Description: The DHCP scopes for seven sites were discovered to be incorrectly configured on Wednesday, 04/09/2008 at about 6:00pm. The affected scopes had option 06 (DNS server) overrides that erroneously included an obsolete DNS server (10.223.248.210). The problem only appeared when users whose PC's had DHCP assigned IP addresses in one of the affected scopes attempted to authenticate to the STUDENTS domain, and then only if the secondary DNS (10.223.248.210) was used for name resolution; sometimes the problem would not occur because the first DNS server was used (172.16.5.68). Authentication to the FRESNOUNIFIED domain was not affected.
Symptom: Users were able to logon to resources in the fresnounified.org domain (e.g.
http://www.fresnounified.org, using
first.last@fresnounified.org format), but on the same PC, they could not login to
http://www.fresnounified.org on the STUDENTS\ domain (for instance, using a student's account in the format
STUDENTS\ab123456.) The authentication problem occurred because the obsolete DNS server that was specified in the scope did not have pointer records to the STUDENTS domain, with the result that no Domain Controller could be found to authenticate the user.
Solution: We have removed these DHCP scope DNS server overrides so that the seven affected scopes now inherit the correct global DNS server list (10.223.231.12, 10.223.241.12, and 172.16.5.68).
Sites Affected:
Centennial; Forkner; Gibson; Wolters; Yokomi; Ahwahnee; and Tech Services (but only on subnet 172.16.5.0 )