Server 2003 Network problems since IP address change

Discussion in 'Server Networking' started by Oliver Maynard, Mar 2, 2009.

  1. Hi, hopefully someone will be able to shed some light on this problem.

    We have just moved offices and broadband providers. With the move came a
    change of Ip addresses. we used to run on 192.168.0.1/254 and now we use
    192.168.1.1/254.

    Since the move I am getting loads of problems with GPO's not applying to
    clients anymore and the biggest problem which is the server refusing access
    to network drives. I have to manually un-map the drives and add them
    again...most the times using a different username and password as I get the
    error 'Multiple connections to a server or shared resource by the same user,
    using more than one username, are not allowed' or a similar one which I
    cannot now replicate.

    Is this related to the IP address change? if so I musy have missed something
    somewhere when I was updating the server.

    Thanks for you help.
     
    Oliver Maynard, Mar 2, 2009
    #1
    1. Advertisements

  2. Hello Oliver,

    Check that the DNS server has all new addresses on the zone records listed.
    Did all your clients use the correct ip addresses now? Did you reboot the
    servers after changing or just change the ip?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 2, 2009
    #2
    1. Advertisements

  3. Oliver Maynard

    Newell White Guest

    More information is needed before anyone can help you.

    Is your network a domain or a workgroup?
    If a domain, is it AD-integrated zone? More than one DC?

    Does 2003 server provide DHCP for your network? Did you destroy old scope
    and create a new one?

    Please post ipconfig/all result for server and typical workstation.
     
    Newell White, Mar 2, 2009
    #3
  4. Hi,

    it is a AD run domain with a single DC. Previousley the old router provided
    the DHCP addressing. When we moved offices we had BT come and install our
    phone systems with a new router and hence the new addresses. This router has
    proved very troublesome so I have disabled the dhcp server on it and setup
    the same scope it was using on the DC.

    ipconfig results :

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #5
    Physical Address. . . . . . . . . : 00-1E-8C-2E-0F-2E
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::459b:61f5:8668:2c01%24(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 22 February 2009 14:33:09
    Lease Expires . . . . . . . . . . : 22 March 2009 14:33:07
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.2
    DNS Servers . . . . . . . . . . . : 194.72.9.38
    62.6.40.162
    Primary WINS Server . . . . . . . : 192.168.1.2
    NetBIOS over Tcpip. . . . . . . . : Enabled

    The DC = 192.168.1.2
    The router = 192.168.1.1

    As per Meinolf Weber [MVP-DS] suggestion, I have just looked on the DC
    under DNS and under 'Reverse Lookup Zones' there is an entry for 192.168.0.x
    Subnet' with a list of pointers to computers and the old addresses they used
    to hold. Could this be something to do with it?

    Thanks for your help guys.
     
    Oliver Maynard, Mar 2, 2009
    #4
  5. IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)

    Since you said your DC is 192.168.2, I'm assuming this is a workstation?


    You should have DNS setup on the DC. The DC should point to itself for DNS
    in the properties of TCP/IP. Use the actual IP address not 127.0.0.1. Then
    restart the netlogon service. All AC clients should ONLY point to the DNS
    server for the AD domain. (your DC)

    hth
    DDS

     
    Danny Sanders, Mar 2, 2009
    #5
  6. Hello Oliver,

    The ipconfig output is from the client?

    Well, your DNS configuration coming from your DHCP server has only to provide
    domain internal ip addresses 192.168.1.2 for DNS The external addresses 194.72.9.38
    and 62.6.40.162, i assume your ISP's DNS server are wrong at that place.

    On the DNS server properties in the DNS management console under the DNS
    server properties you have a FORWARDERS tab, here fill in the ISP's DNS server.

    If the ipconfig from the DC looks similar, change that also.

    The client should look like:
    ip 192.168.1.x
    sm 255.255.255.0
    dg 192.168.1.1
    dns 192.168.1.2

    and the server:
    ip 192.168.1.2
    sm 255.255.255.0
    dg 192.168.1.1
    dns 192.168.1.2

    Also if you do not use IPv6 i would uncheck the setting under the NIC properties.

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Mar 3, 2009
    #6
  7. Thanks for your suggestions guys.

    I have changed the DNS settings as you have both described. GPO's and logon
    scripts still do not run. Of the clients I have tried this morning they all
    seem to be able to access the server without prompting for a username and
    password for access (even tho the user is logged onto the domain)...but this
    seems to happen at strange intervals so I am not confident that it is a
    closed issue yet.

    Would incorrect dns settings cause the type of issues I am having do you
    think? I don't doubt that I had it setup incorrectly...I just can't
    understand why clients would be denied access to network resources based on
    log on credentials.

    The only other solution I can think of is to go back to 192.168.0.x
    addressing like we had before to see if that makes a difference. I am limited
    to what I can do during the working week due to disruption though.

    I really appreciate your input thank you again.
     
    Oliver Maynard, Mar 3, 2009
    #7
  8. Hello Oliver,

    The iprange is not the reason that something does not work as long as all
    machines are using the correct subnet. If you say GPO's and logon script
    does not run.

    Remove the reverse lookupzone on the DNS server for 192.168.0.x network and
    create a new one for the 192.168.1.x network.

    Are the GPO's linked to the OU where the user/computers are located?

    Did you run gpresult /v on a client machine to see if the GPO is listed?

    Are all servers and clients are listed in the Forward lookup zones in your
    DNS server?

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Mar 3, 2009
    #8
  9. Hi Meinolf,

    I have removed the reverse lookup and added the new one as you suggested.

    The servers are listed in the forward lookup zones but the clients aren't.

    Yes Gpos are applied to OU's and the users are in the OU's.

    Gpresult returns : The user domain\user does not have RSOP data.

    Thanks


     
    Oliver Maynard, Mar 3, 2009
    #9
  10. Hello Oliver,

    Do you use dynamic updates on the zone properties?

    Also run ipconfig /registerdns on the client, this should register there
    entry in DNS zone, a message should appear similar to "takes about 15 minutes".

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Mar 3, 2009
    #10
  11. Hello Meinolf,

    Dynamic updates is enabled and set to 'secure only'.

    The ipconfig command didnt work and there are fair few errors in the eventwr
    in both the server and the client.

    The client
    ------------

    Event ID : 11165

    The system failed to register host (A) resource records (RRs) for network
    adapter
    with settings:

    Adapter Name : {AB759FE5-E3DF-4FB9-9156-5552068F7C4B}
    Host Name : easy2
    Primary Domain Suffix : WSW.local
    DNS server list :
    192.168.1.1
    Sent update to server : <?>
    IP Address(es) :
    192.168.1.23

    The reason the system could not register these RRs was because the DNS
    server contacted refused the update request. The reasons for this might be
    (a) you are not allowed to update the specified DNS domain name, or (b)
    because the DNS server authoritative for this name does not support the DNS
    dynamic update protocol.

    To register the DNS host (A) resource records using the specific DNS domain
    name and IP addresses for this adapter, contact your DNS server or network
    systems administrator.

    The server
    -------------

    Error EventID : 6702

    DNS server has updated its own host (A) records. In order to ensure that
    its DS-integrated peer DNS servers are able to replicate with this server, an
    attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error
    code.


    Error Event ID : 4004

    The DNS server was unable to complete directory service enumeration of zone
    WSW.local. This DNS server is configured to use information obtained from
    Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat
    enumeration of the zone. The extended error debug information (which may be
    empty) is "". The event data contains the error.


    Warning EventID : 4521

    The DNS server encountered error 32 attempting to load zone
    0.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to
    load this zone again on the next timeout cycle. This can be caused by high
    Active Directory load and may be a transient condition.


    I hope that helps you as it doesnt mean much to me!!

    Thanks a lot

     
    Oliver Maynard, Mar 4, 2009
    #11
  12. Hello Oliver,

    Is there any firewall running on client or server? Is the Primary DNS suffix
    added in the system properties, network identification, properties, choose
    the "More" button?

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Mar 4, 2009
    #12
  13. Hello Meinolf,

    Only the windows firewall is running. I just tried to disable it but when I
    try to open it (on the server) I get the error 'Windows firewll cannot run
    because another program or service is running that might use the network
    address translation compnant (Ipnat.sys)'.

    I am not sure where you find the 'network identification' section you
    mentioned. If you mean is it listed in the properties of the network adapter
    then yes it is.

    Thanks again for your help with this....sorry it seems to be such a problem.

    Best regards,
    Oliver

     
    Oliver Maynard, Mar 5, 2009
    #13
  14. Hello Oliver,

    Have you enabled internet connection sharing on the NIC properties, Advanced
    tab?

    Rightclick "My Computer", properties, Computer name or network identification,
    "Change" button, choose the "More" button?

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Mar 5, 2009
    #14
  15. Hi Meinolf,

    In addition to that last post in regards to the ipnat.sys....I was working
    over a vpn when I was trying to configure it and I have just read that this
    can cause a problem. Strangely today I couldnt connect to any of my remote
    desktops over the vpn either.

    Regards,
    Oliver

     
    Oliver Maynard, Mar 5, 2009
    #15
  16. Hello again Meinolf,

    The DNS suffix in properties says 'WSW.local' (wsw is the name of my
    domain). and there is a tick in 'change primary dns.....'

    ICS is not installed on the server. I do have a VNC server running so I can
    remote access in.

    Thanks


     
    Oliver Maynard, Mar 6, 2009
    #16
  17. Did anyone get this problem resolved? We have an almost identical case involving multiple VPNs. 1 Head Office (HO) and 4 x Branch Office (BO)

    We changed the HO WAN IP and it all started.....

    Very strange, only some clients at the BO's not all.

    We suspected bugs, even reloaded OS and reconnected one of the clients to the domain... no change. Can ping, can browse, can remote desktop to servers on the network but CANNOT connect to Exchange and cannot update group policy (Domain Controller not available).

    Ideas?



    OliverMaynar wrote:

    Hello again Meinolf,The DNS suffix in properties says 'WSW.
    06-Mar-09

    Hello again Meinolf

    The DNS suffix in properties says 'WSW.local' (wsw is the name of my
    domain). and there is a tick in 'change primary dns.....

    ICS is not installed on the server. I do have a VNC server running so I can
    remote access in

    Thank

    :

    Previous Posts In This Thread:

    Server 2003 Network problems since IP address change
    Hi, hopefully someone will be able to shed some light on this problem

    We have just moved offices and broadband providers. With the move came a
    change of Ip addresses. we used to run on 192.168.0.1/254 and now we use
    192.168.1.1/254

    Since the move I am getting loads of problems with GPO's not applying to
    clients anymore and the biggest problem which is the server refusing access
    to network drives. I have to manually un-map the drives and add them
    again...most the times using a different username and password as I get the
    error 'Multiple connections to a server or shared resource by the same user,
    using more than one username, are not allowed' or a similar one which I
    cannot now replicate

    Is this related to the IP address change? if so I musy have missed something
    somewhere when I was updating the server

    Thanks for you help.

    RE: Server 2003 Network problems since IP address change

    More information is needed before anyone can help you

    Is your network a domain or a workgroup
    If a domain, is it AD-integrated zone? More than one DC

    Does 2003 server provide DHCP for your network? Did you destroy old scope
    and create a new one

    Please post ipconfig/all result for server and typical workstation

    -
    Regards,
    Newell White

    Hi,it is a AD run domain with a single DC.
    Hi

    it is a AD run domain with a single DC. Previousley the old router provided
    the DHCP addressing. When we moved offices we had BT come and install our
    phone systems with a new router and hence the new addresses. This router has
    proved very troublesome so I have disabled the dhcp server on it and setup
    the same scope it was using on the DC

    ipconfig results

    Connection-specific DNS Suffix .
    Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #
    Physical Address. . . . . . . . . : 00-1E-8C-2E-0F-2
    DHCP Enabled. . . . . . . . . . . : Ye
    Autoconfiguration Enabled . . . . : Ye
    Link-local IPv6 Address . . . . . : fe80::459b:61f5:8668:2c01%24(Preferred
    IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred
    Subnet Mask . . . . . . . . . . . : 255.255.255.
    Lease Obtained. . . . . . . . . . : 22 February 2009 14:33:0
    Lease Expires . . . . . . . . . . : 22 March 2009 14:33:0
    Default Gateway . . . . . . . . . : 192.168.1.
    DHCP Server . . . . . . . . . . . : 192.168.1.
    DNS Servers . . . . . . . . . . . : 194.72.9.3
    62.6.40.16
    Primary WINS Server . . . . . . . : 192.168.1.
    NetBIOS over Tcpip. . . . . . . . : Enable

    The DC = 192.168.1.
    The router = 192.168.1.

    As per Meinolf Weber [MVP-DS] suggestion, I have just looked on the DC
    under DNS and under 'Reverse Lookup Zones' there is an entry for 192.168.0.x
    Subnet' with a list of pointers to computers and the old addresses they used
    to hold. Could this be something to do with it

    Thanks for your help guys.


    :

    Since you said your DC is 192.168.2, I'm assuming this is a workstation?
    Since you said your DC is 192.168.2, I'm assuming this is a workstation?


    You should have DNS setup on the DC. The DC should point to itself for DNS
    in the properties of TCP/IP. Use the actual IP address not 127.0.0.1. Then
    restart the netlogon service. All AC clients should ONLY point to the DNS
    server for the AD domain. (your DC)

    hth
    DDS


    Thanks for your suggestions guys.
    Thanks for your suggestions guys.

    I have changed the DNS settings as you have both described. GPO's and logon
    scripts still do not run. Of the clients I have tried this morning they all
    seem to be able to access the server without prompting for a username and
    password for access (even tho the user is logged onto the domain)...but this
    seems to happen at strange intervals so I am not confident that it is a
    closed issue yet.

    Would incorrect dns settings cause the type of issues I am having do you
    think? I don't doubt that I had it setup incorrectly...I just can't
    understand why clients would be denied access to network resources based on
    log on credentials.

    The only other solution I can think of is to go back to 192.168.0.x
    addressing like we had before to see if that makes a difference. I am limited
    to what I can do during the working week due to disruption though.

    I really appreciate your input thank you again.
    :

    Hi Meinolf,I have removed the reverse lookup and added the new one as you
    Hi Meinolf,

    I have removed the reverse lookup and added the new one as you suggested.

    The servers are listed in the forward lookup zones but the clients aren't.

    Yes Gpos are applied to OU's and the users are in the OU's.

    Gpresult returns : The user domain\user does not have RSOP data.

    Thanks


    :

    Hello Meinolf,Dynamic updates is enabled and set to 'secure only'.
    Hello Meinolf,

    Dynamic updates is enabled and set to 'secure only'.

    The ipconfig command didnt work and there are fair few errors in the eventwr
    in both the server and the client.

    The client
    ------------

    Event ID : 11165

    The system failed to register host (A) resource records (RRs) for network
    adapter
    with settings:

    Adapter Name : {AB759FE5-E3DF-4FB9-9156-5552068F7C4B}
    Host Name : easy2
    Primary Domain Suffix : WSW.local
    DNS server list :
    192.168.1.1
    Sent update to server : <?>
    IP Address(es) :
    192.168.1.23

    The reason the system could not register these RRs was because the DNS
    server contacted refused the update request. The reasons for this might be
    (a) you are not allowed to update the specified DNS domain name, or (b)
    because the DNS server authoritative for this name does not support the DNS
    dynamic update protocol.

    To register the DNS host (A) resource records using the specific DNS domain
    name and IP addresses for this adapter, contact your DNS server or network
    systems administrator.

    The server
    -------------

    Error EventID : 6702

    DNS server has updated its own host (A) records. In order to ensure that
    its DS-integrated peer DNS servers are able to replicate with this server, an
    attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error
    code.


    Error Event ID : 4004

    The DNS server was unable to complete directory service enumeration of zone
    WSW.local. This DNS server is configured to use information obtained from
    Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat
    enumeration of the zone. The extended error debug information (which may be
    empty) is "". The event data contains the error.


    Warning EventID : 4521

    The DNS server encountered error 32 attempting to load zone
    0.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to
    load this zone again on the next timeout cycle. This can be caused by high
    Active Directory load and may be a transient condition.


    I hope that helps you as it doesnt mean much to me!!

    Thanks a lot

    :

    Hello Meinolf,Only the windows firewall is running.
    Hello Meinolf,

    Only the windows firewall is running. I just tried to disable it but when I
    try to open it (on the server) I get the error 'Windows firewll cannot run
    because another program or service is running that might use the network
    address translation compnant (Ipnat.sys)'.

    I am not sure where you find the 'network identification' section you
    mentioned. If you mean is it listed in the properties of the network adapter
    then yes it is.

    Thanks again for your help with this....sorry it seems to be such a problem.

    Best regards,
    Oliver

    :

    Hi Meinolf,In addition to that last post in regards to the ipnat.sys....
    Hi Meinolf,

    In addition to that last post in regards to the ipnat.sys....I was working
    over a vpn when I was trying to configure it and I have just read that this
    can cause a problem. Strangely today I couldnt connect to any of my remote
    desktops over the vpn either.

    Regards,
    Oliver

    :

    Hello Oliver,Check that the DNS server has all new addresses on the zone
    Hello Oliver,

    Check that the DNS server has all new addresses on the zone records listed.
    Did all your clients use the correct ip addresses now? Did you reboot the
    servers after changing or just change the ip?

    Best regards

    Meinolf Weber


    Hello again Meinolf,The DNS suffix in properties says 'WSW.
    Hello again Meinolf,

    The DNS suffix in properties says 'WSW.local' (wsw is the name of my
    domain). and there is a tick in 'change primary dns.....'

    ICS is not installed on the server. I do have a VNC server running so I can
    remote access in.

    Thanks


    :


    Submitted via EggHeadCafe - Software Developer Portal of Choice
    AJAX Web Service Driven Customers Table With Customer Details
    http://www.eggheadcafe.com/tutorial...en-customers-table-with-customer-details.aspx
     
    Stephen Gultig, Jul 29, 2010
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.