Hi Everyone, I find myself in an interesting investigation .. our internal DNS team have identified that one of my Beacons is making DNS lookups against our "old" DNS server which is NOT configured in my DNS configuration in the Windows server OS TCPIP settings. I have verified and re verified that this "old" DNS server is not configured within Windows, in addition to flushing the cache etc.
What I tripped upon yesterday was that these DNS lookups are occurring at the exact same time that our Remote Execution Manager is running the 30 minute additional VCenter scans. The DNS lookup is always using the same VCenter IP address, as I have configured only the IP's in the Targets. Funny thing is that I have 4 VCenters in this particular Target but only this IP addressed is used for the lookup.
The million dollar question is .. where is the Beacon / Remote Execution Manager picking up this "old' DNS Server name from. As I identified earlier, it is NOT part of the list of DNS Servers in the TCPIP settings.
I am leading towards the idea that perhaps someone has entered or updated either a Registry or ini / config file on the Beacon which is being used, which could be possible since this was our first of five Beacons configured when we first introduced the tool and I know there was a fair bit of "McGyvering" going on to get things working in a pinch.
Is anyone aware of any registry or config/ini settings on the Beacon or FNMS User Interface that would include a DNS setting.
Thx in Advance
Bruce
‎Aug 15, 2019 07:05 AM
Hi Everyone, I just wanted to share what I had found that is more than likely the culprit in the Beacon using what I had referred to as the "old" DNS Server names.
Even though from the Windows TCPIP GUI perspective ,only the proper DNS server names were identified I wanted to find the Registry key that translates that GUI information into the Registry.
So I found the key at the following path which relates to the interfaces and their associated information. Turns out that server had an additional key that represented a DHCP setup which was obviously used at some point but was replaced with the Static IP scenario. For whatever reason (Microsofts Magic) that old registry key setting for DHCP was still there and contained the 2 "older" DNS Server names.
HKeyLocalMachine\system\currentcontrolset\services\tcpip\parameters\interface
We have removed that specific DHCP registry key which will more than likely resolve our problem. I wasn't sure if within the specific Beacon configurations there was something that identified DNS servers or not, everything I had read indicated No, but you never know sometimes.
Bruce
‎Aug 16, 2019 06:38 AM
Forgot to mention that these are Reverse DNS lookups which are being performed since I have only identified the VCenter IP address in the Target. It's quite possible that our "new" DNS servers are not capable of performing these Reverse lookups and are re routed to the older infrastructure .. I am following up on that possibility, not sure if that is even possible but worth asking.
‎Aug 15, 2019 07:27 AM
As a troubleshooting step, you could try executing "nslookup" on the IP address in question to see what DNS server nslookup uses when doing the reverse lookup.
‎Aug 16, 2019 12:10 AM
Hi Everyone, I just wanted to share what I had found that is more than likely the culprit in the Beacon using what I had referred to as the "old" DNS Server names.
Even though from the Windows TCPIP GUI perspective ,only the proper DNS server names were identified I wanted to find the Registry key that translates that GUI information into the Registry.
So I found the key at the following path which relates to the interfaces and their associated information. Turns out that server had an additional key that represented a DHCP setup which was obviously used at some point but was replaced with the Static IP scenario. For whatever reason (Microsofts Magic) that old registry key setting for DHCP was still there and contained the 2 "older" DNS Server names.
HKeyLocalMachine\system\currentcontrolset\services\tcpip\parameters\interface
We have removed that specific DHCP registry key which will more than likely resolve our problem. I wasn't sure if within the specific Beacon configurations there was something that identified DNS servers or not, everything I had read indicated No, but you never know sometimes.
Bruce
‎Aug 16, 2019 06:38 AM