We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

I can not reach our company website from inside our network.

Johne75
Johne75 asked
on
Medium Priority
688 Views
Last Modified: 2013-11-30
I can not reach our company website from inside our network.  I called up iserv who hosts the site everything is fine. All users including servers can not connect. outside of network connects fine.
Comment
Watch Question

What kind of DNS are you running?

Are you in an active directory domain? Is the AD domain name the same as the website domain name?

Author

Commented:
yes AD domain. names are different
Can you run NSLOOKUP from any computer within your domain - type in the web address of your site, and then look at the results.

Is this pointing to an internal IP address or the correct external IP address?

If it is pointing internally, this is a DNS issue.

Author

Commented:
NS lookup points to external address.
NS lookup also says DNS request timed out after listing the external IP address
When I ping www.flow-rite.com it returns a different IP Address than the NS lookup does and also says TTL expired in transit. Although no packets were lost, all sent and recieved.
On your primary DNS server, please run:

ipconfig /registerdns

Then run the NSLOOKUP again - shouldn't timeout...that fixes one problem.

In regards to Ping giving you a different address...do you have more than one DNS server? Please ping again after running the registerdns command...**might** fix the problem

Author

Commented:
no changes. only one dns server. see attached file
FRC-TRBLSHT.JPG
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
If the company web site is behind the same firewall as your machine and the DNS server is providing a public IP address, you have two options:

1) use an internal DNS server which hands out the private IP address

2) check to see if you can configure your firewall for 'DNS doctoring' or allowing traffic back in the same interface from which it left

Author

Commented:
company website is not behind firewall. It is hosted by an external source.
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
where does it die:

> tracert 206.114.37.232

Author

Commented:
request times out again

Commented:
If you know the IP address of the web site, you can add the entry to your hosts file.

the host file is located in %windir%\system32\drivers\etc

Click START | RUN
type "%windir%\system32\drivers\etc\hosts" in the run box

A dialog box will open asking what program you wish to open the hosts file with. Choose WORDPAD.

Your hosts file will look similar to the following:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Just add an entry at the bottom with the IP address first followed by the domain like:
123.123.123.123  www.mywebsite.com
Then close and save the hosts file and reopen your web browser and it should take you to your site


Author

Commented:
hansle,
If I do this on the primary DNS server will it work for all users? All users and servers are having the issue not just one user or server. This seems like a workaround and not the actual solution to the cause of the problem.  
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

This is not a DNS or name resolution issue. Concentrate on TTL Expired in Transit. It implies a routing loop, or at least a bad route.

Did you run TraceRt at all? It should have given you something back unless you block ICMP from your own firewall.

Note that the commands run above in the screenshot are not valid. The first shows you entering the NsLookup prompt, it has it's own "shell" you see. Once in there you can't use regular command line things (including NsLookup itself).  For example, you might type this (without the prompts, just for illustrative purposes):

C:\> nslookup
> set type=mx
> set debug
> yourdomain.com

Which would show you rather more than this:

C:\> nslookup -q=mx yourdomain.com

Chris
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
What Chris said and output of the tracert would help.  If ICMP is blocked by the firewall, temporarily turn it on.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Sorry Jesper, I meant to credit you for the request for that one (since I feel it's very much the right path to follow) :) Stuck the question on monitor before leaving the office, it got rather busy while I was on the train.

Chris

Author

Commented:
ah I see now chris. Thanks this is not my area of expertise. attached is the tracert.
FRC-TRBLSHT2.JPG
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Can you browse the site now? The trace above suggests you should get a response if you ping it as well.

This was done from within the network I assume?

Chris

Author

Commented:
yes this was done from inside the network and no I still can not get out to it.

Author

Commented:
TTL expired in transit still shows in the ping
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Okay. So...

ping www.flow-rite.com

Gives you:

Pinging www.flow-rite.com [IP] with 32 bytes of data:

Then the TTL Expired in Transit message? Or has that changed?

And can you try this one:

telnet www.flow-rite.com 80

Success is indicated by a blank screen, otherwise it'll give you a message saying it failed.

Chris
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Ahead of me :)

That's quite bizarre. Tracert should have failed if you're getting that error message. Re-running Tracert shows exactly the same path?

Chris

Author

Commented:
different now see attached
FRC-TRBLSHT3.JPG
PowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
why can others get to it outside our network?
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Different routes, any serious host will have more than one into the network. Besides, this also appears to be transient, notice that v-11.coresw1.grr.iserv.net sends it down a different path when it's working (as your first tracert showed).

Probably broken route advertising, or a faulty load balancer.

Chris

Author

Commented:
Well, iserv says nothing changed on there end (yeah right) but we had to change our A record for it to work which has never changed in the 10 years I have worked here. Thanks everyone for your help!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.