Wrong DNS settings applied to DHCP clients 1

[BigFunkyChief]

A very strange problem indeed...I have a network with one Win2003 SBS Server, running DHCP and DNS. There are a few other servers on my network (Win2K Server), but none have been DCPROMOed.

DHCP is setup to provide scope option 006 - DNS Server names, and to provide 2 internal IP addresses (the 1st is the DC, the second is an alternative server with a copy of DNS).

My client computers pull and IP address fine, and also pull the proper internal DNS servers. Also, the DHCP server is correct in the ipconfig /all settings.

However, when I run ipconfig /all a second time, it shows different DNS server addresses - a 206.x.x.x address and 4.2.2.2 and 4.2.2.1. I cannot for the life of me figure out why it's switching over to these DNS servers, and as a result we're getting lots of weird errors across the domain.

I'm not using forwarders in my DNS settings, using root hint servers. There are no other DHCP servers running on the network. There is a router, but it's not running DHCP. I've restarted DHCP and DNS services, rebooted the server a few times, removed the scope option 006 and re-added, cleared the DNS cache...

Any ideas? Thanks in advance!

"Rule #1 - When stumped, check your Event Logs!

 

[BigFunkyChief]

Well, unjoining and rejoining the workstation to the domain has worked so far. Not a great solution, since we have about 30 workstations, but it'll take care of the issue I guess.

"Rule #1 - When stumped, check your Event Logs!

 

[BigFunkyChief]

Correction...unjoining the computer to the domain did not work, it only held the problem off for about a day. Same issue occuring.

The Event Log shows the following error regularly :

Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

"Rule #1 - When stumped, check your Event Logs!

 

[markdmac]

Very strange problem you are reporting here.

Your SBS server should have configured the DNS Forwarders tab with information when you ran through the setup. Make sure it has the right ISP DNS there. Verify that the DHCP scope options are still set correctly. Make certain that no other servers have been authorized for DHCP.

I know you have already checked, but give your network another look over and see if there are any wireless routers installed that might be providing DHCP info. Verify that your SBS Servers DHCP is actually running. SBS will shut down its DHCP if it detects another DHCP server on the network.

I hope you find this post helpful.

Regards,

Mark

 

[BigFunkyChief]

Here's my ipconfig from my workstation :

Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : Gigabit Ethernet Network PCI Adapter (Rev.D)
Physical Address. . . . . . . . . : 00-88-04-D4-48-96
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.1.1.117
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.99
DNS Servers . . . . . . . . . . . : 206.13.31.12
4.2.2.2
4.2.2.1
Primary WINS Server . . . . . . . : 10.1.1.99
Lease Obtained. . . . . . . . . . : Monday, December 26, 2005 5:37:09 PM
Lease Expires . . . . . . . . . . : Sunday, March 26, 2006 5:37:09 PM

I only have one wireless router, but it's offline right now. I'm actually not using forwarders, we had some problems with our ISP's DNS, and I decided it was easier to run DNS in house using the root servers.


"Rule #1 - When stumped, check your Event Logs!

 

[markdmac]

And 10.1.1.99 is your DNS server right?

If you do an IPCONFIG /RELEASE followed by IPCONFIG /RENEW do you get the correct values?

Probably a good idea to first flush the cache too with IPCONFIG /FLUSHDNS.

I hope you find this post helpful.

Regards,

Mark

 

[BigFunkyChief]

Yes, 10.1.1.99 is SBS2003 Server (DHCP and DNS). Yes, if I release and renew I get the correct values, for literally 2 seconds, then it switches to the incorrect values.

Yes, have flushed the cache on the workstation, and also the on the server in DNS manager.

"Rule #1 - When stumped, check your Event Logs!

 

[NetIntruder]

any chance you could drop a print out of the correct config in here? Hopefully your 2 second window of time is enough to capture it



~Intruder~
CEH, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"

 

[markdmac]

Hmm, honestly I am stumped but would recommend that you try to use a utility (freeware) like AngryIP to scan your subnet and verify for certain that you don't have another device on your network that someone put on the LAn without your knowing.

Also, I would suggest scanning for viruses and spyware to ensure they are not redirecting you.

I hope you find this post helpful.

Regards,

Mark

 

[BigFunkyChief]

Good idea on scanning the network...though I was thinking if another DHCP server was serving that address, then it would show up in the IPCONFIG. I'll try that now.

I'll post the config shortly (need to be onsite to release/renew it). Thanks for all the help, this has definitely got me scratching my head.

"Rule #1 - When stumped, check your Event Logs!

 

[zoeythecat]

(1) From your workstation can you do the command ==>nslookup< What are the results? From the printout of your IPConfig/all it is not displaying the DNS server.
(2) Can you check your dns server's TCP/IP settings and make sure you have the DNS settings pointing correctly to itself.

 

[markdmac]

Totally a side note, if you have remote access to a machine you can create a simple BAT file to perform all of the IPCONFIG commands /RELEASE /RENEW /FLUSHDNS.

You will temporarily loose your RDP session, but the BAT will continue to process and renew for you.


I hope you find this post helpful.

Regards,

Mark

 

[BigFunkyChief]

That's a cool trick...

Immediate Release and Renew gives :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : Gigabit Ethernet Network PCI Adapter (Rev.D)
Physical Address. . . . . . . . . : 00-08-54-D4-48-93
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.1.1.117
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.99
DNS Servers . . . . . . . . . . . : 10.1.1.99
10.1.1.97
Primary WINS Server . . . . . . . : 10.1.1.99
Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2005 3:05:34 PM
Lease Expires . . . . . . . . . . : Tuesday, March 28, 2006 3:05:34 PM

...then it immediately reverts back to the settings posted originally.

"Rule #1 - When stumped, check your Event Logs!

 

[zoeythecat]

Again, if you look at your DNS from your IPConfig stats you will see domain.local. You should see your DNS Server name. Have you tried the nslookup command? I'm just curious if you need to verify your DNS settings on your DNS server are pointing to itself. If do the nslookup command on your workstaion this will verify if you are having a DNS issue on your domain. If so you need to go to your TCP/IP DNS settings of your DNS server and make sure you have the correct DNS IP addres (should be the same IP Address as your DNS server). You need to also make sure your other servers have the IP Address of your DNS server.

 

[BigFunkyChief]

Well, I took the advice of a friend and I stopped the DHCP service and tried renewing my address, low and behold a Linksys WRT54G served me an IP, even though DHCP in it is specifically turned off! Good call markdmac....

Great troubleshooting steps, again thanks for all the help.

"Rule #1 - When stumped, check your Event Logs!

 

[markdmac]

Glad the mystery is solved. I've actually seen that happen ona LinkSys before myself. Had to toggle the setting to make it go away.

I hope you find this post helpful.

Regards,

Mark