New and guest PCs connot connect to any IP outside of the private subnet
Posted on 2008-01-31
W2K3 SB server on latest SP and patches, two stand-alone W2K3 servers also all updated with latest SPs and patches, all PCs on a domain, WatchGuard firewall, single subnet of 192.168.x.x, no ISA, IIS for internal use only company web page, no VPN, no routing and remote access configured.
Any new PC added to the domain using the wizard, and any guest PC that attaches to the physical layer, cannot reach an IP address outside of the private subnet. The new and guest PCs cannot ping an outside address or any of the usual TCP ports on an outside IP address (e.g. WEB Url, FTP, Telnet, SMTP, etc.)
The new and guest PCs can ping any address on the private subnet and can reach the company web site. The new and guest PCs can reach a web site if they are taken off-site and used on another LAN.
THe problem clearly lies with the configuration of the LAN itself, not the new and guest PCs.
OTHER INFORMATION AND FAILED SOLUTIONS
No errors or warnings appear in the server event logs or the logs of the PCs, router is not logging any denials of service (I am working on configuring the firewall for more verbose logging but so far nothing.
The server is the DHCP server, the PCs sucessfully obtain an IP address and correct IP Config info. If the new PCs are joined to the domain, and even if they are configured to add the doman Administrator account to the local PC SAM, they still cannot reach an external IP.
I have looked at the fire wall and there are not rules set to block outgoing traffic. Only one 'Allow All' rule exists in the firewall for outgoing traffic. Nothing changes when I explicitly set a new rule to, for example, allow HTTP traffic.
No VPNs exist. No DHCP scope or server rules exist beyond a definition of the router, gateway, address scope -- the default usual stuff and it is all correct.
In theory, I am the only one who makes infrastructure changes to the network and i am not aware of any changes having been made (besides the normal Windows updates) for at least six months - previous to this problem appearing.
PROBLEM AS I AM CURRENTLY APPROACHING THE PROBLEM
something is blocking access to the internet for new IP addresses. What besides the firewall and DHCP be keeping track of access rules assigned to IP addresses.
I'm flumuxed -- It has to be really straight forward and likely something I did an just don't remember doing -- something that would not warrant being entered into the Server Work and Change Log.