DNS or WSUS issue or?

Discussion in 'Networking & Security' started by damarious25, Feb 9, 2015.

  1. damarious25

    damarious25 Limp Gawd

    Messages:
    226
    Joined:
    Dec 27, 2010
    Recently took over a network that was mismanaged, neglected, and run by an monkey. I'm NO genius; Maybe an ape... But I'm smart enough to know there was a LOT of things neglected with the network.

    Anyways, onto an issue I currently face.

    Users are having issues with web browsing. A few times a day users will see "not connected" in their web browsers. This is about 100 people over multiple sites. It lasts for a few seconds or up to 2 minutes. Signal strength and wired connections remain connected. The exchange server always works and staff can still send/receive while the browsers are down. It's all users but not at the same time. It happens to everyone intermittently but never company wide.

    On the local machines staff get the warning:
    "The device or resource 'www.google.ca' is not setup to accept connections on port ...HTTP".

    So I assume it's a DNS issue.

    There are two DNS servers in the company. One on the AD server, and one on the Exchange server. When I check event viewer, there doesn't seem to be any issues.

    When I google the error that the users get, I see people advise to 'update windows'. Here's a beautiful issue: WSUS was configured on the AD/DNS server but hadn't properly run in years. And where it HAD been setup, users can not manually install updates. So there are a lot of staff here with dated/non-updated machines.

    I removed WSUS as a role on the server last week and I've been testing local machines and they still seem to be waiting for WSUS (and won't update) so I might add it again as a role and configure it from scratch (which is something I'll have to do for everything over the next year).

    I doubt it's routers and switches but I'm not sure. I need a heads up from some sys admins to give me an idea where to start poking my head around, or maybe someone has faced this before?

    Thanks!
     
  2. FireExit

    FireExit [H]Lite

    Messages:
    80
    Joined:
    Sep 28, 2005
    Have you checked for any Group Policy's that are pushing WSUS settings out? I'd suggest getting the Windows update issue fixed before worrying about a random DNS glitch...
     
  3. damarious25

    damarious25 Limp Gawd

    Messages:
    226
    Joined:
    Dec 27, 2010
    Looked into it there were some but they weren't documented so I just removed them. They were "windows update" settings and didn't mention anything about WSUS. There are only about 5 GPOs so it's not hard to tell very little was ever configured. Users have WAY too much control over their local machines. Something I'll correct as well. But slowly as to reduce resistance.

    The DNS glitch is an issue because it's an issue for the boss. Regardless of anything else I'm doing and improving here; the boss not being able to browse without interruption is the end all, be all. I don't mean that in a bad way though. I'm documenting everything I'm doing and I'll explain infrastructure corrections and recommendations at a meeting in a few months. But in the meantime, I gotta correct this.
     
  4. damarious25

    damarious25 Limp Gawd

    Messages:
    226
    Joined:
    Dec 27, 2010
    The other thing I think that makes me shy away from updates being the issue is the sheer amount of OS variation here and the issue affects PCs and phones.

    But for the issue I face, most forum posts point to OS updates.
     
  5. damarious25

    damarious25 Limp Gawd

    Messages:
    226
    Joined:
    Dec 27, 2010
    Might be a conditional forwarding issue or a load balancing issue.

    Testing now. Fingers crossed.
     
  6. Jay_2

    Jay_2 2[H]4U

    Messages:
    3,583
    Joined:
    Mar 20, 2006
    Do you have a proxy or some sort of NGFW or UTM?
     
  7. damarious25

    damarious25 Limp Gawd

    Messages:
    226
    Joined:
    Dec 27, 2010
    No and no. This place is a mess. The whole network was basically the previous guys learning tool, for a guy who didn't want to learn. There are issues everywhere.

    When digging a bit deeper, I noticed DNS1 had no conditional forwarders for outside DNS requests. So I added google and ISP dns servers as forwarders.

    Now I'm no guru but my understanding of "round robin" is if DNS1 is busy, send the request to DNS2? Anyways, round robin was enabled on DNS1 and DNS2 but the only forwarder was on DNS2 pointing back to DNS1.

    Why would someone do that??? Why?
     
  8. FireExit

    FireExit [H]Lite

    Messages:
    80
    Joined:
    Sep 28, 2005
    Because.....

    Did adding the DNS forwarders fix the issue for you?

    If not, you mention you have multiple sites, are they all connecting through the same gateway to the internet, or do they have their own gateways?