DC can see member server but not Vice versa - advice ? 1

[rab555]

Gurus -

OK I have a DC and a member server(server2) - both are running Win2k3 Server (standard)

DC can see member server (via ping etc)
DNS and DHCP is set up and server2 picks up the dynamic address fine

The problem is Server2 cannot see the DC - can't ping etc -
I have un-joined from the domain but now cannot rejoin as it can't see the domain at all ....

Server2 Local Area Connection looks fine - DHCP enable ok -
Yet I still can't rejoin the domain -

Strangely the DC can ping Server2 via IP address and by FQDN ....

How can this be ?

Any ideas how I can get server2 back on the domain ?

Any advice would be really helpful

cheers

Rab

 

[Roeee]

I would be surprised if the problem is domain level is you can not ping the DC from server2.

Are both machines on the same IP network?

Have you looked at ROUTE PRINT to see if server2 is looking in the wrong place for the DC.

Are you pinging the servername [and hence should be resolving] or pinging the IP directly? Maybe try a TRACERT to see where your ping is going.

I take it you have confirmed the IP details are correct. Do you have multiple NIC's in either machine. There's a possibility that the traffic is going out over the wrong NIC.

Maybe worth looking at this problem from the switch level also.

Can you RELEASE and RENEW the DHCP address... and confirm that a new address is being applied [rather than the old one].

 

[TheLad]

I would suggest giving your member server a static address. I don't know anyone elses view on this, but IMHO servers should always be assigned static IP Addresses. If you do this, change your DNS entry to reflect the static IP Address also.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[rab555]

Many thanks for the info -

It is my home network so I will try and look into further on Fri when I have a day off .....

I will let you know then of the outcome

cheers

 

[NetIntruder]

this reaks of asynchronous routing on your DC - can you let us know if you have multiple NIC's on your DC?

Also, TheLad is 100% correct - give your server a static address!

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

 

[LWComputingMVP]

Post your DNS settings. On both the DC and the server you can't get back in the domain.

 

[rab555]

Thanks for you assistance on this guys -

1) I have given server2 a static IP
2) There is only one NIC on the DC (and one on Server2)
3) Re-installed DNS(on DC) - set up a primary zone
'A' record for Server2 added -

DC can still ping server2 IP and FQDN
Server2 still can't see DC at all (via name or ip)

Any more ideas ? I am stumped ?

Rab

 

[tfg13]

Server2 is able to ping it's loopback, as well as it's own static IP correct? Any chance the subnet mask, or gateway is messed up? How about the route table (as Roeee asked above)? Do you have a firewall on the member server that could be causing this? Different LanManager settings? Fips enabled on one, but not on the other? Have you booted into safe mode with networking (on server2) and attempted to ping the DC? This will tell you if there is a problem with added software, or IPsec problems.

 

[basst]

Fundamentally, if you have the IP stack configured correctly you should be able to ping between each Server soley by the IP address.

Go back to fundamentals first and check that each Server has the correct IP, subnet mask and gateway address and DNS server settings.

Before doing anything else make sure that you can ping.

If you post the IP settings here i'm sure we can spot your error.

 

[rab555]

OK guys

Server1 (DC)
IP - 192.168.0.3
subnet mask - 255.255.255.0
Default gateway - 192.168.0.4

Server2
IP - 192.168.0.4
subnet mask - 255.255.255.0
Default gateway - 192.168.0.3

I can also connect via http to 192.168.0.3 but not with server1 name ..... not sure if that helps ....

just added a static route to 192.168.0.3 - no joy still can't ping .... ;@(

will try the safe mode option now ...

BTW - no firewall on either m/c

 

[basst]

Both your computers are on the same network. Your default gateway is pointed to the IP address of each of the servers. This is not correct. The default gateway should be pointed to your device that connects you to the Internet or other external network. If you have no external connection then the gateway address should be left blank.
You do not need any static routes.

Are both servers connected into the sane switch / hub?

 

[rab555]

yes both server connected to 4-port hub

I have taken the default gateways out but still no luck ...

 

[basst]

The servers will not even be using the deault gateway because they are on the same network. Only traffic for subnets other than 192.168.0 will be sent to the default gateway.

You say you can http to server1 from server2
This would suggest that server1 has a software firewall.
This would explain why you cannot ping it from server2 but can connect via http.

Are you sure there is no software firewall configured on server1?

On server1 click start | setting | Control Panel.
In there you should see Windows Firewall.

If you double-click does it open or do you get a message about Internet connection sharing?

 

[pgaliardo]

I can also connect via http to 192.168.0.3 but not with server1 name ..... not sure if that helps ....

Sounds like DNS problem. As lwcomputing requested, can you post your DNS settings?

 

[rab555]

ok guys - looks like a combination -

I didn't realise ICF was on server1 - I have now reconfigured it - and I can now see server1 from server2 - woo hoo !

But when I try and rejoin the domain I get a DNS timeout error -

I am just looking at DNS settings now but any pointers would be great -

What DNS setting do you need to see ?

 

[rab555]

Server1 - SOA
Host
NS records

nslookup resolves both server names ok

Server2 - doesn't resolve the server name

 

[rab555]

Guys -

Many thanks to all of you - finally resolved the problems

It all points to ICF so I will give point to basst - cheers ude

Not sure how ICF came to be configured tho ..... ho hum

cheers again

Rab

 

[basst]

Hey rab555 glad you solved your issue.
As you found out Internet Connection sharing will implement a software firewall. Hence you could not ping.