1

I have got a pretty strange issue on a domain controller. Environment is:

  • Windows 2008R2 Std Server + all updates
  • One DC + a few Windows clients joined to that AD

On that DC was Symantec Endpoint Protection 12.1.x installed. Somebody uninstalled it and that caused that the network cards lost their IP config (read: ipconfig /all showed NO interfaces anymore but in the control panel I was able to see and configure them). Thanks to Symantec's CleanWipe tool I was able to remove some left overs of SEP (I guess it was their network protection driver) and regained IP connectivity.

Unfortunately that killed my DNS and also my AD services.

When I open the DNS Add-In, I get the same error as described in: Microsoft DNS - Access is Denied. Event log: The DNS server was unable to open Active Directory

I checked my hosts file and re-added the localhost entries. That did not do the trick.

I checked name resolution then:

ping localhost -> not found
ipconfig /flushdns && ipconfig /displaydns

-> localhost is in the cache!

Other test - I have added a new host (8.8.8.8 www.google.com) to the "hosts" file:

ipconfig /flushdns && ipconfig /displaydns

-> I see google.com and 8.8.8.8 in the cache

ping www.google.com -> host not found

It seems that the hosts file is loaded correctly into the DNS cache but not used? This blocks pretty much all tries to configure the DNS as I cannot open the DNS Addin.

Update #1:

NIC Configuration is static,

  • IP = 10.45.0.1
  • Netmask = 255.255.255.0
  • GW = 10.45.0.254
  • DNS = 10.45.0.1

No static routes configured. Note, AFTER the Symantec Cleanup I have cleaned out the whole Windows network config:

  1. netsh winsock reset
  2. netsh int ip reset

Any advice welcome!

Community
  • 1
Mr.Tom
  • 31
  • 4

3 Answers3

1

Uninstall the NIC from device manager and let it reinstall clean. (Remove and rescan) Make sure DNS is set to listen on all interfaces not just the static IP, be cautious of rebooting if you don't have the AD Recovery password you could get stuck without DNS and unable to login because of it.

Jacob Evans
  • 7,636
  • 3
  • 25
  • 55
1

  1. Remove everything but the default entries from the Hosts file.

  2. Add 127.0.0.1 as secondary DNS on the NIC.

  3. Re-enable IPv6 on the NIC

  4. Reboot.

  5. Wait.

  6. Check the DS and DNS event logs.

  7. Stop making other changes until you've completed the previous steps.

This is what your Hosts file should probably look like:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost
joeqwerty
  • 108,377
  • 6
  • 80
  • 171
1

  • Make a new clean host file

  • Uninstall and reinstall NIC

  • Configure your NIC with the proper IP and disable IPv6 if not used

  • Add 127.0.0.1 as DNS on the NIC IP configuration. Don't add things like 8.8.8.8 there, those go to another place if needed

  • Reboot

  • Open a cmd and run:

    ipconfig /flushdns

    net stop DNS && net start DNS

    net stop netlogon && net start netlogon

    ipconfig /registerdns

    dcdiag /fix

    net stop netlogon && net start netlogon

    netdiag /fix

Then use NSLookup and dcdiag /test:dns to make sure everything is fine.

Overmind
  • 2,970
  • 2
  • 15
  • 24