Server can't access Internet while inside Domain

What error do you receive when trying to access the internet? What are it's network settings? (could you go to start>run>type "ipconfig /all" and post the results?)

Just for clarification, it doesn't work when it is joined to the domain and I'm assuming running off the same switch as everyone else, but when hooked directly to the firewall when NOT joined to the domain it's ok? When it's not on the domain but on the same switch as everyone else, does it work? When it is not able to get on the internet, can it reach the rest of your domain ok?

I think we can get to the bottom of this, just need a little more information on your setup and the exact issue.

Ok...

>>What error do you receive when trying to access the internet?<<
No error pops up, it simply acts as if it's trying to reach the site but can't (I'll post a screenshot of this below just in case). Basically what happens is that the page loading status bar just sits there and nothing happens.

>>What are it's network settings?<<
We're running a static network, and due to security purposes don't want to post our IP and adressing scheme etc. online... We have DNS and WINS running from the same server, gateway address is set to the firewall, and we're running gigabit NIC card. If there's any additional info i may be able to provide without posting actual figures please ask.

When the computer is added to the domain it is attached to the same switch as everyone else (correct)

So far, in order to access the Internet, we bypass the switch and go directly to the firewall, as well as removing it from the Domain.

We have tried removing it from the Domain and staying connected through the switch, but we cannot access the Internet that way either.

When it cannot access the Internet, it is still able to access the Domain and Intranet.

Internet-not-working.JPG

Sorry caption on picture was wrong... the screenshot was an attempt to reach www.gmail.com, not that it matters really, but you get the picture... :-)

So is the new server a DC or just a file server? When you say you have "DNS and WINS running from the same server" does that mean the new server is a DNS/WINS server or does it point to an existing one?

When you have it out of the domain and plugged directly into the firewall, do you keep all the same statically set network configurations?

New server added to the DNS zone? Same gateway as DC?

New server is not a Domain Controller... it's pointing to an existing DC.  

When it's plugged directly into the Firewall I believe it's changed from Static to Obtain Automatically.  (I'm not sure 100% on that and will have to wait until our network admin gets back from lunch).  I will have him check this post after he returns, because he knows the specifics of some of the tests or changes done between the two states (being inside the domain and being outside the domain).

I apologize... I was mistaken earlier... when trying to access the Internet we do get an error that pops up, however it's generic... it just takes a while before it does so... I posted it here....
Error-Box.JPG

Ok, please let us know. The reason I asked that was because it seems as if it is not communicating with the external DNS server. Usually people have their system setup for clients to point to the internal DNS server (which you said you do) and then if the request is for an outside source it is setup to forward it to the external DNS server (this is setup on the internal dns server).

The one possibility is that for some reason your new server is able to resolve internal DNS but any request outside of that is not being forwarded. To test this I would say go to the new server when it is on the domain.

First clear the dns. start>run>cmd> ipconfig /flushdns & ipconfig /registerdns
 
Secondly, attempt to lookup a computer that is within your network  start>run>cmd> "nslookup nameofaserver"

this should resolve an ip since you said everything works internally.

Finally, try to do the same with an outside source "nslookup www.google.com"

If this does not resolve to an IP, we may have greatly narrowed down the issue.

 

Ok... Network Admin is back...

Apparently we do not change the server to Obtain Automatically when connected to the Firewall directly.

We tried your recommendation and it did not work... I will post a screen shot of the results below.
part-1.JPG
part-2.JPG

When we switch between being in the domain and outside the domain we change the server's IP to match the scheme for it to run on a DMZ port on the firewall so that it gets the internet.... I'm not sure if that helps your diagnosis or not... but I wanted to clarify...

This is the main reason for concern because we don't want our server sitting on the DMZ open to the world...

You're positive that has the correct DNS IP? You probably do, just thought I would ask. I don't like that it can't resolve the DNS server name. I believe on a healthy setup it would. Also, when you resolved the Internal Server Name, the Address: it kicks back shouldn't be the one of the DNS server but of the Internal Server Name.

I'm really just thinking out loud right now, I don't have a straight answer for you.

Does the proper name of the DNS server list itself when you run nslookup from another machine? (don't run it on the server itself)

When I run nslookup from my local machine (which has internet access and is on the domain) I get the same message "***Can't find server name for address " " : Non-existent Domain "
                               "***Default Servers are not available"
                               "Server: Unknown"

Ohh.. by the way... your right... I typed in the text wrong... It is returning the IP address of the Internal server that it contacts... I accidentally typed DNS again in that Address: spot... so that portion is working properly...


So what we have is:
1. a problem with DNS communication because it can't read the DNS server name "Non-existent Domain" - (Server) "Name: Unknown"

2. Able to read the Internal Server Name and IP correctly and communicate with them...

3. The External website Name, IPs, and Aliases are read (Non-Authoritative Answer) and returned properly, but there is no communication.

Although it does seem that something is wrong with DNS communication because of not returning the Server name, it does the same thing on our client machines and the internet and intranet communications both work fine... so I am tempted to think that #1 is not as big of a deal as the combination of #2 and #3...

I put in a request for more attention to your question. There has to be something, probably simple, that I'm just not seeing.

Agreed... it just doesn't make sense why this is happening, so most likely its something tiny or simple that we're overlooking.  Thanks for your help thus far.

New Update... We ran a tracert on the internet webpage request to google.com and it stopped at the firewall, so we've been looking at the firewall log as we attempt to access the Internet from the server and all requests are being denied.  For some reason (even though we have switched the settings and connection for the server back within the domain, the Gateway IP used to try and communicate to the internet is still pointing to a DMZ address even though we've changed it to our Domain Gateway IP physically...  It's also attempting to connect on some strange ports other than 80 in order to get to the site... Hopefully this helps with some diagnosis.

Hey,

It might be a long shot, but did you make sure that the Enhanced Internet Security is uninstalled on the server?? This can be done using the Add/Remov Windows Component.. I would normally suggest seeing a popup to appear but it might be that this is disabled in some way or just simply corrupt.

Also, is the server you are trying to access the internet with multihomed?? If so, check to see if the correct ip address is connecting to the external firewall.. And what settings did you set up for your internet Explorer?? are you using proxy for the internet connection? If not, make sure to tick off all boxes in the LAN settings on the internet explorer.. Also the "Automatically detect settings".

EIS is uninstalled already.

Not using Multihome.

Not using a proxy.

Previously tried checking "Automatically detect settings" and no luck.

What happens if you try to telnet to port 80 on google??? What do you see on your firewall?? Are you able to access internal websites (if you have any).

This makes no sense, but it seems that there is something wrong with the IP address that we were using, because we changed the IP address of the server and it now accesses the Internet just fine.  We also tried pinging the "old" IP now that it's setup on a new one (simply to be sure that something else is not using that same IP), and there was no response.

Any ideas as to why a certain IP may be restricted? We know the Firewall is not causing the issue, because we had added policies to specifically allow all access both in and out for that IP on the firewall... We cannot comprehend what may be causing this...

It might be you have a routing problem, but then you should be able to see that when using tracert. Or, but that's rather a long shot, you have some issues with ARP that the switch is unable to access the default gateway, but then pinging would also be a non option..

Well, pinging wasn't working either when we had the server set to that old IP... (well I need to rephrase that... It could ping inside the domain, but not things outside.)