none
Domain Controller Wrong IP

    Question

  • Having problem with the domain controller IP address.  Not sure where it is picking up the wrong IP address.  The server has only 1 network connection.  I check the hosts file (no lmhosts file) and DNS server, the hosts is the original file so no entries and DNS record is correct.  Over time (30 minutes), the wrong IP address shows up in the DNS server cache.  Flushing DNS cache (ipconfig /flushdns) fixes the problem but the wrong IP address just keep coming back.  I check the top domain and a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.top.net points to cname server1.domain.top.net which is correct.

    Wrong IP
    ping a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.top.net
    pinging server1.domain.top.net [10.10.10.25] with 32 bytes of data:
    Reply from 10.10.10.25: bytes=32 time<1ms TTL=128

    Correct IP
    c:\>ping server1.domain.top.net
    Pinging server1.domain.top.net [10.10.11.23] with 32 bytes of data:
    Reply from 10.10.11.23: bytes=32 time<1ms TTL=127

    C:\>ipconfig /flushdns
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.

    Correct IP
    C:\>ping a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.dot.net
    Pinging server1.domain.top.net [10.10.11.23] with 32 bytes of data:
    Reply from 10.10.11.23: bytes=32 time<1ms TTL=127

    Friday, June 15, 2012 4:15 AM

Answers

  • Let's use nslookup instead of ping, and see what it's resolving to:

    c:\>nslookup
    > a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.top.net

    .

    Under _msdcs.top.net, how many CNAME GUIDs do you see? I'm sure you already realize, there should be only one registered for each DC.

    Looking under top.net, how many LdapIpAddress entries do you see? They are the entries depicted by "same as parent"  A  <IpAddress>. Each DC registers one.

    Also, look in the zone properties of _msdcs.top.net and top.net, Namesservers tab. Only your DC/DNS servers should be in there, unless you have secondary (non-DCs) defined and allowing. Do you see anything that don't belong?

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by The Kind Wednesday, June 20, 2012 12:23 AM
    Saturday, June 16, 2012 5:13 PM
  • Thank you for taking the time to respond.  Your suggestion of examining the DNS records of the top level domain lead me to finding an incorrect name server at the domain.top.net level. One of the listed name server, server1.domain.top.net, was listed as having an IP address of 10.10.10.25 which is incorrect and server1 is not a DNS server.  The name server record should be changed to server2.domain.top.net with IP of 10.10.10.25.  I think the domain controller IP address was changed in the past which cause this problem.  Our sub domain administrator account does not have permission to top.net domain.

    I will submit the paper work for the change and let you know if this resolves the problem.  Thanks everyone for looking at this problem.

    • Marked as answer by The Kind Wednesday, June 20, 2012 12:24 AM
    Tuesday, June 19, 2012 4:24 AM

All replies

  • Hello, 

    Search for the host name which is assigned to 10.10.10.25 using NBTSTAT. Syntax: NBTSTAT -A 10.10.10.25

    Also recommend you to use static IP address for DC. If use dynamic IP address, go for IP reservations. Setting up constant IP address to DC will allow you to get less replication issues.


    Regards, Ravikumar P

    Friday, June 15, 2012 8:32 AM
  • Thank you for your response.  The domain controllers all have static IP address. The IP address 10.10.10.25 is another domain controller, server2.domain.top.net. When I run ipconfig /displaydns.

    server1.domain.top.net
    ----------------------------------------
    Record Name . . . . . : server1.domain.top.net
    Record Type . . . . . : 1
    Time To Live  . . . . : 1194
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 10.10.11.23

    server2.domain.top.net
    ----------------------------------------
    Record Name . . . . . : server2.domain.top.net
    Record Type . . . . . : 1
    Time To Live  . . . . : 3598
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 10.10.10.25

    a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.top.net
    ----------------------------------------
    Record Name . . . . . : a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.top.net
    Record Type . . . . . : 5
    Time To Live  . . . . : 389
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    CNAME Record  . . . . : server1.domain.top.net

    It is strange how when I ping server1 the IP is correct but when I ping a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb it comes back with pinging server1 and then gives the wrong IP. Flushing the resolver cache (ipconfig /flushdns) then temporarily fixes the problem, ping a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb then gives the correct IP. This happens on the domain controllers and my desktop. It looks like pinging a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb resolves to CNAME server1 and then use some other mechanism to resolve its IP address, I think it checks with the DNS server. The DNS server, have the correct A record for server1 (and server2) but when you look in the DNS server cache it has the wrong IP (server1 is listed as server2 IP).

    Probably the only way to resolve this is to scope the network traffic but I don't think that would be possible. I think the DNS server is picking up the wrong IP from registry or NETBIOS over TCP/IP.


    • Edited by The Kind Friday, June 15, 2012 8:34 PM
    Friday, June 15, 2012 8:31 PM
  • Let's use nslookup instead of ping, and see what it's resolving to:

    c:\>nslookup
    > a4687e9d-f8e7-4e35-8c25-7e3dec1e9ddb._msdcs.top.net

    .

    Under _msdcs.top.net, how many CNAME GUIDs do you see? I'm sure you already realize, there should be only one registered for each DC.

    Looking under top.net, how many LdapIpAddress entries do you see? They are the entries depicted by "same as parent"  A  <IpAddress>. Each DC registers one.

    Also, look in the zone properties of _msdcs.top.net and top.net, Namesservers tab. Only your DC/DNS servers should be in there, unless you have secondary (non-DCs) defined and allowing. Do you see anything that don't belong?

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by The Kind Wednesday, June 20, 2012 12:23 AM
    Saturday, June 16, 2012 5:13 PM
  • Thank you for taking the time to respond.  Your suggestion of examining the DNS records of the top level domain lead me to finding an incorrect name server at the domain.top.net level. One of the listed name server, server1.domain.top.net, was listed as having an IP address of 10.10.10.25 which is incorrect and server1 is not a DNS server.  The name server record should be changed to server2.domain.top.net with IP of 10.10.10.25.  I think the domain controller IP address was changed in the past which cause this problem.  Our sub domain administrator account does not have permission to top.net domain.

    I will submit the paper work for the change and let you know if this resolves the problem.  Thanks everyone for looking at this problem.

    • Marked as answer by The Kind Wednesday, June 20, 2012 12:24 AM
    Tuesday, June 19, 2012 4:24 AM
  • I'm happy to hear the suggestions were helpful resolving it. Please go through the responses and mark as answer the ones you feel addressed and resolved the issue.

    .

    I also suggest to check all "(same as parent) A  <ipAddress>"  records to make sure that IP doesn't show up.

    WHile you're at it, check the system32\config\netlogon.dns and netlogon.dnb files to see if you see that IP in there.

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, June 19, 2012 6:08 PM
  • The name server has been updated, the problem has been resolved.

    From your suggestion, I checked all those "(same as parent)" records carefully and the netlogon files.  I didn't find any further problems.  Thanks again for your help.

    Wednesday, June 20, 2012 12:31 AM
  • Good to hear that it's all resolved. It's also a good thing the netlogon.dns file had no references, or that will have meant the old DC is still referenced in the AD database.

    If you have any further questions or issues, let us know.

    Cheers!


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, June 20, 2012 5:01 AM