Solved

No internet Access on some Servers / Computers

Posted on 2010-09-07
27
469 Views
Last Modified: 2012-05-10
This morning, a few desktops and the terminal server could not access the internet.  It shows that it has internet connection but cannot access anything outside the domain.  The DNS server can access the internet just fine along w/ the Mail server.  

I have tried to change the DNS server IP on my local to a public DNS, no go.  I changed it to the DNS internal and also could not connect to the internet.  I cannot to everything local just fine.   But outside is a no go using Domain name or IP.

Firewall is an older Pix 506e.  
0
Comment
Question by:rreddell
  • 11
  • 8
  • 4
  • +3
27 Comments
 
LVL 3

Expert Comment

by:arndawg
ID: 33616863
Do these use DHCP? you need to check if the gateway is entered.

Are you sure DNS lookups work fine? Run a "nslookup google.com", and then run a "tracert google.com" to see what happends.
0
 

Expert Comment

by:Karl_forster1
ID: 33616961
Are you not using a proxy server?

If the clients are vista and your ts server is 2008, it may be something like the network connection has not been classifield as a home or work network. Check the network and security center settings.
0
 

Author Comment

by:rreddell
ID: 33616964
No, the Servers use Static.

When I run nslookup google.com / tracert google.com I from a machine that does NOT have internet I get this -
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\rreddell>nslookup google.com
Server:  UnKnown
Address:  192.168.1.6

Non-authoritative answer:
Name:    google.com
Address:  173.194.33.104


C:\Users\rreddell>tracert google.com

Tracing route to google.com [173.194.33.104]
over a maximum of 30 hops:

  1     *        1 ms     *     063-025.colo.ma.np1.net [64.61.63.20]
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *       13 ms  static-64-115-220-153.isp.broadviewnet.net [64.1
15.220.153]
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8    12 ms     *        *     static-64-61-112-182.isp.broadviewnet.net [64.61
.112.182]
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *       13 ms     *     74.125.49.212
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *       13 ms     *     lga15s14-in-f104.1e100.net [173.194.33.104]
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *       13 ms  lga15s14-in-f104.1e100.net [173.194.33.104]

Trace complete.

Then when I do it on a machine that the internet IS working I get this

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\rreddell.T-G-C.000>nslookup google.com
*** Can't find server name for address 192.168.1.6: Non-existent domain
Server:  UnKnown
Address:  192.168.1.6

Non-authoritative answer:
Name:    google.com
Address:  173.194.33.104




Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\rreddell>tracert google.com

Tracing route to google.com [173.194.33.104]
over a maximum of 30 hops:

  1  4294967178 ms  4294967177 ms  4294967177 ms  063-025.colo.ma.np1.net [64.61
.63.20]
  2  4294967186 ms  4294967187 ms  4294967195 ms  bos-cust-erx-01.broadviewnet.n
et [64.115.5.7]
  3  4294967184 ms  4294967184 ms     7 ms  bos-core-m10-01-ge-0-0-0-u1.broadvie
wnet.net [64.61.136.194]
  4    12 ms  4294967189 ms    12 ms  static-64-115-220-153.isp.broadviewnet.net
 [64.115.220.153]
  5  4294967189 ms  4294967189 ms  4294967189 ms  static-64-115-72-110.isp.broad
viewnet.net [64.115.72.110]
  6  4294967189 ms  4294967189 ms  4294967189 ms  004-153.lo.ny.np1.net [64.61.4
.153]
  7  4294967189 ms  4294967189 ms  4294967189 ms  static-64-115-108-157.isp.broa
dviewnet.net [64.115.108.157]
  8  4294967189 ms  4294967189 ms  4294967190 ms  static-64-61-112-182.isp.broad
viewnet.net [64.61.112.182]
  9  4294967192 ms  4294967189 ms  4294967190 ms  sl-gw40-nyc-9-0-2.sprintlink.n
et [144.223.27.137]
 10  4294967190 ms  4294967190 ms  4294967190 ms  sl-crs1-nyc-0-10-5-0.sprintlin
k.net [144.232.13.51]
 11  4294967190 ms  4294967190 ms  4294967190 ms  74.125.49.212
 12  4294967190 ms  4294967190 ms  4294967190 ms  209.85.248.180
 13  4294967190 ms  4294967190 ms  4294967190 ms  216.239.48.24
 14  4294967198 ms  4294967190 ms  4294967190 ms  lga15s14-in-f104.1e100.net [17
3.194.33.104]

Trace complete.


0
 

Author Comment

by:rreddell
ID: 33616975
This is set up on a domain.   Mix Servers.  Win 2003 / 2008 w/ mix clients XP/Vista/Win 7
0
 
LVL 3

Expert Comment

by:chris-burns
ID: 33617134
Can you run ipconfig /all from the command line on a machine that works, and another on a machine that doesnt.

Please post the output
0
 

Author Comment

by:rreddell
ID: 33617174
Something interesting.  The Win Server 2008, Vista and Win 7 machines are the only ones that cannot connect???   All the Server 2003 and XP machines are connecting just fine....  
0
 
LVL 12

Accepted Solution

by:
naykam earned 212 total points
ID: 33617200
disable ipv6 if your not running it?
0
 

Author Comment

by:rreddell
ID: 33617233
Hmmm How do I disable it? :)  never played or used IP6.
0
 
LVL 12

Expert Comment

by:naykam
ID: 33617240
untick the checkbox.

Like in this guide: http://goo.gl/diWX
0
 
LVL 12

Expert Comment

by:naykam
ID: 33617241
make sure you restart after
0
 

Author Comment

by:rreddell
ID: 33617467
:) that was easy.    But it didn't work.   :(  

Machine that is working- Server 2003R2

Windows IP Configuration

   Host Name . . . . . . . . . . . . : tgc-srv3
   Primary Dns Suffix  . . . . . . . : t-g-c.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : t-g-c.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-30-48-58-32-0E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.6
                                       64.115.0.9

From my machine that is not working (Win 7) I have IP6 disabled and rebooted.  Not sure why it still shows up?

Windows IP Configuration

   Host Name . . . . . . . . . . . . :PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle
r
   Physical Address. . . . . . . . . : 00-19-B9-37-64-05
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.62(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.6
                                       64.115.0.9
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{642D7B2A-AC5E-489F-9CF5-EE38EBBE6534}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:1827:2935:3f57:fec1(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::1827:2935:3f57:fec1%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

0
 
LVL 12

Expert Comment

by:naykam
ID: 33617562
ipconfig /flushdns
on the machines thats are not working?
restart and try again?
0
 

Author Comment

by:rreddell
ID: 33617667
no dice.    Only thing that is common is the fact that the machines that are Vista and above are the only ones.   They show that they have internet under Local Area Status, but just will not connect to anything outside the network.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Expert Comment

by:naykam
ID: 33617733
Its a good one.
Because it is resolving the name through the trace route, its really stumped me.
The fact its only winVista and above, was my idea behind the IPv6.

What about reseting the tcp/ip stack http://goo.gl/VZbv
0
 
LVL 3

Assisted Solution

by:arndawg
arndawg earned 212 total points
ID: 33617738
First of all you should only use local DNS servers when in a domain. So get rid of the external one. DNS issues are really bad and can cause all sorts of problems when in AD.

Just for kicks, try enabling DHCP on your computer, reboot. and see if it works.

0
 
LVL 12

Expert Comment

by:naykam
ID: 33617773
arndawg has a good point. I saw straight over it:

DNS Servers . . . . . . . . . . . : 192.168.1.6
                                       64.115.0.9

I think (hopefully someone can clarify this) that is not best practice to manage your DNS like this. If you have a DNS server, you should point all your internal computers at that. Then that DNS server will in turn point towards the internet. The hierarchical fun on DNS  
0
 

Author Comment

by:rreddell
ID: 33617980
I put the Public DNS server under the 2nd DNS mostly as a backup in the event the Primary went down.   I have now changed it.

I also, did the TCP/IP Reset.  Still no go.  Again, all the systems that is running Vista or above is having the issue.  All the other machines are fine.    :(


Also, for some reason when I did the DHCP on my Win7 machine, it would not grab an IP from the DHCP server?  Below is are the results of the ipconfig /all


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Ryanl-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle
r
   Physical Address. . . . . . . . . : 00-19-B9-37-64-05
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IPv4 Address. . : 169.254.64.165(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.1.6
                                       
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{642D7B2A-AC5E-489F-9CF5-EE38EBBE6534}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

0
 
LVL 12

Expert Comment

by:naykam
ID: 33618046
It strange that you mentioned it just started happening.
Where windows updates applied the night before you noticed the problem ?
0
 

Author Comment

by:rreddell
ID: 33618094
When I left the office Saturday, everything was working fine.  This morning around 5am I got a call that the Terminal Server was down.    I didn't think of anything wrong this since Saturday being I was still getting emails.

A worker told me that he tried to get on yesterday and couldn't.   So something could have been installed.  BUT my system (Win 7) is set up for manual update only.  

0
 
LVL 12

Expert Comment

by:naykam
ID: 33618110
strange, nothing is adding up.
Im sorry, but its midnight here and past bedtime.
I will have another read through in the morning!
0
 
LVL 3

Expert Comment

by:arndawg
ID: 33618673
Yeah you've stomped us. hehe

DHCP not working.
Vista, win7 and 2008 not working.  hmmmm.

You should describe your network in detail. The Cisco Pix probably acts as a router. DHCP is probably hosted on a windows server? Only 1 subnet, no vlans? Is this SBS2003/2008 or plain Windows Server? All computers are on a single switch?

Just throwing ideas out there:
Security software running on any of these? Tried disabling the Windows Firewall and make sure it is in the correct mode. (Domain Network)

Could there have been a power-failure at night and some cisco-settings that weren't saved could have been reverted?

Or these machines have been configured with a proxy, but the other ones hadn't, so when the proxy died, only these machines "felt" it? :)
0
 

Author Comment

by:rreddell
ID: 33618837
Well, to add to the confusion, everything is working again.  WTF?

The Pix does act as a router.  I also use it as the DHCP.

One 1 Domain.  

AD/DNS is hosted on a 2003 Server.  

Terminal Server is running on a 2008 Server

Single Switch.

No Proxy and only Eset is running.  

I will keep this open for today.   If it's all clear in the morning I will split the points w/ you two.  Thanks for the help!
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 33619635
When you say "cannot access the internet" and then show a traceroute that accesses the internet just fine, and demonstratres that DNS is working, that suggests we don't know what "access the internet" means in this context.  Do you mean "open web pages with a browser"?  Do you mean "can't get email?"
That's what it sounds like.

If you can't get web pages to open, that suggests a problem with the local computer / browser.
I guess you did reboot some of the machines and that did nothing to fix the problem, eh?

So, what happened:
a) when things broke down?
b) when things came back?
For example, might a router have been rebooted before things came back?
I've certainly seen cases where routers would not allow page access for *some* pages and would work fine with others.  A reboot fixed this.  It is very confusing when this happens because there is no logic to it and a rational analysis fails.
0
 

Author Comment

by:rreddell
ID: 33619722
What I mean by cannot access the internet, is we could not open up a web page and browse anything outside the local network.  BUT users in other offices could not log into the computer outside the domain but could inside.  The 2nd Terminal Server runs 2003.  They could log into that server from outside the domain.

This morning, I rebooted the T1 Cisco, Pix and Switch.   I also rebooted the server.  Still it was not working.  

As for what did I do before it started working again?  Only thing I knew for sure was I was in the server room scratching my head, came back into my office and I noticed my MSN was online.   I then checked the server and sure enough,  internet!

0
 
LVL 3

Expert Comment

by:arndawg
ID: 33619765
You did change the DNS-settings though? If you've used that other external DNS all the time, your main DNS-server might have been temporarily unavailable and the vista-computers would act up. Vista might handle stuff like this more strict than what XP does.

Just speculating :)
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 76 total points
ID: 33620248
You'd already shown that you had external DNS working.  So, I'd not focus on DNS when that's been demonstrated.  This sounds more like an http block than anything else - if I understand the failures.

Other protocols could be checked but now that it's working, you can only be prepared for "next time":
- can you ftp from a command line to an external ftp server?
- can you ftp from a browser to an external ftp server?
- can you telnet into an external mail server?
To demo DNS you can try these by IP address or by name.
In fact, to be prepared, you might try them now to make sure what does work and what doesn't work for good reason so that your future tests will be well founded and so that abnormal behaviors can be observed.

0
 

Author Closing Comment

by:rreddell
ID: 33639316
Still running smoothly.  If I had to guess, I would point towards the IP6.  Only thing that bugs me is the fact that the network has been set up like this for over a year.  

Thanks for all the help and ideas.   Not a cut and dry solution but it's working!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Resolve DNS query failed errors for Exchange
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now