Solved

SBS 2008 internet connection status Not Connected

Posted on 2012-12-30
65
807 Views
Last Modified: 2013-01-07
Hey guys,

I'm stumped. I have here a DC SBS 2008 that has full Lan access, but no internet access.  I'm not able to Ping "google.com" but it resolves to the IP and get request timed out.  Anything internal works.  I tried a tracert to google and it only gets to the first hop.  This server has 2 Nics, but only 1 is enabled, Windows firewall is turned off.  the AV is Viper which has no firewall features and I can Ping the gateway.  I do have ASA firewall and am able to successfully run packet tracer from server IP to googles IP, however HTTP and HTTPS is opened for this server and I am able to RDP to the server from home via RWW..  All PCs and servers on the LAN have internet access.

any help would be great!
0
Comment
Question by:regmandy
  • 28
  • 20
  • 16
  • +1
65 Comments
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38730892
What happens if you ping and tracert to 4.2.2.1?
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38730893
Try restarting the DNS Server and DNS Client in services.

Go to Start - Administrative Tools - Services

Right Click on DNS Server - click restart
Righ click on DNS Client - click restart
0
 

Author Comment

by:regmandy
ID: 38730928
tracert to 4.2.2.1 gives me the same result as going to google.  1st hop goes to the gateway and times out after.

Restarted DNS server and client no change.
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 38730953
It indeed seems like you are not connected to the internet.
Try pinging your ISP default gateway.
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38730987
Is ping allowed through the ASA?  When you do it look at the real time logging using the ASDM and see if you are getting denies.

I guess I should ask if this connection has worked in the past in the current configuration (both hardware and software) and if so have any config changed been made to the ASA.
0
 

Author Comment

by:regmandy
ID: 38731060
ping is allowed out from inside.  I am unable to telnet to say google.com either where I can from other machines/servers inside the network.  The only thing is the ASA was recently reloaded to clear up some memory issues.  There was a backup run of the config, the reload was done then the config was reloaded and saved to mem.   I have to admit, ASA is not my strong point, however like I said I was able to do a packet trace on the ASA from the servers internal iP to google.coms IP.

the ISP gateway shouldnt be the issue as it's the same used for the rest of the network.  All other PCs and servers(with same gateway etc) have internet access.  

I'll run another test and check the realtime logs.  last time I checked I didn't see anything come from the source IP which in my mind should be the servers IP..
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731069
Yeah thats what I would do just to see if the traffic is even making it to the firewall.

ASA ASDM GUI - Click monitoring on the top, click logging at the bottom, click view in the middle
0
 

Author Comment

by:regmandy
ID: 38731081
Looks like from the log that it's getting through, but the server it's showing timed out?.  

6      Dec 30 2012      13:07:41      302020      (Servername)      1      74.125.228.99      0      Built outbound ICMP connection for faddr 74.125.228.99/0 gaddr myispgateway/1 laddr CE-DC00/1

6      Dec 30 2012      13:07:41      302021      74.125.228.99      0      (Servername)      1      Teardown ICMP connection for faddr 74.125.228.99/0 gaddr myispgateway/1 laddr CE-DC00/1
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731142
What if you do a telnet yahoo.com 80

What does the log show?
0
 

Author Comment

by:regmandy
ID: 38731161
telnet to yahoo.com 80

6      Dec 30 2012      14:07:33      302013      98.139.183.24      80      (Servername)3100      Built outbound TCP connection 1402777 for outside:98.139.183.24/80 (98.139.183.24/80) to inside:(Servername)/3100 (externalgatewayIP/3100)

6      Dec 30 2012      14:08:03      302014      98.139.183.24      80      (Servername)      3100      Teardown TCP connection 1402777 for outside:98.139.183.24/80 to inside:(Servername)/3100 duration 0:00:30 bytes 0 SYN Timeout

I did notice I have a different IP then when I ping from another machine.  get the same results telneting to the other iP on port 80
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731228
Maybe it's worth trying thre basics...
As it is SBS it always worth running Fix my Network
Have you tried this yet?
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731297
You are getting this on the sbs server and other pc's right?  Or is it just the sbs.
0
 

Author Comment

by:regmandy
ID: 38731315
this is just the SBS server.. all other PCs and servers have internet access..

I've tried the fix my network to no avail..
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731316
Can you please check that your Network Adapter (LAN) TCP/IP IP address, Default gateway, Router and DNS are configured with the correct settings.
0
 
LVL 4

Assisted Solution

by:wrwiii12
wrwiii12 earned 250 total points
ID: 38731319
Yes I agree with Waynepre.  Check that your gateway address on the server is the same as the working PCs.  If it is do a arp -a and ensure it sees it as the right MAC.
0
 

Author Comment

by:regmandy
ID: 38731324
yup, I've gone over them a few times thinking I'm missing something stupid.  

I've compared to another server I have and settings match other than the IP(of course).

IP 192.168.20.5
SubMask 255.255.255.0
GW 192.168.20.239
prim DNS 192.168.20.5
sec DNS 192.168.20.15
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731327
Can you please try removing the sec DNS and change the prim DNS to Google 8.8.8.8

and let us know if the internet works on the server then?
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731328
what if you do the arp -a from the working server and from the non working server?  is the mac the same for both for the gateway IP?
0
 

Author Comment

by:regmandy
ID: 38731329
ok I'll check the arp

from the second DC
192.168.20.239        e0-5f-b9-e9-e9-f9     dynamic

from the primary thats having issues
192.168.20.239        e0-5f-b9-e9-e9-f9     dynamic
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731334
I know this might be a little redundant but for comparison sake can you turn on the asa monitoring again.  Do a telnet yahoo.com 80 from the bad server and then from the good server and see if the traffic is the same?

You have some weird stuff going on.
0
 

Author Comment

by:regmandy
ID: 38731360
definitely got some weird stuff going on..

changed the DNS to 8.8.8.8 and still unable to get to the internet, Ping denied.
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731362
oooooook.... ummmm.....

I take it you are using the Exchange on the SBS server???

If so are you able to send an email and receive to / from externally?
0
 

Author Comment

by:regmandy
ID: 38731368
From the server having issues..
telnet yahoo.com 80

6      Dec 30 2012      16:29:11      302013      72.30.38.140      80      CE-DC00      40009      Built outbound TCP connection 1449336 for outside:72.30.38.140/80 (72.30.38.140/80) to inside:CE-DC00/40009 (142.166.210.193/40009)

6      Dec 30 2012      16:29:41      302014      72.30.38.140      80      CE-DC00      40009      Teardown TCP connection 1449336 for outside:72.30.38.140/80 to inside:CE-DC00/40009 duration 0:00:30 bytes 0 SYN Timeout

telnet yahoo.com 80 on server with internet access
6      Dec 30 2012      16:31:19      302013      98.139.183.24      80      192.168.20.15      53198      Built outbound TCP connection 1449978 for outside:98.139.183.24/80 (98.139.183.24/80) to inside:192.168.20.15/53198 (CE-ENTELIWEB_OUTSIDE/53198)

6      Dec 30 2012      16:33:20      302014      98.139.183.24      80      192.168.20.15      53198      Teardown TCP connection 1449978 for outside:98.139.183.24/80 to inside:192.168.20.15/53198 duration 0:02:00 bytes 0 TCP FINs

the difference also..  server A not working is sbs 2008..  server B with internet access is server 2K8 R2.
0
 

Author Comment

by:regmandy
ID: 38731374
yes SBS is exhange.  external email is what started this.  internal email works fine, external is not.  we are using SBS pop connector to connect to the ISPs server for external mail.  I am able to login a mailbox using webmail and see there are emails.. so the problem is this server not able to connect to internet for the pop connector to get what it needs.  I'm tying the internet and email issues together.
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731377
In the SBS Console can you please re run Connect to the Internet.
Are you able to RDC to the server from the server that does work?
0
 

Author Comment

by:regmandy
ID: 38731385
when I run connect to the internet, it finds the gateway and ip.  from what I understand I don't have to configure it since it's the gateway is a 2900 series cisco.  but I have to manually configure the ports to be open.  THis server is running exchange, DHCP and DNS but not sharepoint.  so those ports are open on the ASA 5510.

I am currently connected remotely from home using RWW.  and yes I am able to connect using RDC within the network.

and Thank you all so far for your advice.. this ones got me stumped good.
0
 

Author Comment

by:regmandy
ID: 38731388
I did notice when running telnet to yahoo from multiple different machines that the outside interface is different on the servers that have internet access compared to the one which does not.  the server with no access seems to be trying to use the external Gateway.  looking at the logs I've posted above.  I'm not sure if this would be a routing issue on the firwall or not?
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731393
The firewall was going to be my next suggestion, do you have a working backup of the config that you could restore to?
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731396
Do you have a static or dynamic public IP?
0
 

Author Comment

by:regmandy
ID: 38731401
static public IP.  I have a backup of the firewall to put me back in the current state..
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731405
in the current state or a state of which you know works?
0
 

Author Comment

by:regmandy
ID: 38731410
no the current state which doesn't work.  I tried to restore the config to the most recent which is Feb.  and I have the same issue.  The server was working last week prior to the ASA reboot due to memory issues..  I just took over administering this building.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 3

Assisted Solution

by:Waynepre
Waynepre earned 250 total points
ID: 38731412
Between me, you and wrwiii12 we have been working on this for over 5 hours now and it seems we are not getting any closer to resolving your issue. I think it might be worth having a second pair of eyes going over the config of your server. Would you allow remote access?
0
 

Accepted Solution

by:
regmandy earned 0 total points
ID: 38731421
sure thing..  I agree on the second pair of eyes.  let me know which tools you prefer..
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38731432
For security i think it might be best if you email me d(etails are on my profile). I will send you the details over email.. But we should always update this forum with our results.
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38731582
Yeah if you are getting 2 different IPs on public I think there is a config issue too.

Good luck and let me know if you need a 3rd set of eyes.
0
 

Author Comment

by:regmandy
ID: 38733695
well, it looks like it certainly is a firewall issue thats blocking the .5 internal IP.  I changed the IP on the server to .8 and internet was back up with all functionality..  I changed IP address in the network object of my ASA to the new IP and saved it to mem, hopeing that the .8 would be blocked and I could reconfigure to the .5 IP to keep all the services running with the original IP, but unfortunately that had no effect.

So do I need to open a new question for this or can I continue as this issue is not yet fully resolved.  

Thank you Waynepre to giving me someone to bounce ideas from.  you were certainly committed to this and I appreciate it..  Can I give points for that?  8o)
0
 

Author Comment

by:regmandy
ID: 38733696
So do we have anyone here who is good with ASA5510 that can help me by perhaps looking at my ACL?  see what I'm missing?
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733699
I am here for you.  Do you want to do a remote session or post your sanitized config here?
0
 

Author Comment

by:regmandy
ID: 38733713
we can do a remote session if you rather.. for someone who knows ASA, this should be fairly simple.
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733720
Ok we will update this ticket after the fact.  

Shoot me an email to the email on my profile please.
0
 

Author Comment

by:regmandy
ID: 38733722
I was going to but don't see one in your profile..  8o)
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38733723
Good luck guys... Let me know how you get on and did it..

Email me with details on my profile....

Happy New Year to all..
0
 

Author Comment

by:regmandy
ID: 38733726
Will do Wayne..  thank again!
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733780
Odd!!!

Skype - wrwii12
or
william at whitneysolutions dot com
0
 

Author Comment

by:regmandy
ID: 38733789
can't find that name in skype so sent you an email
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38733822
Gents if you need me Skype me on waynepre might us be worth adding each other to help each other in future if you like..
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733828
Sounds good to me.  My skype name is wrwiii12, i missed an i.

He will be able to give more info later on to confirm but it seems like it might have been a bad NIC issue.
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38733859
Ah, NIC or firewall?? as the firewall isn't accepting 192.168.20.5?

at first we thought it could have been the router, but then digging deeper we thought it was the server so digged deeper into that. The server could do with being rebuilt at some point but that is gonna be a massive job.

I think once Reg has this little issue resolved he will be fine until he decides what he wants to do... I have spoken to my Cisco expert but he is drunk would you believe lol... So I will have a chat with him tomorrow if there still is an issue with the firewall.

Just had a thought, if it still is the firewall and not the NIC is it worth resetting the firewall back to factory settings upgrade the firmware and reconfigure..??

If its the NIC change to the second NIC that is currently disabled.
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38733860
I should have said, when I left Reg it looked like a firewall issue after all.
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733861
yeah he changed to a second NIC and it is working when I closed out with him.
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38733864
With .5 or .8 do you know?
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733874
It was working with both when he changed to the new NIC.
0
 
LVL 3

Expert Comment

by:Waynepre
ID: 38733875
Ah I thought we tried that and .5 didn't work I must be wrong. Well I am glad we have gotten to the bottom of it... Right I'm off to bed its 02:14 here and I gotta be up early. Night to you both and Happy new year.
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38733876
Happy New Year to you too!
0
 

Author Comment

by:regmandy
ID: 38733973
Hey guys,
ok...  .5 wasn't working originally, and With Wayne I switched it to .8 to test and it was working..  so to test I switched it back to .5 and it still wasn't working so I was 99% sure it was firewall.  Happy new year Wayne.  80)..

So Will came on and we were going to look at the ASA.  well after a quick game plan, I went to the server room and switched the IP back to .5..  by this time the IP had been switched for  probably 30 mins to an hr.  low and behold.. the internet was working..  ping requests worked etc..  I blame it on William, I think the my internetz wuz sceered!..  so it started to work again..  right?  8o)

well I wasn't able to recreated it which leads me to beleive it might of been an ARP cache issue..  I will try again to replicate it tomorrow but count it resolved FINALLY..  

I'm going to have to split the points..  Will for scaring it straight.. 80) and Wayne for the dedication and time he offered in assistance..  Great to have guys like these around to help bounce some ideas or second pair of eyes when needed.

thanks again!
0
 

Author Comment

by:regmandy
ID: 38737844
Hey guys,

Ok this is is not closed.  the problem came back couple times since.  Originally I thought it was the ARP..  but the next time it happed I tried flushing ARP and nothing.  So I swapped to the second nic permanently and that did not fix it either.  It seems the problem flops between IP.

So basically the original IP is .5 and the second IP is .8.  
Internet access drops from .5 (note internal network still functions 100%).  Swap to .8 IP and internet is up.  After about 4 to 5 hrs running internet drops on .8.  change the IP back to .5 then the internet is up again.

Any thoughts?
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38737883
And this is only happing on this one box?
0
 

Author Comment

by:regmandy
ID: 38737932
yup, just on this 1 server.
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38738261
Want to do a remote session when the problem shows up again?
0
 

Author Comment

by:regmandy
ID: 38740621
thanks for the offer, but I think I have it licked this time.  I'm just waiting to see if I drops today..  I will update.
0
 

Author Closing Comment

by:regmandy
ID: 38746501
it was tough as either really resolved the issue, however time and dedication and brainstorming were great and helped come to resolution so I had to split the points..   in the end, ARP cache was the issue I beleive.
0
 

Author Comment

by:regmandy
ID: 38750711
Confirmed ARP cache was the problem.  I had to clear the cache on my cisco router as well as on the server and let them rebuild themselves.  There was a duplicate mac entry in the ARP on the router for both the IPs used on the server.  once I cleared the ARP, it matched the Mac of the primary nic to the proper IP and everything has been stable since last week..
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 38750730
Good to hear that you figured out the exact cause.
0
 

Author Comment

by:regmandy
ID: 38751347
thank you for your help!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now