Oct 11 2018 07:15 AM
Hello Community,
I have the following problem: On my VMWare vSphere ESXi 6.7 I have two Windows Server 2016 VMs. One (WDS-01) provides the AD, DNS and DHCP Server, the other one (WDS-02) should provide the WDS and WSUS. While WDS-01 works perfect, I can't ping the WDS-02 from the WDS-01 or the coreswitch of my network. WDS-02 also don't have connection to the internet due to a problem with DNS name resolution.
But i was able to add WDS-02 to my domain and WDS-02 was able to receive an IP-address lease from my DHCP Service running on WDS-01. WDS-02 can ping all other devices in the network but like I allready said, its not pingable itself.
Hope somebody can help me with this problem.
Thank you!
Jonas
Oct 11 2018 09:11 AM - edited Oct 11 2018 09:12 AM
If you needed further help then you can run;
Oct 11 2018 11:21 PM - edited Oct 12 2018 01:54 AM
Hello Dave,
I don't have a domain firewall profile configrued yet. So I assume it use a default firewall profile?
On the secondary Windows Server (WS) I use the DHCP from the primary WS. This works good and the DHCP provide the IP of my primary WS which provides a DNS Service which is 172.29.114.52. On a Windows 7 Client this works well, only the WS2016 wont work with this settings 😕
Oct 12 2018 01:54 AM
Okay, I've found out, that the Windows 7 Client is not able to receive network config from my DHCP, but when configured manualy using the DNS 172.29.114.52, it is able to connect to the internet.
Oct 12 2018 07:00 AM - edited Oct 12 2018 03:24 PM
@Jonas Löffel wrote:
Hello Dave,
I don't have a domain firewall profile configrued yet. So I assume it use a default firewall profile?
It doesn't work quite like that. When NLA starts to detect the network location, the machine will contact the domain controller via port 389. If this detection successful, it will get the domain firewall profile (allowing for correct ports and IPv4 ICMP ping) and we cannot change the network location profile.
If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public. Beyond this your options are to enable or disable each profile.
Or if you just wanted to allow ICMP then you can; Windows Firewall\Inbound Rules then find ICMPv4-In, right-click on it and Enable
Oct 15 2018 01:34 AM - edited Oct 15 2018 02:19 AM
Hello Dave,
here is the link from the requested files: https://1drv.ms/f/s!AoBwQgegx9tg1RTrbkvb5hjlcCLQ
As you can see, the DNS test failed for some reasons.
Both, the DC as well as the 2nd server have a static IP. Both devices are in the same domain, ABPROJ-HYRULE is the DC, ABPORJ-WDS-WSUS is the server which is not pingable but can ping other devices. It also can not access the Internet.
Oh, I was not able to change the language of the 2nd server because I was not able to download the english languagepack. Hopefully its not a big problem.
Oct 15 2018 06:33 AM - edited Oct 15 2018 06:56 AM
@Jonas Löffel wrote:
Okay, I've found out, that the Windows 7 Client is not able to receive network config from my DHCP, but when configured manualy using the DNS 172.29.114.52, it is able to connect to the internet.
I'd check the system event log on DHCP server as the server has problems. (ran out of addresses)
Oct 15 2018 06:37 AM
SolutionOn DC1 remove the router address listed for DNS and replace with 172.29.114.52, then do ipconfig /flushdns, ipconfig /registerdns, and reboot.
The ipconfig on "problemclient" is Ok.
The two ipconfig files you put up both have the same hostname? Which would be problematic.
For some reason root hints are IPv6 only. (would have expected IPv4)
As a work around you can add your ISP or other public DNS as forwarders. (remove router address here as well)
Oct 15 2018 06:41 AM
Hello Dave,
I allready changed the 2nd hostname, but thanks for the hint 🙂
I removed the gateway IP Adress from the DNS config. Now the 2nd have connection to the internet, thank you very much 🙂 I wish you a good day!
Oct 15 2018 06:49 AM
Good news, you're welcome. (please don't forget to mark "best response" if my replies were helpful)
Oct 15 2018 06:37 AM
SolutionOn DC1 remove the router address listed for DNS and replace with 172.29.114.52, then do ipconfig /flushdns, ipconfig /registerdns, and reboot.
The ipconfig on "problemclient" is Ok.
The two ipconfig files you put up both have the same hostname? Which would be problematic.
For some reason root hints are IPv6 only. (would have expected IPv4)
As a work around you can add your ISP or other public DNS as forwarders. (remove router address here as well)