DNS cache pollution could also be a possibility
and the link below will show to verify that the DNS server is configured
to secure against cache pollution which should be the default setting.

Steve

http://support.microsoft.com/kb/241352

Thanks for the response. I can confirm that DHCP is disabled on the
router. DNS is handled exclusively by the server. Even when a workstation
has a problem with resolution of the server name, ipconfig /all shows
that the DNS server is 192.168.1.10, which is correct. It is as if the
workstation is requesting DNS info from the server but not getting the
right information. There is a zone (correct name?) in the DNS server that
points the server name to the IP address.

I will read the article below, and I will experiment with netdiag to see
what it does. For now, I have added an LMHOSTS file, which seems to have
solved the problem. Unfortunately I don't know what other problems out
there might be looming.

Steven L Umbach wrote:

I would check that the DNS infrastructure is configured correctly where
the domain controller points ONLY to itself as it's preferred DNS server
and that the domain computers point ONLY to the domain controller as
their DNS server whether it be by static IP configuration or by DHCP
scope from the domain controller. You can use the command ipconfig /all
to see what a computer is using as it's DNS servers. Using ISP DNS
servers for domain computers is a big NO NO particularly if the domain
name used is also on the internet as when ISP DNS server is used the
name will resolve to an internet IP and when the DNS on the domain
controller is used it will resolve to an internal IP assuming DNS zone
is configured correctly on the domain controller. Also verify that any
internet router/firewall used has DHCP disabled on it or if it is being
used as the only DHCP server [not the best of ideas] that it shows the
domain controlled only as the DNS server for the LAN. Running the
support tool netdiag on the domain controller and domain computers would
also be a good idea to check general domain networking health.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 ---
Active Directory DNS FAQ
http://technet2.microsoft.com/windo...87ea-4f7a-9806-0b54e1c00a771033.mspx?mfr=true
--- netdiag

Steve



A non-profit that I support has a Windows 2003 Server with workstations
with XP and Win2K. The system has been working well for a couple of
years. All of a sudden, when a particular machine pings the server at
192.168.1.10, the reply comes from the public web site. (Unfortunately,
the domain and and domain name are the same.) When this problem
happens, an application on the machine will not work.

In ignorance, I changed the problem program to access the server with
IP address instead of server name. The application started working, but
the application modified the server installation such that no other
machine running that application can access it.

A few hours later, with no changes to the network, the problem machine
would get a reply from the server instead of the external web site.
That is, the problem cleared itself.

While some of this post may seem off-topic for this newsgroup, although
I hope it isn't, here is the question. Why would the machine suddenly
start getting a reply from the external site and then clear itself?