Solved

How to troubleshoot Internet Issue on Windows 2003 SBS?

Posted on 2009-07-13
66
252 Views
Last Modified: 2012-05-07
Hello All, I have recently configured a Windows 2003 SBS as an Exchange Server running DNS services as well on my LAN.  Everything seems to be working correctly.  Email is flowing through, ns-lookups on lan are resolving, ns-lookup on google.com and other Iinternet addresses are resolving as non-authoritive.  DNS eventviewer is clear.  However, I cannot get the server to browse internet pages.  I believe my problem lies in the DNS Server settings but I would like some assistance with this.

Thank You in advance to all that decide to assist.
0
Comment
Question by:manny_lenis
  • 31
  • 22
  • 12
  • +1
66 Comments
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
On the DNS server settings are you forwarding to your ISP's perferred DNS servers?    The SBS server is pointing to itself for DNS?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Dont think so.  How can i check?
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Call you ISP ask for the perferred DNS server IPs.    I would get at least two.

Then open DNS Server and right click on the server select properties -->  Forwarders tab, populated this with the ISP perferred DNS servers you get from the ISP.

Then open the NIC properties and make sure you have the DNS server settings pointing to itself.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
If the clients are able to get onto the web, then the DNS sounds like it is setup properly and forwarding to the ISP's DNS server.
What are the IP settings on the Server's Network Card?  They should be set as static and may be wrong.
Start, Run, ncpa.cpl (enter)
Double-click on internet protocol (TCP/IP) and report on all the settings please.
Alternatively, open up IE, Click on Tools, Internet Options, Connections Tab, Lan Settings Button and make sure that all settings are unchecked.
Close IE down and try again.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Ok i received my preffered DNS servers from my ISP. Forwarders seem to be correct.  And the nic card has itself as the preffered server then i have the 12.127.16.69 as the 2nd.
dns.doc
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Can you ping these two DNS servers?

Also for Active Directory to work properly they need to only query AD DNS servers.   So I would have the SBS box and all the workstations point to the SBS server
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Cannot ping those addresses.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Have you read my comment yet?
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
This might be the issue can you ping 4.2.2.4 ?

If so for a test set this IP as the forwarder and remove the others.   See if you get internet.

If you can't there is some type of connectivity issue going on...firewall or other.
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
That is if you can't ping you have a connectivity issue...
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
cannot ping that address.  I am receiving mail through that server and i am able to connect from outside to that server using https://domain.com/exchange
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
You have some odd connectivity going on more than likely at the firewall.    I would check the outbound logs to see what the story is or the rules.    See if port 80 is blocked or something else.

4.2.2.4, 12.127.16.68, and 12.127.16.69 are all pingable for me.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Manny_lenis.
I offered some suggestions to you over half-an-hour ago.  Have you looked at my suggestions or should I stop monitoring this question and leave EndureKona to assist you.
The idea of Experts Exchange is that you may get several suggestions from more than one Expert and one or more of those suggestions may work.  It would be nice to know that I am not wasting my time trying to help you ;-)
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Im trying all that you have suggested. Still nothing.  Ill be looking at the firewall logs in a minute.
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Also hopefully you checked Alan's suggestion for the proxy settings in IE
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Thank you - can you please post the IP configuration info from your Network Card
Start, run, cmd (enter)
ipconfig /all >c:\ipconfig.txt
Then upload c:\ipconfig.txt to this question please.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
As per your request.
ipconfig.txt
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
No prxy server address in IE
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Ok try to see if IE is having issues...install Firefox...pull the installer from one of your workstations.    

From the workstations that get internet you have the same default gateway?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Ive tried Firefox before starting thread.  Same issue. Same gateway on server as all workstations
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
All your workstations are fine only the SBS server?   What type of firewall do you have?   Does it have limited (licenses) nodes?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Only the SBS.  Watchguard firewall.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - that looks okay.
Can you test DNS on the server by clicking on Start, Programs, Administrative Tools, DNS.
Expand the DNS tree until you can see your server.  Right click on your server and choose properties.  Click on the monitoring tab and select both the simple and recursive queries.  Then click on the Test Now button.
If the results in the window below both say pass, uncheck both check boxes and close DNS down.
If all is well, then the problem is probably tcp/ip related, or may be IE related.
from a DOS prompt - please type nslookup www.microsoft.com >c:\nslookup.txt and copy the c:\nslookup.txt file to this question.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
PASSED
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I expected it would!
What about nslookup on the server?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Here is the nslookup output
nslookup.txt
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - so nslookup works, so have you checked the IE settings I mentioned?
If you have, please run from a DOS prompt
netsh winsock reset
then test again.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Is restart a requirement?  I'd hate to take it down while users are logged on. Re-Checking IE
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No restart required.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
At least not immediately!  You will have to to complete the reset.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
IE looks good.  Still no Internet.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Checking firewall....
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Watchguard -->  Under System Status --> Option -->  User Licenses how many are you licensed for?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
As this is SBS, if you have tried everything, re-run the Configure Email & Internet Connection Wizard.
Start, Server Management, To Do List, Connect To The Internet.
Run through to completion and that should sort it.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
alanhardisty i will try.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
EndureKona dont see those options on my watchguard Firebox X500
0
 

Expert Comment

by:djclause
Comment Utility
Are you using 2 network cards in your SBS or 1??

If only 1, then the "connect to the Internet" will not run, it is designed to use a public and private nic, and if you have an external firewall I am guessing 1 network card.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
1 NIC.  Still no luck after running  Configure Email & Internet Connection Wizard.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
djclause - the Wizard will run happily - not sure why you think it won't.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Reboot the server when you can they try again.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Rebooting......
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Not sure if this plays a role but I have a 1-to-1 Nat setup on my firewall where all traffic from mail.eaglebrands.com goes to my mail servers local ip.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Im pinging google.com and i dont even see the pings on the firewall traffic log
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Have you reset IE settings?
Tools, Internet Options, Advanced Tab. Restore and Reset settings.
Close and then re-open IE and test.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Still no luck.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
im going to upload 2 tracert files. one from a workstation the other from the sbs. Please take a look. 192.168.100.1 is my firewall.
from-workstation.txt
from-sbs.txt
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Can you power cycle the watchguard?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Rebooting...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Certainly seems to be firewall related!
0
 
LVL 20

Expert Comment

by:EndureKona
Comment Utility
Sorry guys I have played around too much today and need to do some work.   I agree with Alan on the firewall issue with the tracert you posted.    My one question about the user licenses I know there are firewalls out there like watchguard, Cisco Pix, and Sonicwalls (and others) that have limited outbound licenses.   You might want to look at this on the Watchguard.    This will come and go...lets say you have 10 lices and 10 workstations your SBS server is 11th...then the next two you have two users out...and the SBS box will work.

Or there is really something wrong with the watchguard...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No problems EndureKona - I'm at home getting dinner ready, so will be near my computer for the rest of the evening.  You go do some real work ;-)
Alan
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Thanks EndureKona for your help
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Manny_lenis - did you reboot the firewall?
Any joy yet?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Rebooted.  No Joy.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Can you put the server in the DMZ for a moment or two - would not normally suggest this, but need to rule out the firewall.  Test then take out of the DMZ.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
oK just to do a test i changed the servers ip to something else and it let me get on the internet no problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - then your firewall config is blocking the IP of your server by the looks of things.
Are you a Watchguard guru?
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
Not really more of a cisco guy.  Im doing this as a favor for one of my buddies.  The only thing that I can see is that the one-to-one nat has something to do with it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Would you permit me to jump on remotely to look at the Firewall?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Alternatively, get the people who manage / configure the firewall to check it out and correct the issue.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
can you vnc?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No.  But we can use www.teamviewer.com
Please refer to my profile for contact details.
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
340 162 837
0
 
LVL 3

Author Comment

by:manny_lenis
Comment Utility
4822
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
You have a NAT Exception for your Server's internal IP Address.  If you remove it, you will gain internet access.
Open up Watchguard Firewall
Click on Setup, NAT.
Click on the Advanced Button
Click on Dynamic NAT Exceptions Tab
Remove the Exception for your mail server
Save the configuration to the Watchguard.
Surf away!
0
 
LVL 3

Author Closing Comment

by:manny_lenis
Comment Utility
alanhardisty, very professional and patient and knowledgeable.  

Thanks

Manny Lenis
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now