[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

upgraded to sbs 2003 premium now cant open microsoft.com

Posted on 2006-04-21
42
Medium Priority
?
577 Views
Last Modified: 2008-01-09
Hi All

This is an odd problem, probably with a simple answer.

I have upgraded from Windows 2000 server in workgroup to Win 2k3 SBS premium with ISA 2000 domain.

I can access anywebsite i have ever tried....... apart from microsoft.com.

I have checked and re-checked DNS, and all seems good, i have an all open rule in ISA for outgoing trafic requests.

The server has 2 NIC's, one is plugged into a switch, the other is plugged into an ADSL router.

Any suggestions?

Regards
Gavin
0
Comment
Question by:gavinandrewmcmillan
  • 20
  • 16
  • 4
  • +1
42 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16506055
does the page simply timeout? thats very strange that one page wont work when everything else will!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16519030
I'm wondering why you UPGRADED your server??  If it was in a workgroup then you didn't have Active Directory installed so it seems as though you would have been much better to just do a clean install.  But that's really another topic.... sorry, I got sidetracked.  :-)

Anyhow... can you please post an IPCONFIG /ALL so that we can review your network settings?

Thanks!

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16519031
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16519036
You may also want to turn on Dropped Packet logging in ISA to see if it's happening there:
http://www.microsoft.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_h_logreject.mspx

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521111
Hi Everyone

Sorry for my delayed response!

The page just times out:

"Server not found
Firefox can't find the server at www.microsoft.com.
    *   Check the address for typing errors such as
          ww.example.com instead of
          www.example.com

    *   If you are unable to load any pages, check your computer's network
          connection.

    *   If your computer or network is protected by a firewall or proxy, make sure
          that Firefox is permitted to access the Web."
"

Here is my ipconfig /all

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FS1
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Server Local Area Connection:

- external nic

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
   Physical Address. . . . . . . . . : 00-05-1C-1B-6E-29
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : 10.0.0.138
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

- my internal nic

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
   Physical Address. . . . . . . . . : 00-0E-0C-A8-50-55
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1


I will check out the ISA link, but i dont think that will be it because it was doing this before i put ISA on.

Regards

Gavin


0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16521142
are you able to ping the website?

i take it you have set up routing between you 192 and 10 ranges?
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521170
Hi Guys

http://www.microsoft.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_h_logreject.mspx

does not work for me because it is microsoft.com

I will search the net for an alturnative link from another site.

Regards

Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521178
I cannot ping microsoft.com:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ping microsoft.com

Pinging microsoft.com [207.46.250.119] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.250.119:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Administrator>
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16521195
yet if you try to ping google does it work?
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521208
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ping google.com

Pinging google.com [64.233.187.99] with 32 bytes of data:

Reply from 64.233.187.99: bytes=32 time=318ms TTL=237
Reply from 64.233.187.99: bytes=32 time=317ms TTL=237
Reply from 64.233.187.99: bytes=32 time=319ms TTL=237
Reply from 64.233.187.99: bytes=32 time=317ms TTL=237

Ping statistics for 64.233.187.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 317ms, Maximum = 319ms, Average = 317ms

C:\Documents and Settings\Administrator>

all works fine there
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16521221
hmm just realised i cant ping ms either so thats a moot point   hmm got me stumped   have never seen this happen unless your infected with some kind of malware
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521232
yes i cant work it out either!! I am up to date with all Windows Updates on all computes, i have trend micro client server messaging installed, which is up to date and scans daily as far as i know DNS is working fine, everything bar microsoft loads perfectly. I guess it could be malware or spyware, i try get hold of some spyware scanning tool.... i would have windows defender but cant download it off the site!!!

Thanks for help, ill leave this open incase you come up with any more ideas.

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16521381
Gavin,

Your problem first of all is that you have WINS configured on your external NIC, and not your internal.  Remove the 10.0.0.1 WINS entry and add WINS of 192.168.1.1 to your internal NIC.

Next, while it's not entierly necessary, I would change your external subnet mask to 255.255.255.0.  This is a small business network that can't have over 75 devices... so a Class C IP Subnet is quite sufficient -- having a 255.0.0.0 subnet is a Class A, which provides up to 16,000,000 IP addresses, while a Class C keeps it to just 254.  (Plus on your External NIC, there should only be 2 IP addresses in use anyhow... the router's and the external NIC's).

After you've made those changes you must run the Configure Email and Internet Connection Wizard (CEICW) again.  There's a visual how-to here:  http://sbsurl.com/ceicw, and a full overview of how to configure your network here:  http;//sbsurl.com/msicw

Then... you can't ping microsoft.com, they don't accept pings.  So your test doesn't show anything other than the fact that your server DOES properly resolve microsoft's IP address.  You can try to tracert to microsoft.com but it's iffy if that would go through as well because often many registrars block trace and whois requests for microsoft due to the amount of traffic that would go through their servers.  The true test of whether you can get to a site or not is with nslookup.  If Microsoft.com resolves to 207.46.x.x (usually 207.46.130.108 or 207.46.250.119) then you don't have a problem with your DNS, but you could have a problem with your DNS CACHE, or your IE CACHE.  

So, run an IPCONFIG /FLUSHDNS from the command prompt, then clear out your IE cached files including offline files and then try browsing to microsoft.com in Internet Explorer again.  Do not use FireFox for this test.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16521385
Also, what router do you have?  Some routers have a ping and traceroute feature that will allow you to test from the router, which would help you to eliminate ISA from the issue.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16521391
P. S.  I really hate to post this here, because it just perpetuates idiotic thinking... but you can access Microsoft.com sites this way:  

http://thesource.ofallevil.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_h_logreject.mspx?mfr=true

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521474
that link didnt work either!!!, whats up with this
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521483
I am having trouble with WINS, i know it says in ipconfig /all that the primary WINS server is 10.0.0.1 (external ip), but when i go into WINS under Administrtion Tools, it says that the Wins server is 192.168.1.1, should i remove this entry and add a totally new one?

Regards
Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521546
The Router is an Alcatel Speedtouch 500 series ADSL Modem/Router, i have turned off DHCP and assigned it a static Ip address.

NAPT on the router was configured by the server, so i assume everything would be fine. Also is it safe to forward all ports through to the server seeing as it has ISA installed, or am i better to only forward the specified ports set by the server.

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16521814
No, you need to specify the WINS server on your Network Card's TCP/IP properties > Advanced > WINS tab.

Delete the entry from the external NIC and add the correct one to the Internal NIC.

Also, please specify the EXACT model number, not the series.

Jeff
TechSoEasy

0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521851
ok i have changed the wins configuration on the network cards, removed it from the outside, and added it to the inside one.

Here are the details of the router that i took from it:
  Product Name = SpeedTouch 530  
  Vendor Name = THOMSON  
  Software Version = 4.2.7.16.0  
  Serial Number =
  CLI Version = 1.2.0  
  Bootloader Version = 2.0.5  
  ASIC Version = 1b01  
  Board Name = ADNT-Q  
  Modem Label Version = 2.11.36  

Hope this helps, i will redo the internet and email connection wizard now!!

Regards
Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16521893
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>nslookup microsoft.com
*** Can't find server name for address 192.168.1.1: Non-existent domain
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.250.119, 207.46.130.108


C:\Documents and Settings\Administrator>

This is the message i get wheni do nslookup on the server and this on the clients

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>nslookup microsoft.com
*** Can't find server name for address 192.168.1.1: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.250.119, 207.46.130.108


C:\Documents and Settings\Administrator>

to me this looks like a DNS problem at my end, do you know what it is?

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16521948
Yep.. it sure is...

If you have the Windows Server Resource Kit Tools downloaded, please run a DNSDIAG and post it here.  If you don't have the tools, you can get them here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16522303
Ok i have installed the Windows Server Resource Kit and when i run DNSDIAG. I get a message that says ISATQ.dll coud not be found, i did a search for it and it is there, i have reinstalled the resource kit and it says everything went fine, is there anything else i can do to find out what is wrong?

Regards
Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16522327
Here are the details of the router, and i have changed the wins etc on the network cards

Here are the details of the router that i took from it:
  Product Name = SpeedTouch 530  
  Vendor Name = THOMSON  
  Software Version = 4.2.7.16.0  
  Serial Number =
  CLI Version = 1.2.0  
  Bootloader Version = 2.0.5  
  ASIC Version = 1b01  
  Board Name = ADNT-Q  
  Modem Label Version = 2.11.36  

Hope this helps, i will redo the internet and email connection wizard now!!

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16523058
The router is irrelevant at this moment... you have DNS resolution problems.

When you say the ISATQ.dll "was there", where was it?  It should be in C:\windows\system32\inetsrv\, so if you found it in your dllcache folder copy it into the inetsrv folder.
And then make sure that all of your automatically starting SERVICES are started, especially the Simple Mail Transport Protocol (SMTP) service which is required by DNSDIAG.exe.

Jeff
TechSoEasy




0
 
LVL 6

Expert Comment

by:rustyrpage
ID: 16528652
I don't think that not accessing the www.microsoft.com is a DNS issue since his PING of www.microsoft.com resolved the correct IP address.  Maybe it is some sort of security error or something of the sort.

I know that some people don't like to do this on a server, but try to install Firefox & see if you can access it from there.  (just for fun)
0
 
LVL 6

Expert Comment

by:rustyrpage
ID: 16528692
Also, I just googled some stuff & found that sometimes this can happen when you need to adjust your MTU settings.  See the quote below:

recently installed a router at home. And switched to cable.

Turns out it was MTU that was my problem. Because I could access many other internet sites, but yahoo! mail would return a blank screen.

Setting the MTU on the ethernet interface on my PC fixed this problem. I had to set my MTU to 1490 bytes (Telstra Australia BigPond ISP limitation). Other people have to set it to 512. (Note this is an advanced task in windows, you have to google around for a while and try and work out what it is in the registry you need to change to force the MTU to be set to a lower value).

Note that setting the MTU in the router wasn't sufficient.. it was my PC that had to have the MTU changed (I was running Windows 2000).
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16530981
y'know... in rereading back through all of this, I'm wondering if when you upgraded from SBS2000, did you reinstall ISA from the SBS2003 disks?  

While I know this doesn't apply to yours, an update came out today for ISA2004 to fix certain http issues which are quite similar to your problem.  (http://www.microsoft.com/downloads/details.aspx?familyid=2aa53ee6-527c-4398-ab7c-fcf8e8dde8ce&displaylang=en)

So, it made me wonder if these issues happened in ISA2000.  Apparently they did... but were corrected by ISA 2000 SP1, which is included on the SBS2003 media, but would not have installed if you didn't reinstall during the upgrade.  

At this point, I would download and install the ISA 2000 updates, even if they were installed it can't hurt to reapply: http://www.microsoft.com/downloads/details.aspx?FamilyID=77d89f87-5205-4779-b1ab-fc338283b2d9&DisplayLang=en

You can read about these types of issues here: http://support.microsoft.com/kb/331062

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16539724
ok i will give downloading the updates a go, in the mean time i will try move the ISATQ.dll file to the right place (if it was in the wrong place) and i will check the MTU setting.

Regards
Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16539795
ok here we go:

Firefox worked, but it couldnt get through to Microsoft.com, ISATQ.dll is in the right place under C:\windows\system32\inetsrv\ but i still get that strange message.

I am working on finding out how to change the MTU, fingers crossed that will be the solution!
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16539823
something intersting, http://support.microsoft.com/kb/331062 works, but microsoft.com does not.....
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16540008
To easily change the MTU, download http://tune-up.com 's Tune-Up utilities 2006... It works just fine on an SBS, and is free for 30 days.

There's a system optimization wizard which will change the MTU's as well as the http threads for you.  It might even find out what else ails the server.  Just don't use the registry cleaner on it unless you review EACH item.  (although it has a great restore feature).

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16540276
Im downloading it now, will keep you up to date!!

Regards
Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16541305
Ok i installed Tune-Up and ran the system optimization wizard, aswell as a couple of other tests, it picked up a few registry errors but that is all. Unfortunately i am still unable to access microsoft.com

I have also confirmed that i have the latest service pack for ISA 2000, i will do a repair install tonight in case there was any errors during installation, but i am sure it should be find.

I also have an all open out policy in place meaning that the firewall wont restrict any outgoing access so this should not block microsoft.com

Any other ideas guys? this is driving me nuts!! I also have Trend Micro Client Server Messaging installed, do you think this could be what is blocking it?

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16541771
Do you have a laptop you can plug directly into your router?  Bypassing your server will give you one area of elimination for troubleshooting.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16541776
Also, we never got the DNSDIAG to run.  Please try installing it on a Windows XP machine instead and it will run from there.

And, what version of Trend CSM are you running?  If 3.0, have you disabled the Personal Firewall service?

Jeff
TechSoEasy
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 16542201
One other thing to look at is the binding order of your NICs.  Open up the Network Connections and click on Advanced > Advanced Settings... and make sure that the Internal NIC is listed first.  Also, uncheck File & Print sharing on your EXTERNAL NIC, if it's checked.  (Not really related... but since you're there you might as well take care of this... most people leave it enabled which is not a good idea).

One other thing I just noticed in reviewing the entire thread... you said you just downloaded the latest SP for ISA 2000.  This tells me that you haven't installed Service Pack 1 for SBS yet (which would take you to ISA 2004, btw -- but going to ISA 2004 is not required to complete the Service Pack installation).  SP1 fixes A LOT of issues and ensures that you're completely up-to-date in all areas.  I'd highly suggest that you install it.  http://sbsurl.com/sp1 for more info.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16550281
Hi Jeff

Im out of the office today but can answer a couple of questions, It is definately a problem with the server, i have bypassed it by plugging a laptop straight into the router and it has all worked as expected, had no problems with DNS.

I do have CSM 3.0 and have disabled the firewall as i am using ISA's firewall.

As far as the upgrade for SBS, would this not hapen automatically through windows updates? i know that all updates as far as automatic updates have gone through and is all up to date, however if it is a manual upgrade then i will definately get that done over the weekend.

I will put DNSDIAG onto one of the XP machines when i get back into the office later today!

Thanks for your help so far!

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16557715
No, Service Pack updates must be done manually because they may affect other settings and software.  It is a major OS upgrade and since it DOES fix so many things, I would definitely suggest it.  Carefully review the instructions at http://sbsurl.com/sp1 and then apply the Service Packs as recommended.

That should correct the error caused in ISA as noted above.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16558236
Excellent, i will do this tonight after work, or tomorrow when no one is in the network.

Regards
Gavin
0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 16567416
wooo hoooo I can now access Microsoft.com!!!

Thanks heaps for you help Jeff.

To sumarise the answer to this question: Needed to upgrade to Windows SBS Server Premium 2003 SP1.

I will install the update for ISA and SQL, but i have to order the disk from Microsoft.

Regards
Gavin
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16568438
Congrats Gavin!  Glad you got it all working!

Jeff
TechSoEasy
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question