Solved

Cannot access internet from clients through Windows 2000 Server - DNS Issue?

Posted on 2003-11-27
10
302 Views
Last Modified: 2010-04-13
I have recently installed Windows 2000 Server and have configured it for DHCP,DNS, and AD. After creating all the user accounts (27), we have decided to add Internet access through a 4 port LinkSys broadband router with a static IP address so that all the users on the network can access the internet.

My problem is that I must have screwed up DNS somehow because I can only access the internet from the server and not from any of the clients. I can ping the ISP's DNS servers from the clients but URL's will not resolve and the clients' browsers end up with "Cannot find server or DNS error" page being displayed.

My configuration is as follows:
Server IP: 192.168.0.1
Subnet: 255.255.255.0
Gateway: 192.168.0.100 (Broadband Router)
DNS: 127.0.0.1

DHCP:
Pushing DNS Server as :192.168.0.1
Pushing IP Addresses
Pushing Gateway: 192.168.0.100

DNS:
No "." zone
DNS Server: 192.168.0.1
Forwards: ISP's DNS Server IP's
No Recursion

I'm desperate here as I have spent countless hours trying to make this work for my customer but to no avail.

0
Comment
Question by:BHHanley
10 Comments
 
LVL 11

Expert Comment

by:adonis1976
Comment Utility
r u able to ping external websites using their FQDNs i mean say like ping www.yahoo.com.. tell me what happens then.. and then can you ping using IP address alone... ? and make sure that you are able to ping your domain server from the clients.(both by FQDN as well as IP) and in the TCP/IP properties of the clients have obtain IP and DNS automatically since you have DHCP enabled.

one more step to do is to open up a command prompt on the client and type in "ipconfig /flushdns" of course without quotes. Let me know what happens..
0
 
LVL 1

Expert Comment

by:Drob8
Comment Utility
This may sound like a stupid question, but did you make sure your router doesn't have DHCP turned on? That could be answering before your server. Run ipconfig /all and see what DHCP Server responded.

Mike
0
 

Expert Comment

by:ramdinesh
Comment Utility
Hi Hanley...

Can you pls little bit more clear about the setup u planned for internet access from the Client Systems..
0
 
LVL 5

Expert Comment

by:bhoehne
Comment Utility
Check if the DNS forwardings are working for clients by manually configuring a client with an static IP pointing to the Router as Gateway and your interal DNS Server. Internal DNS requests work correctly? Try resolving external adresses on the client with both - "ping" and "nslookup".
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 15

Expert Comment

by:Rob Stone
Comment Utility
Do the clients work if you just type the IP of the URL instead?
0
 

Author Comment

by:BHHanley
Comment Utility
I do apologize for the delay as I was forced to try some other tactic to make this all work.
I have been able to establish network access and internet access for all user by doing the following:

I have installed 2 network cards.
Server is 192.168.0.1 (NIC - Internal Network)
Subnet is 255.255.255.0
Gateway is 192.168.0.1
DNS is 127.0.0.1

External is 192.168.0.99 (NIC - External Network)
Subnet is 255.255.255.0
Gateway is 192.168.0.1
DNS is 192.168.0.1

DHCP on the server is pushing:
Option 3 - 192.168.0.1
Option 6 - 192.168.0.1
Option 15 - server.name.com

DNS:
No "." zone
DNS Server: 192.168.0.1
Forwards: ISP's DNS Server IP's
No Recursion

Stopped RRAS and Restarted with NAT on the External NIC.

Installed WINS for older clients - IP: 192.168.0.1

I can now browse the network and access the internet from the clients. The main problems now are
1. Though the DHCP is pushing the Server's NIC for the gateway, some of the clients are pulling the NIC from the external NIC as the gateway!

2. Logons are extremely slow (up to 10 minutes) and access to the mapped drives and or shares on the server are also extremely slow (up to 2 minutes).

3. I am getting some master browser errors on the server and I am wondering wether these are contributing to the slow logons and share problems.

I have followed most of the suggestions for the slow logons (Disable SMB signing on the server, GP edit for Always wait for the network..., NIC settings etc.) but to no avail. Would the Master Browser errors be responsible? I also would like a bit more information on WINS as I am not sure if I have set this up correctly.
0
 

Author Comment

by:BHHanley
Comment Utility
I would request a refund as no answer solved my situation.

Thank-You.
0
 
LVL 1

Accepted Solution

by:
Drob8 earned 500 total points
Comment Utility
Let me go over this one more time to try and help. If you have a Linksys router, then I would say you shouldn't need to have dual NICs in your server unless you're trying to do something else (RRAS as your firewall). Even in that configuration, I would recommend moving RRAS off of your DNS server, especially if it is a DC as well. There are known issues with that type of setup.

With that being said, here's a fairly rough setup:

Get rid of the second NIC. You can just disable it in the Network Properties to start.

Network: 192.168.0.1/24 (255.255.255.0)
Router's inside IP: 192.168.0.100

Server's IP: 192.168.0.1
Server's Gateway: 192.168.0.100
Server's Primary DNS: 192.168.0.1

DHCP Settings:
Option 3: 192.168.0.100
Option 6: 192.168.0.1
Option 15: name.com (get rid of server)

DNS Settings:
No "." zone (as you said)
Forwarders are valid DNS servers from ISP. Check for typos
Do you have Root Hints? It's actually recommended that you remove them to enforce all DNS lookups go to the forwarders instead of directly to the root servers. I don't know if I agree with that recommendation, but in any case, if they are there, it can help.
You can perform self tests on the DNS server. In DNS Management, right click the server and select Properties. Inside Monitoring, check the simple and recursive query boxes and click Test. Verify both tests are passed.
Do you have any Event Log errors under DNS Servers?

With the server config out of the way, can you still ping sites by name from the server?

At a command prompt on the server, run: netstat -an | find "LISTENING"
Verify that the server is listening on port 53 both on TCP and UDP. It should be on 0.0.0.0 unless you specificed the address in DNS Management.

Go to a client. At a command prompt, run: ipconfig /all
Verify that they are getting the correct information per your DHCP configuration.
On that same client, run nslookup. To ensure that you are querying your Windows server, type: server 192.168.0.100
At the next prompt, try: www.microsoft.com. You should get a non-authoritative answer.
To ensure that your ISP's DNS servers are valid, try the same procedure with those servers instead
This should also confirm that your router is NATing correctly.

Give that a shot and let me know if it takes you anywhere.

Mike
0
 
LVL 1

Expert Comment

by:Drob8
Comment Utility
Sorry...typo in the nslookup part. Type: server 192.168.0.1, not .100. I'm used to the gateway being .1 and the server being something else. Sorry.

BTW, if you don't have any Win9x clients, you can probably get away with WINS, but if you do have Win9x clients, you will probably want to have it.

Mike
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now