Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 25, 2015 6:46 AM
Hi
I am facing the problem for not getting the internet in AD Server(DC) if configured with static IP address. If we set DHCP it will connect to internet. When I check the IPCONFIG on DHCP settings its showing the external address of the ISP router. Not the firewall. Suspect there must be a foul play with DNS. Appreceiate your prompt response.
Thanks
Michael
All replies (20)
Wednesday, March 25, 2015 8:38 AM
Hi,
If you have an internal(private) network and connect to Internet by a ISP router. Set the ISP router as default gateway, DNS server provide by ISP as preferred DNS server. or, if your DC also configured as the DNS server, set itself as preferred DNS server, and at the same time, set the ISP DNS server as DNS forwarder.
If I have any misunderstanding about your question, please provide more description about your network architecture, such as intermediate devices and their connection type.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, March 25, 2015 8:59 AM
Hi
Thanks for the update.
I tried both DNS server provide by ISP as preferred DNS server and DC as preferred DNS. But it didn't work. Tried reset the LAN switch / Firewall.
I am using a firewall in the network. For all the other computers given the DNS address primary as AD server IP (The server which having problem), secondary as 8.8.8.8 and all working without any issues.
Tried FlushDNS / pinging to 8.8.8.8 - no success / local host - success / own IP address - success. Able to ping all same IP address successfully from other devices.
I am using Windows Server 2008 Std 64-Bit for the AD server.
Thanks
Michael
Wednesday, March 25, 2015 9:10 AM
Can you please be a bit more clearer on whats not working and what is working?
I want to check, are you having an issue when you point the DNS on the client to your domain controller?
But when you point the client at google.com (8.8.8.8) DNS works?
On the client that is working above if your remove the 8.8.8.8 DNS entry does it still work?
On the domain controller in DNS have you configured the forwarders?
Wednesday, March 25, 2015 9:54 AM
- When the other server's and clients pointing the DNS to the DC its working and internet is accessible.
- When point the client's to 8.8.8.8 its working and getting the internet. Able to ping 8.8.8.8 from all the clients. Not from DC.
- If we remove 8.8.8.8 DNS entry it will still work and internet is accessible as primary DNS is DC ip address.
- Normally we don't configure the forwarders in Domain Controller DNS. For testing I have done that but its still the same. And its affecting only DC.
Wednesday, March 25, 2015 10:08 AM
On the DC if you do an ipconfig /all what is it using for DNS?
Wednesday, March 25, 2015 10:41 AM
IP address of the firewall currently. I have tried IP address of DC and ISP router IP address. It didn't worked.
Wednesday, March 25, 2015 10:47 AM
What happens from the DC if you ping 8.8.8.8 directly?
Can you set the DNS of the DC to its self.
Then can you do a nslookup of google.com and post the output. Does it resolve?
Thursday, March 26, 2015 1:44 AM
Please go through my earlier posts.
Its not pinging from DC to 8.8.8.8 showing destination host unreachable. I tried setting the DNS of DC to itself. No success.
Thursday, March 26, 2015 10:05 AM
Ok,
From what you have said I would check the following depending on your LAN configuration:
From the DC:
- Can you ping the Default Gateway?
- Can you ping the firewall?
- Trace route 8.8.8.8 where does it stop working?
- If you use diffrent VLANs on the switch please check the DC is setup correctly?
- Check the firewall logs and see if it is stopping packet?
What firewall are you using?
Can you check the NAT statement on the firewall?
Friday, March 27, 2015 8:22 AM
1. I am able to ping to Default gateway
2. I am able to ping the firewall as both default gateway and firewall is same.
3. I have attached screenshots for portquery and Trace route.
We are not using any VLAN's on the switch.
We are using Fortigate 60D firewall
Pls find the PortQuery for DNS
Pls find the Tracert screenshot
Friday, March 27, 2015 8:53 AM
Is this a virtual machine?
Friday, March 27, 2015 10:08 AM
Yes. Its a virtual machine.
Friday, March 27, 2015 10:49 AM
Can you remove the NIC from the machine and add a new one in please? I wonder if the TCP/IP stack has an issue. This might reset it.
Monday, March 30, 2015 2:17 AM
I have tried that already. removed the NIC and added a new one. But the issue still persist.
Monday, March 30, 2015 7:52 AM
Can you check the driver under device management (devmgmt.msc). Does it say its working?
I know this may sound silly but are the tools installed (assuming this is vmware or xen)
Tuesday, March 31, 2015 2:53 AM
Please find the screenshot of the Device manager. We are using Windows 2012 R2, Std Hyper-V (not using any VMware or Citrix)
Tuesday, March 31, 2015 9:57 AM
Please try running the following command from an elevated command prompt then restart the server.
netsh int ip reset
Tuesday, March 31, 2015 10:24 AM
I have tried the commands netsh I I r r and netsh adv r - Still the same. Please find the screenshots.
Tuesday, March 31, 2015 10:51 AM
Out of interest if booted into safe mode with networking do you experience the same issues?
Tuesday, March 31, 2015 11:44 AM
Hi
First, Disable ipv6. then run the netsh command to reset IP stuff. Just a warning though, I think this will only apply to this problem if you are using static IPs.
Here is the netsh comman:
netsh interface ip set address name="Local Area Connection" static xxx.xxx.xxx xxx.xxx.xxx xxx.xxx.xxx
ip address subnet mask gateway
http://www.santanunayak.com An MVP From Microsoft