This one is going to take some explaining, so I apologise in advance for its length and digressions.
Okay, over the Summer we had our admin and curriculum networks joined by a two way trust. Up until recently we have only been using this trust in one direction (namely curriculum to admin). We have the teacher laptops (curriculum) on a specific IP range that are allowed through the PIX box to access data such as the S: drive for SIMS on the admin network server.
However, the SMT want admin staff to be able to move files over from the admin network to curriculum, so that teachers can find the information they need in one area of the network. Simple I thought, a call to Serco to have a similar rule added to the PIX, to allow an IP range on the admin network through to the curriculum.
This is were it gets slightly strange. The admin network machines have static IPs and their DNS is explicitily set to the admin network server. The curriculum network are assigned IPs by DHCP from the curriculum network server, apart from the teacher laptops which have reservations so that they fall within the IP range that is allowed through the PIX box, and so make use of the domain trust. This was all working fine until Serco added a rule to the PIX so that admin machines on a specific range of IPs could access the curriculum network.
When this rule was in place, the curriculum network was not affected in any way. However, the admin machines would happily log on and allow access to the admin network shares. But some minutes (30-60) later, at seemingly random intervals, they would drop their connection to the DNS server (set statically). An NSLookup would say that no DNS server was present. Then a ping to the DNS server would time out. Strangely, once you ping the curriculum server the machines would pick up their original DNS settings once again and all would work fine. Until the next random drop.
Because of the need to go round individual admin machines to get them back on the network by pinging the curriculum server (?!?) I asked Serco to remove the new rule from the PIX and since then everything has gone back to working the way it was before, no random drops and no access to curriculum network for admin staff.
Now this has absolutely no rhyme or reason to me, the LEA support or Serco. I was wondering if anybody can suggest what may be a reasonable explanation for this and what I can do to try and rectify it. I may ask Serco to re-apply the PIX setting and then monitor network traffic to see if the curriculum server is tripping up the admin machines, but I see no reason why as the admin machines have their DNS explicitly set.
Thanks for reading this and any help!
P.S. Both networks are vanilla Win 2k3 and all clients XP