none
Windows Server 2008 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve DNS Externally

    Question

  • Good Morning All -

    I've got a client's DC running Windows 2008 that I'm trying to troubleshoot a strange issue on. 

    Yesterday, we had one of the hard drives go out.  We replaced it and the RAID successfully rebuilt itself.  I don't know if this caused the issue, but when in the server I found out the following:

    Issue

    The server can successfully resolve DNS and ping all internal hosts.  However - it cannot ping external (internet) ones.  It does resolve their hostnames, though.

    I've tried/checked the following:

    • Verified IP configuration is correct (running IPv4 - not IPv6)
    • tracert to external ip (8.8.8.8) doesn't resolve anything (on another windows server on same domain, it does)
    • Must RDP to different windows server on network, then rdp to server having issue to connect
    • Tried disabling NIC on server, re-enabling a different physical one, then configuring it's IP info the same
    • Tested again this morning after RAID rebuild was complete - nogo
    • The server is a DC and manages DNS - all entries look good
    • Windows Firewall is Off
    • Compared settings for Windows Routing Role to another similarally configured DC
    • Pointed to other DNS server as primary instead of itself
    • Verified DNS forwarders were correct.

    Any ideas?  Thanks!


    Ben K.

    Tuesday, March 6, 2012 3:22 PM

Answers

  • Okay guys - finally found out the issue.  After recently finding that the gateway could not be pinged, it all started to make sense. 

    As it turns out, there was a rule in the firewall (Watchguard) which kept that server from talking.  No one know how it got there (hmm), but not that it's gone, it's back up 100%.

    I appreciate everyone's time that helped out - Thanks!


    Ben K.

    Wednesday, March 7, 2012 9:46 PM

All replies

  • Hi Ben

    The other sever that is resolving external names has DNS Role also?

    Can you post an ipconfig /all of the working and not working servers?


    Renato Kurti CCNA,CCNP Security,CCAI,MCP,MCTS,MCITP:EA

    Tuesday, March 6, 2012 4:14 PM
  • Thanks...

    There are 5 total servers on that domain.  Below I've listed whether or not they hold a DNS role and their ipconfig info.  Thanks!

    DC1

    Windows 2008 x64 - The server with the issue.

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DCSDC1
       Primary Dns Suffix  . . . . . . . : network.blankedout.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : network.blankedout.com
                                           blankedout.com

    Ethernet adapter Local Area Connection 3:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter
       Physical Address. . . . . . . . . : 00-15-17-B0-5A-E6
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.50.19(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.50.254
       DNS Servers . . . . . . . . . . . : 192.168.50.19
                                           192.168.50.18
       Primary WINS Server . . . . . . . : 192.168.50.19
       Secondary WINS Server . . . . . . : 192.168.50.18
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{28C3C707-D5BD-4F22-B614-471482FE433A}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Server2

    Windows 2003 R2 - Does not hold a DNS role

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DCSSVR2
       Primary Dns Suffix  . . . . . . . : network.blankedout.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : network.blankedout.com
                                           blankedout.com.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
       Physical Address. . . . . . . . . : 00-22-19-86-6E-0D
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.50.13
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.50.254
       DNS Servers . . . . . . . . . . . : 192.168.50.19
                                           192.168.50.18
       Primary WINS Server . . . . . . . : 192.168.50.18
       Secondary WINS Server . . . . . . : 192.168.50.19

    Server3

    Windows 2008 x32 - Does hold a DNS role

    Windows IP Configuration

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       IPv4 Address. . . . . . . . . . . : 192.168.50.18
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.50.254

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    Exch1

    Windows 2008 - Does not hold DNS role

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DCSEXCH1
       Primary Dns Suffix  . . . . . . . : network.blankedout.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : network.blankedout.com
                                           blankedout.com

    Ethernet adapter Local Area Connection 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #6
       Physical Address. . . . . . . . . : 00-24-E8-54-96-E3
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection 7:

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #5
       Physical Address. . . . . . . . . : 00-24-E8-54-96-E4
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection 4:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter #2
       Physical Address. . . . . . . . . : 00-15-17-AB-7F-63
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::e453:e947:1e24:99b3%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.50.10(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.50.254
       DHCPv6 IAID . . . . . . . . . . . : 335549719
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-42-31-5B-00-24-E8-54-96-E3
       DNS Servers . . . . . . . . . . . : 192.168.50.19
                                           192.168.50.18
       Primary WINS Server . . . . . . . : 192.168.50.18
       Secondary WINS Server . . . . . . : 192.168.50.19
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection 3:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter
       Physical Address. . . . . . . . . : 00-15-17-AB-7F-62
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{0461995C-4BAD-45A7-894D-FA2B2D73094B}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{3E3580D2-093E-470A-AC17-D620294F903D}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{5CCF878C-5399-48C9-9338-C8333C398C7A}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 12:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{E6C5F044-7005-4474-BDEA-88A40E961933}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 13:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    TSAuto

    Windows 2003 R2 - Does not hold DNS role

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : TSAutoCad
       Primary Dns Suffix  . . . . . . . : network.blankedout.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : network.blankedout.com
                                           blankedout.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-1D-09-FE-CB-78
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.50.12
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.50.254
       DNS Servers . . . . . . . . . . . : 192.168.50.19
                                           192.168.50.18
       Primary WINS Server . . . . . . . : 192.168.50.19
       Secondary WINS Server . . . . . . : 192.168.50.18

    Thanks Again!


    Ben K.

    Tuesday, March 6, 2012 4:29 PM
  •  

    Hi Ben,

    Thanks for posting here.

    Did this server ever been abnormally shutdown when disk issue occurred?

    Can we verify any warring or error form event viewer on this problematic host ?

    > The server can successfully resolve DNS and ping all internal hosts.  However - it cannot ping external (internet) ones.  It does resolve their hostnames, though.

    Do you mean it can resolve external domain names to its public IP address properly with current settings by nslookup but can’t get it work if ping any external domain name form this server ?

    So could we get the correct IP address of the compounding domain that we were ping  form results ? For instant :

    Pinging microsoft.com [207.46.197.32] with 32 bytes of data:

    Request timed out.

    Request timed out.

    Request timed out.

    Request timed out.

    Ping statistics for 207.46.197.32:

        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    Could we ping such external domains and get response properly before this disk issue form this domain controller DC1 ?

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Wednesday, March 7, 2012 5:47 AM
  • Thanks for your response - I love TechNet forums!

    I spoke with the tech who went onsite and he said that the server was not abnormally shut down.  As always, there are a few things in the event log, but nothing that points directly towards the issue.

    I did do a few other tests based on what you suggested and below are the results:

    There are two DNS servers in the domain - .18 & .19 - .19 is the DC that we are having the trouble on.

    We performed nslookups of both internal and external domains with DNS pointed to itself (.19) which both failed.

    However - when the server is pointed to the other DNS server (.18), it CAN do an nslookup BOTH internal and external yet still cannot ping anything outside.

    I also just found out that even though the server in question can ping internal addresses, it cannot ping it's gateway (firewall)

    Does that answer stuff for you?  Thanks!


    Ben K.

    Wednesday, March 7, 2012 9:34 PM
  • Okay guys - finally found out the issue.  After recently finding that the gateway could not be pinged, it all started to make sense. 

    As it turns out, there was a rule in the firewall (Watchguard) which kept that server from talking.  No one know how it got there (hmm), but not that it's gone, it's back up 100%.

    I appreciate everyone's time that helped out - Thanks!


    Ben K.

    Wednesday, March 7, 2012 9:46 PM
  •  

    Hi Ben,

    Glad to hear that the issue is solved! Hope you will enjoy our TechNet forum in future.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Thursday, March 8, 2012 12:44 AM