Server 2003 Network problems since IP address change

Hi, hopefully someone will be able to shed some light on this problem.

We have just moved offices and broadband providers. With the move came a
change of Ip addresses. we used to run on 192.168.0.1/254 and now we use
192.168.1.1/254.

Since the move I am getting loads of problems with GPO's not applying to
clients anymore and the biggest problem which is the server refusing access
to network drives. I have to manually un-map the drives and add them
again...most the times using a different username and password as I get the
error 'Multiple connections to a server or shared resource by the same user,
using more than one username, are not allowed' or a similar one which I
cannot now replicate.

Is this related to the IP address change? if so I musy have missed something
somewhere when I was updating the server.

Thanks for you help.

 

Hello Oliver,

Check that the DNS server has all new addresses on the zone records listed.
Did all your clients use the correct ip addresses now? Did you reboot the
servers after changing or just change the ip?

Best regards

Meinolf Weber

 

More information is needed before anyone can help you.

Is your network a domain or a workgroup?
If a domain, is it AD-integrated zone? More than one DC?

Does 2003 server provide DHCP for your network? Did you destroy old scope
and create a new one?

Please post ipconfig/all result for server and typical workstation.

 

Hi,

it is a AD run domain with a single DC. Previousley the old router provided
the DHCP addressing. When we moved offices we had BT come and install our
phone systems with a new router and hence the new addresses. This router has
proved very troublesome so I have disabled the dhcp server on it and setup
the same scope it was using on the DC.

ipconfig results :

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #5
Physical Address. . . . . . . . . : 00-1E-8C-2E-0F-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::459b:61f5:8668:2c01%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 February 2009 14:33:09
Lease Expires . . . . . . . . . . : 22 March 2009 14:33:07
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.2
DNS Servers . . . . . . . . . . . : 194.72.9.38
62.6.40.162
Primary WINS Server . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled

The DC = 192.168.1.2
The router = 192.168.1.1

As per Meinolf Weber [MVP-DS] suggestion, I have just looked on the DC
under DNS and under 'Reverse Lookup Zones' there is an entry for 192.168.0.x
Subnet' with a list of pointers to computers and the old addresses they used
to hold. Could this be something to do with it?

Thanks for your help guys.

 

IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)

Since you said your DC is 192.168.2, I'm assuming this is a workstation?


You should have DNS setup on the DC. The DC should point to itself for DNS
in the properties of TCP/IP. Use the actual IP address not 127.0.0.1. Then
restart the netlogon service. All AC clients should ONLY point to the DNS
server for the AD domain. (your DC)

hth
DDS

 

Hello Oliver,

The ipconfig output is from the client?

Well, your DNS configuration coming from your DHCP server has only to provide
domain internal ip addresses 192.168.1.2 for DNS The external addresses 194.72.9.38
and 62.6.40.162, i assume your ISP's DNS server are wrong at that place.

On the DNS server properties in the DNS management console under the DNS
server properties you have a FORWARDERS tab, here fill in the ISP's DNS server.

If the ipconfig from the DC looks similar, change that also.

The client should look like:
ip 192.168.1.x
sm 255.255.255.0
dg 192.168.1.1
dns 192.168.1.2

and the server:
ip 192.168.1.2
sm 255.255.255.0
dg 192.168.1.1
dns 192.168.1.2

Also if you do not use IPv6 i would uncheck the setting under the NIC properties.

Best regards

Meinolf Weber

 

Thanks for your suggestions guys.

I have changed the DNS settings as you have both described. GPO's and logon
scripts still do not run. Of the clients I have tried this morning they all
seem to be able to access the server without prompting for a username and
password for access (even tho the user is logged onto the domain)...but this
seems to happen at strange intervals so I am not confident that it is a
closed issue yet.

Would incorrect dns settings cause the type of issues I am having do you
think? I don't doubt that I had it setup incorrectly...I just can't
understand why clients would be denied access to network resources based on
log on credentials.

The only other solution I can think of is to go back to 192.168.0.x
addressing like we had before to see if that makes a difference. I am limited
to what I can do during the working week due to disruption though.

I really appreciate your input thank you again.

 

Hello Oliver,

The iprange is not the reason that something does not work as long as all
machines are using the correct subnet. If you say GPO's and logon script
does not run.

Remove the reverse lookupzone on the DNS server for 192.168.0.x network and
create a new one for the 192.168.1.x network.

Are the GPO's linked to the OU where the user/computers are located?

Did you run gpresult /v on a client machine to see if the GPO is listed?

Are all servers and clients are listed in the Forward lookup zones in your
DNS server?

Best regards

Meinolf Weber

 

Hi Meinolf,

I have removed the reverse lookup and added the new one as you suggested.

The servers are listed in the forward lookup zones but the clients aren't.

Yes Gpos are applied to OU's and the users are in the OU's.

Gpresult returns : The user domain\user does not have RSOP data.

Thanks

 

Hello Oliver,

Do you use dynamic updates on the zone properties?

Also run ipconfig /registerdns on the client, this should register there
entry in DNS zone, a message should appear similar to "takes about 15 minutes".

Best regards

Meinolf Weber

 

Hello Meinolf,

Dynamic updates is enabled and set to 'secure only'.

The ipconfig command didnt work and there are fair few errors in the eventwr
in both the server and the client.

The client
------------

Event ID : 11165

The system failed to register host (A) resource records (RRs) for network
adapter
with settings:

Adapter Name : {AB759FE5-E3DF-4FB9-9156-5552068F7C4B}
Host Name : easy2
Primary Domain Suffix : WSW.local
DNS server list :
192.168.1.1
Sent update to server : <?>
IP Address(es) :
192.168.1.23

The reason the system could not register these RRs was because the DNS
server contacted refused the update request. The reasons for this might be
(a) you are not allowed to update the specified DNS domain name, or (b)
because the DNS server authoritative for this name does not support the DNS
dynamic update protocol.

To register the DNS host (A) resource records using the specific DNS domain
name and IP addresses for this adapter, contact your DNS server or network
systems administrator.

The server
-------------

Error EventID : 6702

DNS server has updated its own host (A) records. In order to ensure that
its DS-integrated peer DNS servers are able to replicate with this server, an
attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error
code.


Error Event ID : 4004

The DNS server was unable to complete directory service enumeration of zone
WSW.local. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.


Warning EventID : 4521

The DNS server encountered error 32 attempting to load zone
0.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to
load this zone again on the next timeout cycle. This can be caused by high
Active Directory load and may be a transient condition.


I hope that helps you as it doesnt mean much to me!!

Thanks a lot

 

Hello Oliver,

Is there any firewall running on client or server? Is the Primary DNS suffix
added in the system properties, network identification, properties, choose
the "More" button?

Best regards

Meinolf Weber

 

Hello Meinolf,

Only the windows firewall is running. I just tried to disable it but when I
try to open it (on the server) I get the error 'Windows firewll cannot run
because another program or service is running that might use the network
address translation compnant (Ipnat.sys)'.

I am not sure where you find the 'network identification' section you
mentioned. If you mean is it listed in the properties of the network adapter
then yes it is.

Thanks again for your help with this....sorry it seems to be such a problem.

Best regards,
Oliver

 

Hello Oliver,

Have you enabled internet connection sharing on the NIC properties, Advanced
tab?

Rightclick "My Computer", properties, Computer name or network identification,
"Change" button, choose the "More" button?

Best regards

Meinolf Weber

 

Hi Meinolf,

In addition to that last post in regards to the ipnat.sys....I was working
over a vpn when I was trying to configure it and I have just read that this
can cause a problem. Strangely today I couldnt connect to any of my remote
desktops over the vpn either.

Regards,
Oliver

 

Hello again Meinolf,

The DNS suffix in properties says 'WSW.local' (wsw is the name of my
domain). and there is a tick in 'change primary dns.....'

ICS is not installed on the server. I do have a VNC server running so I can
remote access in.

Thanks

 

Did anyone get this problem resolved? We have an almost identical case involving multiple VPNs. 1 Head Office (HO) and 4 x Branch Office (BO)

We changed the HO WAN IP and it all started.....

Very strange, only some clients at the BO's not all.

We suspected bugs, even reloaded OS and reconnected one of the clients to the domain... no change. Can ping, can browse, can remote desktop to servers on the network but CANNOT connect to Exchange and cannot update group policy (Domain Controller not available).

Ideas?



OliverMaynar wrote:

Hello again Meinolf,The DNS suffix in properties says 'WSW.
06-Mar-09

Hello again Meinolf

The DNS suffix in properties says 'WSW.local' (wsw is the name of my
domain). and there is a tick in 'change primary dns.....

ICS is not installed on the server. I do have a VNC server running so I can
remote access in

Thank

:

Previous Posts In This Thread:

Server 2003 Network problems since IP address change
Hi, hopefully someone will be able to shed some light on this problem

We have just moved offices and broadband providers. With the move came a
change of Ip addresses. we used to run on 192.168.0.1/254 and now we use
192.168.1.1/254

Since the move I am getting loads of problems with GPO's not applying to
clients anymore and the biggest problem which is the server refusing access
to network drives. I have to manually un-map the drives and add them
again...most the times using a different username and password as I get the
error 'Multiple connections to a server or shared resource by the same user,
using more than one username, are not allowed' or a similar one which I
cannot now replicate

Is this related to the IP address change? if so I musy have missed something
somewhere when I was updating the server

Thanks for you help.

RE: Server 2003 Network problems since IP address change

More information is needed before anyone can help you

Is your network a domain or a workgroup
If a domain, is it AD-integrated zone? More than one DC

Does 2003 server provide DHCP for your network? Did you destroy old scope
and create a new one

Please post ipconfig/all result for server and typical workstation

-
Regards,
Newell White

Hi,it is a AD run domain with a single DC.
Hi

it is a AD run domain with a single DC. Previousley the old router provided
the DHCP addressing. When we moved offices we had BT come and install our
phone systems with a new router and hence the new addresses. This router has
proved very troublesome so I have disabled the dhcp server on it and setup
the same scope it was using on the DC

ipconfig results

Connection-specific DNS Suffix .
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #
Physical Address. . . . . . . . . : 00-1E-8C-2E-0F-2
DHCP Enabled. . . . . . . . . . . : Ye
Autoconfiguration Enabled . . . . : Ye
Link-local IPv6 Address . . . . . : fe80::459b:61f5:8668:2c01%24(Preferred
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred
Subnet Mask . . . . . . . . . . . : 255.255.255.
Lease Obtained. . . . . . . . . . : 22 February 2009 14:33:0
Lease Expires . . . . . . . . . . : 22 March 2009 14:33:0
Default Gateway . . . . . . . . . : 192.168.1.
DHCP Server . . . . . . . . . . . : 192.168.1.
DNS Servers . . . . . . . . . . . : 194.72.9.3
62.6.40.16
Primary WINS Server . . . . . . . : 192.168.1.
NetBIOS over Tcpip. . . . . . . . : Enable

The DC = 192.168.1.
The router = 192.168.1.

As per Meinolf Weber [MVP-DS] suggestion, I have just looked on the DC
under DNS and under 'Reverse Lookup Zones' there is an entry for 192.168.0.x
Subnet' with a list of pointers to computers and the old addresses they used
to hold. Could this be something to do with it

Thanks for your help guys.


:

Since you said your DC is 192.168.2, I'm assuming this is a workstation?
Since you said your DC is 192.168.2, I'm assuming this is a workstation?


You should have DNS setup on the DC. The DC should point to itself for DNS
in the properties of TCP/IP. Use the actual IP address not 127.0.0.1. Then
restart the netlogon service. All AC clients should ONLY point to the DNS
server for the AD domain. (your DC)

hth
DDS


Thanks for your suggestions guys.
Thanks for your suggestions guys.

I have changed the DNS settings as you have both described. GPO's and logon
scripts still do not run. Of the clients I have tried this morning they all
seem to be able to access the server without prompting for a username and
password for access (even tho the user is logged onto the domain)...but this
seems to happen at strange intervals so I am not confident that it is a
closed issue yet.

Would incorrect dns settings cause the type of issues I am having do you
think? I don't doubt that I had it setup incorrectly...I just can't
understand why clients would be denied access to network resources based on
log on credentials.

The only other solution I can think of is to go back to 192.168.0.x
addressing like we had before to see if that makes a difference. I am limited
to what I can do during the working week due to disruption though.

I really appreciate your input thank you again.
:

Hi Meinolf,I have removed the reverse lookup and added the new one as you
Hi Meinolf,

I have removed the reverse lookup and added the new one as you suggested.

The servers are listed in the forward lookup zones but the clients aren't.

Yes Gpos are applied to OU's and the users are in the OU's.

Gpresult returns : The user domain\user does not have RSOP data.

Thanks


:

Hello Meinolf,Dynamic updates is enabled and set to 'secure only'.
Hello Meinolf,

Dynamic updates is enabled and set to 'secure only'.

The ipconfig command didnt work and there are fair few errors in the eventwr
in both the server and the client.

The client
------------

Event ID : 11165

The system failed to register host (A) resource records (RRs) for network
adapter
with settings:

Adapter Name : {AB759FE5-E3DF-4FB9-9156-5552068F7C4B}
Host Name : easy2
Primary Domain Suffix : WSW.local
DNS server list :
192.168.1.1
Sent update to server : <?>
IP Address(es) :
192.168.1.23

The reason the system could not register these RRs was because the DNS
server contacted refused the update request. The reasons for this might be
(a) you are not allowed to update the specified DNS domain name, or (b)
because the DNS server authoritative for this name does not support the DNS
dynamic update protocol.

To register the DNS host (A) resource records using the specific DNS domain
name and IP addresses for this adapter, contact your DNS server or network
systems administrator.

The server
-------------

Error EventID : 6702

DNS server has updated its own host (A) records. In order to ensure that
its DS-integrated peer DNS servers are able to replicate with this server, an
attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error
code.


Error Event ID : 4004

The DNS server was unable to complete directory service enumeration of zone
WSW.local. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which may be
empty) is "". The event data contains the error.


Warning EventID : 4521

The DNS server encountered error 32 attempting to load zone
0.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to
load this zone again on the next timeout cycle. This can be caused by high
Active Directory load and may be a transient condition.


I hope that helps you as it doesnt mean much to me!!

Thanks a lot

:

Hello Meinolf,Only the windows firewall is running.
Hello Meinolf,

Only the windows firewall is running. I just tried to disable it but when I
try to open it (on the server) I get the error 'Windows firewll cannot run
because another program or service is running that might use the network
address translation compnant (Ipnat.sys)'.

I am not sure where you find the 'network identification' section you
mentioned. If you mean is it listed in the properties of the network adapter
then yes it is.

Thanks again for your help with this....sorry it seems to be such a problem.

Best regards,
Oliver

:

Hi Meinolf,In addition to that last post in regards to the ipnat.sys....
Hi Meinolf,

In addition to that last post in regards to the ipnat.sys....I was working
over a vpn when I was trying to configure it and I have just read that this
can cause a problem. Strangely today I couldnt connect to any of my remote
desktops over the vpn either.

Regards,
Oliver

:

Hello Oliver,Check that the DNS server has all new addresses on the zone
Hello Oliver,

Check that the DNS server has all new addresses on the zone records listed.
Did all your clients use the correct ip addresses now? Did you reboot the
servers after changing or just change the ip?

Best regards

Meinolf Weber


Hello again Meinolf,The DNS suffix in properties says 'WSW.
Hello again Meinolf,

The DNS suffix in properties says 'WSW.local' (wsw is the name of my
domain). and there is a tick in 'change primary dns.....'

ICS is not installed on the server. I do have a VNC server running so I can
remote access in.

Thanks


:


Submitted via EggHeadCafe - Software Developer Portal of Choice
AJAX Web Service Driven Customers Table With Customer Details
http://www.eggheadcafe.com/tutorial...en-customers-table-with-customer-details.aspx