Solved

Network Connectivity

Posted on 2010-11-24
35
1,083 Views
Last Modified: 2012-05-10
Hello,
I just updated the drivers to our NICs (our server has 2 NICs) and now workstations cannot connect tot the internet or get email.   We have our broadband line come in into the bldg, it connects to a router, our server is connected to this routr via NIC 1.  NIC 2 connects to the patch panel so the wkstations can connect to the server and the internet.  Both Nics are set to static IP addresses.

NIC 2 has the internal IP address set up with the a private IP address, NIC 1 has the public IP address provided by our ISP.  

On the server, I can connect to internet, ping the switches, ping the wkstations and ping a DNS address.  

On a wkstation I can ping the server, ping the swithces and ping a DNS address but I cannot see web pages on the internet with the internet browsers or get email either.  DNS service is running on the server, so Is WINS service and dhcp service (WINS is set up on NIC 2). We have ISA servre 2004.  the firewall service is running and so is the remote routing service.  All exchange related services are running also.  I ran the diagnostic hardware test on the NICs and they checked out to be OK.

I am at a loss
0
Comment
Question by:JParra72
  • 18
  • 13
  • 2
  • +2
35 Comments
 
LVL 8

Expert Comment

by:rjwesley
Comment Utility
Things to try Windows Update, an updated driver may be there as an optional update.
Disable Windows Firewall.

Lastly, if you have to: Rollback to the previous drivers.


Rob
0
 

Author Comment

by:JParra72
Comment Utility
I tried rolling back to the previous driver from the device manager and it would not do it.  Isn't not using a firewall a bad idea?
0
 
LVL 8

Expert Comment

by:rjwesley
Comment Utility
Is everything you're referring all running on one server?

Rob

I use enterprise firewall products, and typically disable the firewall within Windows.

Can you provide your IP configuration for both NIC 1
0
 
LVL 5

Expert Comment

by:mudassirahmed
Comment Utility
1) did you check your workstation like gateway, DNS address mentioned Corretly...

2) check in the router whether 80 port has block or not

can you ping from the workstation to googe,yahoo etc..?
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Sounds like the firewall on your server is causing a problem. Try turning it off and see if that fixes the problem. If so that is what you need to fix.

If that is not the problem be sure the gateway on the workstations is set to the IP of NIC2 on the server.

A couple of commands to run from a cmd prompt on a workstation:
tracert google.com
route print
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Validate that the binding order of the nics has not changed - the internal nic must be at the top of the list.
Run the realtime log moniyot in ISA Server - what messages do you see appear in the log when an Internet access attempt is made from a client?
0
 

Author Comment

by:JParra72
Comment Utility
I got it working.  I turned off the firewall and still nothing.  I double checked the IP addresses and everything was OK.  Then I checked the event viewer and noticed a warning sign for ISA server event ID 14148.  It said to restart the firewall service.  I did that last night and nothing worked but it did this morning.  Go figure.  internet and email are working in our office.

On another note the remote workplace log in site is not loading on an outside PC but does here in the network.  WHAT GIVES?
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
"the remote workplace log in site is not loading on an outside PC but does here in the network."

Still sounds like a firewall problem. I would go in and diddle (change,save,change back, save) some settings to give it a chance to rebuild the rules. Have you restarted the server?
0
 

Author Comment

by:JParra72
Comment Utility
Back to square one. I restarted the server,  the server is th only thing able to get out.  can ping ip and dns address from a wkstation but cannot browse the internet.  I cannot figure out what is causing this in ISA.  everything looks to be set up correctly in ISA.
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Can you post the output of:

tracert google.com
route print

from both the server and a workstation? Sanitize if you want but will need to get the general idea...
0
 

Author Comment

by:JParra72
Comment Utility
sanitize?
0
 

Author Comment

by:JParra72
Comment Utility
Resulst on the Server

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>tracert google.com

Tracing route to google.com [74.125.157.99]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  74.7.119.17
  2     7 ms     7 ms     7 ms  172.18.244.97
  3     6 ms     7 ms     8 ms  dgr00-g3-6.dllstx97.cbeyond.net [192.168.26.50]

  4    10 ms     7 ms     8 ms  te-3-1.car3.Dallas1.Level3.net [4.71.120.113]
  5     9 ms     7 ms     8 ms  ae-1-60.edge2.Dallas3.Level3.net [4.69.145.12]
  6     9 ms     8 ms     8 ms  GOOGLE-INC.edge2.Dallas3.Level3.net [4.59.36.14]

  7     9 ms    24 ms     7 ms  72.14.233.67
  8    29 ms    32 ms    32 ms  72.14.233.87
  9    29 ms    31 ms    32 ms  72.14.239.127
 10    29 ms    32 ms    48 ms  209.85.252.98
 11    31 ms    31 ms    32 ms  gy-in-f99.1e100.net [74.125.157.99]

Trace complete.

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 17 45 02 05 ...... Intel(R) PRO/1000 EB Network Connection with
 I/O Acceleration #2
0x10004 ...00 15 17 45 02 04 ...... Intel(R) PRO/1000 EB Network Connection with
 I/O Acceleration
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      74.7.119.17      74.7.119.18     20
         10.0.1.0        255.255.255.0         10.0.1.1         10.0.1.1     10
         10.0.1.1        255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255         10.0.1.1         10.0.1.1     10
      74.7.119.16     255.255.255.248      74.7.119.18      74.7.119.18     20
      74.7.119.18     255.255.255.255        127.0.0.1        127.0.0.1     20
   74.255.255.255  255.255.255.255      74.7.119.18      74.7.119.18     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0         10.0.1.1         10.0.1.1     10
        224.0.0.0        240.0.0.0      74.7.119.18      74.7.119.18     20
  255.255.255.255  255.255.255.255         10.0.1.1         10.0.1.1      1
  255.255.255.255  255.255.255.255      74.7.119.18      74.7.119.18      1
Default Gateway:       74.7.119.17
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:JParra72
Comment Utility
On Workstation

C:\Users\106>tracert google.com

Tracing route to google.com [74.125.157.99]
over a maximum of 30 hops:

  1     3 ms    <1 ms    <1 ms  server.ronrawlings.com [10.0.1.1]
  2     1 ms     1 ms     1 ms  74.7.119.17
  3     5 ms     7 ms     7 ms  172.18.244.97
  4     7 ms     7 ms     7 ms  192.168.26.50
  5     6 ms     7 ms     7 ms  te-3-1.car3.dallas1.level3.net [4.71.120.113]
  6    10 ms     7 ms     7 ms  ae-1-60.edge2.dallas3.level3.net [4.69.145.12]
  7     8 ms     7 ms     8 ms  GOOGLE-INC.edge2.Dallas3.Level3.net [4.59.36.14]

  8    10 ms     7 ms     7 ms  72.14.233.67
  9    35 ms    31 ms    47 ms  72.14.233.87
 10    35 ms    31 ms    31 ms  72.14.239.127
 11    38 ms    32 ms    39 ms  209.85.252.70
 12    32 ms    31 ms    31 ms  gy-in-f99.1e100.net [74.125.157.99]

Trace complete.

C:\Users\106>print route
Unable to initialize device PRN

C:\Users\106>route print
===========================================================================
Interface List
  8 ...00 1d 09 a1 83 e7 ...... Intel(R) 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
 11 ...00 00 00 00 00 00 00 e0  isatap.ronrawlings.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1       10.0.1.211     20
         10.0.1.0    255.255.255.0         On-link        10.0.1.211    276
       10.0.1.211  255.255.255.255         On-link        10.0.1.211    276
       10.0.1.255  255.255.255.255         On-link        10.0.1.211    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.1.211    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.1.211    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  8    276 fe80::/64                On-link
  8    276 fe80::c1ea:5dc7:520d:aebc/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\106>
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Sanitize would be to obscure your public IP like so:  74.xxx.119.17 Not that it is any big deal.

I still thing something has happened to the firewall on your ISA machine. To have pings go through demonstrates basic network connectivity. For other traffic not passing points to something in the ISA box that you are using as a router/firewall. Personally I quit using PCs for routers several years ago due to vulnerability and simplifying the network. I just had a particularly difficult troubleshoot last week where the Debian based router/firewall would pass all packets EXCEPT DNS. It sucked. Replacing it with a Linksys RV082 made everyone happy. Not saying that this is what you should do but consider the upside to moving networking to dedicated HW and leaving your server to do it's work for you LAN clients.

One thing that is interesting in your trace route, it appears that your 74.7.119.17 interface is going through 1 (172.18.244.97) or 2 (192.168.26.50) private IP networks before reaching the Internet. A problem  transversing either of these could be an issue.

0
 

Author Comment

by:JParra72
Comment Utility
74.7.119.17 is the gateway IP for the NIC that connects to the outside.  Do you think the NIC may be faulty?
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
I doubt it.
0
 

Author Comment

by:JParra72
Comment Utility
repalcing ISA with a firewall router could be a viable solution.   where would it connetc on the network?  we currently have a router that the ISP installed.  would this router connect to the firewall router then to the server?  
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Tell me more about your ISP.

What sort of service? DSL, cable, leased line Tx?

What make and model router did the ISP install?

If you connect a PC or laptop set for DHCP to the output of the router do you get a internet connection?

If so post the output of:
ipconfig /all
tracert google.com
route print

0
 

Author Comment

by:JParra72
Comment Utility
We have 3 T1 lines coming in to the bldg.  Im not sure what model router it is, but it is a cisco router.   when you say connect a laptop or PC and set for DHCP, do you mean to obtain an IP address automatically?  Do you want me to connect a PC directly to the router?   Our Server is currently hooked up to it, but it's IP address is static.   The tracert post I put uearlier is the result  (the 1st result)
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
That is considerably more complicated than a DSL or cable Internet connection and likely explains the private address range IPs that are showing up in the trace route results. Do all three T1 lines terminate in one router? Or are there multiple routers in the building that are somehow connected?

To simply replace the ISA with a router could be fairly simple, however the way these 3 T1 lines are set up could cause some problems. But lets go with simple so you get the idea:

Get a router like a RV042 or RV082 or ???

Reconfigure your ISA box to only use one network interface and set it up like:
IP 10.0.1.10 (if free)
NM 255.255.255.0
GW 10.0.1.1
DNS 10.0.1.1

Configure the WAN interface to:
IP 74.7.119.18
NM 255.255.255.248
GW 74.7.119.17
DNS -  whatever your ISP says or openDNS 208.67.222.222  and 10.0.1.10 as secondary

Configure the LAN interface to:
IP 10.0.1.1
NM 255.255.255.0

The router will now be connected in place of your ISA server and the ISA server will just be connected to the switch by one cable to the 10.0.1.10 interface. If you have incoming connections you will need to froward those to the ISA box using the new router.

OTOH maybe someone will come along and figure out what is wrong with your ISA box. Those are not my forte so aside from being fairly sure something is wrong with the firewall I'm of little help...
0
 

Author Comment

by:JParra72
Comment Utility
the 3 lines terminate on one router.
0
 

Author Comment

by:JParra72
Comment Utility
So I need to add an additional NIC?  Our ISA server is not its own dedicated server.  It is on the same box as our windows SBS 2003.
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
"the 3 lines terminate on one router."
If that is the router that is currently connected to your ISA box than that should be fairly simple.

"So I need to add an additional NIC?  Our ISA server is not its own dedicated server.  It is on the same box as our windows SBS 2003."
That is a wrinkle. The physical machine hosting the ISA and SBS servers currently has 2 NICs correct? If so then you will only need to use one of those.
Lets have some more details on the configuration of this machine.
VMware?
Who is hosting who?
Any other OSes in this box?
What boots up first?
How is networking configured?
What IP addresses are in this box?
0
 

Author Comment

by:JParra72
Comment Utility
VMware?  No

WHo is hosting who?  Not sure waht u mean.  all wkstations go through the SBS server to get out to internet.

OSes on Box?  SBS 2003 and Exchange.
What boots up first?  The router or the server.  Router is always on.
How is netwroking configured?  Don't know please elaborate, do you mean DHCP or static for wkstations?
What IP addresses are in this box?  DHCP gives out IP addresses 10.0.1.0 - 10.0.1.255.

Yes the box has 2 NICs one connects dirctly from the router, the other to the patch panel.   The one connected to the router has the external IP address (74.7.xxx.18) SM 255.255.255.248.  the other is 10.0.1.1 SM 255.25.255.0  The DNS is 10.0.1.1, alt is the one given from the ISP
0
 

Author Comment

by:JParra72
Comment Utility
Here is a simplified network diagram Here is a simplified network diagram
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
OK ISA is a part of SBS. Like I said previously, I'm not a big MS box-o-knowledge.

Depending on what you use ISA for you may be able to simply disable it as you move the routing/firewall services to dedicated HW.

Do you use the VPN on ISA?

Are there any other services on ISA that you use?
0
 

Author Comment

by:JParra72
Comment Utility
I do not use a VPN.   The following are the services used by ISA server

Microsoft Firewall
Routing and Remote Access
ISA server Job scheduler

Although it would be nice to set up a VPN.

Look at this diagram,  is this how I would set it up?  DO you recommend the D-link or netgear products?   Look at this diagram,  is this how I would set it up?
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Your SBS server will be connected just like the workstations at the top of your diagram with a single NIC connection. I would use 10.0.1.10 for the SBS server if it is available.

The new router/firewall will sit between the existing router and the "patch panel" (most likely a switch).

My current favorite small business router is the Linksys RV042 or RV082. Most of the time I use a 42 but if I need to set up custom DNS the 82 provides a table to enter names and IP addresses. Additionally the RV082 has a more robust processor which allows more VPN connections.
0
 

Author Comment

by:JParra72
Comment Utility
Like This?  Why 10.0.1.10 why not 10.0.1.1

like this
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Yes, like in the picture.

"Why 10.0.1.10 why not 10.0.1.1" because the router will be 10.0.1.1. When moving servers I have found it is best to change IP addresses so difficult to troubleshoot problems happen all at once, not over time.
0
 

Author Comment

by:JParra72
Comment Utility
what about the public IP address that I was using 74.7.119.18  do I need that so I can still send and receive emails through Exchange server?
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Incoming services like email will need to be forwarded to the SBS machine by the new router/firewall. For incoming email port 25 (SMTP) will need to be forwarded to IP 10.0.1.10 (if that is the IP of your SBS machine).

Here are some links:
www.dyndns.com/support/kb/routers_and_port_forwarding.html
www.tomsguide.com/us/hardware-router-need-to-know-2006,review-710-10.html
support.microsoft.com/kb/176466
0
 

Accepted Solution

by:
JParra72 earned 0 total points
Comment Utility
I figured out what was happening yesterday.  The NIC with the external IP addresses had the DNS server IP addresses specified.  They should have been left blank
0
 
LVL 7

Expert Comment

by:lewisg
Comment Utility
Wow!

Good find, not obvious though. How did you find that?

Leave it to M$ to putz something like that up. I wouldn't think it would cause a problem. In fact most routers need DNS specified on the external interface I'd still replace the ISA bit with a real router. Much less likely to be infected/compromised/hacked.
0
 

Author Closing Comment

by:JParra72
Comment Utility
was ble to figure out on my own
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now