Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Network Connectivity

Posted on 2010-11-24
35
Medium Priority
?
1,121 Views
Last Modified: 2012-05-10
Hello,
I just updated the drivers to our NICs (our server has 2 NICs) and now workstations cannot connect tot the internet or get email.   We have our broadband line come in into the bldg, it connects to a router, our server is connected to this routr via NIC 1.  NIC 2 connects to the patch panel so the wkstations can connect to the server and the internet.  Both Nics are set to static IP addresses.

NIC 2 has the internal IP address set up with the a private IP address, NIC 1 has the public IP address provided by our ISP.  

On the server, I can connect to internet, ping the switches, ping the wkstations and ping a DNS address.  

On a wkstation I can ping the server, ping the swithces and ping a DNS address but I cannot see web pages on the internet with the internet browsers or get email either.  DNS service is running on the server, so Is WINS service and dhcp service (WINS is set up on NIC 2). We have ISA servre 2004.  the firewall service is running and so is the remote routing service.  All exchange related services are running also.  I ran the diagnostic hardware test on the NICs and they checked out to be OK.

I am at a loss
0
Comment
Question by:JParra72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 13
  • 2
  • +2
35 Comments
 
LVL 8

Expert Comment

by:rjwesley
ID: 34210571
Things to try Windows Update, an updated driver may be there as an optional update.
Disable Windows Firewall.

Lastly, if you have to: Rollback to the previous drivers.


Rob
0
 

Author Comment

by:JParra72
ID: 34210605
I tried rolling back to the previous driver from the device manager and it would not do it.  Isn't not using a firewall a bad idea?
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34210735
Is everything you're referring all running on one server?

Rob

I use enterprise firewall products, and typically disable the firewall within Windows.

Can you provide your IP configuration for both NIC 1
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 5

Expert Comment

by:mudassirahmed
ID: 34210749
1) did you check your workstation like gateway, DNS address mentioned Corretly...

2) check in the router whether 80 port has block or not

can you ping from the workstation to googe,yahoo etc..?
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34210819
Sounds like the firewall on your server is causing a problem. Try turning it off and see if that fixes the problem. If so that is what you need to fix.

If that is not the problem be sure the gateway on the workstations is set to the IP of NIC2 on the server.

A couple of commands to run from a cmd prompt on a workstation:
tracert google.com
route print
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34210861
Validate that the binding order of the nics has not changed - the internal nic must be at the top of the list.
Run the realtime log moniyot in ISA Server - what messages do you see appear in the log when an Internet access attempt is made from a client?
0
 

Author Comment

by:JParra72
ID: 34212920
I got it working.  I turned off the firewall and still nothing.  I double checked the IP addresses and everything was OK.  Then I checked the event viewer and noticed a warning sign for ISA server event ID 14148.  It said to restart the firewall service.  I did that last night and nothing worked but it did this morning.  Go figure.  internet and email are working in our office.

On another note the remote workplace log in site is not loading on an outside PC but does here in the network.  WHAT GIVES?
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34212982
"the remote workplace log in site is not loading on an outside PC but does here in the network."

Still sounds like a firewall problem. I would go in and diddle (change,save,change back, save) some settings to give it a chance to rebuild the rules. Have you restarted the server?
0
 

Author Comment

by:JParra72
ID: 34213543
Back to square one. I restarted the server,  the server is th only thing able to get out.  can ping ip and dns address from a wkstation but cannot browse the internet.  I cannot figure out what is causing this in ISA.  everything looks to be set up correctly in ISA.
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34213592
Can you post the output of:

tracert google.com
route print

from both the server and a workstation? Sanitize if you want but will need to get the general idea...
0
 

Author Comment

by:JParra72
ID: 34213628
sanitize?
0
 

Author Comment

by:JParra72
ID: 34213651
Resulst on the Server

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>tracert google.com

Tracing route to google.com [74.125.157.99]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  74.7.119.17
  2     7 ms     7 ms     7 ms  172.18.244.97
  3     6 ms     7 ms     8 ms  dgr00-g3-6.dllstx97.cbeyond.net [192.168.26.50]

  4    10 ms     7 ms     8 ms  te-3-1.car3.Dallas1.Level3.net [4.71.120.113]
  5     9 ms     7 ms     8 ms  ae-1-60.edge2.Dallas3.Level3.net [4.69.145.12]
  6     9 ms     8 ms     8 ms  GOOGLE-INC.edge2.Dallas3.Level3.net [4.59.36.14]

  7     9 ms    24 ms     7 ms  72.14.233.67
  8    29 ms    32 ms    32 ms  72.14.233.87
  9    29 ms    31 ms    32 ms  72.14.239.127
 10    29 ms    32 ms    48 ms  209.85.252.98
 11    31 ms    31 ms    32 ms  gy-in-f99.1e100.net [74.125.157.99]

Trace complete.

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 17 45 02 05 ...... Intel(R) PRO/1000 EB Network Connection with
 I/O Acceleration #2
0x10004 ...00 15 17 45 02 04 ...... Intel(R) PRO/1000 EB Network Connection with
 I/O Acceleration
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      74.7.119.17      74.7.119.18     20
         10.0.1.0        255.255.255.0         10.0.1.1         10.0.1.1     10
         10.0.1.1        255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255         10.0.1.1         10.0.1.1     10
      74.7.119.16     255.255.255.248      74.7.119.18      74.7.119.18     20
      74.7.119.18     255.255.255.255        127.0.0.1        127.0.0.1     20
   74.255.255.255  255.255.255.255      74.7.119.18      74.7.119.18     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0         10.0.1.1         10.0.1.1     10
        224.0.0.0        240.0.0.0      74.7.119.18      74.7.119.18     20
  255.255.255.255  255.255.255.255         10.0.1.1         10.0.1.1      1
  255.255.255.255  255.255.255.255      74.7.119.18      74.7.119.18      1
Default Gateway:       74.7.119.17
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:JParra72
ID: 34213666
On Workstation

C:\Users\106>tracert google.com

Tracing route to google.com [74.125.157.99]
over a maximum of 30 hops:

  1     3 ms    <1 ms    <1 ms  server.ronrawlings.com [10.0.1.1]
  2     1 ms     1 ms     1 ms  74.7.119.17
  3     5 ms     7 ms     7 ms  172.18.244.97
  4     7 ms     7 ms     7 ms  192.168.26.50
  5     6 ms     7 ms     7 ms  te-3-1.car3.dallas1.level3.net [4.71.120.113]
  6    10 ms     7 ms     7 ms  ae-1-60.edge2.dallas3.level3.net [4.69.145.12]
  7     8 ms     7 ms     8 ms  GOOGLE-INC.edge2.Dallas3.Level3.net [4.59.36.14]

  8    10 ms     7 ms     7 ms  72.14.233.67
  9    35 ms    31 ms    47 ms  72.14.233.87
 10    35 ms    31 ms    31 ms  72.14.239.127
 11    38 ms    32 ms    39 ms  209.85.252.70
 12    32 ms    31 ms    31 ms  gy-in-f99.1e100.net [74.125.157.99]

Trace complete.

C:\Users\106>print route
Unable to initialize device PRN

C:\Users\106>route print
===========================================================================
Interface List
  8 ...00 1d 09 a1 83 e7 ...... Intel(R) 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
 11 ...00 00 00 00 00 00 00 e0  isatap.ronrawlings.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1       10.0.1.211     20
         10.0.1.0    255.255.255.0         On-link        10.0.1.211    276
       10.0.1.211  255.255.255.255         On-link        10.0.1.211    276
       10.0.1.255  255.255.255.255         On-link        10.0.1.211    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.1.211    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.1.211    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  8    276 fe80::/64                On-link
  8    276 fe80::c1ea:5dc7:520d:aebc/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\106>
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34213742
Sanitize would be to obscure your public IP like so:  74.xxx.119.17 Not that it is any big deal.

I still thing something has happened to the firewall on your ISA machine. To have pings go through demonstrates basic network connectivity. For other traffic not passing points to something in the ISA box that you are using as a router/firewall. Personally I quit using PCs for routers several years ago due to vulnerability and simplifying the network. I just had a particularly difficult troubleshoot last week where the Debian based router/firewall would pass all packets EXCEPT DNS. It sucked. Replacing it with a Linksys RV082 made everyone happy. Not saying that this is what you should do but consider the upside to moving networking to dedicated HW and leaving your server to do it's work for you LAN clients.

One thing that is interesting in your trace route, it appears that your 74.7.119.17 interface is going through 1 (172.18.244.97) or 2 (192.168.26.50) private IP networks before reaching the Internet. A problem  transversing either of these could be an issue.

0
 

Author Comment

by:JParra72
ID: 34214564
74.7.119.17 is the gateway IP for the NIC that connects to the outside.  Do you think the NIC may be faulty?
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34214689
I doubt it.
0
 

Author Comment

by:JParra72
ID: 34214694
repalcing ISA with a firewall router could be a viable solution.   where would it connetc on the network?  we currently have a router that the ISP installed.  would this router connect to the firewall router then to the server?  
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34214734
Tell me more about your ISP.

What sort of service? DSL, cable, leased line Tx?

What make and model router did the ISP install?

If you connect a PC or laptop set for DHCP to the output of the router do you get a internet connection?

If so post the output of:
ipconfig /all
tracert google.com
route print

0
 

Author Comment

by:JParra72
ID: 34214787
We have 3 T1 lines coming in to the bldg.  Im not sure what model router it is, but it is a cisco router.   when you say connect a laptop or PC and set for DHCP, do you mean to obtain an IP address automatically?  Do you want me to connect a PC directly to the router?   Our Server is currently hooked up to it, but it's IP address is static.   The tracert post I put uearlier is the result  (the 1st result)
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34215331
That is considerably more complicated than a DSL or cable Internet connection and likely explains the private address range IPs that are showing up in the trace route results. Do all three T1 lines terminate in one router? Or are there multiple routers in the building that are somehow connected?

To simply replace the ISA with a router could be fairly simple, however the way these 3 T1 lines are set up could cause some problems. But lets go with simple so you get the idea:

Get a router like a RV042 or RV082 or ???

Reconfigure your ISA box to only use one network interface and set it up like:
IP 10.0.1.10 (if free)
NM 255.255.255.0
GW 10.0.1.1
DNS 10.0.1.1

Configure the WAN interface to:
IP 74.7.119.18
NM 255.255.255.248
GW 74.7.119.17
DNS -  whatever your ISP says or openDNS 208.67.222.222  and 10.0.1.10 as secondary

Configure the LAN interface to:
IP 10.0.1.1
NM 255.255.255.0

The router will now be connected in place of your ISA server and the ISA server will just be connected to the switch by one cable to the 10.0.1.10 interface. If you have incoming connections you will need to froward those to the ISA box using the new router.

OTOH maybe someone will come along and figure out what is wrong with your ISA box. Those are not my forte so aside from being fairly sure something is wrong with the firewall I'm of little help...
0
 

Author Comment

by:JParra72
ID: 34217477
the 3 lines terminate on one router.
0
 

Author Comment

by:JParra72
ID: 34217496
So I need to add an additional NIC?  Our ISA server is not its own dedicated server.  It is on the same box as our windows SBS 2003.
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34217969
"the 3 lines terminate on one router."
If that is the router that is currently connected to your ISA box than that should be fairly simple.

"So I need to add an additional NIC?  Our ISA server is not its own dedicated server.  It is on the same box as our windows SBS 2003."
That is a wrinkle. The physical machine hosting the ISA and SBS servers currently has 2 NICs correct? If so then you will only need to use one of those.
Lets have some more details on the configuration of this machine.
VMware?
Who is hosting who?
Any other OSes in this box?
What boots up first?
How is networking configured?
What IP addresses are in this box?
0
 

Author Comment

by:JParra72
ID: 34218305
VMware?  No

WHo is hosting who?  Not sure waht u mean.  all wkstations go through the SBS server to get out to internet.

OSes on Box?  SBS 2003 and Exchange.
What boots up first?  The router or the server.  Router is always on.
How is netwroking configured?  Don't know please elaborate, do you mean DHCP or static for wkstations?
What IP addresses are in this box?  DHCP gives out IP addresses 10.0.1.0 - 10.0.1.255.

Yes the box has 2 NICs one connects dirctly from the router, the other to the patch panel.   The one connected to the router has the external IP address (74.7.xxx.18) SM 255.255.255.248.  the other is 10.0.1.1 SM 255.25.255.0  The DNS is 10.0.1.1, alt is the one given from the ISP
0
 

Author Comment

by:JParra72
ID: 34218360
Here is a simplified network diagram Here is a simplified network diagram
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34218780
OK ISA is a part of SBS. Like I said previously, I'm not a big MS box-o-knowledge.

Depending on what you use ISA for you may be able to simply disable it as you move the routing/firewall services to dedicated HW.

Do you use the VPN on ISA?

Are there any other services on ISA that you use?
0
 

Author Comment

by:JParra72
ID: 34218864
I do not use a VPN.   The following are the services used by ISA server

Microsoft Firewall
Routing and Remote Access
ISA server Job scheduler

Although it would be nice to set up a VPN.

Look at this diagram,  is this how I would set it up?  DO you recommend the D-link or netgear products?   Look at this diagram,  is this how I would set it up?
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34218957
Your SBS server will be connected just like the workstations at the top of your diagram with a single NIC connection. I would use 10.0.1.10 for the SBS server if it is available.

The new router/firewall will sit between the existing router and the "patch panel" (most likely a switch).

My current favorite small business router is the Linksys RV042 or RV082. Most of the time I use a 42 but if I need to set up custom DNS the 82 provides a table to enter names and IP addresses. Additionally the RV082 has a more robust processor which allows more VPN connections.
0
 

Author Comment

by:JParra72
ID: 34219031
Like This?  Why 10.0.1.10 why not 10.0.1.1

like this
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34219208
Yes, like in the picture.

"Why 10.0.1.10 why not 10.0.1.1" because the router will be 10.0.1.1. When moving servers I have found it is best to change IP addresses so difficult to troubleshoot problems happen all at once, not over time.
0
 

Author Comment

by:JParra72
ID: 34221832
what about the public IP address that I was using 74.7.119.18  do I need that so I can still send and receive emails through Exchange server?
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34222177
Incoming services like email will need to be forwarded to the SBS machine by the new router/firewall. For incoming email port 25 (SMTP) will need to be forwarded to IP 10.0.1.10 (if that is the IP of your SBS machine).

Here are some links:
www.dyndns.com/support/kb/routers_and_port_forwarding.html
www.tomsguide.com/us/hardware-router-need-to-know-2006,review-710-10.html
support.microsoft.com/kb/176466
0
 

Accepted Solution

by:
JParra72 earned 0 total points
ID: 34227875
I figured out what was happening yesterday.  The NIC with the external IP addresses had the DNS server IP addresses specified.  They should have been left blank
0
 
LVL 7

Expert Comment

by:lewisg
ID: 34227968
Wow!

Good find, not obvious though. How did you find that?

Leave it to M$ to putz something like that up. I wouldn't think it would cause a problem. In fact most routers need DNS specified on the external interface I'd still replace the ISA bit with a real router. Much less likely to be infected/compromised/hacked.
0
 

Author Closing Comment

by:JParra72
ID: 34265393
was ble to figure out on my own
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question