Unable to PING Default Gateway 2

[DotNetNewbie]

Hi,

I'm reviewing the current setup of a network that I now have to manage and i've come across a strange anomoly.

Every server has the Default Gateway set to an IP address that it cannot PING. On inspection the IP address is of the Checkpoint Server.

Does anyone know if this is right or wrong?

I'm concerned that if the servers cannot ping the default gateway this may in part be the reason they are having nextwork issues.

Thanks in advance

D.

 

[DotNetNewbie]

Thanks,

I will remove the address from the second server. I assume the 3rd (new) DC wont require it either.

Im still getting a problem with the new DC when I configure the IP address, subnet and default gateway, the error is still saying:

Warning - Multiple default gateways are intended to provide redundancy...blah blah.

Well ive done an ipconfig /all and there is only 1 default gateway, ive rebooted and its still saying it! any ideas?

You've been a great help so far, many many thanks.

 

[porkchopexpress]

Not don't have your ISP's DNS set anywhere other than in the forwarders tab in the DNS console.

Is there a second card in the new DC?

 

[DotNetNewbie]

Thanks.

The new server has two NIC's but they are teamed.

D.

 

[DotNetNewbie]

Also,

Im having a moment, can you explain how I need to add the ISP's dns entry into DNS, its not something ive done before, I formally have this info on the ISA server or firewall.

D.

 

[porkchopexpress]

Well that depends on your setup. With ISA you can have a caching DNS server installed and have your internal DNS server ask that for names and the ISA asks your ISP, or you can open port 53 on your firewall and allow your DNS server to ask your ISP directly.

Either way you need to configure your forwarders in DNS.

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202&sd=tech#XSLTH4151121122120121120120

As for the card team i'm not entirely sure as i don't have any boxes with card teams. What does ipconfig /all say about the default gateway?

 

[DotNetNewbie]

the IPconfig /all simply states the 1 default gateway; which is why im at a lose to why this message has appeared.

I'm going to break the teaming and see if that has anything to do with it.

Thanks for the link.

D.

 

[DotNetNewbie]

Right.

I've managed to sort out the unable to ping the default gateway issue. I've also managed to resolve the multiple default gateway issue.

However after promoting the server to a DC again I still get the error:

"there is a time difference between client and server"

D.

 

[porkchopexpress]

Ok do Netdiag and DCdiag run ok now?

Is the error just on the promoted server?

Is the server showing the same time as the clients and is it set to the same time zone? (I'm just listing all the things that i think could be misconfigured you might of checked these already)

Are all DC's at the same SP level?

What errors do you receive in the event log? (On all DC's if you get errors on more than the new DC)

 

[DotNetNewbie]

Morning,

After promoting it again yesterday I initially couldnt log on, after rechecking the local time, resetting it, checking the BIOS time, running NETDIAG and DCDIAG (which still doesnt seem to work). There were a few errors in the new DC's event log about FRS replication, ie not being able to contact a specific DC, it also even after 6 hours had not updated its DNS. However just before I left lasts night I was able to log in!!!

On coming in this morning users now get the same error message, and im assuming this is because they are attempting to validate thier loggin against that server. And now again I cannot log onto this server.

Very odd!

 

[porkchopexpress]

Ok i take it you will be demoting this server again.
It might be worth checking that the FRS service is working correctly on the current DC's. Check out the link below for the FRSdiag tool, also try placing a small file in the Netlogon folder on one DC and see if it appears in Netlogon on the other DC.

http://www.microsoft.com/downloads/...familyid=43CB658E-8553-4DE7-811A-562563EB5EBF

 

[porkchopexpress]

Can you post the FRS errors from the event log on the new DC as well.

 

[porkchopexpress]

Also Sonar.exe is a nice easy tool that will report if FRS is working.

http://www.microsoft.com/downloads/...fb-fe09-477c-8148-25ae02cf15d8&DisplayLang=en

 

[DotNetNewbie]

Thanks for the tools, i've download and installing them now.

Here is one of the errors from FRS Event viewer:

The File Replication Service is having trouble enabling replication from DC01 to DC02 for c:\winnt\sysvol\domain using the DNS name dc01.x.COM. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name DC01.x.COM from this computer.
[2] FRS is not running on DC01.x.COM.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Another is (normally before the above message):

The File Replication Service is no longer preventing the computer DC02 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

Type "net share" to check for the SYSVOL share.

And:

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller Dc02.x.COM for FRS replica set configuration information.

Could not bind to a Domain Controller. Will try again at next polling cycle.

Hope that helps!

D.

 

[porkchopexpress]

Is the new server still on the domain?

If it is then you should remove it from the domain and check to see that is has removed itself from active directory and DNS. Then run the tools again to see if you receive the errors.

Check that your DNS records are correct for all DC's as well ping each one by name to check that they ping the correct IP.

 

[DotNetNewbie]

Interestingly I get errors with both those tools, seems to be missing the mscoree.dll - which is part of the .net framework, which i dont think is installed on any of the servers.

The new server is still a DC, I can ping all the servers, including the DC's without a problem.

D.

 

[porkchopexpress]

Hmmm i'm on 2k3 so 2k might need the .net framework.

I'd be tempted to get rid of the new DC if you can and try to find out if your domain runs error free before we DCpromo it again.

 

[DotNetNewbie]

I think it will require the framework to be installed to work, but thats not too much of a problem.

I know before the new DC went in, everything worked fine, no problems at all. So in promting this new server to a DC is upsetting 'something' but what that is, im at a lose to know what.

I've made sure all over DC's are fully patched......Im now at a complete lose to know why this is happening. I've built more domains than I care to recall, but never have I come across this issue before.

D.

 

[porkchopexpress]

Are you certain that everything was working fine, there could be a minor issue with FRS that went unnoticed but a big change like adding a DC has shown it up.

 

[DotNetNewbie]

As far as i can/could tell everything was working correctly. I guess the only thing I can do is demote it again, leave it over the weekend and then check the logs on Monday to see whats what....

D.

 

[porkchopexpress]

I think that will be the best course of action as we can return to a known good state.