?
Solved

How to troubleshoot Internet Issue on Windows 2003 SBS?

Posted on 2009-07-13
66
Medium Priority
?
257 Views
Last Modified: 2012-05-07
Hello All, I have recently configured a Windows 2003 SBS as an Exchange Server running DNS services as well on my LAN.  Everything seems to be working correctly.  Email is flowing through, ns-lookups on lan are resolving, ns-lookup on google.com and other Iinternet addresses are resolving as non-authoritive.  DNS eventviewer is clear.  However, I cannot get the server to browse internet pages.  I believe my problem lies in the DNS Server settings but I would like some assistance with this.

Thank You in advance to all that decide to assist.
0
Comment
Question by:manny_lenis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 31
  • 22
  • 12
  • +1
66 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24841707
On the DNS server settings are you forwarding to your ISP's perferred DNS servers?    The SBS server is pointing to itself for DNS?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24841734
Dont think so.  How can i check?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24841796
Call you ISP ask for the perferred DNS server IPs.    I would get at least two.

Then open DNS Server and right click on the server select properties -->  Forwarders tab, populated this with the ISP perferred DNS servers you get from the ISP.

Then open the NIC properties and make sure you have the DNS server settings pointing to itself.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24841868
If the clients are able to get onto the web, then the DNS sounds like it is setup properly and forwarding to the ISP's DNS server.
What are the IP settings on the Server's Network Card?  They should be set as static and may be wrong.
Start, Run, ncpa.cpl (enter)
Double-click on internet protocol (TCP/IP) and report on all the settings please.
Alternatively, open up IE, Click on Tools, Internet Options, Connections Tab, Lan Settings Button and make sure that all settings are unchecked.
Close IE down and try again.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24841897
Ok i received my preffered DNS servers from my ISP. Forwarders seem to be correct.  And the nic card has itself as the preffered server then i have the 12.127.16.69 as the 2nd.
dns.doc
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24841906
Can you ping these two DNS servers?

Also for Active Directory to work properly they need to only query AD DNS servers.   So I would have the SBS box and all the workstations point to the SBS server
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24841970
Cannot ping those addresses.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842004
Have you read my comment yet?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842025
This might be the issue can you ping 4.2.2.4 ?

If so for a test set this IP as the forwarder and remove the others.   See if you get internet.

If you can't there is some type of connectivity issue going on...firewall or other.
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842028
That is if you can't ping you have a connectivity issue...
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842114
cannot ping that address.  I am receiving mail through that server and i am able to connect from outside to that server using https://domain.com/exchange
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842141
You have some odd connectivity going on more than likely at the firewall.    I would check the outbound logs to see what the story is or the rules.    See if port 80 is blocked or something else.

4.2.2.4, 12.127.16.68, and 12.127.16.69 are all pingable for me.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842161
Manny_lenis.
I offered some suggestions to you over half-an-hour ago.  Have you looked at my suggestions or should I stop monitoring this question and leave EndureKona to assist you.
The idea of Experts Exchange is that you may get several suggestions from more than one Expert and one or more of those suggestions may work.  It would be nice to know that I am not wasting my time trying to help you ;-)
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842227
Im trying all that you have suggested. Still nothing.  Ill be looking at the firewall logs in a minute.
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842262
Also hopefully you checked Alan's suggestion for the proxy settings in IE
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842279
Thank you - can you please post the IP configuration info from your Network Card
Start, run, cmd (enter)
ipconfig /all >c:\ipconfig.txt
Then upload c:\ipconfig.txt to this question please.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842331
As per your request.
ipconfig.txt
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842341
No prxy server address in IE
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842359
Ok try to see if IE is having issues...install Firefox...pull the installer from one of your workstations.    

From the workstations that get internet you have the same default gateway?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842385
Ive tried Firefox before starting thread.  Same issue. Same gateway on server as all workstations
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842396
All your workstations are fine only the SBS server?   What type of firewall do you have?   Does it have limited (licenses) nodes?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842402
Only the SBS.  Watchguard firewall.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842404
Okay - that looks okay.
Can you test DNS on the server by clicking on Start, Programs, Administrative Tools, DNS.
Expand the DNS tree until you can see your server.  Right click on your server and choose properties.  Click on the monitoring tab and select both the simple and recursive queries.  Then click on the Test Now button.
If the results in the window below both say pass, uncheck both check boxes and close DNS down.
If all is well, then the problem is probably tcp/ip related, or may be IE related.
from a DOS prompt - please type nslookup www.microsoft.com >c:\nslookup.txt and copy the c:\nslookup.txt file to this question.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842426
PASSED
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842437
I expected it would!
What about nslookup on the server?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842447
Here is the nslookup output
nslookup.txt
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842471
Okay - so nslookup works, so have you checked the IE settings I mentioned?
If you have, please run from a DOS prompt
netsh winsock reset
then test again.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842492
Is restart a requirement?  I'd hate to take it down while users are logged on. Re-Checking IE
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842500
No restart required.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842508
At least not immediately!  You will have to to complete the reset.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842514
IE looks good.  Still no Internet.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842521
Checking firewall....
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24842545
Watchguard -->  Under System Status --> Option -->  User Licenses how many are you licensed for?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842551
As this is SBS, if you have tried everything, re-run the Configure Email & Internet Connection Wizard.
Start, Server Management, To Do List, Connect To The Internet.
Run through to completion and that should sort it.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842574
alanhardisty i will try.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842610
EndureKona dont see those options on my watchguard Firebox X500
0
 

Expert Comment

by:djclause
ID: 24842647
Are you using 2 network cards in your SBS or 1??

If only 1, then the "connect to the Internet" will not run, it is designed to use a public and private nic, and if you have an external firewall I am guessing 1 network card.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842688
1 NIC.  Still no luck after running  Configure Email & Internet Connection Wizard.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842700
djclause - the Wizard will run happily - not sure why you think it won't.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24842798
Reboot the server when you can they try again.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842802
Rebooting......
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24842817
Not sure if this plays a role but I have a 1-to-1 Nat setup on my firewall where all traffic from mail.eaglebrands.com goes to my mail servers local ip.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843014
Im pinging google.com and i dont even see the pings on the firewall traffic log
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843083
Have you reset IE settings?
Tools, Internet Options, Advanced Tab. Restore and Reset settings.
Close and then re-open IE and test.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843098
Still no luck.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843148
im going to upload 2 tracert files. one from a workstation the other from the sbs. Please take a look. 192.168.100.1 is my firewall.
from-workstation.txt
from-sbs.txt
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24843172
Can you power cycle the watchguard?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843181
Rebooting...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843229
Certainly seems to be firewall related!
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24843265
Sorry guys I have played around too much today and need to do some work.   I agree with Alan on the firewall issue with the tracert you posted.    My one question about the user licenses I know there are firewalls out there like watchguard, Cisco Pix, and Sonicwalls (and others) that have limited outbound licenses.   You might want to look at this on the Watchguard.    This will come and go...lets say you have 10 lices and 10 workstations your SBS server is 11th...then the next two you have two users out...and the SBS box will work.

Or there is really something wrong with the watchguard...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843299
No problems EndureKona - I'm at home getting dinner ready, so will be near my computer for the rest of the evening.  You go do some real work ;-)
Alan
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843427
Thanks EndureKona for your help
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843442
Manny_lenis - did you reboot the firewall?
Any joy yet?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843676
Rebooted.  No Joy.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843714
Can you put the server in the DMZ for a moment or two - would not normally suggest this, but need to rule out the firewall.  Test then take out of the DMZ.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843824
oK just to do a test i changed the servers ip to something else and it let me get on the internet no problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843842
Okay - then your firewall config is blocking the IP of your server by the looks of things.
Are you a Watchguard guru?
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24843864
Not really more of a cisco guy.  Im doing this as a favor for one of my buddies.  The only thing that I can see is that the one-to-one nat has something to do with it.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843899
Would you permit me to jump on remotely to look at the Firewall?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24843906
Alternatively, get the people who manage / configure the firewall to check it out and correct the issue.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24844015
can you vnc?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24844032
No.  But we can use www.teamviewer.com
Please refer to my profile for contact details.
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24844205
340 162 837
0
 
LVL 3

Author Comment

by:manny_lenis
ID: 24844214
4822
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 24844917
You have a NAT Exception for your Server's internal IP Address.  If you remove it, you will gain internet access.
Open up Watchguard Firewall
Click on Setup, NAT.
Click on the Advanced Button
Click on Dynamic NAT Exceptions Tab
Remove the Exception for your mail server
Save the configuration to the Watchguard.
Surf away!
0
 
LVL 3

Author Closing Comment

by:manny_lenis
ID: 31602914
alanhardisty, very professional and patient and knowledgeable.  

Thanks

Manny Lenis
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
An article on effective troubleshooting
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question