Solved

Microsoft, Server operating system, win2k3 SP2, behind a firewall, network problem

Posted on 2008-10-08
10
1,124 Views
Last Modified: 2010-04-21
Hi,

Can anyone help with an internet connection problem from a Win2k3 server ?

We have several servers but one is being a pain in the butt.

The problem machine's function is an application server.

Presently it can talk to machines within the domain but not outside the domain.

We are trying to allow it to talk to the internet.

The Windows Component called IE Enhanced Security Configuration has been removed.

The Service Windows Firewall/ICS has been disabled.

Pathping results for internal computer local1 to internal local2 in another city
local1 and local2 are on same domain.
C:\>pathping local2
Tracing route to local2 [192.168.0.10]
over a maximum of 30 hops:
  0  local1 [192.168.10.9]
  1  63.149.217.214
  2  63.149.217.213
  3  192.168.0.1
  4  local2 [192.168.0.10]
Computing statistics for 100 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           local1 [192.168.10.9]
                                0/ 100 =  0%   |
  1  ---     100/ 100 =100%   100/ 100 =100%  63.149.217.214
                                0/ 100 =  0%   |
  2  ---     100/ 100 =100%   100/ 100 =100%  63.149.217.213
                                0/ 100 =  0%   |
  3   20ms     0/ 100 =  0%     0/ 100 =  0%  192.168.0.1
                                0/ 100 =  0%   |
  4   20ms     0/ 100 =  0%     0/ 100 =  0%  local2 [192.168.0.10]
Trace complete.


Pathping results for internal computer local1 to external google.com
C:\>pathping google.com
Tracing route to google.com [64.233.187.99]
over a maximum of 30 hops:
  0  local1 [192.168.10.9]
  1     *        *        *
Computing statistics for 25 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           local1 [192.168.10.9]
                              100/ 100 =100%   |
  1  ---     100/ 100 =100%     0/ 100 =  0%  local1 [0.0.0.0]
Trace complete.


Microsoft Network Monitor 3.1 result for ping of external computer local1 to google.com . . .
Frame#      TimeOffset      Source      Destination      ProtocolName      Description
4      0.000000      192.168.10.9      192.168.10.10      DNS      DNS: QueryId = 0x1339, QUERY (Standard query), Query  for  google.com of type Host Addr on class Internet
5      0.046875      192.168.10.10      192.168.10.9      DNS      DNS: QueryId = 0x1339, QUERY (Standard query), Response - Success
6      0.046875      192.168.10.9      209.85.171.99      ICMP      ICMP: Echo Request Message, From 192.168.10.9 To 209.85.171.99
17      5.406250      192.168.10.9      209.85.171.99      ICMP      ICMP: Echo Request Message, From 192.168.10.9 To 209.85.171.99
29      10.906250      192.168.10.9      209.85.171.99      ICMP      ICMP: Echo Request Message, From 192.168.10.9 To 209.85.171.99
39      16.406250      192.168.10.9      209.85.171.99      ICMP      ICMP: Echo Request Message, From 192.168.10.9 To 209.85.171.99

Microsoft Network Monitor 3.1 result for ping of internal computer local1 to local2 . . .
Frame#      TimeOffset      Source      Destination      ProtocolName      Description
1      3.656250      192.168.10.9      192.168.10.10      DNS      DNS: QueryId = 0xA935, QUERY (Standard query), Query  for  local2 of type Host Addr on class Internet
2      3.656250      192.168.10.10      192.168.10.9      DNS      DNS: QueryId = 0xA935, QUERY (Standard query), Response - Success
3      3.656250      192.168.10.9      local2           ICMP      ICMP: Echo Request Message, From 192.168.10.9 To 192.168.0.10
4      3.656250      192.168.10.1      192.168.10.9      ARP      ARP: Request, 192.168.10.1 asks for 192.168.10.9
5      3.656250      192.168.10.9      192.168.10.1      ARP      ARP: Response, 192.168.10.9 at 00-0x-yz-za-ab-bc
6      3.703125      192.168.10.1      192.168.10.9      ARP      ARP: Request, 192.168.10.1 asks for 192.168.10.9
7      3.703125      192.168.10.9      192.168.10.1      ARP      ARP: Response, 192.168.10.9 at 00-0x-yz-za-ab-bc
8      3.703125      192.168.10.1      192.168.10.9      ICMP      ICMP: Redirect Message
9      3.703125      local2              192.168.10.9      ICMP      ICMP: Echo Reply Message, To 192.168.10.9 From 192.168.0.10


The Service IPSEC Services is started, but there are No currently assigned Policy
according to netsh ipsec dynamic show all command.
ERR IPSec[05066] : No currently assigned Policy
ERR IPSec[06127] : Mainmode Policies not available.
ERR IPSec[06129] : Quickmode Policies not available.
ERR IPSec[06130] : Generic Mainmode Filters not available.
ERR IPSec[06131] : Specific Mainmode Filters not available.
ERR IPSec[06133] : Generic Quickmode Filters not available.
ERR IPSec[06134] : Specific Quickmode Filters not available.
ERR IPSec[06137] : IPSec MainMode Security Associations not available.
ERR IPSec[06138] : IPSec QuickMode Security Associations not available.
IPSec Configuration Parameters
------------------------------
IPSecDiagnostics       : 0
IKElogging             : 0
StrongCRLCheck         : 1
IPSecloginterval       : 3600
IPSecexempt            : 3
Boot Mode              : Permit
Boot Mode Exemptions   :
Protocol  Src Port  Dst Port  Direction
--------- --------- --------- ---------
UDP           0        68     Inbound
IKE Statistics
--------------
Main Modes                  : 0
Quick Modes                 : 0
Soft SAs                    : 0
Authentication Failures     : 0
Active Acquire              : 1
Active Receive              : 0
Acquire fail                : 0
Receive fail                : 0
Send fail                   : 0
Acquire Heap size           : 1
Receive Heap size           : 0
Negotiation Failures        : 0
Invalid Cookies Rcvd        : 0
Total Acquire               : 0
TotalGetSpi                 : 0
TotalKeyAdd                 : 0
TotalKeyUpdate              : 0
GetSpiFail                  : 0
KeyAddFail                  : 0
KeyUpdateFail               : 0
IsadbListSize               : 0
ConnListSize                : 0
Invalid Packets Rcvd        : 0
IPSec Statistics
----------------
Active Assoc                : 0
Offload SAs                 : 0
Pending Key                 : 0
Key Adds                    : 0
Key Deletes                 : 0
ReKeys                      : 0
Active Tunnels              : 0
Bad SPI Pkts                : 0
Pkts not Decrypted          : 0
Pkts not Authenticated      : 0
Pkts with Replay Detection  : 0
Confidential Bytes Sent     : 0
Confidential Bytes Received : 0
Authenticated Bytes Sent    : 0
Authenticated Bytes Received: 0
Transport Bytes Sent        : 0
Transport Bytes Received    : 0
Bytes Sent In Tunnels       : 0
Bytes Received In Tunnels   : 0
Offloaded Bytes Sent        : 0
Offloaded Bytes Received    : 0


Here are results from netsh diag ping adapter
Network Adapters
     1. [00000001] Intel(R) PRO/1000 XT Server Adapter
        DefaultIPGateway = 192.168.10.1 Same Subnet
                Pinging 192.168.10.1 with 32 bytes of data:
                Reply from 192.168.10.1: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.1: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.1: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.1: bytes=32 time<1ms TTL=0
                Ping statistics for 192.168.10.1:
                    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
                Approximate round trip times in milli-seconds:
                    Minimum = 0ms, Maximum = 0ms, Average = 0ms
        DNSServerSearchOrder = 192.168.10.10
                Pinging 192.168.10.10 with 32 bytes of data:
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Ping statistics for 192.168.10.10:
                    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
                Approximate round trip times in milli-seconds:
                    Minimum = 0ms, Maximum = 0ms, Average = 0ms
                               192.168.0.10
                Pinging 192.168.0.10 with 32 bytes of data:
                Reply from 192.168.0.10: bytes=32 time=20ms TTL=20
                Reply from 192.168.0.10: bytes=32 time=19ms TTL=19
                Reply from 192.168.0.10: bytes=32 time=19ms TTL=19
                Reply from 192.168.0.10: bytes=32 time=18ms TTL=18
                Ping statistics for 192.168.0.10:
                    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
                Approximate round trip times in milli-seconds:
                    Minimum = 18ms, Maximum = 20ms, Average = 19ms
        IPAddress = 192.168.10.9
                Pinging 192.168.10.9 with 32 bytes of data:
                Reply from 192.168.10.9: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.9: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.9: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.9: bytes=32 time<1ms TTL=0
                Ping statistics for 192.168.10.9:
                    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
                Approximate round trip times in milli-seconds:
                    Minimum = 0ms, Maximum = 0ms, Average = 0ms
        WINSPrimaryServer = 192.168.10.10
                Pinging 192.168.10.10 with 32 bytes of data:
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Reply from 192.168.10.10: bytes=32 time<1ms TTL=0
                Ping statistics for 192.168.10.10:
                    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
                Approximate round trip times in milli-seconds:
                    Minimum = 0ms, Maximum = 0ms, Average = 0ms
        WINSSecondaryServer = 192.168.0.10
                Pinging 192.168.0.10 with 32 bytes of data:
                Reply from 192.168.0.10: bytes=32 time=19ms TTL=19
                Reply from 192.168.0.10: bytes=32 time=18ms TTL=18
                Reply from 192.168.0.10: bytes=32 time=19ms TTL=19
                Reply from 192.168.0.10: bytes=32 time=19ms TTL=19
                Ping statistics for 192.168.0.10:
                    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
                Approximate round trip times in milli-seconds:
                    Minimum = 18ms, Maximum = 19ms, Average = 18ms


C:\route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0x xy yz za ab ...... Intel(R) PRO/1000 XT Server Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.10.254     192.168.10.9     10
     192.168.10.0    255.255.255.0     192.168.10.9     192.168.10.9     10
     192.168.10.9  255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255     192.168.10.9     192.168.10.9     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0     192.168.10.9     192.168.10.9     10
  255.255.255.255  255.255.255.255     192.168.10.9     192.168.10.9      1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None

C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : local1
   Primary Dns Suffix  . . . . . . . : local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Server Adapter
   Physical Address. . . . . . . . . : 00-0x-xy-yz-za-ab
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.9
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.10
                                       192.168.0.10
   Primary WINS Server . . . . . . . : 192.168.10.10
   Secondary WINS Server . . . . . . : 192.168.0.10

0
Comment
Question by:ERWSD
  • 5
  • 3
  • 2
10 Comments
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22675159
can you ping 4.2.2.2
can you ping google.com?
0
 

Author Comment

by:ERWSD
ID: 22675463
ping from the problem computer local1 (192.168.10.9) and get a reply from computers in the domain. e.g. i can ping computer local2 and dns resolves local2 to the correct ip address 192.168.0.10 and 192.168.0.10 replies, and that reply is received.

if i ping an internet location from the problem computer local1 (192.168.10.9)  . . . in this example google.com . . . dns resolves it (209.85.171.99 in this example), but there is no reply. Instead I get response "Request timed out."
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22675527
What software firewall do you have on the problem child machine?
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22678974
check your access lists on the firewall to make sure you are allowing all outbound connections on this ip address.  it sounds like its blocking it or not routing it.  Also do you have an IDS device, if so it may be shunning traffic outbound.
0
 

Author Comment

by:ERWSD
ID: 22679368
There is no known firewall on the problem child machine.  Windows firewall is disabled
The problem child machine is on an MPLS network.
The firewall that we manage is on another box. The firewall box is SonicWall 2040.  
Within SonicWall2040, it appears as if the problem box is setup the same as other boxes.
in that there are no different restrictions than other boxes that function as we expect.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 2

Accepted Solution

by:
ScottGranado earned 500 total points
ID: 22679729
so the correct default gateway is: 192.168.10.1 and this is the ip address of your sonicwall 2040?  if so, can you try to change the ip address of the computer to something else.  Possibly something that is already working on the network but you can take off for the purposes of testing.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22691012
Are forwarders configured on this server? It is looking at itself for DNS.
0
 

Author Comment

by:ERWSD
ID: 22691355
We think scott is on the right track . . . but before changing IPs we are going to have a talk with a contractor who manages another firewall in the MPLS network. It may be that IP range 192.168.10.0-9 is reserved for internal use . . .  if that is the case we are gonna try and have the contractor backup the config and then change 192.168.10.9 so that it is treated like our domain server 192.168.10.10 that has external access. If contractor resists we will try scotts method and change the IP. But i think this will wait until monday. Thanks for the ideas.
0
 

Author Comment

by:ERWSD
ID: 22707747
contractor's routers do not have firewall entries . . . so we changed the IP.
something was blocking that IP . . . and our 2nd choice IP was blocked too.
third choice IP worked.
thanks scott.
0
 

Author Closing Comment

by:ERWSD
ID: 31504517
thanks scott.
changed IP until we could access internet (3rd IP choice worked).
something off the box is blocking it outside of our standard firewall and we can't figure out what.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now