upgraded to sbs 2003 premium now cant open microsoft.com

Hi All

This is an odd problem, probably with a simple answer.

I have upgraded from Windows 2000 server in workgroup to Win 2k3 SBS premium with ISA 2000 domain.

I can access anywebsite i have ever tried....... apart from microsoft.com.

I have checked and re-checked DNS, and all seems good, i have an all open rule in ISA for outgoing trafic requests.

The server has 2 NIC's, one is plugged into a switch, the other is plugged into an ADSL router.

Any suggestions?

Regards
Gavin
LVL 2
gavinandrewmcmillanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jay_Jay70Commented:
does the page simply timeout? thats very strange that one page wont work when everything else will!
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I'm wondering why you UPGRADED your server??  If it was in a workgroup then you didn't have Active Directory installed so it seems as though you would have been much better to just do a clean install.  But that's really another topic.... sorry, I got sidetracked.  :-)

Anyhow... can you please post an IPCONFIG /ALL so that we can review your network settings?

Thanks!

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You may also want to turn on Dropped Packet logging in ISA to see if it's happening there:
http://www.microsoft.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_h_logreject.mspx

Jeff
TechSoEasy
gavinandrewmcmillanAuthor Commented:
Hi Everyone

Sorry for my delayed response!

The page just times out:

"Server not found
Firefox can't find the server at www.microsoft.com.
    *   Check the address for typing errors such as
          ww.example.com instead of
          www.example.com

    *   If you are unable to load any pages, check your computer's network
          connection.

    *   If your computer or network is protected by a firewall or proxy, make sure
          that Firefox is permitted to access the Web."
"

Here is my ipconfig /all

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FS1
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Server Local Area Connection:

- external nic

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
   Physical Address. . . . . . . . . : 00-05-1C-1B-6E-29
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : 10.0.0.138
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

- my internal nic

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
   Physical Address. . . . . . . . . : 00-0E-0C-A8-50-55
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1


I will check out the ISA link, but i dont think that will be it because it was doing this before i put ISA on.

Regards

Gavin


Jay_Jay70Commented:
are you able to ping the website?

i take it you have set up routing between you 192 and 10 ranges?
gavinandrewmcmillanAuthor Commented:
Hi Guys

http://www.microsoft.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_h_logreject.mspx

does not work for me because it is microsoft.com

I will search the net for an alturnative link from another site.

Regards

Gavin
gavinandrewmcmillanAuthor Commented:
I cannot ping microsoft.com:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ping microsoft.com

Pinging microsoft.com [207.46.250.119] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.250.119:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Administrator>
Jay_Jay70Commented:
yet if you try to ping google does it work?
gavinandrewmcmillanAuthor Commented:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ping google.com

Pinging google.com [64.233.187.99] with 32 bytes of data:

Reply from 64.233.187.99: bytes=32 time=318ms TTL=237
Reply from 64.233.187.99: bytes=32 time=317ms TTL=237
Reply from 64.233.187.99: bytes=32 time=319ms TTL=237
Reply from 64.233.187.99: bytes=32 time=317ms TTL=237

Ping statistics for 64.233.187.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 317ms, Maximum = 319ms, Average = 317ms

C:\Documents and Settings\Administrator>

all works fine there
Jay_Jay70Commented:
hmm just realised i cant ping ms either so thats a moot point   hmm got me stumped   have never seen this happen unless your infected with some kind of malware
gavinandrewmcmillanAuthor Commented:
yes i cant work it out either!! I am up to date with all Windows Updates on all computes, i have trend micro client server messaging installed, which is up to date and scans daily as far as i know DNS is working fine, everything bar microsoft loads perfectly. I guess it could be malware or spyware, i try get hold of some spyware scanning tool.... i would have windows defender but cant download it off the site!!!

Thanks for help, ill leave this open incase you come up with any more ideas.

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Gavin,

Your problem first of all is that you have WINS configured on your external NIC, and not your internal.  Remove the 10.0.0.1 WINS entry and add WINS of 192.168.1.1 to your internal NIC.

Next, while it's not entierly necessary, I would change your external subnet mask to 255.255.255.0.  This is a small business network that can't have over 75 devices... so a Class C IP Subnet is quite sufficient -- having a 255.0.0.0 subnet is a Class A, which provides up to 16,000,000 IP addresses, while a Class C keeps it to just 254.  (Plus on your External NIC, there should only be 2 IP addresses in use anyhow... the router's and the external NIC's).

After you've made those changes you must run the Configure Email and Internet Connection Wizard (CEICW) again.  There's a visual how-to here:  http://sbsurl.com/ceicw, and a full overview of how to configure your network here:  http;//sbsurl.com/msicw

Then... you can't ping microsoft.com, they don't accept pings.  So your test doesn't show anything other than the fact that your server DOES properly resolve microsoft's IP address.  You can try to tracert to microsoft.com but it's iffy if that would go through as well because often many registrars block trace and whois requests for microsoft due to the amount of traffic that would go through their servers.  The true test of whether you can get to a site or not is with nslookup.  If Microsoft.com resolves to 207.46.x.x (usually 207.46.130.108 or 207.46.250.119) then you don't have a problem with your DNS, but you could have a problem with your DNS CACHE, or your IE CACHE.  

So, run an IPCONFIG /FLUSHDNS from the command prompt, then clear out your IE cached files including offline files and then try browsing to microsoft.com in Internet Explorer again.  Do not use FireFox for this test.

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Also, what router do you have?  Some routers have a ping and traceroute feature that will allow you to test from the router, which would help you to eliminate ISA from the issue.

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
P. S.  I really hate to post this here, because it just perpetuates idiotic thinking... but you can access Microsoft.com sites this way:  

http://thesource.ofallevil.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_h_logreject.mspx?mfr=true

Jeff
TechSoEasy
gavinandrewmcmillanAuthor Commented:
that link didnt work either!!!, whats up with this
gavinandrewmcmillanAuthor Commented:
I am having trouble with WINS, i know it says in ipconfig /all that the primary WINS server is 10.0.0.1 (external ip), but when i go into WINS under Administrtion Tools, it says that the Wins server is 192.168.1.1, should i remove this entry and add a totally new one?

Regards
Gavin
gavinandrewmcmillanAuthor Commented:
The Router is an Alcatel Speedtouch 500 series ADSL Modem/Router, i have turned off DHCP and assigned it a static Ip address.

NAPT on the router was configured by the server, so i assume everything would be fine. Also is it safe to forward all ports through to the server seeing as it has ISA installed, or am i better to only forward the specified ports set by the server.

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No, you need to specify the WINS server on your Network Card's TCP/IP properties > Advanced > WINS tab.

Delete the entry from the external NIC and add the correct one to the Internal NIC.

Also, please specify the EXACT model number, not the series.

Jeff
TechSoEasy

gavinandrewmcmillanAuthor Commented:
ok i have changed the wins configuration on the network cards, removed it from the outside, and added it to the inside one.

Here are the details of the router that i took from it:
  Product Name = SpeedTouch 530  
  Vendor Name = THOMSON  
  Software Version = 4.2.7.16.0  
  Serial Number =
  CLI Version = 1.2.0  
  Bootloader Version = 2.0.5  
  ASIC Version = 1b01  
  Board Name = ADNT-Q  
  Modem Label Version = 2.11.36  

Hope this helps, i will redo the internet and email connection wizard now!!

Regards
Gavin
gavinandrewmcmillanAuthor Commented:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>nslookup microsoft.com
*** Can't find server name for address 192.168.1.1: Non-existent domain
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.250.119, 207.46.130.108


C:\Documents and Settings\Administrator>

This is the message i get wheni do nslookup on the server and this on the clients

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>nslookup microsoft.com
*** Can't find server name for address 192.168.1.1: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.250.119, 207.46.130.108


C:\Documents and Settings\Administrator>

to me this looks like a DNS problem at my end, do you know what it is?

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Yep.. it sure is...

If you have the Windows Server Resource Kit Tools downloaded, please run a DNSDIAG and post it here.  If you don't have the tools, you can get them here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en

Jeff
TechSoEasy
gavinandrewmcmillanAuthor Commented:
Ok i have installed the Windows Server Resource Kit and when i run DNSDIAG. I get a message that says ISATQ.dll coud not be found, i did a search for it and it is there, i have reinstalled the resource kit and it says everything went fine, is there anything else i can do to find out what is wrong?

Regards
Gavin
gavinandrewmcmillanAuthor Commented:
Here are the details of the router, and i have changed the wins etc on the network cards

Here are the details of the router that i took from it:
  Product Name = SpeedTouch 530  
  Vendor Name = THOMSON  
  Software Version = 4.2.7.16.0  
  Serial Number =
  CLI Version = 1.2.0  
  Bootloader Version = 2.0.5  
  ASIC Version = 1b01  
  Board Name = ADNT-Q  
  Modem Label Version = 2.11.36  

Hope this helps, i will redo the internet and email connection wizard now!!

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The router is irrelevant at this moment... you have DNS resolution problems.

When you say the ISATQ.dll "was there", where was it?  It should be in C:\windows\system32\inetsrv\, so if you found it in your dllcache folder copy it into the inetsrv folder.
And then make sure that all of your automatically starting SERVICES are started, especially the Simple Mail Transport Protocol (SMTP) service which is required by DNSDIAG.exe.

Jeff
TechSoEasy




rustyrpageCommented:
I don't think that not accessing the www.microsoft.com is a DNS issue since his PING of www.microsoft.com resolved the correct IP address.  Maybe it is some sort of security error or something of the sort.

I know that some people don't like to do this on a server, but try to install Firefox & see if you can access it from there.  (just for fun)
rustyrpageCommented:
Also, I just googled some stuff & found that sometimes this can happen when you need to adjust your MTU settings.  See the quote below:

recently installed a router at home. And switched to cable.

Turns out it was MTU that was my problem. Because I could access many other internet sites, but yahoo! mail would return a blank screen.

Setting the MTU on the ethernet interface on my PC fixed this problem. I had to set my MTU to 1490 bytes (Telstra Australia BigPond ISP limitation). Other people have to set it to 512. (Note this is an advanced task in windows, you have to google around for a while and try and work out what it is in the registry you need to change to force the MTU to be set to a lower value).

Note that setting the MTU in the router wasn't sufficient.. it was my PC that had to have the MTU changed (I was running Windows 2000).
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
y'know... in rereading back through all of this, I'm wondering if when you upgraded from SBS2000, did you reinstall ISA from the SBS2003 disks?  

While I know this doesn't apply to yours, an update came out today for ISA2004 to fix certain http issues which are quite similar to your problem.  (http://www.microsoft.com/downloads/details.aspx?familyid=2aa53ee6-527c-4398-ab7c-fcf8e8dde8ce&displaylang=en)

So, it made me wonder if these issues happened in ISA2000.  Apparently they did... but were corrected by ISA 2000 SP1, which is included on the SBS2003 media, but would not have installed if you didn't reinstall during the upgrade.  

At this point, I would download and install the ISA 2000 updates, even if they were installed it can't hurt to reapply: http://www.microsoft.com/downloads/details.aspx?FamilyID=77d89f87-5205-4779-b1ab-fc338283b2d9&DisplayLang=en

You can read about these types of issues here: http://support.microsoft.com/kb/331062

Jeff
TechSoEasy
gavinandrewmcmillanAuthor Commented:
ok i will give downloading the updates a go, in the mean time i will try move the ISATQ.dll file to the right place (if it was in the wrong place) and i will check the MTU setting.

Regards
Gavin
gavinandrewmcmillanAuthor Commented:
ok here we go:

Firefox worked, but it couldnt get through to Microsoft.com, ISATQ.dll is in the right place under C:\windows\system32\inetsrv\ but i still get that strange message.

I am working on finding out how to change the MTU, fingers crossed that will be the solution!
gavinandrewmcmillanAuthor Commented:
something intersting, http://support.microsoft.com/kb/331062 works, but microsoft.com does not.....
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
To easily change the MTU, download http://tune-up.com 's Tune-Up utilities 2006... It works just fine on an SBS, and is free for 30 days.

There's a system optimization wizard which will change the MTU's as well as the http threads for you.  It might even find out what else ails the server.  Just don't use the registry cleaner on it unless you review EACH item.  (although it has a great restore feature).

Jeff
TechSoEasy
gavinandrewmcmillanAuthor Commented:
Im downloading it now, will keep you up to date!!

Regards
Gavin
gavinandrewmcmillanAuthor Commented:
Ok i installed Tune-Up and ran the system optimization wizard, aswell as a couple of other tests, it picked up a few registry errors but that is all. Unfortunately i am still unable to access microsoft.com

I have also confirmed that i have the latest service pack for ISA 2000, i will do a repair install tonight in case there was any errors during installation, but i am sure it should be find.

I also have an all open out policy in place meaning that the firewall wont restrict any outgoing access so this should not block microsoft.com

Any other ideas guys? this is driving me nuts!! I also have Trend Micro Client Server Messaging installed, do you think this could be what is blocking it?

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Do you have a laptop you can plug directly into your router?  Bypassing your server will give you one area of elimination for troubleshooting.

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Also, we never got the DNSDIAG to run.  Please try installing it on a Windows XP machine instead and it will run from there.

And, what version of Trend CSM are you running?  If 3.0, have you disabled the Personal Firewall service?

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
One other thing to look at is the binding order of your NICs.  Open up the Network Connections and click on Advanced > Advanced Settings... and make sure that the Internal NIC is listed first.  Also, uncheck File & Print sharing on your EXTERNAL NIC, if it's checked.  (Not really related... but since you're there you might as well take care of this... most people leave it enabled which is not a good idea).

One other thing I just noticed in reviewing the entire thread... you said you just downloaded the latest SP for ISA 2000.  This tells me that you haven't installed Service Pack 1 for SBS yet (which would take you to ISA 2004, btw -- but going to ISA 2004 is not required to complete the Service Pack installation).  SP1 fixes A LOT of issues and ensures that you're completely up-to-date in all areas.  I'd highly suggest that you install it.  http://sbsurl.com/sp1 for more info.

Jeff
TechSoEasy

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gavinandrewmcmillanAuthor Commented:
Hi Jeff

Im out of the office today but can answer a couple of questions, It is definately a problem with the server, i have bypassed it by plugging a laptop straight into the router and it has all worked as expected, had no problems with DNS.

I do have CSM 3.0 and have disabled the firewall as i am using ISA's firewall.

As far as the upgrade for SBS, would this not hapen automatically through windows updates? i know that all updates as far as automatic updates have gone through and is all up to date, however if it is a manual upgrade then i will definately get that done over the weekend.

I will put DNSDIAG onto one of the XP machines when i get back into the office later today!

Thanks for your help so far!

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No, Service Pack updates must be done manually because they may affect other settings and software.  It is a major OS upgrade and since it DOES fix so many things, I would definitely suggest it.  Carefully review the instructions at http://sbsurl.com/sp1 and then apply the Service Packs as recommended.

That should correct the error caused in ISA as noted above.

Jeff
TechSoEasy
gavinandrewmcmillanAuthor Commented:
Excellent, i will do this tonight after work, or tomorrow when no one is in the network.

Regards
Gavin
gavinandrewmcmillanAuthor Commented:
wooo hoooo I can now access Microsoft.com!!!

Thanks heaps for you help Jeff.

To sumarise the answer to this question: Needed to upgrade to Windows SBS Server Premium 2003 SP1.

I will install the update for ISA and SQL, but i have to order the disk from Microsoft.

Regards
Gavin
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Congrats Gavin!  Glad you got it all working!

Jeff
TechSoEasy
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.