Something strange

How is your network configured? direct connection? Proxy, etc.?

Rgs

Hello,

Have you look in C:\Windows\system32\drivers\etc\hosts  file to see if it may be redirected to the wrong place?

Richard

clear your DNS cache and restart your local DNS server as a matter of course, then check in with your router/firewall. if it has a web console, it'll have a test utility in there to ping outside sites from within the router. If it doesn't, you can doubtless telnet in.  Let me know the make and model and I'll send the CLI commands to do the same.

If you can ping from the router, local DNS is screwed up- if you can't, this is upstream and you should call your ISP.

do the clients even resolve?

E:\Documents and Settings\Administrator>nslookup
> set type=all
>msn.com


what it says?

I cleared DNS cache and rebooted DNS server running a chk disk last night but did not fix problem. DNS resolves the names cause when I do the tracert hotmail.com it does convert the name to a correct IP address for the site.

can they resolve www.microsoft.com? (It might sound stupid but please, do try it)...

if u try these sites on DNS server itself does it work?
what is urs router config can u share it?
did u try calling yours ISP what they says?

and one more thing till this problem not solved u can suggest users to use proxy site like ctunnel.com it may not sound an good idea but just temporary solution.

Yes I am trying this on the DNS server. I contacted my ISP, they say its not on their end.

try surfing to both sites using www.anonymouse.org

just realized I cant get on any microsoft websites. We did a bunch of changes to our router last week...might be related.

this is why i asked u to share yours router config...anyways there is something that is blocking may any ACL or firewall something

and what abt site browsing on DNS?does these sites work there?

Cant browse on DNS. I did some research..I think has to do with MTU setting on router.

You can experiment with MTUs using Ping /f /l 1472.
/f tells ping to not Fragment a packet and /l tells it how long the packet should be.
 
See the code for the results either side of out MTU of 1472.
 
 

C:\>ping www.hp.co.uk /f /l 1472

Pinging www.hpgtm.nsatc.net [15.193.112.22] with 1472 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 15.193.112.22:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>ping www.hp.co.uk /f /l 1473

Pinging www.hpgtm.nsatc.net [15.193.112.22] with 1473 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 15.193.112.22:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Select allOpen in new window

That came out more colourful than expected! :-)
 

I tried turning down MTU but didnt work. I'm getting desperate! I cant search microsofts data base cause I cant get there.

@WIZU

if it is just an case of maximum transmission units  then how it will be "only" blocking Microsoft based sites?

if the hostnames resolve to IP addresses, this only means that your upstream providers' DNS servers are still listing those sites.

Frame size is a wild shot. did you change the default MTU size (I'm assuming 1500), and why?

what about more tangential stuff? Do you have any filtering/web rules software running, like a filtering service on your firewall? they can sometimes quirk up and not show the results.

check logs on your router; when did traffic stop, go back to event logs and look for possible proximal or collolary effects.


at this point, a short network description might be in order: router model and config, server set up- SBS? IIS? DHCP? and basic apps as well.

WIZU, try the following, go to www.anonymouse.org, type the microsoft webaddress accordingly, see if it will resolve it. If it does, download the malware removal tool from them. Your network might have been hit by a nasty worm. Do this first and come back with news....

ran virus and maleware scans, Cisco guy verified everything on router is ok.

so can the Cisco guy ping hotmail.com from the router? that's pretty important info.

you need to localize the fail here; either your edge is faulty or your gateway is faulty or there is some third factor-AV/webfilter- that has gone belly up)

Worms can sometimes prevent you from logging onto some sites, like McAfee>>Microsoft>>Symantec..

The way they do this is to poison the DNS HOST record found on each machine. If DNS appears to resolve, your cisco guy is wrong... I think you have an ACL that is blocking HTTP traffic to microsoft sites. If so, that will permit DNS resolution, just not access to the site.

I just pinged Microsoft's web site and got a return IP of 65.55.17.27. This is a class a network. See if you have an ACL on the router that blocks HTTP traffic. It will look like this:

Accesslist 10x (your subnet IP address), (Your reverse subnet mask) 65.0.0.0 0.255.255.255 http

You can check for this by logging onto the router and going into privelged mode and typing:

Sh run

Another option is to use a portquery:

The syntax will look like this:

portqry -n 65.55.17.27 -o 80 -p both

that is a port query to the IP of 65.55.17.27 on port 80 and looking at both UDP and TCP traffic.

If both are blocked, then you have an ACL on your router..

@ChiefIT,

Worms do actually what you said, hence the request for WIZU to try and connect to the microsoft site or any other that would not resolve by using a proxy avoider/anonymizer... Until then, I personally cannot serve as much help.

Rgs

Bingo, DNS  problem. good to know its fixed