4 out of 90 PCs stopped communicating with DNS server

November 10, 2015 at 06:18:19
Specs: Windows 7
Hi,

I have encountered a big problem. Suddenly 4 of my computers (I have about 90 of them) stopped to communicate with AD/DNS server. When I change IP address of those computers everything works fine. But still if this problem will go on on other computers soon I will run out of IP addresses.
First of all they can see all network, they can ping every single PC or other server in network except this one (IP address is xxx.xxx.xxx.5 name is xxx). I have change IP addresses for those 4 computers and it works fine now. Then I have changed my PC to one of those addresses (xxx.xxx.xxx.21) and it all stopped. But still I can access this server with windows explorer by entering to it \\xxx\c$ and I can do whatever I want, then I can access it with remote desktop connection. But I can't ping it and I can't access internet. I have turned off firewalls on both ends - nothing.
anyone can tell me what it may be, from where to begin to solve this problem?
P.S. all PC are with win7 (some 32-bit some 64-bit).


See More: 4 out of 90 PCs stopped communicating with DNS server

Report •

#1
November 10, 2015 at 08:12:34
Sometimes this sort of thing is fixed by turning the router power off then on again - cause unknown.

Always pop back and let us know the outcome - thanks


Report •

#2
November 10, 2015 at 08:48:21
When you say that you can't ping the server, do you mean that you can't ping it by name, by dotted quad, or both? Fist things I would check would be the logs on the server and the ARP cache to see what entry there may be for that dotted quad.

Report •

#3
November 10, 2015 at 21:51:01
Derek,

I have firewall (CISCO ASA) but it's my gateway, so it shouldn't be a problem (I have opened everything for these 4 IP addresses just to be sure), then I have 2 HP switches between everything, but they do not close any ports, so it's not a problem, if it was then it would close connection to all PC not just 4, but thanks for the answer.

ijac,
I can't ping it nor by the name nor by IP address it says request timed out. I tried to look at packets with wireshark, but I'm no specialist of this program, what I saw it was just that these IP addresses doesn't get the response from DNS server.

P.S. servers event:
The DNS server received a bad TCP-based DNS message from xxx.xxx.xxx.21 (one of the bad IP addresses). The packet was rejected or ignored. The event data contains the DNS packet.
I will check what it is.

message edited by Ulkiukas


Report •

Related Solutions

#4
November 10, 2015 at 22:18:44
just found in other forums, done dcdiag and this is what I get:

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = Visagalis
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\VISAGALIS
Starting test: Connectivity
The host 138efd0b-9a85-41e0-9595-fcfe34f0fc3d._msdcs.lmt.lt could not
be resolved to an IP address. Check the DNS server, DHCP, server name,
etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... VISAGALIS failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\VISAGALIS
Skipping all tests, because server VISAGALIS is not responding to
directory service requests.


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : lmt
Starting test: CheckSDRefDom
......................... lmt passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... lmt passed test CrossRefValidation

Running enterprise tests on : lmt.lt
Starting test: LocatorCheck
......................... lmt.lt passed test LocatorCheck
Starting test: Intersite
......................... lmt.lt passed test Intersite

C:\Windows\system32>

anyone knows what should I do or now it's best to call IT company and hire someone? :)


Report •

#5
November 12, 2015 at 06:34:45
I like to keep things simple myself so when I read the following:

I have change IP addresses for those 4 computers and it works fine now. Then I have changed my PC to one of those addresses (xxx.xxx.xxx.21) and it all stopped.

My first thought was, "Why not leave the IP's changed?"

Are you not using DHCP? If not, why is that?

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#6
November 12, 2015 at 08:35:39
For now we're using static IP addresses, but soon we will move all network under the cyberoam device and then this device will be DHCP server, but still I need to figure out what's wrong that it won't happen again, what if all 90 PC suddenly will stop work and then I must change all IP addresses (don't forget network printers, servers and all other stuff) I have about 120-130 used IP addresses if I have to change them all then I will have a big problem - I will run out of IP addresses :)

If anyone knows what should I do, or what it is that I wrote earlier please tell me what should I do next. For now there's no new problems found...


Report •

#7
November 12, 2015 at 10:55:55
Servers and printers should be, and remain static IP's no matter what you do with the rest of your network. You should however go with DHCP as quickly as possible to prevent issues like this in the future.

Having said that, let's deal with the present issue.

I would start by comparing all the TCP/IP settings to working PC's to ensure I have everything the same. The things to look at are the DNS, gateway and subnet mask. If the settings are identical (with the exception of the actual IP address of course) then I have to ask, have the 4 PC's in question been removed from the domain recently?

It's a long shot considering other PC's stop working properly if you give them the IP address of one of the broken ones.

Other than that, the only things I can think might be the problem is your DNS itself or hardware/software issues with the individual PC's. Check to ensure those IP's haven't been blacklisted somehow so the DNS server doesn't respond properly to them. Also do the normal basic troubleshooting of the network interfaces of the PC's.

On a side note, if you're using private IP addresses internally and you only have the one subnet, you could expand the number of available IP's within the subnet itself by supernetting it. But with around 150 to play with, you're not likely to run out any time soon.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#8
November 12, 2015 at 22:44:06
Curt R,
Big thanks for answer.
First of all, there was nothing made with AD server (one group rule added, enabling Remote admin mode), just as all this began, I disabled this rule.
Second, I have tried all those 4 bad IP's on a working computer (everywhere all TCP/IP settings are the same - except IP address of that PC). When I put bad IP - PC can't get to my DNS server. I haven't thought about blacklisting and I will do this right now.

P.S. go with DHCP - it's in my plans for a year now, so this case is not why I want do this - it's just a coincidence.


Report •

#9
November 13, 2015 at 05:26:10
Sadly, after 10+ years of specializing in enterprise level networking, my MS administration skills are rusting. When I said "blacklisting" I was thinking that perhaps there was a setting in DNS that might be preventing those 4 PC's from connecting with AD correctly. I just couldn't think off the top of my head what setting(s) that might be. I have no DC to conveniently check on either.

Since their networking is actually working and the troubleshooting you've done so far has found nothing, this has to be a DNS/AD issue. So that's where I'd look at this point.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#10
November 14, 2015 at 00:40:51
thanks CurtR,

I'm thinking the same - problem at AD/DNS server... well after weekend I'll try to do some research there.


Report •

#11
November 16, 2015 at 01:56:09
Interesting stuff:
c:\PortQryV2>portqry -n xxx -e 53

Querying target system called:

xxx

Attempting to resolve name to IP address...


Name resolved to xxx.xxx.xxx.5

querying...

TCP port 53 (domain service): LISTENING

c:\PortQryV2>ping xxx.xxx.xxx.5

Pinging xxx.xxx.xxx.5 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for xxx.xxx.xxx.5:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C


what can block this "bad" IP?


Report •

Ask Question