2 servers with same name on same LAN ?????

[Guest]

I think some new employees are misbehaving!

My win 2000 (sp3) server (the only server on the lan) states that another
computer on the network has the same name. We use external DNS. TCP/IP,
Netboui are our network protocals. NetLogon service has to be started
manually, I refuses to be changed to automatic. Machine is very SLOW TO BOOT
UP. Seems to work fine after boot ans netlogon is started.

where can I find answers about network abuse:
1... what protocals are running, other that the offical ones.
2... is there a BDC, Is the machine I call the PDC really the PDC, (we
have no BDC)
3... How do I find the computer with the same name as the server.
4... etc,etc,etc

Thanks,
Cary

 

[Lanwench [MVP - Exchange]]

I think some new employees are misbehaving!

My win 2000 (sp3) server (the only server on the lan) states that
another computer on the network has the same name. We use external
DNS. TCP/IP, Netboui are our network protocals. NetLogon service
has to be started manually, I refuses to be changed to automatic.
Machine is very SLOW TO BOOT UP. Seems to work fine after boot ans
netlogon is started.

where can I find answers about network abuse:
1... what protocals are running, other that the offical ones.

Don't know what you mean, but as mentioned below, ditch NetBEUI.

2... is there a BDC, Is the machine I call the PDC really the PDC,
(we have no BDC)

There's no PDC/BDC in Active Directory - DCs are peers.

3... How do I find the computer with the same name as the server.
http://support.microsoft.com/kb/q131740/

4... etc,etc,etc

Thanks,
Cary

1. Since you're using Active Directory, you need to make sure that all
servers and workstations specify *only* the internal AD-integrated DNS
server's IP address in their network settings. The internal/ AD-integrated
DNS server should be set up with forwarders to your ISP's DNS servers for
external resolution and/or use root hints. See
http://support.microsoft.com/?scid=kb;en-us;825036 for more info.
2. You don't need NetBEUI - get rid of it on all machines.
3. How many NICs in this server? After you've fixed the DNS IP address
issue, run ipconfig /all from the server & post back with the results.

Once you've fixed this, see if the problems recur.

 

[Phillip Windell]

Not enough information.

Explain more about how you use DNS.

PDCs and BDCs were a thing from NT40 Domains, with Server2000 and 2003 there
is no such thing. So what do you really have?...I do have a pretty good idea
what you mean, but you should specify just to make sure.

But, in a nutshell, your DNS rig should look like this:

1. You have an internal DNS due to Active Directory. It is usually on the
DC.

2. All machines (I mean *all* machines) point to the DC's DNS in their
network setting and that is the *only* DNS they should point to unless you
have multiple DCs with DNS on them,..in that case you could include all
those.

3. The DC/DNS should point to itself in its own netowkr settings. You can
use the IP# itself or use 127.0.0.1. There is some debate about that, but I
have had no trouble using 127.0.0.1.

4. In you DNS's configuration there is a Forwarders List. Your ISP's DSN
should be listed here. this is the *only* place your ISP's DSN should be
found. You will have to make sure your proxy or firewall allows your DC to
contact the ISP's DNS.

As far as the duplicate computers on the network,..it could easily be bad
entries in your DNS. You can delete questionable entries from the listing
and the good ones should automatically re-enter themselves when that
particular machine restarts and adds itself back to the list.

 

[Guest]

Sorry about "not Enough Information", I'm 58, and more or less self taught
and trying desperately to keep up. The kind of information you provided is
what I need. I'll check the configuration and make the changes. I have to be
careful, with 70+ users and 260+ pieces of equipment and only me to do it all
I can get in the poop really fast at this 24/7 facility.

I'll let you know how it goes. Right now we have a win 2000 server (sp3) >>
Gnat Box PC software based firewall >> Netopia DSL router configured (BY
Netopia) to function as a modem (to accommodate static IP) >>> SWBT DSL.
All DNS on all PC point to the SWBT DSL Pri. & Sec. DNS servers. There are
two NIC's in the win server, one serves the lan, the other serves vpn access
for the software vendor.
I hope that is enough information, I know what problems I have, I have a
suspicion of what I need but I don't have anyone locally to discuss issues
with and keep up with all the latest terms.

Every time we get a new department there is always a battle about who is
going to provide and be responsible for their computer services. I have the
authority and the backing, but often they try to set up a covert server or
find access to the outside world, but they have to use the network cabling
which all terminates in my office.
I need to know how to watch the traffic looking for suspicious IP a dresses
and or protocols. Anything to tip me off that unauthorized activity is
occurring.

I am experienced with DNS, maybe not properly, but still experienced, I know
of the foraging and understand what you are telling me, and I can effect the
changes. I just may not be able to discuss it in your terms.

Thank you for you time and knowledge and willingness to share.
Cary

Not enough information.

Explain more about how you use DNS.

PDCs and BDCs were a thing from NT40 Domains, with Server2000 and 2003 there
is no such thing. So what do you really have?...I do have a pretty good idea
what you mean, but you should specify just to make sure.

But, in a nutshell, your DNS rig should look like this:

1. You have an internal DNS due to Active Directory. It is usually on the
DC.

2. All machines (I mean *all* machines) point to the DC's DNS in their
network setting and that is the *only* DNS they should point to unless you
have multiple DCs with DNS on them,..in that case you could include all
those.

3. The DC/DNS should point to itself in its own netowkr settings. You can
use the IP# itself or use 127.0.0.1. There is some debate about that, but I
have had no trouble using 127.0.0.1.

4. In you DNS's configuration there is a Forwarders List. Your ISP's DSN
should be listed here. this is the *only* place your ISP's DSN should be
found. You will have to make sure your proxy or firewall allows your DC to
contact the ISP's DNS.

As far as the duplicate computers on the network,..it could easily be bad
entries in your DNS. You can delete questionable entries from the listing
and the good ones should automatically re-enter themselves when that
particular machine restarts and adds itself back to the list.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I think some new employees are misbehaving!

My win 2000 (sp3) server (the only server on the lan) states that another
computer on the network has the same name. We use external DNS. TCP/IP,
Netboui are our network protocals. NetLogon service has to be started
manually, I refuses to be changed to automatic. Machine is very SLOW TO BOOT
UP. Seems to work fine after boot ans netlogon is started.

where can I find answers about network abuse:
1... what protocals are running, other that the offical ones.
2... is there a BDC, Is the machine I call the PDC really the PDC, (we
have no BDC)
3... How do I find the computer with the same name as the server.
4... etc,etc,etc

Thanks,
Cary

 

[Guest]

Lanwrench,

I have some changes to make.

Thank you for your time and sharing your knowledge.

Cary

 

[TheDragon]

One way you ca see what going on in your LAN.

You say all cabling goes through your office. I presume you have aswitch in
there. Replace the switch(s) with hubs. Install Etherreal on your PC, and
sniff the netowkr for a few hours.
Replace the switch.

You will then have data to analyse and see whats going on in your LAN.

 

[Phillip Windell]

Sorry about "not Enough Information", I'm 58, and more or less self taught
and trying desperately to keep up.

I'm 42 and self taught,...an ex-Truck Driver (10 years), no Degree, no
Diploma,..GED only, plus a few Certs. I understand...

The kind of information you provided is
what I need. I'll check the configuration and make the changes. I have to be
careful, with 70+ users and 260+ pieces of equipment and only me to do it all
I can get in the poop really fast at this 24/7 facility.

I understand,..we're an ABC Affiliate TV Station, about the same users, runs
24/7.

All DNS on all PC point to the SWBT DSL Pri. & Sec. DNS servers. There

are

Probably have to ditch that. Everything should look to the AD/DNS for
resolution, the AD/DNS then in turn looks to the ISP's DNS as a "Forwarder".
I guess you could use the SWBT box as the Forwarder, but I would be
"suspicious" of it.

Every time we get a new department there is always a battle about who is
going to provide and be responsible for their computer services. I have the
authority and the backing, but often they try to set up a covert server or
find access to the outside world, but they have to use the network cabling
which all terminates in my office.
I need to know how to watch the traffic looking for suspicious IP a dresses
and or protocols. Anything to tip me off that unauthorized activity is
occurring.

There is no way to do that which would either be "free" or "easy". Using
Etherreal would be free but certainly not simple or easy. A proxy server
such as MS ISA Server would help control and monitor outbound communication
to the Internet but is certainly not "free". There are no "free lunches".

Here are some suggestions:

1. Keeping a good acuarte inventory of your equipment. Then you know what
doesn't belong there.

2. Document your IP scheme and topology along with the machines that are
statically assigned

3. Segment your system into subnets (3 or 4) using LAN Routers or Layer3
Switches (which is just a Switch and Router in the same box). Breaking the
LAN into smaller pieces makes each small piece easier to manage with "rogue"
machines and users. The router between the segments can control access "to
a point" by using ACLs

4. Use a proxy like ISA Server that keeps logs of what happens and can
generate Reports from those logs. It can also control access to the Internet
based on User Accounts, Machine IP#s, or both in combination. Carefule use
of DHCP with ISA and the Subnets can help "corral" any rogue machines and
users.

That is all I can think of off the top of my head,...but I'm sure there is
more.