LAN says connected, but can't hit internet

Look in IE, Tools, Internet Options, Connections, LAN Settings and ensure all three check boxes are unchecked. If either Auto or Proxy are checked, it can cause the effect you see.

... Thinkpads_User

How do you have the IP settings setup on the computer? Do you have it pointing to any specific DNS servers? This could be a cause of internet connectivity issues if you do not have DNS set up properly.

Can you ping external sites? (IE: cmd > ping www.google.com)

If you are using a proxy server in your company make sure you have that setup in the Internet connections under Control Panel.

The first thing I would check is the proxy server setting in IE
Also I would check pinging.

@Thinkpads_User - all three boxes were unchecked
@tracerfett - IP/DNS settings are both set to obtain automatically.  User CAN ping www.google.com:

Packets sent – 4
Received – 4
Lost – 0 (0% loss)

@rindi - no proxy servers.  This is a small 3 person remote office set up with a normal (Century Link) internet connection.  Nothing fancy, just connects them to the internet and that's all.

Take one of the machines and temporarily disable Sophos to see if that helps.

... Thinkpads_User

I would take Thinkpads_User suggestion and disable Sophos I would also disable windows firewall too

User disabled Sophos Anti-virus in the list of services but still no luck.

>>> same load as always.  (from an earlier post).

If everything is the same except Sophos and you disable it without success, is it then possible that the image is sufficiently out of date that newer updates somewhere else have affected it.

You have 1 computer (at least) there to play with. Can you build this fresh and then see what happens.  

... Thinkpads_User

check the basics - assign an unused static IP address and see if it gets anywhere.

check with an alternative browser like chrome or firefox, especially if pings are replying.

rename the hosts file in c:\windows\system32 just in case there's an entry in there that is causing misdirects. if it doesnt help then you can simply rename it back to the original.

Is there any chance you have IP to MAC address static mapping enabled on the router or switch

I have seen this same error caused by a Draytek 2820 router, although the change in PC disproves it slightly, one way to test is setting  static IP settings on the PC to an IP that you know works or is pre tested as working....

Just a suggestion....

1 - ipconfig /flushdns
2 - Try with different browsers
3 - Check to make sure this computer is receiving the correct gateway setting.

@kronovide - assigning a static IP to the machine worked fine.  

Now the question is, why would it work fine with a static IP but not pulling DHCP?  

As for other browser(s)...we use Microsoft CRM in our company and have to use IE for it so IE must be in working condition regardless of whether another browser works.

@DLeaver - no IP to MAC assignments.  Just a standard gigabit netgear plug n play switch

Ok,....

If you get an IP via DHCP can you ping the default gateway address?

It appears you have a conflicting virtual adapter or internet explorer settings:

First off, if you can't get to the internet, but can the intranet files and printers, this problem is not a switch / router / or DHCP problem with the DHCP address. Otherwise, your other DHCP clients will have the same problems.

So, you probably have his internet explorer to go through an Internet proxy... OR you have a VPN configured with the default gateway and the computer can VPN from work to work but not get through the VPN default gateway...

The solutions to each of these:
(Internet Proxy for IE)-Open up Internet Explorer: Go to TOOLS>>INTERNET OPTIONS>>CONNECTIONS TAB>>AND DISABLE AN INTERNET PROXY AND ENABLE AUTO CONFIGURATION SETTINGS

(VPN)-If you configured a vpn adapter, that VPN connection will show up as a workplace connection. On VPN connections I always DELETE the default gateway. The default gateway tells the computer to go through that route for default traffic routing. So, at home your client can connect to the VPN and all traffic could be going all the way back to work and out the work VPN gateway. Most of the time, you will see a VPN client without the ability to get to the internet AT HOME, not at work. Nevertheless, having the default gateway configured on the VPN connection messes up the routing table of the computer. So, if this is the case, you will probably have to flush the ARP cache as well as delete the default gateway address on the VPN connection. Another thing you might consider is disabling the VPN while at work so it doesn't confuse the machine.

The idea that the computer user's account doesn't work, while others at work use the same computer and have no problems with the internet basically concludes this is a configuration setting for that given profile. Both of the above fixes are profile specific.

One last thing: If you can't get outside your network, then it can often be a DNS related problem: I suggest you type at the command prompt: IPconfig /all >> ipconfig.txt   Then, take that IPconfig.txt of this computer and post it on EE for experts to evaluate the settings of your default gateway and preferred DNS servers for this problem child client machine.

@ChiefIT - The Proxy servers has already been done, and if proxies were enabled then why would it work from home?..You could apply the same logic to a corrupt or misconfigured VPN connection (which has never been mentioned by the Asker who has been very thorough in his network detailing so far).  I'm not trying to put you down and I respect your status here, just not convinced that is the issue just yet....

Update to the issue:

Yesterday, everything was working fine after we assigned the static IP and manually entered the DNS settings.  The user left for a few meetings and upon returning, his Outlook client would work, but Internet Explorer would not work.  

I had him remove the static IP address but leave the DNS settings in there.  So currently, the IP is pulling via DHCP, but DNS is manual.  Everything worked then.  

Still unsure why it would work fine one minute and not the next.  I will check with the user this morning and see if he is still able to connect to the internet.

Update:  the user came in this morning and is able to use Outlook fine for email, but internet explorer is not working again.

Seems unusual that this should happen on more that one PC as you say this is a new build but try resetting the IP stack as below

Switch to DHCP and let it get an IP etc

Go to an elevated command line and type:

netsh int ip reset reset.log

Restart the PC

See if this resolves the issue

This is strange that DHCP works for others. Are you sure there isn't another rogue DHCP server that's providing bad information?

Maybe check the DHCP logs, as well as going to the server's command prompt and typing DHCPloc.exe to see what servers are offering DHCP. Your DHCP scope options on the server will pass down the DNS servers. If it works for some, it should work for all unless, another server is passing bogus info on the same subnet.

I had the user login under a different profile on the machine and same result so it's not a profile thing.

Trying the netsh reset now.

No luck on that

If I remember correctly when you enter static ip information you're able to connect. When you enable DHCP you're not able to connect. If this is correct please post a copy of the settings for each.

When the PC is connected to the network you can connect to Outlook as I'm guessing it is connected to your Exchange server which its resolving to through at least NetBIOS.  It fails to the internet because it cannot resolve domain names using the same method.

Can you ping -a 8.8.8.8 and do you get a successful reply with a FQDN or just the IP?

If you do then you would assume it is DNS issue, but why just this PC.....

When you put the PC on DHCP does it always give you the same IP?

@OOsorio:  when I assigned static IP and static DNS, it worked fine.  User then left for a period of time, came back, and Outlook worked, but not IE.  I then had them remove the static IP but leave the static DNS and again, everything worked fine, until they left and came back and Outlook worked but not IE.  I then had them remove the static DNS and so they were pulling IP and DNS automatically and it worked.....until the following morning and it stopped.

Today I had them login under a different profile, no luck.  Enter static DNS, no luck.  Do the netsh reset in cmd, no luck.

I am now having them try the ping -a 8.8.8.8

Back to your original posts, and what follows:  Most of the ideas here work for most of us most of the time.

So what do you think about your idea it might be two bad computers?

Is there one of them that you could wipe clean, put *just* the OS on it and see if it connects properly?

.... Thinkpads_User

pinging -a 8.8.8.8 came back with a Request Timed Out 100% loss.

If it's two bad computers, I'd be shocked, but that could very well be the case.  I just find it HIGHLY ironic if it is two bad computers.  I can try sending another down there but he would have to send one back for me to wipe and then I'd have to send it back to him.  May just be easier for me to image one and put his data on it and send it to him and see if a third messes up.

Did you use the same image on both PC's?  This may be the root of the issue, a bad image?....

The other part of the issue is that this is happening at a scheduled time, as it works one day and then stops over night.  So this would mean you have a scheduled task taking place either through Windows or an app or there may be an issue with the NIC's power savings settings.  Have you tried updating the NIC drivers?

how many client access licenses (CALS) are you using?

Some routers also ONLY offer 10 access licenses by default. What MAKE/MODEL is your router. It sounds like you might be getting a good DHCP, but not through the router.

I'll bet only ten connections through the router because of either Server CALS, or router access licenses.

@DLeaver:  two different images as they are two different model computers.  While it did stop working overnight, it also stopped working in the middle of the day when user left and came back from a meeting
@ChiefIT: There are only 3 users and 6 total devices in this office

Ok, if you go to the power management settings in the network cards hardware properties, is turn off the device to save power enabled?  I would disable this feature.  Its a bit of a long shot that this has caused the issue, but I can only think of this or the MTU settings on the network card that could be causing an issue outside of a virus or faulting software on the PC....anything in event logs?...

3 computers can have EASILY, 10 user sessions.. 1 server admin, three users, system updloads/downloads, etc... After the 10th one, the CALs on the router will knock you down. This would explain why the one users is having difficulty...

This really sounds like the CALs on the router, knocking down your 10th session through the router... Call your router manufacturer and see if there are Access licensing through the router for that make/model....

Internet enabled mobile phones are another reason router CAL's get used up too..

I have seen this before, on SonicWALL TZ 150's we used to use.

When the user went to use the internet they would receive notification that the licenses had run out, in a pop up dialog box - do you get this?

It depends on what router you are using but if this was the case why would it work and then not work just for that PC?  As in, other users would experience the issue as well if they logged in after the problem PC user....just thinking aloud really....

No really because the router remembers who was logged in (PC's, devices, etc.). The theory can be proved by restarting the router, then your assumption can be tested.