Windows 2000 Server network issue

[Michael Schuermann]

OK, here's the problem that's stumping me:

We have a 2000 server acting as Exchange, Domain
Controller, and DNS. We use recursive DNS for name
resolution outside of our 2 domains.

The issue we're having is periodic loss of outside name
resolution and network connectivity on this specific
server. The catch is that the loss of network connectivity
is only on THIS server, and ONLY for IP's outside of our
subnet (e.g., the Internet side). Pings fail for both URL's
and IP's from this server. Pings from any other machine on
the network fail for URL's, but NOT for IP's. In addition,
pings from this 2000 server for local IP's are successful.

There is nothing showing up in the event log at all. DNS on
the server itself is working, as we can resolve names
within our own domains. I'm guessing the failure to resolve
outside names (e.g. yahoo.com) has to do with the loss of
outside internet connectivity on this particular server.

Server load during these periods is minimal. Network
traffic going through our T1 is also minimal. We have a
Firewall and Router that are both pingable by this server
during the event.

Any help or suggestions would be appreciated. I'm sure I
haven't mentioned every step we've looked at, but I'll be
sure to check up on this and provide more info.

Thanks,

Michael Schuermann

 

[Matt Hickman]

The issue we're having is periodic loss of outside name
resolution and network connectivity on this specific
server. The catch is that the loss of network connectivity
is only on THIS server, and ONLY for IP's outside of our
subnet (e.g., the Internet side). Pings fail for both URL's
and IP's from this server. Pings from any other machine on
the network fail for URL's, but NOT for IP's. In addition,
pings from this 2000 server for local IP's are successful.

Are you using private IP adresses? If so, how is your NATing
set up? DHCP? Any chance of address duplication?

Is your DNS server set up to forward? Do the DNS clients on
your network have two DNS servers configured? With the second one
pointing at and external DNS server?

Have you tried flushing the DNS cache on your DNS server when
this happens? On the DNS clients?

 

[Michael Schuermann]

We're not using DHCP, just private IP's (192.168... etc.)
I've tried flushing the DNS cache, etc. but that doesn't
help. The way I see it the DNS issue isn't actually the
problem, it's just symptomatic of the problem. We have no
problem resolving the two domains that we are authoritative
for. The problem is going to any other domain (which the
DNS server has to query out to resolve). BUT, the DNS
server also has no IP connectivity at the time the problem
occurs either, while all other machines on the network do.

We only have 1 DNS client configured on our network.
However, I tested with a known good external DNS from 1
client and resolution occurred normally.

Michael

 

[Shane Brasher]

Hello All,

I do have a few questions if you don't mind.

What service pack level is the DNS server?
Where are you forwarding to within the DNS settings?
How do you correct this problem? Reboot?
Have you taken a netmon trace and if so, what does it show?
Despite that fact that ping fails, do you get the same behavior with
nslookup? and if so, can you

C:\nslookup

server <ip address of your forwarder>

with a successful connection. If you can, then can you successfully query
records for yahoo.com?


Shane Brasher
MCSE (2003,2000,NT),MCSA Security, A+
Microsoft Platforms Support
Windows NT/2000 Networking

 

[Michael Schuermann]

OK, let's answer your questions;

It was running SP4. Not sure if the problem started after
installing SP4 or not (just installed it recently) but the
timing seems suspect, so we've rolled it back to SP3 at
this point.

We're using recursive DNS, so it's forwarding to an
external DNS provider for everything but our two domains.

The problem can be correct with a reboot, although it
normally corrects itself, e.g. it just starts working again
after 10-20 minutes. We've also had very short window (say,
<1 minute) and a very long window of roughly 45 minutes.

Haven't done a netmon trace, although I used Ethereal
yesterday during an issue and it shows what you'd expect.
Internal, local traffic working just fine, but any external
traffic (mainly DNS recursive lookups for this server) failing.

I have not tried an nslookup, although my guess is it will
not work since I can see the server receiving DNS requests
from other machines on the network and then recursively
querying the external DNS. The problem is that the request
never reaches the external DNS since IP connectivity
outside of the local subnet fails. I cannot ping either the
IP or the URL of our external DNS.

At this point we're going to wait and see what happens with
the SP3 rollback. Please post any suggestions you might
have, though...

Michael

 

[Michael Schuermann]

OK, the problem is still occurring. Let me recap:

We have an DC that is also running Exchange. We have it set
to be authoritative DNS for both "in-house" domains, as it
were. All external domains are looked up recursively
through an upstream DNS server. We are having intermittent
problems where the Exchange server loses connectivity
outside of our local subnet. Pings only work to local,
private IP's. No public IP's can be pinged. DNS also
doesn't work for external domains for the same reason. Any
other machine on the network can ping outside IP's just
fine, but cannot resolve DNS since the DNS server is losing
external IP connectivity.

We're running Win2k with SP3 (was SP4, but we rolled back).
I've yet to see anything odd in a traffic capture that
seems to indicate something going on. The problem has been
occurring at random for a couple weeks now. We've yet to
detect a pattern to the issue.

Anyone have any thoughts? Anyone seen anything like this
before?

Michael Schuermann

 

[Shane Brasher]

Hello,

Just out of curiosity, how do you correct this behavior? Reboot the
servers, disable and then re-enable the NIC's, reboot DNS? I have seen
this kind of thing before with DNS servers, unfortunately the cause hasn't
always been the same thing each and every time. If this happens for only
the exchange servers and not the other servers, then lets look at what the
difference is.

Starting with the physical layer:
Are the NIC's the same?
Is the medium the same? (ethernet, token ring separated by a gateway etc...)
Are they all plugged up to the same router, or hub?
Are the NIC drivers current?
Are these teaming NIC's?

Datalink layer:
Are they all plugged up to the same switch or gateway?

Application layer:
Do the exchange server have any other management or monitoring software on
them that the other servers do not? Such software appends filters to the
protocol stack and registry. I have seen instances to where such software
was faulty. It turned out that the order the software was installed made a
difference. ( Example: Antivirus needed to be installed before the
monitoring software.)

Your statement "No public IP's can be pinged." indicates a routing problem
if you are failing on pinging IP's instead of routing. If so, then when you
reach this failed state if you were to do a tracert to an IP address
outside of the local network? Does it fail on at the default gateway?




Shane Brasher
MCSE (2003,2000,NT),MCSA Security,N+, A+
Microsoft Platforms Support
Windows NT/2000 Networking