SBS2003 Standard single NIC no internet

Posted on 2011-10-12
Medium Priority
Last Modified: 2012-06-21
Hi Guys,
I've been head scratching for most of today with this one so I (and the the customer) will be delighted if anyone can help.

I have and SBS2003 standard server with SP2 and all patches.
The server history is not completely known to me.

The single NIC is connected to a PPPoE router with its own public IP address.
Router is Netgear WGR614 v9.
The router has its DHCP server turned off

I have run the Email and Internet connection wizard successfully (originally had some issues but these were resolved by rebuilding the DNS forward and reverse lookup zones.

I can join a workstation to the domain using the connectcomputer wizard.
I can not browse the internet on the server nor on the joined workstation.
I can not browse the internet on my laptop (not on domain) which is connected to the router directly.

If I detach the server from the network, start the dhcp server on the router and ensure ipconfig /release and /refreshis run, then I can browse the internet on the workstation and my laptop which is attached to the router.

Stopping the router DHCP server and pluggingthe server backin stops me and the other domain workstation from browsing the internet.

One other issue is that the command prompt does not stay as a commed shell, it just flashes on the screen and disappears. so I can't do ipconfig /all >g:\file.txt soI can't paste here.

I have followed normal NIC setup procedure IE:
TCP/IP properties for the NIC are
IP address :
Subnet mask :
Default Gateway : (router address)

Primary DNS : (Server NIC)
Ec DNS : blank

When I run theSBS Int. Connection Wizard, I use:
Connection type : Broadband
My server uses : A local router device with and IP address
Pref DNS : (provided by local infrastructure guys)
Alt DNS :  (provided by local infrastructure guys)
LocalIP of Router :
I get the prompt about Only one network adapter configured for use. . . .firewall cannot be configured . . . warning about unauthorised access, etc. Do you want to view info? I click NO.
Web services Configuration : Allow access to only the following Website services from the internet (and all of the boxes were ticked.
Web Server Certificate : Create a new webserver certificate and I enter server.Domain.co.uk
Internet email : Enable internet email
E-mail delivery methode : Use DNS to route e-mail
E-mail retrieval : Use Exchange (only) and Email delivered directly to server
Email Domain name : domain.co.uk
REmove email attachements : Ticked Enable Exchange server rto remove and ticked all boxes
Then Clicked finished.

The wizard complets fine, but still no internet access on the server or anywhere

Can anyone help please. I'm on site with saw head !!!!

Question by:TrevorWhite
  • 7
  • 4

Author Comment

ID: 36957477
An update.
Looks like something is changing the Primary and Alter DNS setting to the Goolge ones and This may be the source of the problem.

Spotted it after going through and doublechecking that Connection wizard had done waht it said.

What is doing this please ??? Never seen it before ???

LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 36957493
I don't know, but it could be something happening when the CEICW tries to configure the router.  Anyway, what I would do is just open the DNS management console and remove the forwarders completely, and see if that works.  After that, if you want to you could put the forwarders back manually again and see if they work.

Author Comment

ID: 36957521
Hi Hypercat.
Those Google DNS were in the NIC props. I'll take a look at the DNS forwarders.
I'll post back

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.


Author Comment

ID: 36957544
DNS forwarders are still set as and
Listening on 192,168.1.248 (Server NIC)

I've just reset the NIC DNS manually but no go.
TRying to see what changes it and when.

Should I remove the DNS forwarders even tho they are OK ???

LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 36957645
If they're OK, then for now you can leave them. It's up to you whether to use them or not. If you do use them, keep in mind that if the ISP changes its DNS server IP addresses, then you will have browsing problems again at the point in time. That's why I usually don't use forwarders - but every IT expert has their own take on this topic.

It's very odd that something would change the NIC settings when you've set them manually.  I can't think of anything other than some sort of Trojan/malware or a deliberately created script of some kind that would do that. But on an SBS server (or any AD-integrated DNS server) it's definitely required that the NIC DNS settings point to itself.

Author Comment

ID: 36957704
good point about the ISP DNS settings - I'm going to see what the actual DNS setting are on the router when the connection works - if they are different I'll try your suggestion - maybe its tghese DNS settings (and the google DNS is another story)

I'll psot back - but yes most strange - but I have to fix this tonight as the office had ACT on this server !!!!


Author Comment

ID: 36957868
just got back on line again after testing the DNS forwarder removal. Setting router to use iSP provided DNS gives same settings as those configured. Have taken them out of the DNS forwarder anyway to be sure but no go.

This is getting desparate now. Can anyone help - - the Google DNS and cmd shell issues are concerning ????

LVL 38

Accepted Solution

Hypercat (Deb) earned 2000 total points
ID: 36958142
I'd have to go back to my comment above about a Trojan or some sort of malware or other type of script. If you are manually putting in the correct DNS setting (the server's own IP) and that is changing somehow, this is the only possibility that I can think of. Have you rebooted the server since we started working on this?  

Has there been any up-to-date antivirus/antimalware prevention software running on this network, particularly on the server? Are you just taking over management of this server or have you been working with it for awhile (I'm asking because of your comment about not knowing the server's history)? Also, how long has this problem been going on and was there anything done recently (like a change in ISP, driver or Windows updates, etc.)?

Author Comment

ID: 36958205
i'm just taking this over as of yesterday. was deployed in this office as liitle more than another machine with a piblished share on it. no pcs were part of the domain.

i have been preping for use as a proper domain controller. I'm going to run the Sophos Bootable AV to scan for any issues. I can't do that tonight as there are no CD's here.

There was several security progs on here - I removed these to stop them getting in the way during my setup - the plan is to use a sophos sbe on the final system anyway.

This problem was only apparent this morning - all was well last night before I left. At that time there was an AV (Symantec) on the system, but don't know if uptodate.

Anything else I can try before I tell the customer the bad news (IE have tpo work on this tomorrow)
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 36958430
Could be something that was there before but didn't cause any problems because the server wasn't being used as a real DC.  The only other thing I could think of for you to try would be to try updating the NIC drivers, but if it's a trojan that's not going to help either. I almost thought that you could completely remove the NIC drivers (delete the NIC from the device manager) and then reboot and let it reinstall, or maybe install manually with more up-to-date drivers. That might be a difficult task, since SBS will complain ALOT during the process.

Author Closing Comment

ID: 37157960
Server must have been infected with virus not detected by previous AV
REbuild after format of drive fixed the problem.

Sorry fro delayed closure of this issueu and short comment here.


Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question