locked
Clients within domain can't get its updated DNS information RRS feed

  • 問題

  • Our company has around 100 computers.

    They are joined into a domain controller.

    The domain controller has already been assigned a static IP address and DNS address (provided by ISP) while
    the clients are assigned the IP adresses by using DHCP method and
    DNS are pointing to the IP address of that domain controller ONLY.

    Recently, some users can't access some certain websites, however,
    they can, when assign one more DNS address to their DNS settings (the DNS address provided by ISP).

    I think it is not a good practice but I have tried using the methods of "ipconfig /flushdns", "ipconfig /registerdns",
    restart the client computers and restart the domain controller but get no success.

    Can anyone tell me how to solve this problem?

    Thank you very much!

    2009年2月20日 上午 10:14

解答

所有回覆

  • Dear Customer,

    After reading your post, I still have a few questions not very clear. Please let me know some information as below:

     

    1. Can you create a new user on this system and then test it out? Does the same issue occur?

    2. When did this issue first occur? This problem happens just recently?

    3. Have you tried UN-installing the last update(s) that was installed prior to noticing this issue to see if the problem still persisted?

    4. What's the exact IE on the problematic client? (IE6 or IE7?)

     

    There are many causes why cannot access SSL sites, so I suggest you may refer to the following steps to narrow down the root cause of this issue:

     

    Check Internet Explorer settings:
    =========================
        a. Click "Start", click "Run", input "INETCPL.CPL" (without the quotation marks) and press "Enter".

        b. On the "General" tab, click "Delete Cookies", "Delete Files" and "Clear History". (Confirm on pop up boxes.)

        c. Click "Settings", click "View Objects", delete all objects there, close the window, click "View Files", delete all files there, and then close the window.

        d. On the "Security" tab, click "Trusted sites" and then click "Default Level".
    (Add the SSL Secured Web site to the Trusted sites zone. To do so, click "Sites", type the URL of the site in the "Add this Web site to the zone" box, click "Add", click "OK", and then click "Apply".)

        e. On the "Content" tab, under "Certificates", click "Clear SSL State", and then click "OK" on the popup box.

        f. Under Personal information, click "AutoComplete", click "Clear Forms", and then click OK on the popup box. Click "Clear Passwords", and then click "OK" twice.

        g. On the "Connections" tab, click "LAN Settings", uncheck all check boxes and click "OK".

        h. On the "Advanced" tab, click "Restore Defaults", click to uncheck the checkbox beside "Enable third-party extensions", and then click "OK" to save these settings.

    Check Date and Time settings:
    ========================
        a. Click "Start", click "Run", input "TIMEDATE.CPL" (without quotation marks) and press "Enter".

        b. Make sure the "Date&Time" settings and the "Time Zone" settings are correctly configured, and then click "OK".

    At the same time, please temporarily uninstall all firewalls, pop up blockers and browser acceleration software since they can cause this issue in some cases. (Note: Disabling firewalls cannot prevent them from working in the background in some cases.)

    Check system files:
    ===============
        a. Click "Start", click "Run", input "SFC /PURGECACHE" (without quotation marks) and press "Enter". (Note: There is a space in the middle of the command.)

        b. Click "Start", click "Run", input "SFC /SCANNOW" (without quotation marks) and press "Enter".

        c. The "System File Check" will then start, which can repair system files. (We need to insert the Windows XP Install CD during the procedure.)

    Thank you for trying the above suggestions. Please let me know the result at your earliest convenience. If anything is unclear, please feel free to let me know. It is my pleasure to be of assistance.

    Sincerely,

    Tom Zhang


    Tom Zhang – MSFT
    2009年2月20日 上午 11:15
    版主
  • Domain Controller (Windows Server 2003) (ipconfig /all):

    Ethernet adapter 區域連線:

            Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : XXX Fast Ethernet Adapter
            Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.1.2
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.1.1
            DNS Servers . . . . . . . . . . . : 192.168.1.2
                                                         123.123.123.123 (ISP DNS)
            Lease Obtained. . . . . . . . . . : XXXX年X月X日
            Lease Expires . . . . . . . . . . : XXXX年X月X日

    Client Computer (Windows XP Professional) (ipconfig /all):

    Ethernet adapter 區域連線:

            Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : XXX Fast Ethernet Adapter
            Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
            Dhcp Enabled. . . . . . . . . . . : Yes
            Autoconfiguration Enabled . . . . : Yes
            IP Address. . . . . . . . . . . . : 192.168.1.101
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.1.1
            DHCP Server . . . . . . . . . . . : 192.168.1.2
            DNS Servers . . . . . . . . . . . : 192.168.1.2
            Lease Obtained. . . . . . . . . . : XXXX年X月X日
            Lease Expires . . . . . . . . . . : XXXX年X月X日

    Client computer hasn't set the ISP DNS (123.123.123.123) that can't browse some websites.

    I can't ping certain websites sccessfully.

    However, if client computer has set the ISP DNS (123.123.123.123), it can browse these websites.

    I can ping these websites successfully.

    Is there any method can be used to allow these client computers to broswe these websites without helping them set ISP DNS?

    Thank you very much!

    2009年2月20日 下午 01:22
  • You did not set the DNS forwarding and Gateway to work preperly. If you set them correctly, all virtual IP client could search internet domain correctly, and acccess them thought gateway correctly.


    What you have set in DNS and Gateway(Router)

    大家一齊探討、學習和研究,謝謝! Microsoft MVP, Microsoft Community Star(TW & HK), MCT, MCSD, MCAD, MCSE+I, MCDBA, MCDST, MCSA, MCTS, MCITP
    2009年2月23日 上午 04:26
  • I think I have already set the gateway correctly.

    However, I don't have confidence on the part in DNS.

    I took a look on the link of http://support.microsoft.com/kb/825036/en-us.

    For the part in Windows 2000 Server and Windows Server 2003 member servers,

    I don't know how to do the following:

  • Do not configure the client DNS settings to point to your ISP's DNS servers. If you do so, you may experience issues when you try to join the Windows 2000-based or Windows Server 2003-based server to the domain, or when you try to log on to the domain from that computer. Instead, the internal DNS server should forward to the ISP's DNS servers to resolve external names.

  • Could you please tell me how to do it?

    Thank you very much!

     
    MS MVP KenLin for VB.NET 表示:

    You did not set the DNS forwarding and Gateway to work preperly. If you set them correctly, all virtual IP client could search internet domain correctly, and acccess them thought gateway correctly.


    What you have set in DNS and Gateway(Router)

    大家一齊探討、學習和研究,謝謝! Microsoft MVP, Microsoft Community Star(TW & HK), MCT, MCSD, MCAD, MCSE+I, MCDBA, MCDST, MCSA, MCTS, MCITP


2009年2月24日 下午 03:52
  • You need to set one DNS server in your local network. And then create DNS forwarding in it.
    You may have a look in the following link,

    http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
    http://technet.microsoft.com/en-us/library/cc757172.aspx
    大家一齊探討、學習和研究,謝謝! Microsoft MVP, Microsoft Community Star(TW & HK), MCT, MCSD, MCAD, MCSE+I, MCDBA, MCDST, MCSA, MCTS, MCITP
    • 已標示為解答 Chris Yuen 2009年3月19日 上午 10:49
    2009年3月19日 上午 05:55