SBS2003 server has Internet access but clients don't
An SBS2003 Std server that I manage has stopped providing Internet access to all of its client machines. The server itself can access the Web just fine, and there is also a site-to-site IPSEC VPN which is working as well. The client computers can also access the VPN. There is obviously something at the server end which I need to change to give Internet access back. I've run the SBS Internet Connection Wizard a few times, and the DHCP is set up in the usual way (Router/DNS Server/WINS Server are set to 192.168.10.1), the server's gateway is set to 192.168.1.250 which is the Draytek router. (I've also restarted the server to no avail)
The server is running on one network card so maybe there's some protocol or configuration missing here. Is there some sort of web proxy service needing reconfigured?
A point of note perhaps is that the server was formerly on two NIC's but I changed this to one and also changed the server's internal IP with the wizard; I manually updated the gateway, DNS and DHCP settings etc myself. But everything was running fine for a good number of days before this with no hiccups, so I don't think it's related to that. Also, client machines seem to be able to resolve remote domain names but just can't ping/access them. If you could give me a few pointers this would be appreciated.
The server is running on one network card so maybe there's some protocol or configuration missing here. Is there some sort of web proxy service needing reconfigured?
A point of note perhaps is that the server was formerly on two NIC's but I changed this to one and also changed the server's internal IP with the wizard; I manually updated the gateway, DNS and DHCP settings etc myself. But everything was running fine for a good number of days before this with no hiccups, so I don't think it's related to that. Also, client machines seem to be able to resolve remote domain names but just can't ping/access them. If you could give me a few pointers this would be appreciated.
ASKER
Sorry for not providing more detail. In the past I've posted too much detail in my first question and it seems to scare people away because I often get no replies!
Server: 192.168.10.250, subnet 255.255.255.0
Draytek router: 192.168.10.254, subnet 255.255.255.0
DHCP clients: 192.168.10.10 up to 10.240, subnet 255.255.255.0
The Draytek can ping the clients and the clients can ping the Draytek.
All clients are DHCP. The clients were previously using the Draytek as the gateway but I then set them to use the SBS as the gateway instead just an hour or two ago, but no joy. (This was all configured through SBS's DHCP 192.168.10.x scope options)
Another strange thing that happened a few days back is that Internet access re-appeared for the clients, and about 12 hours later it stopped again. Nothing overly strange appeared in the event logs either. I notice the WinHTTP service starting and stopping periodically but this is normal from what I have read.
Server: 192.168.10.250, subnet 255.255.255.0
Draytek router: 192.168.10.254, subnet 255.255.255.0
DHCP clients: 192.168.10.10 up to 10.240, subnet 255.255.255.0
The Draytek can ping the clients and the clients can ping the Draytek.
All clients are DHCP. The clients were previously using the Draytek as the gateway but I then set them to use the SBS as the gateway instead just an hour or two ago, but no joy. (This was all configured through SBS's DHCP 192.168.10.x scope options)
Another strange thing that happened a few days back is that Internet access re-appeared for the clients, and about 12 hours later it stopped again. Nothing overly strange appeared in the event logs either. I notice the WinHTTP service starting and stopping periodically but this is normal from what I have read.
Hi smickell,
Can you post an ipconfig /all from the server and one workstation?
Many thanks
tigermatt
Can you post an ipconfig /all from the server and one workstation?
Many thanks
tigermatt
Check the DNS address settings on the SBS2003 server and at workstations ,
now your SBS server Ip address ( assuming that internal dns server configured/installed...rig
Regards,
V.K.
now your SBS server Ip address ( assuming that internal dns server configured/installed...rig
Regards,
V.K.
ASKER
Windows IP Configuration
Host Name . . . . . . . . . . . . : LDBSERVER
Primary Dns Suffix . . . . . . . : ldb.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : ldb.local
Ethernet adapter North_Internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Server Adapter
Physical Address. . . . . . . . . : 00-15-17-16-C5-3A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.250
DNS Servers . . . . . . . . . . . : 192.168.10.1
Primary WINS Server . . . . . . . : 192.168.10.1
That is the output from the server. I'm not in the office at the minute to get access to one of the client computers.
The DNS seems to be configured just the same as my other servers. One thing though - when I go to populate the root hints page (through right-clicking server, 'Configure DNS Server, root hints only), it resolves IP addresses of only about 50% of the root server names - their IP addresses come up as 'unknown.'
In the DNS properties, the Interface is 192.168.10.1 (the server) and the forwarders are two BT Broadband DNS servers. I've just tried pinging the problematic root servers directly from the Draytek and the same problem happens. Maybe it's a problem with BT's (our ISP) DNS servers?
Host Name . . . . . . . . . . . . : LDBSERVER
Primary Dns Suffix . . . . . . . : ldb.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : ldb.local
Ethernet adapter North_Internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Server Adapter
Physical Address. . . . . . . . . : 00-15-17-16-C5-3A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.250
DNS Servers . . . . . . . . . . . : 192.168.10.1
Primary WINS Server . . . . . . . : 192.168.10.1
That is the output from the server. I'm not in the office at the minute to get access to one of the client computers.
The DNS seems to be configured just the same as my other servers. One thing though - when I go to populate the root hints page (through right-clicking server, 'Configure DNS Server, root hints only), it resolves IP addresses of only about 50% of the root server names - their IP addresses come up as 'unknown.'
In the DNS properties, the Interface is 192.168.10.1 (the server) and the forwarders are two BT Broadband DNS servers. I've just tried pinging the problematic root servers directly from the Draytek and the same problem happens. Maybe it's a problem with BT's (our ISP) DNS servers?
"Maybe it's a problem with BT's (our ISP) DNS servers?"
Are your DNS servers in forwarders set to 194.74.65.68 and 194.72.0.114? I happen to also have a BT Broadband connection and have those set as my DNS forwarders, fortunately everything is working fine for me!
Are your DNS servers in forwarders set to 194.74.65.68 and 194.72.0.114? I happen to also have a BT Broadband connection and have those set as my DNS forwarders, fortunately everything is working fine for me!
Can you ping 212.58.224.88?
This is the BBC website. If you can ping using an ip address it show that it is the DNS server that are down. Also try a few other ping to IP address in case BBC block pings.
If you dont get anywhere then it must be your connection.
I have a had a few calls to our helpdesk about people who cant access certain websites, this came from the midlands so maybe there is a DNS server down.
This is the BBC website. If you can ping using an ip address it show that it is the DNS server that are down. Also try a few other ping to IP address in case BBC block pings.
If you dont get anywhere then it must be your connection.
I have a had a few calls to our helpdesk about people who cant access certain websites, this came from the midlands so maybe there is a DNS server down.
ASKER
Clients can resolve the BBC domain name to an IP address but are unable to ping or access it. The server can resolve & ping. If the server & Draytek router can both access it then BT's DNS servers are operating fine for us, and there isn't a problem with the actual Internet connection. Surely it has to be something to do with the server as a result of this?
Any ideas when you will be able to get an ipconfig /all from a client machine? That's really what we need to investigate the issue further.
Cheers
tigermatt
Cheers
tigermatt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
All seems to be in order with your client ipconfig /all output, the gateway and DNS server is set correctly, which was my main concern before. You seem experienced with SBS 2003, so I doubt it would be a setting on the server. It could be the router simply isn't capable of both VPN and traffic from the LAN, or maybe the MTU setting was restricting the flow of traffic from VPN users, which could have caused the problem.
The only way really to troubleshoot if it happens again is to disconnect all the VPN clients and see if it comes back online for the LAN.
Hope this helps
The only way really to troubleshoot if it happens again is to disconnect all the VPN clients and see if it comes back online for the LAN.
Hope this helps
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator
Im having the same exact issue right now with a cisco pix firewall as the router DC works great has steady internet but the clients do not ! We are also on a IPSEC TUNNEL.
Hope this helps
tigermatt :-)