Solved

I can not reach our company website from inside our network.

Posted on 2009-07-06
26
641 Views
Last Modified: 2013-11-30
I can not reach our company website from inside our network.  I called up iserv who hosts the site everything is fine. All users including servers can not connect. outside of network connects fine.
0
Comment
Question by:Johne75
  • 12
  • 7
  • 3
  • +2
26 Comments
 
LVL 4

Expert Comment

by:navdhanjal
Comment Utility
What kind of DNS are you running?

Are you in an active directory domain? Is the AD domain name the same as the website domain name?
0
 

Author Comment

by:Johne75
Comment Utility
yes AD domain. names are different
0
 
LVL 4

Expert Comment

by:navdhanjal
Comment Utility
Can you run NSLOOKUP from any computer within your domain - type in the web address of your site, and then look at the results.

Is this pointing to an internal IP address or the correct external IP address?

If it is pointing internally, this is a DNS issue.
0
 

Author Comment

by:Johne75
Comment Utility
NS lookup points to external address.
NS lookup also says DNS request timed out after listing the external IP address
When I ping www.flow-rite.com it returns a different IP Address than the NS lookup does and also says TTL expired in transit. Although no packets were lost, all sent and recieved.
0
 
LVL 4

Expert Comment

by:navdhanjal
Comment Utility
On your primary DNS server, please run:

ipconfig /registerdns

Then run the NSLOOKUP again - shouldn't timeout...that fixes one problem.

In regards to Ping giving you a different address...do you have more than one DNS server? Please ping again after running the registerdns command...**might** fix the problem
0
 

Author Comment

by:Johne75
Comment Utility
no changes. only one dns server. see attached file
FRC-TRBLSHT.JPG
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
If the company web site is behind the same firewall as your machine and the DNS server is providing a public IP address, you have two options:

1) use an internal DNS server which hands out the private IP address

2) check to see if you can configure your firewall for 'DNS doctoring' or allowing traffic back in the same interface from which it left
0
 

Author Comment

by:Johne75
Comment Utility
company website is not behind firewall. It is hosted by an external source.
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
where does it die:

> tracert 206.114.37.232
0
 

Author Comment

by:Johne75
Comment Utility
request times out again
0
 
LVL 1

Expert Comment

by:hansle
Comment Utility
If you know the IP address of the web site, you can add the entry to your hosts file.

the host file is located in %windir%\system32\drivers\etc

Click START | RUN
type "%windir%\system32\drivers\etc\hosts" in the run box

A dialog box will open asking what program you wish to open the hosts file with. Choose WORDPAD.

Your hosts file will look similar to the following:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Just add an entry at the bottom with the IP address first followed by the domain like:
123.123.123.123  www.mywebsite.com
Then close and save the hosts file and reopen your web browser and it should take you to your site


0
 

Author Comment

by:Johne75
Comment Utility
hansle,
If I do this on the primary DNS server will it work for all users? All users and servers are having the issue not just one user or server. This seems like a workaround and not the actual solution to the cause of the problem.  
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

This is not a DNS or name resolution issue. Concentrate on TTL Expired in Transit. It implies a routing loop, or at least a bad route.

Did you run TraceRt at all? It should have given you something back unless you block ICMP from your own firewall.

Note that the commands run above in the screenshot are not valid. The first shows you entering the NsLookup prompt, it has it's own "shell" you see. Once in there you can't use regular command line things (including NsLookup itself).  For example, you might type this (without the prompts, just for illustrative purposes):

C:\> nslookup
> set type=mx
> set debug
> yourdomain.com

Which would show you rather more than this:

C:\> nslookup -q=mx yourdomain.com

Chris
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
What Chris said and output of the tracert would help.  If ICMP is blocked by the firewall, temporarily turn it on.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Sorry Jesper, I meant to credit you for the request for that one (since I feel it's very much the right path to follow) :) Stuck the question on monitor before leaving the office, it got rather busy while I was on the train.

Chris
0
 

Author Comment

by:Johne75
Comment Utility
ah I see now chris. Thanks this is not my area of expertise. attached is the tracert.
FRC-TRBLSHT2.JPG
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Can you browse the site now? The trace above suggests you should get a response if you ping it as well.

This was done from within the network I assume?

Chris
0
 

Author Comment

by:Johne75
Comment Utility
yes this was done from inside the network and no I still can not get out to it.
0
 

Author Comment

by:Johne75
Comment Utility
TTL expired in transit still shows in the ping
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Okay. So...

ping www.flow-rite.com

Gives you:

Pinging www.flow-rite.com [IP] with 32 bytes of data:

Then the TTL Expired in Transit message? Or has that changed?

And can you try this one:

telnet www.flow-rite.com 80

Success is indicated by a blank screen, otherwise it'll give you a message saying it failed.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Ahead of me :)

That's quite bizarre. Tracert should have failed if you're getting that error message. Re-running Tracert shows exactly the same path?

Chris
0
 

Author Comment

by:Johne75
Comment Utility
different now see attached
FRC-TRBLSHT3.JPG
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

That's what I wanted to see :-D

iserv.net have a very clear routing loop.

If they host your site you should get in touch with them, give them that screenshot, if they're just someone along the way you need to raise this with your ISP (who will escalate it with theirs, etc).

It might clear up by itself, someone should be monitoring for that kind of thing if you wait, but that's never fun.

Whatever happens, nothing on the inside of your own network can be changed to fix this.

Chris
0
 

Author Comment

by:Johne75
Comment Utility
why can others get to it outside our network?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Different routes, any serious host will have more than one into the network. Besides, this also appears to be transient, notice that v-11.coresw1.grr.iserv.net sends it down a different path when it's working (as your first tracert showed).

Probably broken route advertising, or a faulty load balancer.

Chris
0
 

Author Comment

by:Johne75
Comment Utility
Well, iserv says nothing changed on there end (yeah right) but we had to change our A record for it to work which has never changed in the 10 years I have worked here. Thanks everyone for your help!
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now