Windows Server 2003 killing adsl router on startup

Discussion in 'Windows Networking' started by DrewM, Feb 29, 2004.

  1. DrewM

    DrewM Guest

    I've just reinstalled my 2003 server after yet another AD corruption.
    Booting the fresh install was fine. I performed a Windows Update,
    rebooted, installed AD and rebooted again.

    Now, every time my server starts up, it causes my adsl router to stop
    responding to any network requests. Can't even ping it. If I shut the
    server down and power-cycle the router, all is fine again, and will
    remain so until I start the server up again.

    The only things different about this install to the last are:

    - using different FQDN
    - using 2000 mixed mode instead of 2003 native, to ease SAMBA issues

    The router is set as the server's default gateway.

    Things I've tried so far are:

    - verified that they're both using valid, distinct IP addresses
    - confirmed that DHCP server isn't running, to avoid IP# conflicts
    - rebooted in Safe Mode with Networking, problem still occurs

    I'm about to try in Safe Mode (no networking) to see if that causes the
    problem too. As it kills my internet connection, I wanted to post this
    first ;)

    Any ideas what I'm doing wrong? I can't think of any legitimate network
    operation that causes complete death to another device.

    Many thanks,

    Drew
     
    DrewM, Feb 29, 2004
    #1
    1. Advertisements

  2. Hello,

    Is it possible that you are infected by a virus that floods the network?

    --
    Regards,
    Kristofer Gafvert - IIS MVP
    Reply to newsgroup only. Remove NEWS if you must reply by email, but please
    do not.
    www.ilopia.com - FAQ and Tutorials for Windows Server 2003
     
    Kristofer Gafvert, Feb 29, 2004
    #2
    1. Advertisements

  3. DrewM

    DrewM Guest

    I certainly couldn't rule that out 100%. Although I'd class it as
    unlikely. I'll run a scan.

    Booting into Safe Mode with no networking doesn't cause a problem (as
    expected).
     
    DrewM, Feb 29, 2004
    #3
  4. DrewM

    DrewM Guest

    After running some tests, I can't find anything to support that hypothesis.

    Any other suggestions?
     
    DrewM, Feb 29, 2004
    #4
  5. DrewM

    Gino Guest

    I would boot the server up with the Ethrnet cable disconnected, connect it
    and then monitor the Nic status that shows sent and received packets. If
    your server starts sending out high volums of traffic for no reason you are
    infected. Just because a scan comes up neg dosn't mean that your server
    CAN'T be infected. If you just rebuilt your server and connected to the
    internet to apply the patches, you'll never make it. Your server will become
    infected before you get the patches applied. And once infected the patches
    don't do anything.
     
    Gino, Mar 1, 2004
    #5
  6. DrewM

    DrewM Guest

    I tried monitoring this from the router, and could see no unusual
    increase in traffic before the router died.

    Other than the test described, is there a reliable way to detect whether
    the machine is infected?
    This may sound stupid, but how can I patch the server without going to
    get the patches? The only approach I can think of is to install linux on
    the server first, download the patches somehow, burn them onto a CD,
    reinstall with Windows and install the patches. Not ideal.

    Also, whatever it is that is infecting the machine would have to get
    through a hardwire filewall (on total lock-down) and router, and be
    totally dependent on Active Directory. When I uninstall AD, the problem
    vanishes.

    drew.
     
    DrewM, Mar 1, 2004
    #6
  7. Does the router have logging? Also is your FQDN the same as a registered one on
    the internet? Is you AD server also the DNS server for itself?
    The router log should show you the traffic attempting to pass through it. You
    said you only have the issue when you install AD. Just for clairity are you
    using a FQDN like mydomain.domain or something someone else may own like
    microsoft.com. Is your DNS server for the domain external to you? If so you will
    have issues with srv records AD needs.

    --
    Regards,

    Michael Holzemer
    No email replies please - reply in newsgroup

    Learn script faster by searching here
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
     
    Michael Holzemer, Mar 1, 2004
    #7
  8. DrewM

    DrewM Guest

    Unfortunately, no.
    Yes, I'm using office.company.net, where company.net is registered and
    under my control at our ISP. I've set up an A record for 'office' within
    that zone to point to the IP address our adsl uses
    Yes. With forwarders to our ISPs DNS servers.
    office.company.net, registered to us.
    Yup, it's at our ISP, on the other side of a locked-down firewall, and
    is running linux.

    .... so, how *should* I do this? To be honest, I'd be happy using an old
    NT4 style single word domain name, but the installer gives dire warnings
    against this. I assume it should be possible to run as
    office.company.net without needing to host our own public DNS servers.

    thanks for your time.


    drew
     
    DrewM, Mar 1, 2004
    #8
  9. I think it is the combination of patches installed via Windows Update. It
    wouldn't be the first time I have seen a combination of patches screw things
    up,...for that matter I have seen plenty screwed up by just one patch, let
    alone a combination of them. Those fairly recent RPC patches for example
    stop the older MS Proxy2 dead in its tracks, the solution is to not install
    those patches and to take other measures to protect the machine from the RPC
    worms.

    I never use Windows Update, I don't trust dumping all those patches on a
    machine. I always have the SPs and patches that I have "hand picked" burned
    onto a CD, then when I build the machine I apply the patches from a the CD
    before I expose the machine to the Internet. After that I apply only
    patches that I trust and feel that they are "must-haves" and I don't worry
    about the rest,...it is better to wait until a full Service Pack comes out.

    If you read the "mitigating circumstances" listed for the different
    vulnerabilities you will find that the situation doesn't apply to most
    machines on a private network behind a firewall or proxy that isn't exposed
    directly to the Internet. You just have to decide which applies to your
    situation.
     
    Phillip Windell, Mar 1, 2004
    #9
  10. So the FQDN for the server is server.office.company.net? You said an A (host)
    record was pointed back to your router. The folks over at the DNS group are
    very, very good at these kinds of issues, so I am going to post this to
    microsoft.public.windows.server.dns. They will be able to help you with the
    *should* part

    --
    Regards,

    Michael Holzemer
    No email replies please - reply in newsgroup

    Learn script faster by searching here
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
     
    Michael Holzemer, Mar 2, 2004
    #10
  11. DrewM

    sharad Guest

    Hello Drew:
    You can't use the external DNS linux based for your AD, especially behing
    firewall / routers. And there is
    no need either!!!
    I would suggest the first thing you do is change the
    FQDN from office.mycompany.net to something else
    it must not be a single label domain name doesn't mean that it must be a
    registered domain name.
    You can for example chose FQDN as : office.loc
    (.loc indicating local server.) or mycomany.comp
    (comp indicating comany)
    You can chose anything except the Registred Domain name (and make sure that
    the one you chose will not be
    a regitered domain of someone else. So best is choose
    comany.loc of office.loc)
    Once you decide the FQDN as above, do as follows.
    1. Run DCPROMO to uninstall the AD and then reboot. (During AD uninstall
    process chose this is the
    last DC in the domain, to make it a stand alone server.)
    2. Un install DNS server, and reboot.
    3. After reboot on the NIC TCP/IP properties make sure that primary DNS
    server
    points to itself.
    then run dcpromo again to install AD. Give FQDN company.loc etc. as
    chosen by you.
    4. First it will give you error no DNS server available etc. and will give
    you options
    'I have correct problem Retry' and 'Install DNS'. Chose "Install DNS option"
    and it will install DNS also nicely.
    5. After dcpromo is completed and machine rebooted, point the default
    gateway to the
    router, enter the forwarders in the DNS maager. Do not try internet yet.
    6. Since your win 2003 server is behing router and firewall, you will have
    to disable
    EDNS0 Probes of win 20003 DNS (which are enabled by default.) to do this:
    first you must install Support Tools from Win 2003 CD on the
    server.
    Inster win 2003 CD, browse the CD, go to
    \Support\Tools folder and double click on 'suptools.msi '
    After support tools are installed REBOOT the server.
    After rebooting, go to command prompt and type (or copy and paste) following
    command:
    dnscmd /Config /EnableEDnsProbes 0
    7.Client machines must join the domain? then on each client machine
    the primay DNS server must be set to server IP address and Default
    Gate Way can be set to the Router IP address.

    8. Also remove the A record "Office" wich you have set up on ISP's DNS.

    Sharad
     
    sharad, Mar 3, 2004
    #11
  12. DrewM

    sharad Guest

    Please see my reply in the windows.networking thread.
    Sharad
     
    sharad, Mar 3, 2004
    #12
  13. DrewM

    DrewM Guest

    <snip detailed instructions>

    Sharad - thanks ever so much. That's going to be really helpful.

    drew
     
    DrewM, Mar 3, 2004
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.