Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to PING Default Gateway 2

Status
Not open for further replies.

DotNetNewbie

Programmer
Mar 3, 2004
344
GB
Hi,

I'm reviewing the current setup of a network that I now have to manage and i've come across a strange anomoly.

Every server has the Default Gateway set to an IP address that it cannot PING. On inspection the IP address is of the Checkpoint Server.

Does anyone know if this is right or wrong?

I'm concerned that if the servers cannot ping the default gateway this may in part be the reason they are having nextwork issues.

Thanks in advance

D.
 
That is a very good question, im not overly familair with Checkpoint but if you tell me were to look im sure i can find it.

D.
 
I've never used checkpoint but if it's anything like ISA server which we use that i will be configured not to respond to ping.

If yourt servers all have the correct IP and subnet mask settings and can ping other computers on the subnet then i would look into this.
 
You could ask in the Checkpoint forum.

Checkpoint Software: Firewall-1 Forum

forum32
 
All servers can PING each other etc and that all seems to be working fine.

The problem, or one of the problems is that its a NT4/2000 network, there are two DC's - one of which is the email server. I wanted to demote the email server, however I wanted to create a new DC first. However on running DCPROMO and promoting the new server I started to getting problems, the new servers DNS wouldnt update. I was unable to log onto the new DC (kept getting a time difference error between client and server or something similar).

I demoted the new DC and have started looking at the fundamentals of the network to see what could be causing these anomolies, hence wanting to check the DG on the servers.

Id rather use ISA but they have Checkpoint!

D.
 
If your DNS isn't configured correctly then you can receive time service errors, all computer clocks on a 2k network must be within 5 mins of each other otherwise kerbrouse will not function correctly. This can result in errors with DCPROMO and logon problems.
 
There are 2 2k DC's 1 NT4 PDC. DHCP is still on the PDC, but I want to move it to 2k, but only once this issue is resolved.

All servers Default Gateways point to the checkpoint server (which does have ICMP requests dropped).

All DC's have the DNS point to itself in the first instance and the other DC in the second.

All servers have the 2 DC's as DNS entries

All workstations have the 2 DC's DNS entries and point to the checkpoint server as the Default Gateway.

Does that all make sense?

D.

 
The NT4 domain is called X and the 2k is called Y with trust relationships between the two (not my choice). I want to phase out the NT4 domain, but need to do some additional work before this can be done. However I did want to remove the DHCP from NT4 and move it to 2k. I also wanted to remove the WINS from NT4.

The issue I have is when I created a new 2k DC the following happened:

1. DNS didnt propergate at all, not even after a long length of time.

2. I couldnt log onto the new DC as I was getting the "time difference between client server" error, which i assumed was some problem with DNS/time on the network.

So I am at a lose to know why the new DC has these issues - hence me checking DNS and this strange Default Gateway issue.

When I use things like netdiag it FAILS on any test connected to the default gateway.....

Thanks for your response so far, at least i can clarify what isnt the problem!

D.
 
Ok so you have a seperate 2k Active Directory domain with a trusting NT4 domain.

You want to join another 2k DC to your 2k AD but receive errors:

Is your DNS active directory intergrated?

How many 2k domain controlers do you currently have?

Can you run DCDIAG and NETDIAG and post the results.
 
Morning,

We currently have 2 2k DC's. How can I tell if DNS is AD intergrated?

Do I need to run DCDIAG and NETDIAG on the new DC or any of the DC's?

Also can you tell me the switch to pipe the results to a file instead of scrolling the screen?

Regards

David
 
If you open the DNS console and click forward lookup zones it will tell you under 'type' if it's AD intergrated.

Run the tools on the current DC's.

/f:logfile.txt

Cheers.
 
Hi,

It is AD intergated, thats the first thing. For some reason DCDiag didnt give any out.....

NetDiag:




Computer Name: SVR0001
DNS Host Name: SVR0001.LAPSIT.COM
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
List of installed hotfixes :
KB823980
KB824146
KB828028
KB835732
KB842773
KB842933
KB893803v2
Q147222
q323172
Q323255
Q324096
Q324380
Q326830
Q326886
Q327696
Q328310
Q329115
Q329170
Q329553
Q329834
Q331953
Q810649
Q810833
Q811114
Q811493
Q811630
Q814033
Q815021
Q816093

Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : svr0001.lapsit.com
IP Address . . . . . . . . : 10.1.1.3
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . : 10.1.3.3
Primary WINS Server. . . . : 10.1.1.5
Dns Servers. . . . . . . . : 10.1.1.3
10.1.1.15
158.152.1.58

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{D8F2B22D-FA60-4EAA-945F-B663FED971D4}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.1.1.3' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.1.1.15' and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '158.152.1.58'. Please wait for 30 minutes for DNS server replication.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{D8F2B22D-FA60-4EAA-945F-B663FED971D4}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D8F2B22D-FA60-4EAA-945F-B663FED971D4}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully

thx

D.
 
For DCDIAG make sure that the CMD prompt is open in the directory containing the exe, i'd put it in the root of D: to test and type dcdiag /f:test.txt
 
Hi,

Yes the 158 address is from our ISP.

Even moving DCDIAG to a new location and using the /f:test.txt switch it simply just returns to the command prompt, ive tried it on two machines now and get the same response...very odd.

D.

 
It can be a bit random it doesn't work from my C: drive but does from my D: it could be permissions but as far as i can tell they're full control. Just post any thing that concerns you.

You shouldn't have your ISP's DNS address in the secondary DNS servers box. If both of your DC's have DNS installed then have them point to themselves for primary and each other for secondary.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top