I have 3 regular network users who lose internet/network connections
daily. The problem seemed to develop back when a DNS sever that was a
Windows 2000 Domain controller was lost forever. The DNS server was
replaced with a new Domain Controller on a new machine with Windows
2003 installed. At first is was with a laptop user who takes laptop
with home every night. Now it has spread to two other users. As a test
one user was switch to a new network cable that goes to a main switch
on the network directly after the firewall. Connection is still lost
for that user.

The following are the steps I take to fix network access for the 3
which has to be done multiple times a day.

1st. On a machine that has problems connecting. I logged in as the
administrator and attempted to access the internet and got no
connection.
2nd I changed the name of the work station from test to test1 to see
if that made a difference to with the internal DNS. I rebooted the
workstation to and attempted to access the internet and I got no
connection with test machine.
3rd. I changed the workstation name back to test and rebooted the
workstation. I deleted the DNS cache on Server66 (new machine with Win
2003) to see if this made a difference, I got no connection with test
machine.
4th. I cleared the DNS cache on Server22 to see if this made a
difference I got no connection with test machine.
5th I cleared the ARP cache from the firewall and was finally able to
get the internet working on the test computer.

Hello riki-(E-Mail Removed),

Please give some more info about the DNS setup, how many DNS servers and
is DNS running as Active directory integrated zones? Also post an unedited
ipconfig /all form the problem machine and the DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> I have 3 regular network users who lose internet/network connections
> daily. The problem seemed to develop back when a DNS sever that was a
> Windows 2000 Domain controller was lost forever. The DNS server was
> replaced with a new Domain Controller on a new machine with Windows
> 2003 installed. At first is was with a laptop user who takes laptop
> with home every night. Now it has spread to two other users. As a test
> one user was switch to a new network cable that goes to a main switch
> on the network directly after the firewall. Connection is still lost
> for that user.
>
> The following are the steps I take to fix network access for the 3
> which has to be done multiple times a day.
>
> 1st. On a machine that has problems connecting. I logged in as the
> administrator and attempted to access the internet and got no
> connection.
> 2nd I changed the name of the work station from test to test1 to see
> if that made a difference to with the internal DNS. I rebooted the
> workstation to and attempted to access the internet and I got no
> connection with test machine.
> 3rd. I changed the workstation name back to test and rebooted the
> workstation. I deleted the DNS cache on Server66 (new machine with Win
> 2003) to see if this made a difference, I got no connection with test
> machine.
> 4th. I cleared the DNS cache on Server22 to see if this made a
> difference I got no connection with test machine.
> 5th I cleared the ARP cache from the firewall and was finally able to
> get the internet working on the test computer.

In news:(E-Mail Removed),
Meinolf Weber <meiweb(nospam)@gmx.de> typed:
> Hello riki-(E-Mail Removed),
>
> Please give some more info about the DNS setup, how many DNS servers
> and is DNS running as Active directory integrated zones? Also post an
> unedited ipconfig /all form the problem machine and the DNS server.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
>

Good point, Menolf.

In addition riki-(E-Mail Removed), what type of firewall is in place? Is it
a proxy? Does it support EDNS0?

Also, about the lost DC, exactly how did you 'replace' it? Was a Metadata
Cleanup ever performed? Did you seized the roles?

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

> > Please give some more info about the DNS setup, how many DNS servers
> > and is DNS running as Active directory integrated zones? Also post an
> > unedited ipconfig /all form the problem machine and the DNS server.
>
> > Best regards
>
> > Meinolf Weber

* 2 DNS Servers
* Active Directory Intergrated
* ipconfig /all form the machine with problem (Windows XP)
Windows IP Configuration
Host Name . . . . . . . . . . . . : test
Primary Dns Suffix . . . . . . . : <Insert domain name>.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <Insert domain name>.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100
Integrated Controller
Physical Address. . . . . . . . . : 00-1A-A0-3B-94-9F
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.41
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.3

* ipconfig /all form DNS machine Server22 (Windows 2000 Server)


Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : Server22
Primary DNS Suffix . . . . . . . : <Insert domain name>.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <Insert domain name>.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin Gigabit Desktop Card
Physical Address. . . . . . . . . : 00-30-BD-BB-74-F1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.3
192.168.0.2

* ipconfig /all form DNS machine Server66 (Windows 2003)

Windows IP Configuration

Host Name . . . . . . . . . . . . : server66
Primary Dns Suffix . . . . . . . : <Insert domain name>.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <Insert domain name>.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-1C-23-C6-B1-63
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.3
====================================================================

> In addition riki-o...@hotmail.com, what type of firewall is in place? Is it
> a proxy? Does it support EDNS0?

* Watchgaurd Firewall is in place
* It is not a proxy
* It does not support EDNS0


> Also, about the lost DC, exactly how did you 'replace' it? Was a Metadata
> Cleanup ever performed? Did you seized the roles?
>
> --
> Regards,
> Ace
>

* The replacement domain controller is Sever66. Server66 was promoted
to DC and had DNS installed/configured.
* Metadata Cleanup was not performed.
* Roles were not seized.

> > Please give some more info about the DNS setup, how many DNS servers
> > and is DNS running as Active directory integrated zones? Also post an
> > unedited ipconfig /all form the problem machine and the DNS server.
>
> > Best regards
>
> > Meinolf Weber

* 2 DNS Servers
* Active Directory Intergrated
* ipconfig /all form the machine with problem (Windows XP)
Windows IP Configuration
Host Name . . . . . . . . . . . . : test
Primary Dns Suffix . . . . . . . : <Insert domain name>.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <Insert domain name>.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100
Integrated Controller
Physical Address. . . . . . . . . : 00-1A-A0-3B-94-9F
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.41
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.3

* ipconfig /all form DNS machine Server22 (Windows 2000 Server)


Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : Server22
Primary DNS Suffix . . . . . . . : <Insert domain name>.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <Insert domain name>.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin Gigabit Desktop Card
Physical Address. . . . . . . . . : 00-30-BD-BB-74-F1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.3
192.168.0.2

* ipconfig /all form DNS machine Server66 (Windows 2003)

Windows IP Configuration

Host Name . . . . . . . . . . . . : server66
Primary Dns Suffix . . . . . . . : <Insert domain name>.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <Insert domain name>.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-1C-23-C6-B1-63
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.3
====================================================================

> In addition riki-o...@hotmail.com, what type of firewall is in place? Is it
> a proxy? Does it support EDNS0?

* Watchgaurd Firewall is in place
* It is not a proxy
* It does not support EDNS0


> Also, about the lost DC, exactly how did you 'replace' it? Was a Metadata
> Cleanup ever performed? Did you seized the roles?
>
> --
> Regards,
> Ace
>

* The replacement domain controller is Sever66. Server66 was promoted
to DC and had DNS installed/configured.
* Metadata Cleanup was not performed.
* Roles were not seized.

Hello riki-(E-Mail Removed),

Please check that all 5 FSMO roles are present and that you have at least
one Global catalog server:
http://support.microsoft.com/kb/324801

Metadata cleanup:
http://support.microsoft.com/kb/216498

http://technet2.microsoft.com/window....mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>>> Please give some more info about the DNS setup, how many DNS servers
>>> and is DNS running as Active directory integrated zones? Also post
>>> an unedited ipconfig /all form the problem machine and the DNS
>>> server.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>>
> * 2 DNS Servers
> * Active Directory Intergrated
> * ipconfig /all form the machine with problem (Windows XP)
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : test
> Primary Dns Suffix . . . . . . . : <Insert domain name>.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : <Insert domain name>.com
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom 440x 10/100
> Integrated Controller
> Physical Address. . . . . . . . . : 00-1A-A0-3B-94-9F
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.41
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.100
> DNS Servers . . . . . . . . . . . : 192.168.0.2
> 192.168.0.3
> * ipconfig /all form DNS machine Server22 (Windows 2000 Server)
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : Server22
> Primary DNS Suffix . . . . . . . : <Insert domain name>.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : <Insert domain name>.com
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Belkin Gigabit Desktop Card
> Physical Address. . . . . . . . . : 00-30-BD-BB-74-F1
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.100
> DNS Servers . . . . . . . . . . . : 192.168.0.3
> 192.168.0.2
> * ipconfig /all form DNS machine Server66 (Windows 2003)
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : server66
> Primary Dns Suffix . . . . . . . : <Insert domain name>.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : <Insert domain name>.com
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
> GigE (NDIS VBD Client)
> Physical Address. . . . . . . . . : 00-1C-23-C6-B1-63
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.100
> DNS Servers . . . . . . . . . . . : 192.168.0.2
> 192.168.0.3
> ====================================================================
>> In addition riki-o...@hotmail.com, what type of firewall is in place?
>> Is it a proxy? Does it support EDNS0?
>>
> * Watchgaurd Firewall is in place
> * It is not a proxy
> * It does not support EDNS0
>> Also, about the lost DC, exactly how did you 'replace' it? Was a
>> Metadata Cleanup ever performed? Did you seized the roles?
>>
>> --
>> Regards,
>> Ace
> * The replacement domain controller is Sever66. Server66 was promoted
> to DC and had DNS installed/configured.
> * Metadata Cleanup was not performed.
> * Roles were not seized.

In news:%(E-Mail Removed),
Ace Fekay [MVP] <(E-Mail Removed)> typed:

> Good point, Menolf.

Meinolf, I apologize for mispelling your name. - Ace

In news:c4ae9870-59a7-4e3a-a3cd-(E-Mail Removed),
riki-(E-Mail Removed) <riki-(E-Mail Removed)> typed:

> ====================================================================
>
> > In addition riki-o...@hotmail.com, what type of firewall is in
> > place? Is it a proxy? Does it support EDNS0?
>
> * Watchgaurd Firewall is in place
> * It is not a proxy
> * It does not support EDNS0
>
>
> > Also, about the lost DC, exactly how did you 'replace' it? Was a
> > Metadata Cleanup ever performed? Did you seized the roles?
> >
> > --
> > Regards,
> > Ace
> >
>
> * The replacement domain controller is Sever66. Server66 was promoted
> to DC and had DNS installed/configured.
> * Metadata Cleanup was not performed.
> * Roles were not seized.

Thank you for posting that information. It actually looks fine and the issue
is elsewhere. I would *highly* recommend to immediately follow Meinolf's
suggestions. They are extremely important. I may also suggest to upgrade the
Watchguard's firmware to the latest in order to support EDNS0 or Windows
2003 may not resolve certain domains with large data.

Ace

Hello Ace Fekay [MVP],

No problem with that. :-)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> In news:%(E-Mail Removed),
> Ace Fekay [MVP] <(E-Mail Removed)> typed:
>> Good point, Menolf.
>>
> Meinolf, I apologize for mispelling your name. - Ace
>

> Thank you for posting that information. It actually looks fine and the issue
> is elsewhere. I would *highly* recommend to immediately follow Meinolf's
> suggestions. They are extremely important. I may also suggest to upgrade the
> Watchguard's firmware to the latest in order to support EDNS0 or Windows
> 2003 may not resolve certain domains with large data.
>
> Ace

Ok this is what I have done. The instructions for the one link for
"How to view and transfer FSMO roles in Windows Server 2003" did not
do much good because Server66 (Uses Win 2003 and replaced Server11
that died) was already pointing to Sever22 (uses Win 2000). I followed
the instructions for the "How to remove data in Active Directory after
an unsuccessful domain controller demotion". With those instructions I
was able to use adsiedit.msc to remove the Server11 references from
Server22 and there was no references of Server11 on Server66.

The problem has not gone away.

We have found doing an ipconfig /flushdns and ipconfig /registerdns
seems to work well to allow the workstations to connect past the
network gateway to the internet.