Solved

.net website not opening in my environment

Posted on 2009-04-07
30
1,887 Views
Last Modified: 2012-05-06
Dear all,

I have a problem in my company environment, that is any website that is having .net extension is not opening. (www.speedtest.net) or something like this.
my environment is : Ms exchange server 2003 sp2 on ms windows server 2003 sp2.
isa server 2004 on ms windows 2003 server sp1.
and i am attaching my isa server policies screen shot also... Please check  order of policies are correct or not, and give some recommendations also for tuning.


isa-server-policies.JPG
0
Comment
Question by:nivasnet
  • 16
  • 14
30 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24085280
I don't see anything wrong with your ISA configuration. I am assuming what you meant was that you are unable to access domains with .net TDL. If that's the case, your problem is actually the DNS server and not ISA. Give me some more information on your DNS setup, I'll see what I can do.
0
 

Author Comment

by:nivasnet
ID: 24085496
hi,

Unable to access meaning here i am getting that page skelton only (please see the attachment speedtest.net webpage). It is happening only for domains having .net tdl.

i have two dns servers.
on the dns servers which information you require.
Please help me,


speedtest.net-webpage.JPG
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24085580
That screen shot looks like your browser is loading the page without the stylesheets. The problem might not be the DNS after-all, can you try accessing the site using a different browser (firefox) and also from a different PC?
0
 

Author Comment

by:nivasnet
ID: 24085651
i tried in firefox also.. (see the attachment).and It is not happening only for my pc. All p.cs in my company having same problem.

speedtest.net-webpage1.JPG
0
 

Author Comment

by:nivasnet
ID: 24085823
As you thought earlier my dns servers having some problem, for finding this which information you require. i will give.

0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24085913
Open a command prompt on the DNS server and run dnscmd /enumzones and copy the output here
0
 

Author Comment

by:nivasnet
ID: 24086497
i am attaching dns server output.

dns-output.JPG
0
 

Author Comment

by:nivasnet
ID: 24086601
i have two dns servers, both servers response is same like above.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24087025
You don't have the resource kit installed so dnscmd will not work. Never mind, can you post screenshots for the below
a) expand your forward lookup zones in DNS MMC
b) output of ipconfig /all from a client PC
c) output of nslookup speedtest.net from a client PC
0
 

Author Comment

by:nivasnet
ID: 24094219
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24095653
Your DNS setup is a little messy.

1. You have a local dns zone for .net with a single record alezelom, you need to remove this .net zone and create a new zone for alezzelom.net with an empty host record pointing to 10.0.0.105
2. The domain clients are using an external servers as their primary and secondary DNS, I am surprised your users aren't complaining about long log-on times. Change that and only use the local servers 10.0.0.2 and 10.0.0.4 for DNS resolution. You can use forwards or root hints in your local DNS servers to allow them to browse the internet.

3. nslookup is fine

Now, I will also need an ipconfig /all from your ISA server so we can nail this once and for all.
0
 

Author Comment

by:nivasnet
ID: 24095745
hi,

There is no pc or server having ip address 10.0.0.105. Why it is used 10.0.0.105.
Why our users used external dns servers as thier primary and secondary dns, because  if they are using local servers they are not able to browse some websites, i mean 'page not displayed error" is coming. to avoid this they are using external dns servers.
 
isa-server-ipconfig-output.JPG
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24096046
1. Delete the .net zone from your DNS server
2. Remove ISP DNS from users' machines
3. Remove any forwarders you have in your DNS Server (right click servername and properties > forwarders tab) and setup your ISPs IPs as forwarders there
4. Edit ISA external interface and remove DNS server entries from the external interface

That should do it.
0
 

Author Comment

by:nivasnet
ID: 24096274
hi,

i have two dns servers, do i need to delete .net zone both places....
i am getting one messge while deleting net zone. (see the attachment)
how to find forwarders in my dns server.
After removing dns servers in external interface on isa server also 'obtaining dns servers addresses automatically is not enabling"  Is it ok ?



while-dns-.net-deleting-message.JPG
after-removing-dns-servers-in-is.JPG
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24096391
You can ignore the error and delete it, it will be deleted from both DNS servers.
You will find the forwarders if you right-click the server name in the DNS MMC and select Properties.
The ISA will use the internal NIC for DNS resolution, so you can leave the external empty.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:nivasnet
ID: 24096534
do i need to wait some time ? because
i followed exactly....
but problem still same....
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24097016
Yes, it will take some time, depending on your configuration. You can speed things up by clearing the cache in your DNS servers (right click server name - Clear cache) and either restarting or running ipconfig /flushdns on the ISA and the client PCs.
0
 

Author Comment

by:nivasnet
ID: 24104228
I clered cache, and i tried today also.... problem not resolved...

what we can do ? other than DNS, Is there any other reason for this ?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24104504
Can you give me the nslookup www.speedtest.net and ipconfig /all outputs from the ISA server and a client pc again please.
0
 

Author Comment

by:nivasnet
ID: 24104996
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24105067
The configurations look alright, did you restart the ISA server and clear cache on both DNS servers?
0
 

Author Comment

by:nivasnet
ID: 24106279
s, i did but same problem
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24107602
Can you try using some other .net site.
0
 

Author Comment

by:nivasnet
ID: 24124528
i tried lot, maximum not opening....

0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24124968
Can you monitor and copy the logs from ISA Server for one of the .net sites please? I would also like to see a new screenshot of a .net site loaded va IE as well.
0
 

Author Comment

by:nivasnet
ID: 24124981
ok
i am attaching one isa server screenshot.
In the dashboard i found not configured as (AD,DHCP,DNS,OTHERS)
Is that reason ?
if so how to configure ?

0
 

Author Comment

by:nivasnet
ID: 24125003
sorry i didn't attach above

isa-dashboard.JPG
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24146791
No, that's not a problem. Are you able to browse these sites from your ISA Server? I don't think ISA can selectively diable stylesheets to certain TLDs in this manner. It might be that your AV or something else running on the PC intercepting the HTTP traffic. Can you try disabling your AV/anti-spyware and try again?
0
 

Author Comment

by:nivasnet
ID: 24146874
I am not able to browse these websites even from my isa server also., for testing purpose i completely removed my AV, i tried problem still same.
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24159096
Casn you supply the ISA Logging output for a .net site browsing session from the client?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
maintenance page 3 301
Exchange 2010 OWA 403 error 7 714
Lync Client 2013 and TMG 2010 8 1,318
Itunes Thru ISA 2000 Server 2 97
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now