Cannot connect to internet

I have a XP client on a SBS 2003 domain. I get handed an IP address.  I can RDP to the PC and it can ping LAN IPs but it cannot connect to the internet.  DNS on the server shows an A record in the Forward Lookup zone to the correct computer name and a PTR to the correct IP address that is assinged to the PC through DHCP.  I have restarted the computer, checked to make sure the DNS and DHCP clients are running, there are no firewall rules preventing it from connecting, I have run Spybot and Malwarebytes and found no malware to be installed.  

Help?

mattmcgloneAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
from a command prompt on the client XP...

ping www.google.com
(does it resolve to an ip?  if so, what?  does it reply?)

ping 8.8.8.8
does it reply?

tracert 8.8.8.8
paste results of that here

ipconfig /all
look at what you have for default gateway, and ping that.. for example:
ping 192.168.1.1
does it reply?
B HCommented:
"paste results of that here"

i mean, paste sanitized results here... we dont need to see your external ip addresses or routes - just if it gets to the destination, stops at a switch before your gateway, or at your gateway... or what
Rob WilliamsCommented:
Can the PC connect with a browser to a site like Google using the IP such as http://74.125.226.50 ?
If so it is a DNS issue. Make sure the PC points only to the SBS and the SBS has current ISP's DNS servers listed under forwarders.
If not, can the PC ping the gateway address? Is the gateway address on the PC correct?
Might you have a commercial grade router that limits the number of users that can connect to the Internet. Many units have a specific # of users licenses and the next user is blocked when the license limit is exceeded.

If still having problems please post the results of IPconfig /all   from both the server and problematic workstation.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

mattmcgloneAuthor Commented:
Hi. I cannot copy and paste the window. I am connecting through LogMeIn to the server and then RDP to the workstation.   Screenshot of ipconfig /all I did take a screenshot though.  I could write a book abou the situation and would still miss some important piece of information.  

i cannot ping 8.8.8.8

i cannot ping the Google IP address or browse to it.

Tracert 8.8.8.8 does not get past the firewall. see capture 2.jpg

The gateway address is correct and I can ping it.

All other users, including the Small Busines Server, can connect to the internet.  

Thanks






capture-2.jpg
Rob WilliamsCommented:
I see it has an IP of 192.168.111.102  is this a Watchguard firewall (their default)? If so there are license limitations. If for example you have 10 licenses the 11th user will be blocked from Internet access. If you suspect this and you reboot the router the user will likely be able to connect but again the 11th or #of licenses +1 user will not be able to.
B HCommented:
wait i missed the part about dot 102 where's that from?

can you do a screenshot of this command:
route print

just to be sure... but Rob's right in that the problem lies in the router.  weather it's licensing, or poorly configured one-to-one outbound nat remains to be seen

what kind of rules do you have in the firewall for outbound translation?  i've seen more than a few times where a local internal ip was told to appear as an external ip address which was outside the subnet

don't post your external details here even in a screenshot - edit out some stuff with mspaint

for example if your outside ip's are like 10.20.30.40  we only need to see 10.xx.xx.40
mattmcgloneAuthor Commented:
RobWill;  You are correct.  That is impressive.  It is a Watchguard Soho 6.  It has 10 licenses on it. I logged into it and it doesnt show how many are in use or to what computers.  There are less than 10 computers on site.  What do you suggest?  

bryon44035v3 - my apologies. I will note that for future reference. I'm a rookie I guess.
Rob WilliamsCommented:
Try rebooting the router. I have seen guests, printers, and other devices take up licenses. Rebooting resets the counter. If it resolves the problem at least you know what the problem is. You can then decide if you need more licenses or perhaps it was just a temporary problem due to guest computers. By guests I mean if a user plugs another device into the network such as their personal laptop, the router registers the MAC address. It will never release that MAC, which is tying up a license, until you reboot the router. Watchguards usually have a reboot option in the router management page so you can do it remotely. As I recall the SOHO 6's are a little slow to reboot so don't panic when you can't reconnect.
mattmcgloneAuthor Commented:
yeah I was browsing through the router settings and found that it lists 10 different IP addresses.  But it doesn't have any kind of 'reset' that would allow me to release all of the licenses.  I will try and just a power reset on the router though - that will probably take care of it. I will report back though.
Rob WilliamsCommented:
No there is no license counter reset, just a reboot.
For the record if you have 10 devices, or more, make sure you force the server to connect to the Internet first so that it grabs a license. Without the server being licensed, no DNS, without DNS everybody will be down :-)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mattmcgloneAuthor Commented:
That did it Rob. This was my best experience with EE so far.  I was gonna cancel it. But this got done quickly and I would have never thought of router licensing.  

Thanks
mattmcgloneAuthor Commented:
Great job by RobWill.  Thanks
Rob WilliamsCommented:
Glad we could help. Thanks mattmcglone.
Cheers!
--Rob
mattmcgloneAuthor Commented:
Rob - we did a restart of the Watchguard and thought that resolved it but now nobody can get on the internet now ... Uggh
Rob WilliamsCommented:
Can you see if all 10 licenses are taken? As mentioned if 10 devices connect before the SBS nobody will have DNS. Test from a client if they can connect to http://74.125.226.50  if so the SBS does not have a license. You may also be able to match up by IP's and MACs. but I don't recall what information the SOHO gives you as to licensed clients.
Rob WilliamsCommented:
Any luck?
I am headed out for a couple of hours shortly, but will check back on return.
mattmcgloneAuthor Commented:
I had them shut down the server, the router, the DSL modem and all workstations. They restarted everything and everyone is working.  All 10 licenses are in use on the router. I still cannot see how I can release licenses. I just emailed her a recommendation for either a license upgrade or a replacement router.  Thanks for following up Rob.
Rob WilliamsCommented:
>>"I still cannot see how I can release licenses"
You can't. Only a reboot resets it. It is intentional by the router manufacturers.

You don't need to reboot clients or server, just when you reboot the router make sure you connect to the internet from the server right away before 10 other users do. When a device tries to make any connection through the Watchguard to the Internet it registers the MAC and assigns a licenses. First come, first served.

To purchase licenses with Watchguard you need to have an active service contract, which you can buy now if you don't have one, purchase the licenses, then install on the router via the key. The catch is a year later if the service contract expires and you have to wipe and reload the router, even though you have the key it won't install if it can't verify your router has an active service contract. At least that is how it used to work, I haven't licensed one for quite a few years.

Most commercial routers; Watchguard, Sonicwall, Cisco, and so on have these licensing requirements and each has their own little 'quirks'.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.