Cannot connect to internet
I have a XP client on a SBS 2003 domain. I get handed an IP address. I can RDP to the PC and it can ping LAN IPs but it cannot connect to the internet. DNS on the server shows an A record in the Forward Lookup zone to the correct computer name and a PTR to the correct IP address that is assinged to the PC through DHCP. I have restarted the computer, checked to make sure the DNS and DHCP clients are running, there are no firewall rules preventing it from connecting, I have run Spybot and Malwarebytes and found no malware to be installed.
Help?
Help?
"paste results of that here"
i mean, paste sanitized results here... we dont need to see your external ip addresses or routes - just if it gets to the destination, stops at a switch before your gateway, or at your gateway... or what
i mean, paste sanitized results here... we dont need to see your external ip addresses or routes - just if it gets to the destination, stops at a switch before your gateway, or at your gateway... or what
Can the PC connect with a browser to a site like Google using the IP such as http://74.125.226.50 ?
If so it is a DNS issue. Make sure the PC points only to the SBS and the SBS has current ISP's DNS servers listed under forwarders.
If not, can the PC ping the gateway address? Is the gateway address on the PC correct?
Might you have a commercial grade router that limits the number of users that can connect to the Internet. Many units have a specific # of users licenses and the next user is blocked when the license limit is exceeded.
If still having problems please post the results of IPconfig /all from both the server and problematic workstation.
If so it is a DNS issue. Make sure the PC points only to the SBS and the SBS has current ISP's DNS servers listed under forwarders.
If not, can the PC ping the gateway address? Is the gateway address on the PC correct?
Might you have a commercial grade router that limits the number of users that can connect to the Internet. Many units have a specific # of users licenses and the next user is blocked when the license limit is exceeded.
If still having problems please post the results of IPconfig /all from both the server and problematic workstation.
ASKER
Hi. I cannot copy and paste the window. I am connecting through LogMeIn to the server and then RDP to the workstation. 
I did take a screenshot though. I could write a book abou the situation and would still miss some important piece of information.
i cannot ping 8.8.8.8
i cannot ping the Google IP address or browse to it.
Tracert 8.8.8.8 does not get past the firewall. see capture 2.jpg
The gateway address is correct and I can ping it.
All other users, including the Small Busines Server, can connect to the internet.
Thanks
capture-2.jpg
I did take a screenshot though. I could write a book abou the situation and would still miss some important piece of information. i cannot ping 8.8.8.8
i cannot ping the Google IP address or browse to it.
Tracert 8.8.8.8 does not get past the firewall. see capture 2.jpg
The gateway address is correct and I can ping it.
All other users, including the Small Busines Server, can connect to the internet.
Thanks
capture-2.jpg
I see it has an IP of 192.168.111.102 is this a Watchguard firewall (their default)? If so there are license limitations. If for example you have 10 licenses the 11th user will be blocked from Internet access. If you suspect this and you reboot the router the user will likely be able to connect but again the 11th or #of licenses +1 user will not be able to.
wait i missed the part about dot 102 where's that from?
can you do a screenshot of this command:
route print
just to be sure... but Rob's right in that the problem lies in the router. weather it's licensing, or poorly configured one-to-one outbound nat remains to be seen
what kind of rules do you have in the firewall for outbound translation? i've seen more than a few times where a local internal ip was told to appear as an external ip address which was outside the subnet
don't post your external details here even in a screenshot - edit out some stuff with mspaint
for example if your outside ip's are like 10.20.30.40 we only need to see 10.xx.xx.40
can you do a screenshot of this command:
route print
just to be sure... but Rob's right in that the problem lies in the router. weather it's licensing, or poorly configured one-to-one outbound nat remains to be seen
what kind of rules do you have in the firewall for outbound translation? i've seen more than a few times where a local internal ip was told to appear as an external ip address which was outside the subnet
don't post your external details here even in a screenshot - edit out some stuff with mspaint
for example if your outside ip's are like 10.20.30.40 we only need to see 10.xx.xx.40
ASKER
RobWill; You are correct. That is impressive. It is a Watchguard Soho 6. It has 10 licenses on it. I logged into it and it doesnt show how many are in use or to what computers. There are less than 10 computers on site. What do you suggest?
bryon44035v3 - my apologies. I will note that for future reference. I'm a rookie I guess.
bryon44035v3 - my apologies. I will note that for future reference. I'm a rookie I guess.
Try rebooting the router. I have seen guests, printers, and other devices take up licenses. Rebooting resets the counter. If it resolves the problem at least you know what the problem is. You can then decide if you need more licenses or perhaps it was just a temporary problem due to guest computers. By guests I mean if a user plugs another device into the network such as their personal laptop, the router registers the MAC address. It will never release that MAC, which is tying up a license, until you reboot the router. Watchguards usually have a reboot option in the router management page so you can do it remotely. As I recall the SOHO 6's are a little slow to reboot so don't panic when you can't reconnect.
ASKER
yeah I was browsing through the router settings and found that it lists 10 different IP addresses. But it doesn't have any kind of 'reset' that would allow me to release all of the licenses. I will try and just a power reset on the router though - that will probably take care of it. I will report back though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That did it Rob. This was my best experience with EE so far. I was gonna cancel it. But this got done quickly and I would have never thought of router licensing.
Thanks
Thanks
ASKER
Great job by RobWill. Thanks
Glad we could help. Thanks mattmcglone.
Cheers!
--Rob
Cheers!
--Rob
ASKER
Rob - we did a restart of the Watchguard and thought that resolved it but now nobody can get on the internet now ... Uggh
Can you see if all 10 licenses are taken? As mentioned if 10 devices connect before the SBS nobody will have DNS. Test from a client if they can connect to http://74.125.226.50 if so the SBS does not have a license. You may also be able to match up by IP's and MACs. but I don't recall what information the SOHO gives you as to licensed clients.
Any luck?
I am headed out for a couple of hours shortly, but will check back on return.
I am headed out for a couple of hours shortly, but will check back on return.
ASKER
I had them shut down the server, the router, the DSL modem and all workstations. They restarted everything and everyone is working. All 10 licenses are in use on the router. I still cannot see how I can release licenses. I just emailed her a recommendation for either a license upgrade or a replacement router. Thanks for following up Rob.
>>"I still cannot see how I can release licenses"
You can't. Only a reboot resets it. It is intentional by the router manufacturers.
You don't need to reboot clients or server, just when you reboot the router make sure you connect to the internet from the server right away before 10 other users do. When a device tries to make any connection through the Watchguard to the Internet it registers the MAC and assigns a licenses. First come, first served.
To purchase licenses with Watchguard you need to have an active service contract, which you can buy now if you don't have one, purchase the licenses, then install on the router via the key. The catch is a year later if the service contract expires and you have to wipe and reload the router, even though you have the key it won't install if it can't verify your router has an active service contract. At least that is how it used to work, I haven't licensed one for quite a few years.
Most commercial routers; Watchguard, Sonicwall, Cisco, and so on have these licensing requirements and each has their own little 'quirks'.
You can't. Only a reboot resets it. It is intentional by the router manufacturers.
You don't need to reboot clients or server, just when you reboot the router make sure you connect to the internet from the server right away before 10 other users do. When a device tries to make any connection through the Watchguard to the Internet it registers the MAC and assigns a licenses. First come, first served.
To purchase licenses with Watchguard you need to have an active service contract, which you can buy now if you don't have one, purchase the licenses, then install on the router via the key. The catch is a year later if the service contract expires and you have to wipe and reload the router, even though you have the key it won't install if it can't verify your router has an active service contract. At least that is how it used to work, I haven't licensed one for quite a few years.
Most commercial routers; Watchguard, Sonicwall, Cisco, and so on have these licensing requirements and each has their own little 'quirks'.
ping www.google.com
(does it resolve to an ip? if so, what? does it reply?)
ping 8.8.8.8
does it reply?
tracert 8.8.8.8
paste results of that here
ipconfig /all
look at what you have for default gateway, and ping that.. for example:
ping 192.168.1.1
does it reply?