Windows update not working or able to access any Microsoft website.

i have this VERY bizarre problem and have scoured the internet to find a solution but no luck.  i have just built out 9 servers with Win 2K3 Ent.

here is what it isn't - a firewall issue, a clock issue on the bios and the OS, an internet issue

this is what i am able to do - i can go to Microsoft update via IP address only.  any website that has Microsoft.com does not display but EVERY other website in the world works.  

help!  :)
johnkesoglouAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AndrewDizonCommented:
try using firefox instead of IE
0
DonNetwork AdministratorCommented:
Conficker virus rings a bell here, are you also blocked from antivirus sites?
0
MagicFarmerCommented:
Also check your hosts file (system32-->drivers--> etc) and make sure you don't have any bad hosts listed.  
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

ConchCrawlCommented:
I agree with all comments above you have been invaded with some sort of malware or the like. Try malwarebytes.org and download their software if its there it will find it, it is a great tool to have and free. If firefox works then it is just a workaround and some customers don't mind but if they do and you don't fix this, then reload may be the next step.
I've had situations where IE would work for two weeks and it would come back, the only thing I've found that would do the trick is malwarebytes and I use different anti-virus products but when it comes to this sort of thing, well it works....
Hope this helps, let us know.
0
DonNetwork AdministratorCommented:
If you cant get to malwarebytes.org use filehippo.com


http://www.filehippo.com/search?q=malware
0
ConchCrawlCommented:
good point dstewartjr, sometimes those little suckers wont let you download the software because it thinks you are trying to kill it:-).
0
sfossupportCommented:
Have you verified that its not a dns issue. Do an nslookup and try www.microsoft.com, then do a reverse lookup.
0
Hi8uSCommented:
just to note firefox will not help here as MS do not support it for the Automatic Updates website.
0
RohitBagchiCommented:
There is a roundabout solution by manually entering the IP addresses for www.microsoft.com and www.windowsupdate.com into your hosts / lmhosts file in the system32/drivers/etc directory.

This sounds like something has just corrupted your hosts file in the first place. Can you run a ping from the command prompt to confirm that the address resolution works?

one set of valid IP addresses are :  (there are closer IP's to you depending on yoru location, but these will work)

www.microsoft.com 65.55.21.250
www.windowsupdate.com 207.46.18.94

Cheers.
RB.
0
johnkesoglouAuthor Commented:
hi everyone and thank you for your comments


i ping 65.55.21.250 and get request time out.
i have added the entry into my hosts file (one of the first things i did) to "glue" the ip to the name.  still no luck

below are pings and nslookups

i can view all other websites with the exception of Microsoft.com or any other Microsoft site.








C:\Documents and Settings\administrator.ITEA>nslookup microsoft.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.232.182, 207.46.197.32


C:\Documents and Settings\administrator.ITEA>ping 65.55.21.250

Pinging 65.55.21.250 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 65.55.21.250:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\administrator.ITEA>ping update.microsoft.com
Ping request could not find host update.microsoft.com. Please check the name and
 try again.

C:\Documents and Settings\administrator.ITEA>ping windowsupdate.com
Ping request could not find host windowsupdate.com. Please check the name and tr
y again.

C:\Documents and Settings\administrator.ITEA>ping microsoft.com
Ping request could not find host microsoft.com. Please check the name and try ag
ain.

C:\Documents and Settings\administrator.ITEA>nslookup microsoft.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.197.32, 207.46.232.182


C:\Documents and Settings\administrator.ITEA>nslookup update.microsoft.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    www.update.microsoft.com.nsatc.net
Address:  207.46.21.123
Aliases:  update.microsoft.com, update.microsoft.com.nsatc.net


C:\Documents and Settings\administrator.ITEA>nslookup windowsupdate.microsoft.co
m
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    windowsupdate.microsoft.nsatc.net
Address:  207.46.18.94
Aliases:  windowsupdate.microsoft.com


C:\Documents and Settings\administrator.ITEA>nslookup windowsupdate.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Name:    windowsupdate.com


C:\Documents and Settings\administrator.ITEA>

Open in new window

0
ConchCrawlCommented:
can you post the results of ipconfig /all, please.
0
johnkesoglouAuthor Commented:
here ya go
Windows IP Configuration

   Host Name . . . . . . . . . . . . : Filer01
   Primary Dns Suffix  . . . . . . . : ITEA.LOCAL
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ITEA.LOCAL

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
   Physical Address. . . . . . . . . : 00-11-43-E9-4E-A1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 209.67.147.16
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 209.67.147.1
   DNS Servers . . . . . . . . . . . : 209.67.147.20
                                       209.67.147.21

Open in new window

0
ConchCrawlCommented:
Why is you NIC IP address configured with a public IP address?
why is your default gateway and dns servers all pointing to public IP addresses?
 
0
ConchCrawlCommented:
dude, i can ping your workstation from the internet, what kinda setup do you have?
0
johnkesoglouAuthor Commented:
update

i also cant go to symantec.com

i ran the malware program above and it diddnt find anything
0
johnkesoglouAuthor Commented:
lets not discuss the configuration as of yet - if you want to discuss me turning off ICMP we can chat about that but i need to figure out why my machine is unable to get to microsoft update.  

i need to test all contingencies and if i put a public IP on the box that is my prerogative; it is for testing purposes only.  following me?   i am just trying to figure out this problem so i do appreciate any comments that would help me resolve my problem

thanks :)

0
DonNetwork AdministratorCommented:
0
ConchCrawlCommented:
NP, it just threw for a loop, not you everyday configuration, but I get your point.
Since you've added in the extra web site as another one you couldn't reach and you've indicated malwarebytes didn't find anything, then as a test install firefox as stated before it will not run windows updates but it will allow access to those other sites including microsoft web sites.
You should also go ahead and put your host file back to default, the main thing with that is to make sure there was nothing added or redirecting.
This should verify whether or not as I suspect something has corrupted IE or worse. It may no longer be there but at some point may have, don't know, but I've seen this problem before and it has almost always been in my experience, malware.
0
johnkesoglouAuthor Commented:
Conch

i reset my hosts file

this is the crazy thing - these servers were just built and went online on Wednesday; naturally, i wanted to  update them.

ive installed chrome, and firefox and have the same results.  its as if they are blocked! crazy  

thanks!
0
ConchCrawlCommented:
OK, thanks. Well let's see I will see if this makes any sense:-). You have a public facing IP and you installed a brand new machine live on the internet without any additional security updates or secutiry patches, hmmmm....were you ever able to go to windows updates? Do you control the dns server that you are pointing to or the router?
I don't know I'm either stuck with malware or dns issues of some sort.
0
johnkesoglouAuthor Commented:
i control the dns servers at the site but alternatively, i placed verizon's dns (4.2.2.2 and 4.2.2.1) and ended up with the same result.  

these servers were never able to get to microsoft update :(
0
ConchCrawlCommented:
ok, for grins and gigles were you able to activate this machine over the internet, do you have anything showing or popping up that this is not genuine ms product?
0
ConchCrawlCommented:
One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies. Hence MS or Symantec. Have you tried any others like trendmicro, sunbeltsofware, or panda.
You may also go ahead, if you haven't already, and try dstewartjr link.

0
johnkesoglouAuthor Commented:
i thought you were onto something and googled the activation command line "oobe/msoobe /a".  when i run this command it tells me that the server is already activated.  

funny thing i was going to do so when i got these servers live - see picture below
activation.jpg
0
ConchCrawlCommented:
Means the copy you have doesn't require a license like MS Volume License, oh well.
0
ConchCrawlCommented:
that should say doesn't require activation
0
DonNetwork AdministratorCommented:
Please go to this site from that server
 
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ConchCrawlCommented:
nice test dstewart, haven't seen that one before. The good news Is I'm not infected :-)
0
DonNetwork AdministratorCommented:
Me neither ; ^ )
0
ConchCrawlCommented:

But at this point based on everything I know at this point, I believe our friend here is. Unless someone has another take on this.
1. public facing IP
2. brand new machine live on the internet
3. without any additional security updates or secutiry patches
4. never was able to go to windows update

Reminds me of the days of Nimda, jeez what a nightmare that was. I had seen times when I would reload a new machine that nimda had infected and within minutes reinfect the machine before I could even get to the security updates on MS :-(.
0
johnkesoglouAuthor Commented:
great tool!  i am so pissed!  @#$%%%!!!!!!  i have the conficker virus.  i downloaded the conficker virus removal tool from Sophos and behold it found it!  

will be rewarding points shortly

Conch - thank you for hanging in there with me :)  i appreciate all of the advice

DS - thanks for the test - patching systems now

John
0
ConchCrawlCommented:
oh soot forgot no. 5: cannot go to certain security websites
0
ConchCrawlCommented:
Wow - glad we were right - sorry you got it - hope it resolves your problem
0
DonNetwork AdministratorCommented:
Been saying that all along : ^ )
 
ID:28643522
0
ConchCrawlCommented:
I'm still very surprised malwarebytes didn't catch it, first time I think I've seen that it couldn't catch conficker.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.