Skip to main content

networking - Linux clients and Windows Servers can connect but not windows clients

This is driving me insane because I can't make head or tails of it.



We have two DCs (W2K3 SP1) and I'v tried this once on each machine as a sanity check.



DHCP is being served by either one of the machines and all machines get an address no problem. The servers can connect/ping/browse to the www and so can all our linux clients. But NONE of our windows clients (all windows 7).



I can do anything within the network, I can even ping the firewall/router but nothing from the windows clients is leaving the confines of our subnet.



I don't get it. The linux and windows clients are both served from the same DHCP server, the gateway is the same, everything is the same.




Anyone care to take a shot at how to resolve this?



I tried adding explicit routes at the clients, but still no go.



Some points that might help:



This is behind a SonicWall firewall (which I absolutely despise).
The DCs are two VMs on two different boxes.
DHCP being provided by these VMs. There is maybe 1/2 dozen other VMs that act as web or database servers and they can all connect to the internet.
The issue happened this morning (my time is GMT +2) and I think its a result of issues on the VMs. The domain was built in what I can only kindly refer to as a patchy manner. Dealing with it is like running my cojones in a shredder.




Connection has proven to be an intermittent thing. On several of the Windows 7 clients, connection was restored for no obvious reason for a few minutes before it went away.



Nothing has been changed when it comes to domain policies for at least a few weeks now.



I can't think of anything else to add, but if there's something in specific, y'all just ask and I'll be more than happy to provide an answer.



TIA



SMIM




@John Gardeniers



I'm at home now so I'll post it tomorrow when I get to the office, but I did that when I was there and the gateway and DNS servers are right. DNS resolution is correct.



This is the ipconfig /all output on one of the clients that started to work magically after I turned off the DHCP



Windows IP Configuration

   Host Name . . . . . . . . . . . . : TAN-LEN-08

   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : tanasuk.lcl

********************************************************************
Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : tanasuk.lcl

   Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-21-5D-77-8F-D2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c864:eeb4:cb19:40cf%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.186.151(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, January 17, 2011 9:48:50 AM
   Lease Expires . . . . . . . . . . : Monday, January 17, 2011 2:48:51 PM
   Default Gateway . . . . . . . . . : 192.168.186.1

                                       192.168.186.5
   DHCP Server . . . . . . . . . . . : 192.168.186.6
   DHCPv6 IAID . . . . . . . . . . . : 218112349
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-4F-8A-A2-00-22-15-EB-3B-2F

   DNS Servers . . . . . . . . . . . : 192.168.186.5
                                       192.168.186.6
   Primary WINS Server . . . . . . . : 192.168.186.6
   NetBIOS over Tcpip. . . . . . . . : Enabled
********************************************************************


Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
 Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-22-15-EB-3B-2F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Tunnel adapter isatap.tanasuk.lcl:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : tanasuk.lcl
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes



Obviously, the one I tagged with asterisks is the one we're looking at.



Its right, the gateway should be and is 192.168.186.1, the DNS servers are 192.168.186.5|6 everything is right.



The weird thing is that things started to work after DHCP server was turned off! In my exasperated attempts, I even tried a linux server (CentOS 5.3 dhcpd) with the exact same results.



Any idea guys? I'm stumped and I'd LOVE to know what the heck is going on.



Here is the ipconfig /all output off of one of the DCs/DNS servers




Windows IP Configuration

   Host Name . . . . . . . . . . . . : TAN-SRV-DC2
   Primary Dns Suffix  . . . . . . . : tanasuk.lcl
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : tanasuk.lcl

Ethernet adapter Local Area Connection 2:


   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
   Physical Address. . . . . . . . . : A2-A9-A1-B4-FA-08
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.186.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.186.1
   DNS Servers . . . . . . . . . . . : 192.168.186.5
                                       192.168.186.6



and this is off of my local linux laptop (ifconfig eth0)



eth0      Link encap:Ethernet  HWaddr 00:16:6f:55:07:e3  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:304 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:47811 (47.8 KB)  TX bytes:12238 (12.2 KB)

          Interrupt:22 Memory:bc007000-bc007fff


(less /etc/resolv.conf)



# Generated by NetworkManager
nameserver 192.168.186.5
nameserver 192.168.186.6



and (route -n output)



Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.186.0   0.0.0.0         255.255.255.0   U     1      0        0 eth1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1
0.0.0.0         192.168.186.1   0.0.0.0         UG    0      0        0 eth1



As you can see, this is insane!



There is something I have noticed since the problem has now become intermittent. Some Windows 7 laptops will connect, others will not and some will connect for a bit and then just forget.



They connect perfectly fine locally. And though they have a gateway defined, its almost as if they don't know how to reach it. Trying a tracert, I get a timeout from the first hop, but not so on the *nix clients (CentOS, several Ubuntu, several Mac OS X). Could this be a DNS issue? as in both DCs aren't synching properly?

Comments

Post a Comment

Popular posts from this blog

linux - iDRAC6 Virtual Media native library cannot be loaded

When attempting to mount Virtual Media on a iDRAC6 IP KVM session I get the following error: I'm using Ubuntu 9.04 and: $ javaws -version Java(TM) Web Start 1.6.0_16 $ uname -a Linux aud22419-linux 2.6.28-15-generic #51-Ubuntu SMP Mon Aug 31 13:39:06 UTC 2009 x86_64 GNU/Linux $ firefox -version Mozilla Firefox 3.0.14, Copyright (c) 1998 - 2009 mozilla.org On Windows + IE it (unsurprisingly) works. I've just gotten off the phone with the Dell tech support and I was told it is known to work on Linux + Firefox, albeit Ubuntu is not supported (by Dell, that is). Has anyone out there managed to mount virtual media in the same scenario?
Post a Comment
Read more

hp proliant - Smart Array P822 with HBA Mode?

We get an HP DL360 G8 with an Smart Array P822 controller. On that controller will come a HP StorageWorks D2700 . Does anybody know, that it is possible to run the Smart Array P822 in HBA mode? I found only information about the P410i, who can run HBA. If this is not supported, what you think about the LSI 9207-8e controller? Will this fit good in that setup? The Hardware we get is used but all original from HP. The StorageWorks has 25 x 900 GB SAS 10K disks. Because the disks are not new I would like to use only 22 for raid6, and the rest for spare (I need to see if the disk count is optimal or not for zfs). It would be nice if I'm not stick to SAS in future. As OS I would like to install debian stretch with zfs 0.71 as file system and software raid. I have see that hp has an page for debian to. I would like to use hba mode because it is recommend, that zfs know at most as possible about the disk, and I'm independent from the raid controller. For us zfs have many benefits,
Post a Comment
Read more

apache 2.2 - Server Potentially Compromised -- c99madshell

So, low and behold, a legacy site we've been hosting for a client had a version of FCKEditor that allowed someone to upload the dreaded c99madshell exploit onto our web host. I'm not a big security buff -- frankly I'm just a dev currently responsible for S/A duties due to a loss of personnel. Accordingly, I'd love any help you server-faulters could provide in assessing the damage from the exploit. To give you a bit of information: The file was uploaded into a directory within the webroot, "/_img/fck_uploads/File/". The Apache user and group are restricted such that they can't log in and don't have permissions outside of the directory from which we serve sites. All the files had 770 permissions (user rwx, group rwx, other none) -- something I wanted to fix but was told to hold off on as it wasn't "high priority" (hopefully this changes that). So it seems the hackers could've easily executed the script. Now I wasn't able
Post a Comment
Read more