16

I have a Windows 7 computer on my domain that is behaving oddly.

  • It is possible to ping www.google.com
  • It can ping internal hosts using their IP address
  • It can ping the local Domain Controller/DNS server for that office using its hostname and IP address
  • It cannot ping other internal hosts by their hostname or FQDN
  • The client has not registered itself in DNS
  • nslookup can resolve internal host names to their correct IP addresses and uses the correct DNS server
  • The client gets its IP settings via DHCP the same as other clients - it has an address in the correct subnet, the correct DNS servers applied and has the correct suffix added to resolve hostnames
  • The Local Area Connection network connection shows a SSID name that was previously used in the space that would be used to show the domain name or the WiFi status - see imageodd Local Area Connection labelling

I'm really baffled as to why this might be happening. Because internal DNS resolution is not happening, the computer is not able to communicate with the domain properly, so Group Policy can't be applied and I doubt authentication is working properly.

I have tried clearing the DNS cache with ipconfig /flushdns, disabling/restarting the cache with netsh stop dnscache. I've reset Winsock and the IP stack, and rebooted numerous times with no difference. Other clients in the same network are working just fine.

The current workaround is to put entries in the hosts file for the most important hosts for services the user may need to use. This has worked ok, but isn't really sustainable long term, and doesn't address communication with Active Directory.

Any idea how to fix this, before I rebuild the thing?

Update I have installed Wireshark on the effected computer. When I do nslookup domain.local I see all the DNS traffic as expected. When I do ping domain.local I don't see any DNS traffic at all - no request and no reply. When I do ping www.google.com I see both DNS request and reply.

Also, this is a laptop with both Wired LAN and Wireless. I get exactly the same issue when connected via Wired LAN or via WiFi to the internal network.

An odd thing I noticed is that under the name of the network connection (Local Area Network) rather than displaying the domain name as I would expect, but rather the name of a VLAN we used to use. I'm hesitant to remove the computer from the domain, in case I cannot join it again. I'd rather try some other things before I go down a route that might involve reinstalling Windows.

Update this looks relevent

Update I have tried netsh winsock reset catalog, netsh int ip reset, and sfc scannow none of which have fixed the behaviour. The computer cannot leave and rejoin the domain, as it can't communicate with a domain controller. ifconfig /registerdns also doesn't work for the same reason. I've also tried stopping the dns client service to no avail.

Community
  • 1
dunxd
  • 9,632
  • 22
  • 81
  • 118
  • Depends on how much time you have available, but I'd be curious what a packet capture would reveal. – Mike B Nov 07 '14 at 05:24
  • Does the "DNS Suffix Search List" returned in an `ipconfig /all` look like what you'd expect? – Evan Anderson Nov 10 '14 at 16:00
  • Yes - returns the DNS suffix set by DHCP. It is correct. – dunxd Nov 19 '14 at 07:12
  • Packet captures done, and results added to the questions. Why would Windows decide to not do DNS resolution for internal hostnames, whether using FQDN or not. – dunxd Nov 19 '14 at 07:21
  • Shot in the dark here, but is your DNS (internal/hosted on dc) server configured to listen to *only specific IP addresses? – Get-HomeByFiveOClock Nov 19 '14 at 07:34
  • No - listening on all IP addresses. And it does respond to nslookup from the client (and other computers in the same subnet are working ok). Pretty sure that local Windows is not processing DNS lookups to computers in the domain either using a FQDN or bare hostname. – dunxd Nov 19 '14 at 07:43
  • I also tried setting the network interface to use a different DNS server (in a different subnet) but getting the same results. That really looks like it is something on the client causing the problem. – dunxd Nov 19 '14 at 07:45
  • just to confirm: -the client PC can nslookup just fine any domain name on the internet and also on the local network/domain? - But when you do a 'ping' to any local network host, it fails to even ping them via hostname(unless their hostname is in the hosts file) but can ping them via their IP? - This client PC is the ONLY PC that is having the issue? – RCG Nov 19 '14 at 08:24
  • Can you try pinging: 'hostname.domain' instead of just 'hostname' for me? If it works, you may have a WINS server resolution issue with your DNS controller. – RCG Nov 19 '14 at 08:30
  • If you have admin privileges on the active-directory server I would recommend just removing the PC from the domain on the client PC first, then removing the PC from the domain via active-directory users and computers. Ensure it is fully gone from the AD, then re-add the client PC. You shouldn't have to re-install windows to get this fixed. – RCG Nov 19 '14 at 08:56
  • I already tried removing the computer from the domain - but since the computer cannot locate the domain in DNS it is unable to do so. – dunxd Nov 19 '14 at 12:03
  • 1
    As nslookup is working fine, but there's no lookup when you ping the domain name. Could there be something (a typo, rogue space character) in the hosts file that's causing an invalid result to be returned for domain.local? – Mike1980 Nov 19 '14 at 19:17
  • Does your environment have the DHCP server registering the DNS name on behalf of the DHCP clients, or does each DHCP client register its own name with the DNS server directly? You're only having this issue a single computer on the domain? – Clayton Nov 19 '14 at 21:34
  • @Mike1980 I was thinking the exact same thing. Garbage in the HOSTS file could definitely do the trick. – tfrederick74656 Nov 19 '14 at 22:41
  • Hosts file is unchanged from default with Windows install. There are two computers on the network I am aware of with this problem. One has been made to workaround the issue by adding common internal hosts to the hostfile, buit clearly that isn't sustainable for any length of time. The network settings for all clients are set to "Register this connection's addresses in DNS" - the same settings are in place for all other clients on the network. – dunxd Nov 20 '14 at 13:26
  • Was the machine off for an extended period of time (like months)? – Colyn1337 Nov 20 '14 at 15:44
  • @dunxd Since NSLookup works fine, since t goes directly to the DNS server I must assume that the problem resides in either the hosts file or the cache (meaning that one is probably corrupt). Disable the "dns client" service, which will cause the system to go directly to the DNS server (rather than the hosts file and the cache), and see what happens. – EliadTech Nov 20 '14 at 21:33
  • 1) Would you kindly post a complete output of `IPCONFIG /all` from the machine? 2) What sort of firewall/antivirus/security software is installed on this host? 3) Does this behavior persist in Safe Mode with Networking? – I say Reinstate Monica Nov 21 '14 at 19:09
  • 4
    In the end time ran out for investigation, and I had to take the drastic action of rebuilding the effected laptops. Bith are now functioning fine getting their settings from DHCP, as they were before, and no change to networking configuration or DNS. Still scratching my head, but in the end I spent more time investigating than it took to re-image both laptops and restore the backed up user data. Sometimes the best way to serve your users is to just get the job done, even if it isn't in an intellectually satisfying way. – dunxd Nov 22 '14 at 14:08
  • 1
    `nslookup` and `ping` resolve names differently. There is a good list available here http://blogs.msdn.com/b/nitinsingh/archive/2013/06/24/dilemma-of-name-resolution-process-with-ping-vs-nslookup.aspx Perhaps you have something as simple as NetBIOS over TCP/IP disabled for the particular host? – jpe Nov 25 '14 at 19:19
  • this problem solved by uninstall and install the network card of the mentioned machine –  Oct 27 '15 at 09:39
  • Unfrotunately seeing a few more of these on my network. Haven't figured out the cause or solution yet, and reimaging of the computer doesn't always resolve it. Will post any further discoveries here. – dunxd Dec 12 '15 at 21:51
  • For connection name thing, I'd follow http://windows.microsoft.com/en-us/windows/create-modify-network-profiles to reset wired/wireless profiles. Also would you please compare `(*)Priority` values in `HKLM > SYSTEM > CurrentControlSet > Services > Tcpip > ServiceProvider` key on affected machine and unaffected one? – Aziz Kabyshev Mar 21 '16 at 14:15
  • This question already awarded a bounty in November of 2014 however the question was never marked as answered so it remained open. Now in 2016 there is a new bounty for this old question that was still open. It seems a bit odd though because the old answers are already upvoted and may no longer apply to the current situation. This places the new answers at the bottom of the page below the older answers. It may be better to [post a new question](https://serverfault.com/questions/ask) instead... – Tim Penner Mar 21 '16 at 23:39
  • @dunxd, since the ping command makes no dns query, there must be something in local machine that is hindering this. Something like a process trace for windows would have been helpful to find out what exactly the ping command is doing and failing at the end. Still, you can have a look under: `C:\Windows\System32\drivers\etc` in files `lmshosts.sam` and `networks` to see if there is anything. Another thing would be to check for local antivirus software if there is any. To stop/deactivate (to prohibit realtime protection) them temporarily and see if ping works. – Diamond Mar 24 '16 at 14:01
  • After another incident today, I learnt a bunch about Network Location Awareness in Windows, and also discovered that the way NLA works is rather different if the computers are configured to use DirectAccess. That doesn't really answer the question of why this was happening to the specific computers in my question, but if you are experiencing anything similar to this, I'd recommend reading up on Network Location Awareness as it is likely related. – dunxd Feb 08 '17 at 23:40

10 Answers10

4

TLDR;
1. hosts file overrides DNS.
2. Reset, refresh, reset.
3. Backup data, format, re-install

This could be caused by a bad entry in the hosts file which is located here:

C:\Windows\System32\drivers\etc\hosts

Make sure you don't have an entry in the hosts file overriding domain.local

nslookup domain.local will check the DNS Server for an address associated with domain.local - however if you have an entry in your hosts for domain.local then ping domain.local would use that address and not the one from DNS.

It may also be worth your time to reset a few things:

Reset WINSOCK entries to installation defaults : netsh winsock reset catalog
Reset TCP/IP stack to installation defaults : netsh int ip reset reset.log
Flush DNS resolver cache : ipconfig /flushdns
Renew DNS client registration and refresh DHCP leases : ipconfig /registerdns
Flush routing table : route /f (reboot required)
Check for corrupted system files : sfc /scannow

Also, if this is really the same machine from the original issue you posted in November 2014 then it may also be worth the time and effort to just format the hard drive and reinstall the OS. This will get you back to a known state that should work.

Community
  • 1
Tim Penner
  • 1,889
  • 14
  • 22
  • Annoyingly this keeps cropping up on different computers. I'm looking for something more sustainable than a rebuild each time it happens. I've eliminated host file entries and other suggestions that were already made. Hence the second bounty. – dunxd Mar 23 '16 at 15:33
  • Did all this, then restarted and I still have a DNS problem... – Chagai Friedlander Aug 19 '21 at 07:05
1

This issue is excatly what I had. Turns out my certificate for https://nls.my.domain.com for DirectAccess connectivity has been revocked. Hence my clients used Name Resolution Policy Table (NRPT) from within my LAN and blocking all connections to internal resources.

Just wanted to share this info as it might be the same for some of you.

xBunne
  • 19
  • 1
  • Interesting - if I ever see this again, I'll know where to look. The certificate hadn't expired (Direct Access was working for hundreds of other computers) but NRPT is worth checking out next time. – dunxd Jun 18 '15 at 12:20
  • If the network location server is unreachable by the client, but they are on the network, Direct Access can fire up and that causes problems. Thanks! – dunxd Feb 08 '17 at 23:43
1

I had the same problem.

I found out that the cooporate implementation of Microsoft DirectAccess Connectivity, was the reason.

Right clicked on the taskbar icon and chose "Use local DNS resolution" and then ran a gpupdate and my problems where solved.

If this is not your problem, the nature of an assisting connectivity software (there are many) beeing flawed, is most likely though.

Best regards

Keiko

Keiko
  • 11
  • 1
1

I had a very similar problem with my laptop in the domain network. I was unable to connect to the domain but was able to ping and work with other devices using ip addresses (hostnames were no-go). Editing the hosts file was a temporary solution, but doing this for every network device and being unable to /gpupdate was kinda frustrating.

In the end my problem (and my situation, might not be applicable for yours) was resolved by this particular blog: http://setspn.blogspot.nl/2015/05/corrupt-local-gpo-files.html

  • Rename (or delete) C:\Windows\System32\GroupPolicy\Machine\Registry.pol
  • Start > run > cmd (as admin)
  • Gpedit.msc
  • Below administrative templates change a (not matter which) setting and then revert it. This will trigger the creation of a new registry.pol file
  • gpupdate /force
  • Gpo’s should process correctly now.

The problem lies with a fault Registry.pol, generating a new one fixed my problem and I was able to gpupdate! Hope this helps people troubleshooting. Make sure you have removed all the manual entries in the hosts file though.

FikkieHo
  • 11
  • 1
1

TL;DR; - Make sure if your network DHCP is publishing IPv6 as well you put the DNS' IPv6 address too - since that takes precedence over IPv4 static configurations on Windows 10.

I ran into this problem yesterday and wanted to share another possible problem and solution.

I was re-configuring the network and hooked up to a newer router. I ran into the same issue - all my existing systems couldn't reach the AD anymore using mydomain.local - it worked fine before.

Scouring the internet I tried a couple different things - the DNS was running fine. When I would do nslookup it would throw an error say non-existent - but when I ran

nslookup mydomain.local {LOCAL-DNSSERVER-IP} it would resolve.

The issue came down to I saw the resolution but I missed it was returning an IPv6 address as well when doing that.

The new router by default was publishing its own IPv6 DNS address (inherited from modem) which even though I had static DNS assigned for IPv4 it was using the IPv6 one which was going to to pub-internet to resolve hence the doesn't exist.

I took the Domain Controller Servers IPv6 address and added to the routers DHCP for IPv6 DNS and voila resolution!

Brian B.
  • 11
  • 1
0

When you run ipconfig /all what is the node type? It sounds a lot like you have the wrong node type and possibly no WINS server on your network, a similar situation to what happened to this person.

Community
  • 1
dialt0ne
  • 3,065
  • 20
  • 27
  • Your response is more of a series of questions instead of an answer. Though I do agree, the problem *might* be the NodeType. Howerver that is an unknown w/o more information from @dunxd – Signal15 Nov 25 '14 at 20:06
  • 1
    While I did ask a question, I linked to a solution and documentation on what I suspect to be the issue. An imperfect answer to an imperfect question (didn't supply sufficient key configuration information). – dialt0ne Nov 26 '14 at 00:48
  • You get the bounty. It may not have solved the problem (I can't know now as I had to take drastic action), but you did put something down as an answer, and provided links to useful material - I didn't know about node type before and now I do, so thanks. – dunxd Nov 26 '14 at 08:44
  • Do you have a WINS server on the domain? Is DHCP distributing WINS server IPs with no WINS server actually being present? Is the node type set properly on other nodes? Do you have a test box where you can attempt to re-create the issue by changing the node type to experiment? In the interest of science, of course... – dialt0ne Nov 27 '14 at 03:07
0

If there is no network traffic at all, it might be an issue with hosts/lmhosts file. Otherwise, there might be NetBIOS-NS name resolutions going, and looking into packet details might show more clues.

Matija Nalis
  • 2,478
  • 24
  • 37
0

I had the same problem and was able to resolve this without rebuilding the pc.

  1. Opened network adapter properties
  2. Selected "Internet Protocol Version 4 (TCP/IPv4)" Properties
  3. Clicked the Advanced button on the General tab
  4. Selected the WINS tab
  5. In the NetBIOS setting, the Default selection has the following description, "Use NetBIOS setting from the DHCP server. If static IP address is used or the DHCP server does not provide NetBIOS setting, enable NetBIOS over TCP/IP"
  6. I changed the setting to "Enable NetBIOS over TCP/IP and I then got replies when pinging the FDQN!
Dan B
  • 9
  • 1
0

This may be obvious.. Check for manually-applied DNS Suffixes in 3 places, 1 in System Properties and 2 in (each) network TCP/IP DNS Tab. In a perfect world, yours should look like mine.

Might also be useful to investigate secpol.msc>Network List Manager Policies to determine the settings of the 'Location' that is being detected

Also, you mention that it is not registering itself in DNS even after ipconfig /registerdns. Check the system log for the error and post here.

I've also seen a situation where PING appends extra DNS Suffix automatically. To test, try your pings with a trailing . (ping domain.local.)

https://superuser.com/questions/93055/windows-using-the-dns-suffix-search-list-on-all-lookups-even-valid-fqdns-how-t

Computer Suffix Connection Specific

Community
  • 1
goofology
  • 382
  • 2
  • 16
-1

you need to use FQDN

On a windows azure vm; you need to be logged into the machine you want to find the FQDN

  1. Use ipconfig to find your ip.
  2. ping -a IP. The "-a" switch returns the domain name of your server. It will be in the first line. using this name to ping.
Blue Clouds
  • 99
  • 2