Solved

Cannot access internet from clients through Windows 2000 Server - DNS Issue?

Posted on 2003-11-27
10
307 Views
Last Modified: 2010-04-13
I have recently installed Windows 2000 Server and have configured it for DHCP,DNS, and AD. After creating all the user accounts (27), we have decided to add Internet access through a 4 port LinkSys broadband router with a static IP address so that all the users on the network can access the internet.

My problem is that I must have screwed up DNS somehow because I can only access the internet from the server and not from any of the clients. I can ping the ISP's DNS servers from the clients but URL's will not resolve and the clients' browsers end up with "Cannot find server or DNS error" page being displayed.

My configuration is as follows:
Server IP: 192.168.0.1
Subnet: 255.255.255.0
Gateway: 192.168.0.100 (Broadband Router)
DNS: 127.0.0.1

DHCP:
Pushing DNS Server as :192.168.0.1
Pushing IP Addresses
Pushing Gateway: 192.168.0.100

DNS:
No "." zone
DNS Server: 192.168.0.1
Forwards: ISP's DNS Server IP's
No Recursion

I'm desperate here as I have spent countless hours trying to make this work for my customer but to no avail.

0
Comment
Question by:BHHanley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 11

Expert Comment

by:adonis1976
ID: 9834666
r u able to ping external websites using their FQDNs i mean say like ping www.yahoo.com.. tell me what happens then.. and then can you ping using IP address alone... ? and make sure that you are able to ping your domain server from the clients.(both by FQDN as well as IP) and in the TCP/IP properties of the clients have obtain IP and DNS automatically since you have DHCP enabled.

one more step to do is to open up a command prompt on the client and type in "ipconfig /flushdns" of course without quotes. Let me know what happens..
0
 
LVL 1

Expert Comment

by:Drob8
ID: 9835374
This may sound like a stupid question, but did you make sure your router doesn't have DHCP turned on? That could be answering before your server. Run ipconfig /all and see what DHCP Server responded.

Mike
0
 

Expert Comment

by:ramdinesh
ID: 9835478
Hi Hanley...

Can you pls little bit more clear about the setup u planned for internet access from the Client Systems..
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 5

Expert Comment

by:bhoehne
ID: 9835696
Check if the DNS forwardings are working for clients by manually configuring a client with an static IP pointing to the Router as Gateway and your interal DNS Server. Internal DNS requests work correctly? Try resolving external adresses on the client with both - "ping" and "nslookup".
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9836994
Do the clients work if you just type the IP of the URL instead?
0
 

Author Comment

by:BHHanley
ID: 9840587
I do apologize for the delay as I was forced to try some other tactic to make this all work.
I have been able to establish network access and internet access for all user by doing the following:

I have installed 2 network cards.
Server is 192.168.0.1 (NIC - Internal Network)
Subnet is 255.255.255.0
Gateway is 192.168.0.1
DNS is 127.0.0.1

External is 192.168.0.99 (NIC - External Network)
Subnet is 255.255.255.0
Gateway is 192.168.0.1
DNS is 192.168.0.1

DHCP on the server is pushing:
Option 3 - 192.168.0.1
Option 6 - 192.168.0.1
Option 15 - server.name.com

DNS:
No "." zone
DNS Server: 192.168.0.1
Forwards: ISP's DNS Server IP's
No Recursion

Stopped RRAS and Restarted with NAT on the External NIC.

Installed WINS for older clients - IP: 192.168.0.1

I can now browse the network and access the internet from the clients. The main problems now are
1. Though the DHCP is pushing the Server's NIC for the gateway, some of the clients are pulling the NIC from the external NIC as the gateway!

2. Logons are extremely slow (up to 10 minutes) and access to the mapped drives and or shares on the server are also extremely slow (up to 2 minutes).

3. I am getting some master browser errors on the server and I am wondering wether these are contributing to the slow logons and share problems.

I have followed most of the suggestions for the slow logons (Disable SMB signing on the server, GP edit for Always wait for the network..., NIC settings etc.) but to no avail. Would the Master Browser errors be responsible? I also would like a bit more information on WINS as I am not sure if I have set this up correctly.
0
 

Author Comment

by:BHHanley
ID: 10046274
I would request a refund as no answer solved my situation.

Thank-You.
0
 
LVL 1

Accepted Solution

by:
Drob8 earned 500 total points
ID: 10049915
Let me go over this one more time to try and help. If you have a Linksys router, then I would say you shouldn't need to have dual NICs in your server unless you're trying to do something else (RRAS as your firewall). Even in that configuration, I would recommend moving RRAS off of your DNS server, especially if it is a DC as well. There are known issues with that type of setup.

With that being said, here's a fairly rough setup:

Get rid of the second NIC. You can just disable it in the Network Properties to start.

Network: 192.168.0.1/24 (255.255.255.0)
Router's inside IP: 192.168.0.100

Server's IP: 192.168.0.1
Server's Gateway: 192.168.0.100
Server's Primary DNS: 192.168.0.1

DHCP Settings:
Option 3: 192.168.0.100
Option 6: 192.168.0.1
Option 15: name.com (get rid of server)

DNS Settings:
No "." zone (as you said)
Forwarders are valid DNS servers from ISP. Check for typos
Do you have Root Hints? It's actually recommended that you remove them to enforce all DNS lookups go to the forwarders instead of directly to the root servers. I don't know if I agree with that recommendation, but in any case, if they are there, it can help.
You can perform self tests on the DNS server. In DNS Management, right click the server and select Properties. Inside Monitoring, check the simple and recursive query boxes and click Test. Verify both tests are passed.
Do you have any Event Log errors under DNS Servers?

With the server config out of the way, can you still ping sites by name from the server?

At a command prompt on the server, run: netstat -an | find "LISTENING"
Verify that the server is listening on port 53 both on TCP and UDP. It should be on 0.0.0.0 unless you specificed the address in DNS Management.

Go to a client. At a command prompt, run: ipconfig /all
Verify that they are getting the correct information per your DHCP configuration.
On that same client, run nslookup. To ensure that you are querying your Windows server, type: server 192.168.0.100
At the next prompt, try: www.microsoft.com. You should get a non-authoritative answer.
To ensure that your ISP's DNS servers are valid, try the same procedure with those servers instead
This should also confirm that your router is NATing correctly.

Give that a shot and let me know if it takes you anywhere.

Mike
0
 
LVL 1

Expert Comment

by:Drob8
ID: 10049924
Sorry...typo in the nslookup part. Type: server 192.168.0.1, not .100. I'm used to the gateway being .1 and the server being something else. Sorry.

BTW, if you don't have any Win9x clients, you can probably get away with WINS, but if you do have Win9x clients, you will probably want to have it.

Mike
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Microsoft is moving in-place eDiscovery & hold from ECP to EOP console under Content Search in Search and Investigation Options.  In this post, I will be showing you how to export emails to a PST file using the Content Search Options.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question