Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS issues? Can not access google.com or some random downloads

Posted on 2004-10-24
14
Medium Priority
?
1,899 Views
Last Modified: 2010-05-18
I am in the process of setting up SBS2k3, for the second time and am trying to resolve some issue during this testing phase.

From the server I am unable to access www.google.com using IE. I can use the IP address and this resolves ok. I can use the google bar and this works most of the time. Sometimes it comes up with http://www.google.com/search?q=www.google.com but no the home page. Sometimes it comes up with page can not be found. Also when I try to access links from eventid.net like http://www.eventid.net/display.asp?eventid=1000&eventno=3084&source=ASP.NET%201.1.4322.0&phase=1, I get page can not be displayed. Server not available or DNS error.

I tried modifiying the hosts file on the server (not sure if this is a good idea) and it made no difference. Nearly everything works ok. Although I did have problems downloading files from MS until I applied a Sharepoint fix. That issue more or less went away except for the links from eventid.net. All of the above sites can be access from a machine outside of the SBS2K3 network but behind the same router and on the same internet connection. Although I do not have a client machine on the new sbs network at the moment I did have a client on the previous sbs2k3 which had the same problems on the server but from memory the client machine worked ok.

The first install I had the same problem and I also had problems with the mail delivery. I can't imagine that they are related and I have not tested the mail on the new install enough to be sure that I am not having the same problems, although it initially seems to be ok. I have been very specific about trying to keep the logs clean and am pretty happy that there is not any issues there.

However just for reference I am still getting the follwing on shutdown
3x 8026 from MSexhangeAL,
1x 2102 from topology and
1x 8250 from service control.

 I also got

3x 1000 from windows sharepoint service 2.0 with 2 mins of startup
2x 63 from Winmgmt.

The company website seems unaffected and everything else appears fine. From my initial readings these are acceptable on startup. Although I want to find a fix for the winmgmnt  errors.

i don't knoiw enough about DNS to troubleshoot this so any help would be appreciated.

Thanks all
Raoul
0
Comment
Question by:Raoul Edmonds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 

Author Comment

by:Raoul Edmonds
ID: 12392121
Update: Also can not access support.microsoft.com from the server. This is a new install all updates and patches according to windows update and MBSA 1.2.1.

I have subsequently installed adaware se, and Tuneup Utilities 2004. But the problems exsited prior to these being installed. I also disabled the IE restrictions that are default in server 2003. No Change.
0
 

Author Comment

by:Raoul Edmonds
ID: 12393066
Update: I have now installed Trend Server protect and am getting update failures. This was also the case on the previous sbs installation and applied to Server Protect and the Officescan Server. The error says "source network generic failure". In the previous install this would happen everytime I manually tried to update and most of the scheduled updates but I did notice that the auto updates were succeeding enough to keep it upto date. I previously put it down to a problem in the update service of the products and that it was generating this error when there was no new updates, but I am no longer happy with this explanation.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12398548

All internal PCs and Servers are using your primary internal DNS? I take it that's the one having problems seeking answers?

Before anything else, can you confirm the format of your current network domain name? Does it follow the mydomain.com type format?

Inside DNS Manager, can you check for a Forward Lookup Zone called "." - If there is one, delete it. The presence of this zone makes your server authoritative for everything, and since it knows everything there's no point at all in asking anyone else.

Can you select properties for the DNS Server and check that the Root Hints tab is not greyed out.

If you use Forwarders can you check that the DNS you are forwarding requests to is responding.

Is there a Firewall blocking outbound access from the DNS Server on port 53?

To troubleshoot DNS Errors using NSLookup:

Open up the command prompt and type nslookup.

To check external requests are being sent onwards correctly type

www.google.com

Checking it returns and address, or if it times out.

Check the same for a valid internal address to confirm the server can answer questions correctly.

Let me know how that lot goes :)
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:Raoul Edmonds
ID: 12407713
The server and one VirtualPC are on the network and both have dns pointing to the internal network card of the server. I can now confirm that the client machine is having the same problems. The server is server.domain.local format.

I am not overly familiar with DNS but could not find any entry in the forward lookup zones or subfolders listed as "*".

The root hints tab is not greyed out. I am using forwarders and these are the only/primary dns servers for the computer that I am working on now, which has no problems.

It is the defualt install of SBS without ISA. I have a hardware router with no outbound ports blocked and the PC that I am on now is also behind the same router.

nslookup:
Non-authoritative answer:
Name:    www.google.akadns.net
Addresses:  64.233.161.104, 64.233.161.99
Aliases:  www.google.com

Nslookup locally:
C:\Documents and Settings\Administrator>nslookup server
Server:  server.domain.local
Address:  172.16.0.2

DNS request timed out.
    timeout was 2 seconds.
*** Request to server.domain.local timed-out

Attempt2:
C:\Documents and Settings\Administrator>nslookup server
Server:  server.domain.local
Address:  172.16.0.2

Name:    server.domain.local
Address:  172.16.0.2

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12408711

Any errors showing in the Event Logs at all?
0
 

Author Comment

by:Raoul Edmonds
ID: 12419078
yes. but nothing that is obviously related.

Application Log Contains:

Source: Microsoft Fax
Catergory: initialization/termination
Type: warning
Event Id: 32068
User: N/A
Computer: server
Desc: The outgoing routing rule is not valid because it cannot find a valid device. Check the routing rule configuration. Country/region code: '*' Area code: '*'

Source: Microsoft Fax
Catergory: initialization/termination
Type: warning
Event Id: 32026
User: N/A
Computer: server
Desc: Fax Service failed to initialize any assigned fax devices. No faxes can be sent or received until a fax device is installed.

Source: Perflib
Catergory: None
Type: Warning
Event ID: 1016
User: N/A
Computer: Server
Desc: The data buffer created for the "MSExchangeIS" service in the "C:\Program Files\Exchsrvr\bin\mdbperf.dll" library is not aligned on an 8-byte boundary. This may cause problems for applications that are trying to read the performance data buffer. Contact the manufacturer of this library or service to have this problem corrected or to get a newer version of this library.

Source: Perflib
Catergory: None
Type: Warning
Event ID: 1016
User: N/A
Computer: Server
Desc: The data buffer created for the "EXOLEDB" service in the "C:\Program Files\Exchsrvr\bin\exodbpc.dll" library is not aligned on an 8-byte boundary. This may cause problems for applications that are trying to read the performance data buffer. Contact the manufacturer of this library or service to have this problem corrected or to get a newer version of this library.

Source: WinMgmt
Catergory: None
Type: Warning
Event ID: 63
User: NT Authority\System
Computer: Server
Desc: A provider, PerfProv, has been registered in the WMI namespace, ROOT\CIMV2\MicrosoftHealthMonitor\PerfMon, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Source: MSExchangeSA
Catergory: Monitoring
Type: Error
Event ID: 9099
User: N/A
Computer: Server
Desc: The MAD Monitoring thread was unable to read the state of the services, error '0x80010108'.

Source: WinMgmt
Catergory: None
Type: Warning
Event ID: 47
User: N/A
Computer: Server
Desc: WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\mssindex\Performance\Library, error code: 0x80041009

Source: WinMgmt
Catergory: None
Type: Warning
Event ID: 47
User: N/A
Computer: Server
Desc: WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSGTHRSVC\Performance\Library, error code: 0x80041009

Source: WinMgmt
Catergory: None
Type: Warning
Event ID: 47
User: N/A
Computer: Server
Desc: WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSGatherer\Performance\Library, error code: 0x80041009

Source: WinMgmt
Catergory: None
Type: Warning
Event ID: 47
User: N/A
Computer: Server
Desc: WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSEARCH\Performance\Library, error code: 0x80041009

Source: WinMgmt
Catergory: None
Type: Warning
Event ID: 47
User: N/A
Computer: Server
Desc: WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\Autocat\Performance\Library, error code: 0x80041009

Source: Windows Sharepoint Services 2.0
Catergory: None
Type: Error
Event ID: 1000
User: N/A
Computer: Server
Desc: #50070: Unable to connect to the database STS_Config on CAFE-SBSERVER\SharePoint.  Check the database connection information and make sure that the database server is running.

Source: MSExchangeAL
Catergory: Service Control
Type: Error
Event ID: 8250
User: N/A
Computer: Server
Desc: The Win32 API call 'DsGetDCNameW' returned error code [0x862] The specified component could not be found in the configuration information.  The service could not be initialized.  Make sure that the operating system was installed properly.

Source: MSExchangeAL
Catergory: LDAP Operations
Type: Error
Event ID: 8026
User: N/A
Computer: Server
Desc: LDAP Bind was unsuccessful on directory cafe-sbserver.cafecom.local for distinguished name ''. Directory returned error:[0x51] Server Down.  DC=cafecom,DC=local  

Source: MSExchangeDSAccess
Catergory: Topology
Type: Error
Event ID: 2104
User: N/A
Computer: Server
Desc: Process INETINFO.EXE (PID=1588). All the DS Servers in domain are not responding.

Source: MSExchangeAL
Catergory: LDAP Operations
Type: Error
Event ID: 8026
User: N/A
Computer: Server
Desc: LDAP Bind was unsuccessful on directory cafe-sbserver.cafecom.local for distinguished name ''. Directory returned error:[0x34] Unavailable.  DC=cafecom,DC=local

Source: MSExchangeDSAccess
Catergory: Topology
Type: Error
Event ID: 2102
Computer: Server
Desc: Process MAD.EXE (PID=2308). All Domain Controller Servers in use are not responding:
server.domain.local

System Log just has w32time errors and a Term Services error related to the image writer driver. One this I noted when trying to correct the w32time errors I do the following
setsntp - ...
net stop w32time
w32tm -once
get the error -once is unknown command

try
w32tm -resync
get error: Sending resync command to local computer...
The following error occurred: The interface is unknown. (0x800706B5)

Sorry for all that detail and thanks for your help.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12419569

It doesn't look much like a problem with DNS specifically, and seems more like a problem with network connectivity.

Can you try the same queries from the server itself? Or were those above from that server?
0
 

Author Comment

by:Raoul Edmonds
ID: 12426566
Those DNS queries where from the server. I can not image that I have a network connectivity problem as everything else works. All other site that I have tested so far from inside the SBS network and everything form outside the sbs network which using the smae router, and internet connection.

Any other ideas? Or can you suggest a starting point to troubleshoot this under another topic?

Thanks for you help

Raoul
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12431524

I'm a bit stuck.

With no errors in the Event Logs and no actual DNS query errors...

How about the load on the machine? Anti virus software?
0
 

Author Comment

by:Raoul Edmonds
ID: 12458458
Load seems fine. It is a PIV 2.4Ghz. 1024Ram. Running SBS2k#.  No ISA. Currently has 3 user accounts but only one is using it and only for testing.  It has Trend Server Protect, Scanmail and emanager although the problems existed before they were installed.
0
 

Author Comment

by:Raoul Edmonds
ID: 13071005
I found out what the problem was although I can not remember the solution. Windows 2k3 has advanced DNS handling which is not supported by all routers. The was a registry setting that disabled the advanced DNS reverting back to the old standard and this solved the problme. I will endevour to find out the exact solution and post back.

Raoul
0
 

Expert Comment

by:Earth37
ID: 13522064
We were experiencing the same problem on our end as well.  Ends up that this is an issue with Windows 2K3 DNS' use of EDNS0, which uses UDP packets larger than 512 bytes.  Our firewall was not letting those packets through, causing a timeout.  See the following KB's:

http://support.microsoft.com/default.aspx?scid=kb;en-us;828731

http://support.microsoft.com/default.aspx?scid=kb;en-us;832223

In our case, we were using a Cisco PIX that was using the following command:

fixup protocol dns maximum-length 512

Changing it to:

fixup protocol dns maximum-length 4096

...fixed the problem.  You may find that it makes sense to disable the EDNS0 feature with the following command on your server:

dnscmd /Config /EnableEDnsProbes 0

Hope that helps.

Brad
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14123729
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Learn about cloud computing and its benefits for small business owners.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question