DHCP Scope change

[dezt]

I'm having a bit of a nightmare at the moment, and hope someone can help.

We had a dhcp server set up with a 192.168.x.x scope, this worked fine, but i've since found out that CLEO assign us a set of ip addresses which are in the 10.x.x.x range. So I have decided to move to the CLEO range of ip addresses by creating a new scope.

I have setup all the scope options and when the clients pickup a new ip address it comes from the new scope, but I have an issue at the moment. In a group policy was the setting to set the DNS Server to the old 192.x.x.x address, so every PC now has a new ip address but when I do a nslookup it tries to go to 192.x.x.x I have done a bit of searching on the net and found where the setting was set and have removed it from the offending GPO, however, i've since found out that I can't do a gpupdate from the client as they are looking for the dns server to resolve the names. The only way around this I have found was to remove the DNSClient registry key from every PC, after this if I did a ipconfig /renew it would show my new ip address for the nslookup, and everything would resolve. I have then done a gpupdate /force and rebooted and everything seemed fine.

That was until this morning, I have walked in and the DNSClient key has reappeared in the registry on some PC's, and it's showing the old 192.x.x.x dns setting rather than the new 10.x.x.x server. The strange thing is it isn't being applied through any of the group policies that i've looked at, so can't understand why it's coming back.

Can someone please help me get rid of this setting. I finish today and then i'm on holiday for the next week, so really need to have this sorted by the end of the day.

[sukh]

Hi

Are you sure there are no other GPO's defining this?
Do gpresults /z > c:\gp.txt and post/OM

Are you sure DHCP is configured is configured properly, i.e the scopes? Check both the old and new for references to the old DNS server.

Sukh

[gshaw]

I usually set my DNS servers via DHCP scope options, have you got the new DNS address set there?

[dezt]

I've set the DNS server in the scope options, and on some clients it works, but others put the dns server in from GPO, i can't see how as i've removed the setting, removed the registry key and run agpupdate /force to force the new policy on to the PC.

[glennda]

I presume that the machines that are getting the GPO are in another OU with a seperate GPO giving them the DNS settings

Do as Sukh says and post gpresults - this then will show what gpo's etc are being applied.

[taff]

Have you checked that it's not set via the local policy? if the local policy is set, and the GPO(s) are "Not configured", then it will keep the local policy setting.

[dezt]

Here's the gp.txt from a client that has picked up the old setting.

Code:

            GPO: Computers
                Setting: Software\Policies\Microsoft\Windows NT\DNSClient
                State:   Enabled

The gp.txt from a client that picked up the correct server didn't have this setting.

The only difference I can see is the computers policy, which on one has the DNSClient, but on the other doesn't. Both PC's have had a gpupdate /force run yesterday and a reboot. After switching on today the setting is on one but not the other.

[dezt]

the PC's don't have any local policies set, i ran rsop.msc and checked them, everything was empty. The strange thing is some computers in one ou will be ok, others will not. I've been round all 350 PC's and removed the setting manually and run a gpupdate /force so would have thought they would have brought the new setting down.

[sukh]

@dezt - What I was looking for was for all the results from the out put. Also, if you can provide me or check your GPO settings in all your GPOs. You should be able to save this HTML and post/PM.

I have only seen this once before and basicially the issue was with gpo tattooing.

If you delete the DNS entry on the problematic PC, and do a gpupdate /force and/or reboot the machine, do the old DNS server entries come back?

Sukh

[dezt]

@sukh pm sent.

When i delete the entry and do gpupdate /force, sometimes the settings come back, but on other PC's they don't. It's random.

[glennda]

@sukh pm sent.

When i delete the entry and do gpupdate /force, sometimes the settings come back, but on other PC's they don't. It's random.

it sounds like there is a gp somewhere that is enforcing the dns setting.

can you pm me a copy of gpresult from a machine without the problem and one with the problem?

[p3dr0]

hi
if you have more than one DC check event logs for replication errors your changes might not be applied to another DC and pc's connecting to it will get old settings

[dezt]

@glennda pm sent.

@p3dr0 i've just looked at my other DC and the settings are correct in Group Policy.

[glennda]

@glennda pm sent.

@p3dr0 i've just looked at my other DC and the settings are correct in Group Policy.

Just replied

[p3dr0]

have a look on that Group Policy does not apply when connecting remotely over a slow link: Group Policy
your issue is really buggin me