?
Solved

I can not reach our company website from inside our network.

Posted on 2009-07-06
26
Medium Priority
?
651 Views
Last Modified: 2013-11-30
I can not reach our company website from inside our network.  I called up iserv who hosts the site everything is fine. All users including servers can not connect. outside of network connects fine.
0
Comment
Question by:Johne75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 7
  • 3
  • +2
26 Comments
 
LVL 4

Expert Comment

by:navdhanjal
ID: 24786671
What kind of DNS are you running?

Are you in an active directory domain? Is the AD domain name the same as the website domain name?
0
 

Author Comment

by:Johne75
ID: 24786870
yes AD domain. names are different
0
 
LVL 4

Expert Comment

by:navdhanjal
ID: 24787031
Can you run NSLOOKUP from any computer within your domain - type in the web address of your site, and then look at the results.

Is this pointing to an internal IP address or the correct external IP address?

If it is pointing internally, this is a DNS issue.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 

Author Comment

by:Johne75
ID: 24787135
NS lookup points to external address.
NS lookup also says DNS request timed out after listing the external IP address
When I ping www.flow-rite.com it returns a different IP Address than the NS lookup does and also says TTL expired in transit. Although no packets were lost, all sent and recieved.
0
 
LVL 4

Expert Comment

by:navdhanjal
ID: 24787299
On your primary DNS server, please run:

ipconfig /registerdns

Then run the NSLOOKUP again - shouldn't timeout...that fixes one problem.

In regards to Ping giving you a different address...do you have more than one DNS server? Please ping again after running the registerdns command...**might** fix the problem
0
 

Author Comment

by:Johne75
ID: 24787396
no changes. only one dns server. see attached file
FRC-TRBLSHT.JPG
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24787439
If the company web site is behind the same firewall as your machine and the DNS server is providing a public IP address, you have two options:

1) use an internal DNS server which hands out the private IP address

2) check to see if you can configure your firewall for 'DNS doctoring' or allowing traffic back in the same interface from which it left
0
 

Author Comment

by:Johne75
ID: 24787456
company website is not behind firewall. It is hosted by an external source.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24787499
where does it die:

> tracert 206.114.37.232
0
 

Author Comment

by:Johne75
ID: 24787556
request times out again
0
 
LVL 1

Expert Comment

by:hansle
ID: 24787569
If you know the IP address of the web site, you can add the entry to your hosts file.

the host file is located in %windir%\system32\drivers\etc

Click START | RUN
type "%windir%\system32\drivers\etc\hosts" in the run box

A dialog box will open asking what program you wish to open the hosts file with. Choose WORDPAD.

Your hosts file will look similar to the following:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Just add an entry at the bottom with the IP address first followed by the domain like:
123.123.123.123  www.mywebsite.com
Then close and save the hosts file and reopen your web browser and it should take you to your site


0
 

Author Comment

by:Johne75
ID: 24787636
hansle,
If I do this on the primary DNS server will it work for all users? All users and servers are having the issue not just one user or server. This seems like a workaround and not the actual solution to the cause of the problem.  
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24787674

This is not a DNS or name resolution issue. Concentrate on TTL Expired in Transit. It implies a routing loop, or at least a bad route.

Did you run TraceRt at all? It should have given you something back unless you block ICMP from your own firewall.

Note that the commands run above in the screenshot are not valid. The first shows you entering the NsLookup prompt, it has it's own "shell" you see. Once in there you can't use regular command line things (including NsLookup itself).  For example, you might type this (without the prompts, just for illustrative purposes):

C:\> nslookup
> set type=mx
> set debug
> yourdomain.com

Which would show you rather more than this:

C:\> nslookup -q=mx yourdomain.com

Chris
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24787827
What Chris said and output of the tracert would help.  If ICMP is blocked by the firewall, temporarily turn it on.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24787867

Sorry Jesper, I meant to credit you for the request for that one (since I feel it's very much the right path to follow) :) Stuck the question on monitor before leaving the office, it got rather busy while I was on the train.

Chris
0
 

Author Comment

by:Johne75
ID: 24787887
ah I see now chris. Thanks this is not my area of expertise. attached is the tracert.
FRC-TRBLSHT2.JPG
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24787914

Can you browse the site now? The trace above suggests you should get a response if you ping it as well.

This was done from within the network I assume?

Chris
0
 

Author Comment

by:Johne75
ID: 24787930
yes this was done from inside the network and no I still can not get out to it.
0
 

Author Comment

by:Johne75
ID: 24787944
TTL expired in transit still shows in the ping
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24787951

Okay. So...

ping www.flow-rite.com

Gives you:

Pinging www.flow-rite.com [IP] with 32 bytes of data:

Then the TTL Expired in Transit message? Or has that changed?

And can you try this one:

telnet www.flow-rite.com 80

Success is indicated by a blank screen, otherwise it'll give you a message saying it failed.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24787958

Ahead of me :)

That's quite bizarre. Tracert should have failed if you're getting that error message. Re-running Tracert shows exactly the same path?

Chris
0
 

Author Comment

by:Johne75
ID: 24788007
different now see attached
FRC-TRBLSHT3.JPG
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24788029

That's what I wanted to see :-D

iserv.net have a very clear routing loop.

If they host your site you should get in touch with them, give them that screenshot, if they're just someone along the way you need to raise this with your ISP (who will escalate it with theirs, etc).

It might clear up by itself, someone should be monitoring for that kind of thing if you wait, but that's never fun.

Whatever happens, nothing on the inside of your own network can be changed to fix this.

Chris
0
 

Author Comment

by:Johne75
ID: 24788050
why can others get to it outside our network?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24788074

Different routes, any serious host will have more than one into the network. Besides, this also appears to be transient, notice that v-11.coresw1.grr.iserv.net sends it down a different path when it's working (as your first tracert showed).

Probably broken route advertising, or a faulty load balancer.

Chris
0
 

Author Comment

by:Johne75
ID: 24858755
Well, iserv says nothing changed on there end (yeah right) but we had to change our A record for it to work which has never changed in the 10 years I have worked here. Thanks everyone for your help!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question