Host resolved to wrong IP

April 30, 2009 at 04:24:05
Specs: Windows XP

Hello

Scenario: A company network based on windows PCs and a active directory domain controller (Win Server 2003). The domain controller acts as DNS server as well as DHCP server.

Recently I set up a new web server called Midway. During installing Win 2003 on it, the server was assigned a dynamic IP (192.168.0.184 seemingly) by the DHCP server. I added the server in this state to the Domain. Only afterwards I changed the IP to a fixed one, 192.168.0.68.

Then I had the phenomenon that suddenly I could not access the website on Midway. Ping revealed that instead of the actual IP, it tried to ping to the 184.

I found out that the DHCP hat a Lease on 184 for Midway and removed that. Afterwards it worked -- for a while!

Now I encounter this issue at least once each day. Normally, the name midway is correctly resolved to 68, but suddenly it tries to access 184.

ping midway tries to ping to 184.
nslookup midway correctly returns 68.

In the DNS forward and reverse lookup zones, midway and 68 are mapped to each other.
184 is mapped to by a name called "sark".

In the DHCP leases, there used to be no lease for 184, today there was a lease for yet another server, neither sark nor midway.

The domain controller acts as a WINS server, too, but in the WINS config, not a single host is defined.

In the hosts file, neither midway nor 184 nor 68 are defined, since I want to rely upon our DNS server.

Can anybody explain me where the heck my WinXP takes this {+"รง%&%*} IP address?

Sometimes, a "ipconfig /flushdns" helped, sometimes not.

I have searched the whole registry using regedit's find... for the 192.168.0.184 and could not find a single entry.

Thx chiccodoro


See More: Host resolved to wrong IP

Report •


#1
April 30, 2009 at 06:48:06

Can you not just give it a static ip?

Report •

#2
April 30, 2009 at 07:17:44

Your mistake was not having a static IP ready to apply during the setup of 2003. This is especially important within an AD integrated domain.

If you can, I would start over with the IP address for the web server in-hand and ready to apply at the appropriate time.

I fear you may have an issue going on with the NIC on that machine. I've seen in the past where Windows has a little "oops" where the "Local Area Connection" is replaced by a second one ("Local Area Connection 2") and the IP assigned to the "replaced" NIC is the one it keeps trying to use. Removing the NIC from Device Manager doesn't help as you go from "Local Area Connection 2" to "Local Area Connection 3". I suspect this is the result of file corruption incurred during the install. Anyhow, if that is the problem you're having, the only solution I've ever found was a complete, clean reinstall.

Alternatively, it could be your DNS records. Check the Host records for that server/IP in your DNS and see if the problem isn't in there.


Report •

#3
April 30, 2009 at 07:41:11

Thank you both for your answers.

andynet, to clarify: I have given it a static IP address, only a little bit too late as it seems.

Curt R: Hmm... starting over seems too much effort to me if not really necessary. But if windows indeed is to dumb, I will probably have to...

As mentioned, the DNS on the domain controller has only correct entries. However I do not know how to view the state of my workstation's DNS. Maybe you could help me there?

I have not quite understood your explanations about the NIC's. Do you guess that the wrong IP still exists somehow on the server's NIC? (The server identifies itself correctly).


Report •

Related Solutions

#4
April 30, 2009 at 08:00:38

As mentioned, the DNS on the domain controller has only correct entries. However I do not know how to view the state of my workstation's DNS. Maybe you could help me there?

Your workstation doesn't contain DNS....the DNS server does.
What your workstation does have is a DNS entry in it's TCP/IP information so it knows where to go when requesting resources.

Open a command prompt window on your workstation and type the following command:

ipconfig /all

Does the DNS entry point at your DNS server? If not, that's a big issue.


I have not quite understood your explanations about the NIC's. Do you guess that the wrong IP still exists somehow on the server's NIC? (The server identifies itself correctly).

I'll do my best to explain. As recently as a couple days ago I ran into this issue. For whatever reason, the "Local Area Connection" on a computer was replaced by "Local Area Connection 2".

We discovered this because we were trying to change the IP of said PC and couldn't. Every time we tried we got an error message (I don't remember it offhand). I tried uninstalling the NIC, then rebooted, let windows "find" it and install it. I checked and found "Local Area Connection 3" and was still unable to change the IP as it was wired to the origina "Local Area Connection" which had disappeared and been replaced (twice over at this point).

Rather than pull out what's left of my hair we did a (clean) reinstall of the PC and that fixed the issue.

Anyhow, your situation reminded me of this so I thought it would be worth looking into.

Check in your Network Connections. Do you see "Local Area Connection 2"? If yes, you may have a similar problem going on on your server.


Report •

#5
April 30, 2009 at 09:20:51

Dear Curt

Thx for the very quick response!

The DNS server configured for my workstation is the correct one (our domain controller). These settings are received from the domain controller, too, via DHCP.

I have no DNS server installed on my work station, but I bet that there must be some cache which is used first for resolving, before contacting the DNS server, isn't it?

Midway has no adapter "2". What I have to mention here is that the server is a VM on a VMware workstation, and the adapter is virtual. But it has the correct IP address.

Only my PC sometimes thinks it should contact the server using the wrong IP address. As far as I know (will verify this later on) the same problem is on any clients.

Midway ipconfig /all says:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : midway
   Primary Dns Suffix  . . . . . . . : [hidden]
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wega

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
   Physical Address. . . . . . . . . : [hidden]
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.68
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.101
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       192.168.0.2


Report •

#6
April 30, 2009 at 10:18:53

I have no DNS server installed on my work station, but I bet that there must be some cache which is used first for resolving, before contacting the DNS server, isn't it?

As I said before, you can't install DNS on a workstation, only on a server. Yes, it will cache and you can clear that in a command prompt window using the following command:

ipconfig /flushdns

So I would try that on the workstation and see if it begins connecting properly afterwards.

Midway has no adapter "2". What I have to mention here is that the server is a VM on a VMware workstation, and the adapter is virtual. But it has the correct IP address.

That's good news (no "2") so that rules out one issue there. I've yet to play with VM much so I can't help you there but if it's showing the correct IP, we'll assume that isn't the issue which would leave us with the DNS records themselves.

I would go through all host records for Midway on the DNS server to ensure they all show the correct IP address of Midway.


Report •

#7
April 30, 2009 at 13:09:46

Think there is some setting to resolve name to ip on server,.a check box.

"Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10


Report •

#8
April 30, 2009 at 23:03:38

Hello curt

Unfortunately I have already tried all this, as you can take from my original post.

ipconfig /flushdns did actually help in some cases, but sometimes it did not solve the issue. (although it said "successfully flushed dns cache").

On the Domain controller, I already went through the forward and reverse zones multiple times, and the only entries for midway are the correct 68 ones. Vice versa, the only entries for 184 point to another host, "sark".

Just to refresh my case:
* DNS entries on the DNS server are correct.
* No DHCP lease for MIDWAY exists on the DHCP server.
* The 184 points two servers different from MIDWAY both in DNS as well as DHCP (funnily, these servers are also different to each other)
* NSLOOKUP returns the correct answer.
* IPCONFIG /flushdns does sometimes not help neither.
* Most of the time, the name is CORRECTLY resolved to 68, but then all of a sudden, it is resolved to 184.

Hope that anyone has yet another idea where the problem could stem from...

BTW: Is there any IP information hidden somewhere in the Active Directory? I also browsed that, and I found no IP information for MIDWAY.


Report •

#9
April 30, 2009 at 23:06:28

Hello jefro

Sorry, did not understand what you wanted to say. Could you please precise it again?

Thx chiccodoro


Report •

#10
May 1, 2009 at 07:35:13

Well, you've got me stumped. I figured it would be a host record in DNS.

Wish I could do more for you but without actually physically being there to troubleshoot, I've reached the end of what I can do over the forum. I sincerely hope you get it figured out, and if you do, please come back here and post the fix in this thread.


Report •

#11
May 1, 2009 at 08:02:25

DNS Suffix Search List. . . . . . : wega

wega looks wrong to me. Should be your forest name like wega.org or so.

You list two dns servers. Both ms dns servers? Are they set to ad intergrated or primary/secondary? Do both contain exactly the same entries?

"The 184 points two servers different from MIDWAY both in DNS as well as DHCP "

either correct your dhcp scope or do a ip reservation the midway at x.x.x.184

It would appear you are handing out 184 via dhcp which is wrong.


Report •

#12
May 1, 2009 at 13:03:04

Start over on a new thread.

Post exact ping and nslookup command line. If you use www. or not.

I think I am confused as to you trying to access a netbios name or FQDN.

"Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10


Report •

#13
May 5, 2009 at 00:09:03

Hello all

Thank you anyway, curt! jefro: I have now started a new thread at

http://www.computing.net/answers/ne...

with my ipconfig and nslookup details. Please follow that thread, too, and expatiate there on the netbios thing. I must admit that I don't really know netbios. Does that include yet another naming system, too? I just begin to realize that windows seems to have numerous different naming systems, and the name of a computer (as set in the control panel) to be implemented in several of these(?)

Thx chiccodoro


Report •


Ask Question