I searched but I didn't find any posts that really addressed my issue. We have a server, a Windows 2008 R2 machine, that acts as our network monitoring/management server. Lately, we've been getting alerts that other servers are not reachable by ping (in essence "down"), but they are all up and reachable from other workstations/servers (on same and different subnets). When we look on the server, we found that if we try to ping other servers we get the wrong IP addresses or can't find them at all. For instance, pinging our mail server will get the external IP instead of the internal, ping cannot even find the IP of our virtual hosts, etc. DNS queries via NSLOOKUP finds the correct DNS entries just fine, and if we ping by IP address everything works. For some reason, it's just not querying the correct servers when we use ping. I checked the hosts file, and it is the default (no edits made). DNS is fine and all entries correct. This machine used to be multihomed, but I disabled all NICs except the one on the main network. Still same results. This is driving me up the wall as we're receiving 50 alerts an hour. Does anybody have any ideas what could be the issue?
-
NSLOOKUP only proves that the DNS server resolves the correct IP. If you have an entry in your hosts file then this test becomes irrelevant.– neildeadmanCommented May 19, 2015 at 9:36
4 Answers
Double check that your servers all use the Domain Controller for DNS resolutions. This is usually the problem. It seems like your machines are getting IPs that are being delivered from outside your network.
Also run ipconfig /registerdns (with elevated privileges) on the machines if the Domain Controller's DNS resolution doesn't match up.
The multihoming shouldn't be an issue, I believe the default configuration is to register with DNS to what ends up looking like a comma separated list of IPs for the given server.
Try flushing your DNS cache: ipconfig /flushdns.
The DNS cache is queried just between the hosts file and the DNS servers, and the NSLookup jumps right to the servers.
If that doesn't help, you can try monitor the activity of the relevant processes with procmon from Sysinternals, although it might take a really long time or even lead you know where.
If the above answers didn't work for you, try this simple thing.
Press Winkey+r and write drivers and press enter.
Go to etc folder and open the hosts file (using notepad as admin).
look if you see your server hostname or DNS record there and simply delete it...
Maybe someone was trying to debug something and forgot to delete this record.
gl,
Refael
a temporary solution I have found if none of these fixes work until you resolve the issue is go into your local area connection properties and set your dns to static and use google's dns of 8.8.8.8 and 8.8.4.4. then you should ping normally
