Strange Problem with Computer Name Pinging

A non-profit that I support has a Windows 2003 Server with workstations
with XP and Win2K. The system has been working well for a couple of
years. All of a sudden, when a particular machine pings the server at
192.168.1.10, the reply comes from the public web site. (Unfortunately,
the domain and and domain name are the same.) When this problem happens,
an application on the machine will not work.

In ignorance, I changed the problem program to access the server with IP
address instead of server name. The application started working, but the
application modified the server installation such that no other machine
running that application can access it.

A few hours later, with no changes to the network, the problem machine
would get a reply from the server instead of the external web site. That
is, the problem cleared itself.

While some of this post may seem off-topic for this newsgroup, although
I hope it isn't, here is the question. Why would the machine suddenly
start getting a reply from the external site and then clear itself?

I would check that the DNS infrastructure is configured correctly where the
domain controller points ONLY to itself as it's preferred DNS server and
that the domain computers point ONLY to the domain controller as their DNS
server whether it be by static IP configuration or by DHCP scope from the
domain controller. You can use the command ipconfig /all to see what a
computer is using as it's DNS servers. Using ISP DNS servers for domain
computers is a big NO NO particularly if the domain name used is also on the
internet as when ISP DNS server is used the name will resolve to an internet
IP and when the DNS on the domain controller is used it will resolve to an
internal IP assuming DNS zone is configured correctly on the domain
controller. Also verify that any internet router/firewall used has DHCP
disabled on it or if it is being used as the only DHCP server [not the best
of ideas] that it shows the domain controlled only as the DNS server for the
LAN. Running the support tool netdiag on the domain controller and domain
computers would also be a good idea to check general domain networking
health.

http://support.microsoft.com/default...en-us%3B291382 ---
Active Directory DNS FAQ
http://technet2.microsoft.com/window....mspx?mfr=true
--- netdiag

Steve


"mcp6453" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>A non-profit that I support has a Windows 2003 Server with workstations
>with XP and Win2K. The system has been working well for a couple of years.
>All of a sudden, when a particular machine pings the server at
>192.168.1.10, the reply comes from the public web site. (Unfortunately, the
>domain and and domain name are the same.) When this problem happens, an
>application on the machine will not work.
>
> In ignorance, I changed the problem program to access the server with IP
> address instead of server name. The application started working, but the
> application modified the server installation such that no other machine
> running that application can access it.
>
> A few hours later, with no changes to the network, the problem machine
> would get a reply from the server instead of the external web site. That
> is, the problem cleared itself.
>
> While some of this post may seem off-topic for this newsgroup, although I
> hope it isn't, here is the question. Why would the machine suddenly start
> getting a reply from the external site and then clear itself?

Thanks for the response. I can confirm that DHCP is disabled on the
router. DNS is handled exclusively by the server. Even when a
workstation has a problem with resolution of the server name, ipconfig
/all shows that the DNS server is 192.168.1.10, which is correct. It is
as if the workstation is requesting DNS info from the server but not
getting the right information. There is a zone (correct name?) in the
DNS server that points the server name to the IP address.

I will read the article below, and I will experiment with netdiag to see
what it does. For now, I have added an LMHOSTS file, which seems to have
solved the problem. Unfortunately I don't know what other problems out
there might be looming.

Steven L Umbach wrote:
> I would check that the DNS infrastructure is configured correctly where the
> domain controller points ONLY to itself as it's preferred DNS server and
> that the domain computers point ONLY to the domain controller as their DNS
> server whether it be by static IP configuration or by DHCP scope from the
> domain controller. You can use the command ipconfig /all to see what a
> computer is using as it's DNS servers. Using ISP DNS servers for domain
> computers is a big NO NO particularly if the domain name used is also on the
> internet as when ISP DNS server is used the name will resolve to an internet
> IP and when the DNS on the domain controller is used it will resolve to an
> internal IP assuming DNS zone is configured correctly on the domain
> controller. Also verify that any internet router/firewall used has DHCP
> disabled on it or if it is being used as the only DHCP server [not the best
> of ideas] that it shows the domain controlled only as the DNS server for the
> LAN. Running the support tool netdiag on the domain controller and domain
> computers would also be a good idea to check general domain networking
> health.
>
> http://support.microsoft.com/default...en-us%3B291382 ---
> Active Directory DNS FAQ
> http://technet2.microsoft.com/window....mspx?mfr=true
> --- netdiag
>
> Steve
>
>
> "mcp6453" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> A non-profit that I support has a Windows 2003 Server with workstations
>> with XP and Win2K. The system has been working well for a couple of years.
>> All of a sudden, when a particular machine pings the server at
>> 192.168.1.10, the reply comes from the public web site. (Unfortunately, the
>> domain and and domain name are the same.) When this problem happens, an
>> application on the machine will not work.
>>
>> In ignorance, I changed the problem program to access the server with IP
>> address instead of server name. The application started working, but the
>> application modified the server installation such that no other machine
>> running that application can access it.
>>
>> A few hours later, with no changes to the network, the problem machine
>> would get a reply from the server instead of the external web site. That
>> is, the problem cleared itself.
>>
>> While some of this post may seem off-topic for this newsgroup, although I
>> hope it isn't, here is the question. Why would the machine suddenly start
>> getting a reply from the external site and then clear itself?
>
>

Looks like the domain networking is good to go from what you describe. If
DNS is working the way it should it should only return IPs from records in
the local domain zone though you may want to browse through those records to
make sure they all show IPs from the local network. Using lmhosts may be a
good solution. If you see the problem again try referring to your server by
it's fully qualified domain name [as in server.mydomain.com] instead of
server to see if that makes a difference and if so you may need to specify
FQDN instead of host name in mapped drives, etc. I suppose DNS cache
pollution could also be a possibility and the link below will show to verify
that the DNS server is configured to secure against cache pollution which
should be the default setting.

Steve

http://support.microsoft.com/kb/241352

"mcp6453" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks for the response. I can confirm that DHCP is disabled on the
> router. DNS is handled exclusively by the server. Even when a workstation
> has a problem with resolution of the server name, ipconfig /all shows that
> the DNS server is 192.168.1.10, which is correct. It is as if the
> workstation is requesting DNS info from the server but not getting the
> right information. There is a zone (correct name?) in the DNS server that
> points the server name to the IP address.
>
> I will read the article below, and I will experiment with netdiag to see
> what it does. For now, I have added an LMHOSTS file, which seems to have
> solved the problem. Unfortunately I don't know what other problems out
> there might be looming.
>
> Steven L Umbach wrote:
>> I would check that the DNS infrastructure is configured correctly where
>> the domain controller points ONLY to itself as it's preferred DNS server
>> and that the domain computers point ONLY to the domain controller as
>> their DNS server whether it be by static IP configuration or by DHCP
>> scope from the domain controller. You can use the command ipconfig /all
>> to see what a computer is using as it's DNS servers. Using ISP DNS
>> servers for domain computers is a big NO NO particularly if the domain
>> name used is also on the internet as when ISP DNS server is used the name
>> will resolve to an internet IP and when the DNS on the domain controller
>> is used it will resolve to an internal IP assuming DNS zone is configured
>> correctly on the domain controller. Also verify that any internet
>> router/firewall used has DHCP disabled on it or if it is being used as
>> the only DHCP server [not the best of ideas] that it shows the domain
>> controlled only as the DNS server for the LAN. Running the support tool
>> netdiag on the domain controller and domain computers would also be a
>> good idea to check general domain networking health.
>>
>> http://support.microsoft.com/default...en-us%3B291382 ---
>> Active Directory DNS FAQ
>> http://technet2.microsoft.com/window....mspx?mfr=true
>> --- netdiag
>>
>> Steve
>>
>>
>> "mcp6453" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> A non-profit that I support has a Windows 2003 Server with workstations
>>> with XP and Win2K. The system has been working well for a couple of
>>> years. All of a sudden, when a particular machine pings the server at
>>> 192.168.1.10, the reply comes from the public web site. (Unfortunately,
>>> the domain and and domain name are the same.) When this problem happens,
>>> an application on the machine will not work.
>>>
>>> In ignorance, I changed the problem program to access the server with IP
>>> address instead of server name. The application started working, but the
>>> application modified the server installation such that no other machine
>>> running that application can access it.
>>>
>>> A few hours later, with no changes to the network, the problem machine
>>> would get a reply from the server instead of the external web site. That
>>> is, the problem cleared itself.
>>>
>>> While some of this post may seem off-topic for this newsgroup, although
>>> I hope it isn't, here is the question. Why would the machine suddenly
>>> start getting a reply from the external site and then clear itself?
>>

We *may* have discovered the problem, although it is not clear to me. I
always thought that when a static IP is entered, at least two DNS
entries were required. The two that I have are the local DNS server and
an external one. My colleague said the external one is probably causing
the problem. I don't know why that would be the case, but I am going to
remove the external one and try that.

Cache pollution does sound like a viable explanation. Thanks for the
link below. I will check it out.

Steven L Umbach wrote:
> Looks like the domain networking is good to go from what you describe. If
> DNS is working the way it should it should only return IPs from records in
> the local domain zone though you may want to browse through those records to
> make sure they all show IPs from the local network. Using lmhosts may be a
> good solution. If you see the problem again try referring to your server by
> it's fully qualified domain name [as in server.mydomain.com] instead of
> server to see if that makes a difference and if so you may need to specify
> FQDN instead of host name in mapped drives, etc. I suppose DNS cache
> pollution could also be a possibility and the link below will show to verify
> that the DNS server is configured to secure against cache pollution which
> should be the default setting.
>
> Steve
>
> http://support.microsoft.com/kb/241352
>
> "mcp6453" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>
>>Thanks for the response. I can confirm that DHCP is disabled on the
>>router. DNS is handled exclusively by the server. Even when a workstation
>>has a problem with resolution of the server name, ipconfig /all shows that
>>the DNS server is 192.168.1.10, which is correct. It is as if the
>>workstation is requesting DNS info from the server but not getting the
>>right information. There is a zone (correct name?) in the DNS server that
>>points the server name to the IP address.
>>
>>I will read the article below, and I will experiment with netdiag to see
>>what it does. For now, I have added an LMHOSTS file, which seems to have
>>solved the problem. Unfortunately I don't know what other problems out
>>there might be looming.
>>
>>Steven L Umbach wrote:
>>
>>>I would check that the DNS infrastructure is configured correctly where
>>>the domain controller points ONLY to itself as it's preferred DNS server
>>>and that the domain computers point ONLY to the domain controller as
>>>their DNS server whether it be by static IP configuration or by DHCP
>>>scope from the domain controller. You can use the command ipconfig /all
>>>to see what a computer is using as it's DNS servers. Using ISP DNS
>>>servers for domain computers is a big NO NO particularly if the domain
>>>name used is also on the internet as when ISP DNS server is used the name
>>>will resolve to an internet IP and when the DNS on the domain controller
>>>is used it will resolve to an internal IP assuming DNS zone is configured
>>>correctly on the domain controller. Also verify that any internet
>>>router/firewall used has DHCP disabled on it or if it is being used as
>>>the only DHCP server [not the best of ideas] that it shows the domain
>>>controlled only as the DNS server for the LAN. Running the support tool
>>>netdiag on the domain controller and domain computers would also be a
>>>good idea to check general domain networking health.
>>>
>>>http://support.microsoft.com/default...en-us%3B291382 ---
>>>Active Directory DNS FAQ
>>>http://technet2.microsoft.com/window....mspx?mfr=true
>>> --- netdiag
>>>
>>>Steve
>>>
>>>
>>>"mcp6453" <(E-Mail Removed)> wrote in message
>>>news:(E-Mail Removed)...
>>>
>>>>A non-profit that I support has a Windows 2003 Server with workstations
>>>>with XP and Win2K. The system has been working well for a couple of
>>>>years. All of a sudden, when a particular machine pings the server at
>>>>192.168.1.10, the reply comes from the public web site. (Unfortunately,
>>>>the domain and and domain name are the same.) When this problem happens,
>>>>an application on the machine will not work.
>>>>
>>>>In ignorance, I changed the problem program to access the server with IP
>>>>address instead of server name. The application started working, but the
>>>>application modified the server installation such that no other machine
>>>>running that application can access it.
>>>>
>>>>A few hours later, with no changes to the network, the problem machine
>>>>would get a reply from the server instead of the external web site. That
>>>>is, the problem cleared itself.
>>>>
>>>>While some of this post may seem off-topic for this newsgroup, although
>>>>I hope it isn't, here is the question. Why would the machine suddenly
>>>>start getting a reply from the external site and then clear itself?
>>>
>

Only one DNS server is needed. That is why I earlier emphasized that ISP DNS
servers must not be used on a domain computer and that appears to be the
case in your situation which explains a lot because if the client used the
external DNS server it would receive replies that resolved to the internet
domain name and not the local . Glad you got it sorted out. The link below
on AD FAQ from Microsoft will explain in more detail.

Steve

http://support.microsoft.com/default...en-us%3B291382 --- AD
DNS FAQ

Question: What are the common mistakes that are made when administrators set
up DNS on network that contains a single Windows 2000 or Windows Server 2003
domain controller?

Answer: The most common mistakes are: . The domain controller is not
pointing to itself for DNS resolution on all network interfaces.
. The "." zone exists under forward lookup zones in DNS.
. Other computers on the local area network (LAN) do not point to the
Windows 2000 or Windows Server 2003 DNS server for DNS.


Question: Should I point the other Windows 2000-based and Windows Server
2003-based computers on my LAN to my ISP's DNS servers?

Answer: No. If a Windows 2000-based or Windows Server 2003-based server or
workstation does not find the domain controller in DNS, you may experience
issues joining the domain or logging on to the domain. A Windows 2000-based
or Windows Server 2003-based computer's preferred DNS setting should point
to the Windows 2000 or Windows Server 2003 domain controller running DNS. If
you are using DHCP, make sure that you view scope option #15 for the correct
DNS server settings for your LAN.


"mcp6453" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We *may* have discovered the problem, although it is not clear to me. I
> always thought that when a static IP is entered, at least two DNS entries
> were required. The two that I have are the local DNS server and an
> external one. My colleague said the external one is probably causing the
> problem. I don't know why that would be the case, but I am going to remove
> the external one and try that.
>
> Cache pollution does sound like a viable explanation. Thanks for the link
> below. I will check it out.
>
> Steven L Umbach wrote:
>> Looks like the domain networking is good to go from what you describe. If
>> DNS is working the way it should it should only return IPs from records
>> in the local domain zone though you may want to browse through those
>> records to make sure they all show IPs from the local network. Using
>> lmhosts may be a good solution. If you see the problem again try
>> referring to your server by it's fully qualified domain name [as in
>> server.mydomain.com] instead of server to see if that makes a difference
>> and if so you may need to specify FQDN instead of host name in mapped
>> drives, etc. I suppose DNS cache pollution could also be a possibility
>> and the link below will show to verify that the DNS server is configured
>> to secure against cache pollution which should be the default setting.
>>
>> Steve
>>
>> http://support.microsoft.com/kb/241352
>>
>> "mcp6453" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>
>>>Thanks for the response. I can confirm that DHCP is disabled on the
>>>router. DNS is handled exclusively by the server. Even when a workstation
>>>has a problem with resolution of the server name, ipconfig /all shows
>>>that the DNS server is 192.168.1.10, which is correct. It is as if the
>>>workstation is requesting DNS info from the server but not getting the
>>>right information. There is a zone (correct name?) in the DNS server that
>>>points the server name to the IP address.
>>>
>>>I will read the article below, and I will experiment with netdiag to see
>>>what it does. For now, I have added an LMHOSTS file, which seems to have
>>>solved the problem. Unfortunately I don't know what other problems out
>>>there might be looming.
>>>
>>>Steven L Umbach wrote:
>>>
>>>>I would check that the DNS infrastructure is configured correctly where
>>>>the domain controller points ONLY to itself as it's preferred DNS server
>>>>and that the domain computers point ONLY to the domain controller as
>>>>their DNS server whether it be by static IP configuration or by DHCP
>>>>scope from the domain controller. You can use the command ipconfig /all
>>>>to see what a computer is using as it's DNS servers. Using ISP DNS
>>>>servers for domain computers is a big NO NO particularly if the domain
>>>>name used is also on the internet as when ISP DNS server is used the
>>>>name will resolve to an internet IP and when the DNS on the domain
>>>>controller is used it will resolve to an internal IP assuming DNS zone
>>>>is configured correctly on the domain controller. Also verify that any
>>>>internet router/firewall used has DHCP disabled on it or if it is being
>>>>used as the only DHCP server [not the best of ideas] that it shows the
>>>>domain controlled only as the DNS server for the LAN. Running the
>>>>support tool netdiag on the domain controller and domain computers would
>>>>also be a good idea to check general domain networking health.
>>>>
>>>>http://support.microsoft.com/default...en-us%3B291382 ---
>>>>Active Directory DNS FAQ
>>>>http://technet2.microsoft.com/window....mspx?mfr=true
>>>> --- netdiag
>>>>
>>>>Steve
>>>>
>>>>
>>>>"mcp6453" <(E-Mail Removed)> wrote in message
>>>>news:(E-Mail Removed).. .
>>>>
>>>>>A non-profit that I support has a Windows 2003 Server with workstations
>>>>>with XP and Win2K. The system has been working well for a couple of
>>>>>years. All of a sudden, when a particular machine pings the server at
>>>>>192.168.1.10, the reply comes from the public web site. (Unfortunately,
>>>>>the domain and and domain name are the same.) When this problem
>>>>>happens, an application on the machine will not work.
>>>>>
>>>>>In ignorance, I changed the problem program to access the server with
>>>>>IP address instead of server name. The application started working, but
>>>>>the application modified the server installation such that no other
>>>>>machine running that application can access it.
>>>>>
>>>>>A few hours later, with no changes to the network, the problem machine
>>>>>would get a reply from the server instead of the external web site.
>>>>>That is, the problem cleared itself.
>>>>>
>>>>>While some of this post may seem off-topic for this newsgroup, although
>>>>>I hope it isn't, here is the question. Why would the machine suddenly
>>>>>start getting a reply from the external site and then clear itself?
>>>>
>>