Unable to connect to outside web address

I am not a network specialist but do have a rough understanding of networking and some of the common tools used to diagnose problems.
I have run this problem past our ISP (SBC) and the owners of the website we cannot connect to.
Neither can help.

So here goes...

Configuration...
  Small Windows Network using DHCP on Small Business Server 2000
  DSL Router
  Clients all running Win 2000 Pro or Win XP Pro

Problem...
  Last week one of my users tried to connect to a specific website and got a can't connect error
  I tried to replicate the problem and was able to at all computers in our business including the server
  We are able to send email to the same domain
  The website in question is a substantial company that also uses SBC to supply its outside connection to the internet
  No one else is having a problem connecting to the website in question
  I cannot connect to any of the IP addresses in their reserved block including the one that handles their email thru my browser, ping or tracert
  According to the site's IT guys, there is a web message that should display telling me I cannot access the email IP with a standard browser
  When I do a tracert to any of the IP addresses in the block, or to their standard URL,
      it gets to an SBC IP with a node name that indicates the website owner, then
      the next IP is x.x.x.254 where x.x.x are the same as the IP entered, but where .254 is in place of .6
      after this line, it begins timing out.
  The x.x.x.254 shows a node name including a domain that was formerly owned by the website's owner, but is no longer owned by them

What I've done so far
  I have tried substituting other SBC domain name servers in our router's configuration with no change in symptoms
  I have had other people try to connect to the website and no one else has this problem.
  For the record the website address is http://www.westernhealth.com
  And the IP address it should resolve to is 216.102.103.6
  I have checked a few hosts files and they all have default info, I tried adding this IP/URL combo in my hosts file with no change in symptoms
  One of the first things I tried is restarting the router both by powering off and on and by using the configuration utility
  I ran ipconfig /all on my client computer and ran the results past the website owner IT guy and he said the results indicated very standard setup

SBC has such a large chunk of the ISP business around here and this website is being accessed by hundreds if not thousands of businesses.  Everyone I've talked to agrees that if it was a problem with SBC's domain name servers, we would not be the only one's having this problem.

This is driving me nuts and we need to get access to this website since we do a large amount of our business through them.  Please help.

Thanks,
joefunsmith
LVL 2
joefunsmithAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stevenlewisCommented:
On a test machine, try a hosts entry, and see if it resolves correctly
0
joefunsmithAuthor Commented:
I already tried that on my machine (one of the clients)... no change :(
0
stevenlewisCommented:
you don't have any static routes set in your router do you?
any proxies involved?
very strange, the tracert would indicate a problem at their end, but no one else is experiencing the problem
what happens when you tracert to the ip address instead of the domain name
but this is interesting, just ran tracert (I too have sbcglobal)
here are the last results

 15    70 ms    68 ms    71 ms  ded3-g1-3-0.scrm01.pbi.net [64.171.152.236]
 16    74 ms    75 ms    75 ms  Western-Heath-Advantage.cust-rtr.pacbell.net [20
6.171.148.69]
 17    79 ms    79 ms    78 ms  216-102-103-254.qdis.com [216.102.103.254]
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

stevenlewisCommented:
But I can fretch the web page
0
hendrixlCommented:
What do you get back when you do an nslookup on the domain name from one of the workstations?  What happens if you enter the IP address of the website in the browser address bar rather than the registered domain name?
0
joefunsmithAuthor Commented:
hendrixl,

When I do nslookup www.westernhealth.com, I get

     *** Can't find server name for address 10.1.1.100: Non-existent domain
       Server: dns1.sndgca.sbcglobal.net
       Address: 206.13.30.12

     DNS request timed out.
       timeout was 2 seconds.
      **** Request to dns1.sndca.sbcglobal.net timed-out

I get the same result in a browser address bar whether I am using the url (www.westernhealth.com) or the IP address (216.102.103.6) and for the record, I have tried this in IE, Firefox and Mozilla

stevenlewis,

I ran a full diagnostic using the config utility for the router which returns listings of just about every setting if not all and I don't see anything indicating that.  Short of that, I am not sure how to verify any static routes.  I am fairly certain we don't proxy anything but can't swear to it.  tracert to ip returns same as domain.  Just for the record, the tracert results you posted, was that using "tracert www.westernhealth.com"?  and what happens on your end when you do "tracert 216.102.103.6"?

joefunsmith
0
stevenlewisCommented:
just for fun, open the hosts file(s) on the machine(s) and see if there are any entries for westernhealth in there
0
joefunsmithAuthor Commented:
stevenlewis,

I did forget, when we were troubleshooting yesterday, I had added to the hosts file on my machine with an ip of 216.102.103.6.
I removed it just now and retried opening the website in my browser with both the domain and the ip and retried tracert with both and all still have the same result.

joefunsmith
0
susanzeiglerCommented:
In the past few days I have seen several others (both on this site and on another list) having similar problems when both ends are within SBCs network. Have you contacted SBC to have them troubleshoot the issue?? It really sounds like they have some internal routing issues between some of their subnets--i.e. someone fat-fingered a route and so those subnets can't see each other.

Keep in mind that such an issue can be very difficult for them to see--it only relies on people in one specific subnet trying to connect to someone in the other. Given the size of their network it could continue for a long time undetected.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joefunsmithAuthor Commented:
stevenlewis,

Would you please run tracert again and see if you get the same results?  SBC made a change to correct the qdis re-route.  Specifically, the last hop before it starts timing out should now be changed from the qdis address to westernhealth address, 216.102.103.254 and it should also time out because its setup to reject icmp traffic.  I still have the same problem and from westernhealth they are able to tracert to our router.  

I am going to power down the server after hours tonight and see if a reboot helps any.

joefunsmith
0
stevenlewisCommented:
sure here ya go
 15    71 ms    70 ms    70 ms  ded3-g1-3-0.scrm01.pbi.net [64.171.152.236]
 16    75 ms    77 ms    74 ms  Western-Heath-Advantage.cust-rtr.pacbell.net [20
6.171.148.69]
 17    80 ms    79 ms    79 ms  216-102-103-254.westernhealth.com [216.102.103.2
54]
 18     *        *        *     Request timed out.
0
joefunsmithAuthor Commented:
good, that's what I am getting too... well everyone left the office except me at 5:00:01 so its time to shut down the server.  Monday, if we are still having the problem, I think SBC will be getting a call.  I will update when I know more.

joefunsmith
0
stevenlewisCommented:
Keep us posted :-)
0
joefunsmithAuthor Commented:
Update:  We brought in a network guru last night who concurs with Susan Zeigler but unfortunately it was after hours and we were not able to get our service ticket elevated live.  He said he's pretty sure there is a provisioning problem with their RBACK router and it will take more than a level-1 help desk to get the problem resolved.  I will update this thread once I have resolution.

There was one thing I had wrong.  Going from word-of-mouth from others, I thought we did not have a proxy server when in fact we do.  However this was checked thoroughly last night and determined to not be the problem.  We were able to navigate to the website by using a public proxy server, but it was determined that this was because the traffic was then coming from that server, not because our proxy server was blocking the traffic.

0
stevenlewisCommented:
Thanks for the update!
0
joefunsmithAuthor Commented:
We can FINALLY browse to the website in question.  And the solution was.... [drum roll please]

unknown!

grrrrr... Our problem was escalated by SBC to an on-site technical support call.  The tech that came out had our account moved to a DHCP account for testing purposes and we were able to browse to the website with no problems.  He had the old static IP account deleted and rebuilt from scratch then moved us back to it and we were NOT able to browse to the website.  This included if he patched directly into our connection with his laptop in front of the router.  Based on his observations he told us the problem was not on our end (meaning we didn't have to pay for their service call) but it also wasn't an SBC issue.  He seemed certain our IP address was being blocked by the vendor.  The vendor agreed to look more closely into the possibility that we were being blocked but not until Monday.  Monday, late morning, we tried it and were able to browse to the website.  I got a call from them (different individual) today wondering if we had ever resolved our problem.  I thanked them, but they said they hadn't touched anything yet and this individual would be the only one there making those sort of changes.

On the SBC side, they admitted to having a problem with an RBACK router but not the one our account ran through.  They refused to check if the vendor was connected to it saying it was inconceivable for it to be the problem even if the vendor's account did run through it.

So either inconceivable does not mean what SBC thinks it means or the vendor was mistaken.

As such, I will try to alot the points as objectively as possible.  :-)
0
susanzeiglerCommented:
Vezzini: "He didn't fall? Inconceivable!"
Inigo: "You keep using that word. I do not think it means what you think it means."

                                                                                      -from "Princess Bride"


I tend to think that SBC doesn't know the meaning of the word;)  A routing issue in a Redback WOULD certainly cause the problems you and others have experienced recently, but then what do I know, I'm only a routing engineer (well, some of the time) ;)

Glad it's working for you!
0
stevenlewisCommented:
Glad it's working! Hmmm, the fact that when they (SBC) moved you to dhcp, and it worked, adn then when they assigned you back to static, and it didn't, and it "miraculously" cleared up, makes one wonder if they are being completly truthful ;-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.