?
Solved

Server blocking trusted sites?

Posted on 2008-06-26
15
Medium Priority
?
616 Views
Last Modified: 2012-06-27
My server was set back up recently. Everything went pretty smooth but after about a week, a site I go to on a daily basis started not coming up. It is a site I know I had added to my trusted sites but I went back and checked and it wasnt in the list so I put it back. The site worked for a few days and then stopped working. It is still on the trusted list but being blocked by my server. I can not access it from the server or client machines. I decided to check into the GP but the snap in fails to load every time I try. Has anyone had a problem like this? I am not at my server now but I will be in about an hour if any more info is needed.

Thanks!
0
Comment
Question by:Mentiroso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 
LVL 4

Expert Comment

by:Wiired
ID: 21876178
Try disabling Data Execution Prevention on the MMC. This may help you get in to check your GP's. I had this issue with the snappins failing to load and tht resolved that part
0
 

Author Comment

by:Mentiroso
ID: 21876852
Thanks, still stuck out and about but once I get back into the office (hopefully in another hour or so) I will check that out.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21896126
Many MMC problems can be resolved by updating the MMC to the latest version.

As for your website blockage, do you have another on site administrator that may be going in and removing the trusted sites?? If not, then it is pretty curious that the trusted sites ended up missing.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:Mentiroso
ID: 21898433
No, I am the only admin and I can guarantee that everyone else in the office is not doing it. I will update the MMC when I get in town (I have been stuck out of town longer than expected). I sorry for being so slow to try out these solutions but I should be done ASAP.

Thanks!
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 1000 total points
ID: 21900996
Let me tell you what I know about GPOs and plausible fixes for you.

GPOs are saved locally in SYSVOL. Then, they are replicated out to the other domain replication partners through the FRS (File replication Service). After that they are distributed out to other computers and member servers via the DFS (Distributive File Service). If your sites are seen one day and the next gone. It may be a problem with FRS. These policies may not be getting from one server to another. So, you may have intermittant GPOs.

MMC snapins had problems and the latest update may cure that. Once you fix MMC then look on your cluster of servers, in SYSVOL, for the Group policy object that holds the information on your trusted sites. So, you may want to look for FRS errors, like this one>
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23516713.html

If you have the GPOs in the SYSVOL records of your replicating machine. Then, it is probably a DFS error and your SYSVOL shares are not getting shared out. These shares are shared out using Netbios over TCP/IP.

Trusted sites for GPOs may be needed to bypass internet explorer enhanced Security. Here is a little explaination on IEES errors and work arounds for this service.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html
0
 

Author Comment

by:Mentiroso
ID: 21908999
Ok, I fixed the MMC, added the site to the trusted site under a new GPO, tried the site again and it is still being blocked on every client machine and the server itself. If I reboot the server it will work fine for a short period and then just stop, no errors. The site will still be listed under the trusted sites though. Any more info?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21909384
Yah, I think this is an easy fix:

Let's get a network topology from you:

Example: (this is what it sounds like to me)
WWW>>router>>PDCe +1DC, member servers and clients (site1)
VPN connection>>DC, member servers and clients (site2)
0
 

Author Comment

by:Mentiroso
ID: 21909821
Well it is just the internet coming in through a basic linksys router (WRT54G), then a line into the Server which is the Exchange server and PDC, and then the clients go form there. A total of 5 client machines hooked up. There is no second site. It is small time. Also I noticed today that the site that is being blocked is actually only blocked intermittently, it will work mainly in the mornings and stop in the afternoon. It is not the site itself because I checked it from other locations using the same ISP and no problems and it worked fine before the server crashed and everthing had to be reloaded.

So just to put it like you asked:

WWW>>Router>>PDC>>clients and nothing else.  
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21910850
In the server's nic configuration, it should only have itself as the preferred DNS server. Use the IP, and not the loopback address of 127.

Then, do you use forwarders or root hints? Forwarders do recursive lookups, if you have recursive lookups disabled, then you are using root hints.

Intermittancy is usually a sign of the prefered DNS server being an outside server. However, if you have a forwarder that is suppose to be a public Name server in your DNS forwarder's section, then recursive lookups will be denied and you can also get intermittant DNS.
0
 

Author Comment

by:Mentiroso
ID: 21911014
If I am not mistaken the DNS is set up using the IP and not the loopback. I do not use any forwarders or root hints because of the small nature of the company and the fact that the handful of employees have no restrictions on what they do, I just set it up quick and easy up until this road bump.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21912734
OK I think we have your problem:
Under the DNS snapin:
Disable recursive lookups and that will automatically use root hints. To do this go into the DNS snapin and right click it. Select properties. Select the forwarders tab. Disable recursive lookup.

ON ALL NIC CONFIGURATIONS:
Also make sure that NOWHERE on this domain is the Prefered DNS server an outside server. The prefered DNS server should be your server.
To make sure, go to the command prompt and type IPconfig /all. If the prefered DNS server is an outside server, you will have DNS problems and AD problems. So, it is important to get this right.

To change it, (for fixed IPs), go into the NIC configuration, select tcp/ip and choose properties, then configure only your server as the prefered DNS server. (Fixed IP will include the router, some fixed clients and the server).

To change it, (for dynamic IPs), go to the DHCP snapin. Select your DHCP server. expand the DHCP server properties until you get a "options" folder. Double click the folder and edit the prefered DNS server's list. That again will be your server.




0
 

Author Comment

by:Mentiroso
ID: 21917943
Ok, I wont be able to try it today. My son is home sick with a stomach bug so I will try it first thing in the mornign and report back. Thanks for the info!
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 22013075
How goes the battle?
0
 

Author Comment

by:Mentiroso
ID: 22062003
Sorry for the extremely slow response. Been in the hospital with a bad sinus/ear infection. I checked all NIC configurations on all machines, all set to using the server as the DNS, so no outside servers or dynamic servers. I am lost. Everyday it works fine in the morning and around 12pm-1pm it just stops on all computers????
0
 

Author Comment

by:Mentiroso
ID: 22062012
I did check the DHCP snapin and both scopes are set to use the same DNS as the network. Forgot to say that.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question