Windows 7 computers cannot access some web sites on a Windows 2008 SBS Domain

Run IPConfig on an XP machine and on a Win7 and see if there are any differences in settings.

When you say the Win7 machines can't get to Yahoo, do you mean they can't load any page at all, or that some content is missing?

What IE addons are enabled?

What antivirus program is running?

Are these Windows 7 computers upgrade from XP or fresh installs?

64 it or 32bit?

Have you tried in Safe mode with networking?

run msconfig
select services tab hide all microsoft services disable all others
select startup tab disable all
restart

See what happens

I will check on the add-ons - not sure but I believe only McAfee browser protection

McAFee advanced total protection. (we run this on all of our domain systems with no problem

All of the win 7 boxes were fresh loads (no upgrades)

32 bit

We will try the msconfig test and respond

Thanks

The IPConfig /all results are the same on both XP and Win7

The Win 7 and the Win 2008SBS server cannot get to Yahoo.com at all.  It does not report that the site is not available, it just hangs "waiting for Yahoo.com to respond".  It never responds and we have waited over an hour for it to display anything at all.  Nothing is even partially displayed.

Yahoo.com is an example only, there are other sites that do the same but not all

Thanks

I'd try putting Firefox or Chrome on a Win7 machine to see if the problem is IE-specific.

I would turn off all addon including mcafee

Run msconfig like I posted.

Something you have running on XP does not mean it will work on Win 7 and visus versous

More info on this problem

We tried disabling the add-ins and the results were confusing.  Here is the text from one of my techs yesterday on this subject.   This test was tried on the Win2008 SBS server.

I found a suggestion to run Internet Explorer without add-ins, which I tried – lo and behold I got Yahoo! to come right up.  I then started IE the normal way, manually disabled all the add-ins, and tested Yahoo!.  AGAIN it came right up.  I then started to enable the add-ins one at a time, and failed to get Yahoo! to come up.  I ended up with all add-ins disabled, and still no Yahoo!  I then re-ran Internet Explorer without add-ins, just like earlier, and no Yahoo!

When you enable the addins sometimes they will not unload properly

I thought it was the addins thats why I suggested you do that.

When you disable them I would restart and try again.

It is a painfull process but only way sometimes.

Run the best practices analyzer.

http://www.microsoft.com/en-us/download/details.aspx?id=15556

And rerun the connect to the internet wizard again.

The Best practices organizer suggested is for Win 2011 SBS but I did find the 2008 SBS version.  I could not download it directly to the server however because I cannot get to Microsoft.com.  I was able to download to FTP and copy it to the server.  The BPA could not  update itself though because it can’t get to Microsoft.com.    I ran the version  I was able to download and found no problems with Win 2008 SBS

I ran the Internet connection wizard again. Everything went well.  Still can’t get to certain sites (ie yahoo.com )

All IE9 add-ins have been removed.  Still can’t get to certain sites (ie yahoo.com)

I tried connecting to the sites that we cannot access (ie yahoo.com) using Chrome loaded on teh server but the results are the same.

I went thru the DNS setup with a fine tooth comb.  I found that we were not listening on all IP's and changed that to "all".  I also found 1 PTR record that was incorrect and one Win 7 PC that had the wrong A record due to a rebuild of the PC.  I fixed these, reloaded the zones, and restarted both the DNS server and DNS client on the server.  No change.  The Win XP PC's can access all web sites but the Win 7 and the Win 2008 SBS server cannot access some sites (yahoo.com, Microsoft.com, etc) but they can others (Google.com, Dell.com, usatoday.com. etc).

Not sure where to look now

What's your virus software?
It wouldn't be Symantec Endpoint by any chance?

We use McAfee advanced total protection on all of our domain systems but as a a test I disabled both it and the windows firewall on this sytem to make sure they weren't blocking something.  They wern't.  No change

 I have been in corp IT for 30 yrs and have not seen this one.   We maintain many servers and while I really don't like SBS (any version), I have 2 other Win 2008 SBS servers under our care that do not have this problem.  None of our several Win2003, 2008 or 2011 Domain systems have ever seen this issue.   We are all baffled here so I really appreciate your help on this.

How did you join the W7 to the sbs server?
http://connect. ?

Seen this?

http://support.microsoft.com/kb/968372

http://ava.co.uk/support/faq/general/external-dns-errors-on-sbs-2008-network.aspx

I did not use http:/connect for users on this SBS domain.  I entered user accounts manually into AD users and computers.     The problem however is being seen on both the Win 7 workstations and the Win 2008 SBS server  (but not the XP workstations).    While I can re add the Win 7 users using http:/connect, how will that help server access to the same sites?  The server is using the built in administrator user and is having the same issue.   This is however something I have not tried.  

Ref the 1st link.  Yes we found that hack awhile ago and entered it into the server registry.  It didn't help


Ref the 2nd link.  Believe it or not we tried all of this before we even submitted a request.  We always use DNS forwarders in the servers DNS and I did verify them with the ISP (this does work for all XP boxes and some Win 7 sites).   While setting the NIC adapter values manually and pointing the DNS directly to the ISP is a good test (which didn't work), it cant stay that way due to normal Domain requirments.  

Thanks

Have you tried using the router as the dhcp server?

May I suggest unjoining a W7 box from the domain and make it a standalone work group member.

See if you can hit Yahoo that way.

No -  This is a domain system and the DHCP is required to be on the Domain server

While all PC's have to be on the domain to access the Domain resources (security requirment), as a test I did try attaching a Win 7 laptop that is not on the domain to the system.  The results were the same.  

I did run the SBS internet connection wizard again.  Everything passed.  

The problem is with Windows 7 and Windows 2008 SBS comouters ONLY.  Win XP PC's on the same domain do not have the same issue.  Is it possible that this is an SBS global policy issue?  We have gone to battle with SBS servers before ref the GP's.  They are certainly a different breed of server which I dont fully understand (I dislike them greatly and prefer not to use them but we have 3 of many other R2 servers that we must support).   Something is specific to the more advanced OS's here just not sure what.

The DHCP server is not required to be on the server,it is only suggested.

Only the DNS provider(sbs server static IP) should be on the server.

Have you seen this?

http://msmvps.com/blogs/bradley/archive/2009/06/29/how-to-flip-your-sbs-2008-to-forwarders.aspx

If your W7 box is attached to the network and can't get out,it's probably your DNS

You got a 3rd party firewall by any chance?

The SBS server is the office internal DNS server.   All workstations (both XP and Win7), as well as the server itself, uses the servers DNS server as the primary.   As a test of the internal DNS server I have done the following;   Recall that all XP computers joined to the domain can access all sites but Win7 computers and the server cannot (example is Yahoo.com)

1.      Disabled DNS forwards and used root hints   (no change)
2.      Used OpenDNS forwarders  (no change)
3.      Used Google OpenDNS forwarders (no change)
4.      Tried using the Gateway IP as the DNS forwarder  (Didn’t work at all)
5.      Tried reversing the ISP DNS server IPs in the forwarders.  This is the way I left it but no change
6.      Cleared the DNS Cache and restarted the DNS server service between each change (1 – 5 above).  (no change)
7.      Attached a Windows 7 laptop to the network but did not join the domain.  I was able to contact all sites including Yahoo.com  (this may be a key)

Thinking this to possibly be a problem with Global Policies I ran gpresult/z.  I can post the results if you like but there is no indication in the report that the GPO on the SBS server is blocking anything.

We have 2 other Win 2008SBS systems under our care that are setup the same way and are not having this problem.  I have compared DNS and GPO setup on all 3 and see no differences.

Not sure where to turn on this problem.  We therefore certainly appreciate your help

Pick one of the non-working Win7 machines and change its DNS servers to 8.8.8.8 and 8.8.4.4 and see if they can access the problem web sites.

I had previously tried hard setting the NIC DNS IPs to both the ISP's DNS IPs and the OpenDNS Ips (individually).  I just tried the same thing using the Google OPenDNS settings (the ones you suggest) but the result is the same, still cant open yahoo.com.  It just sits there and chugs away for several minutes until I manually cancel the request.   IE displays waiting for http://www.yahoo.com on the status bar the whole time.    It never really tells me that it cant get to the site or that the site is unavailable though.     Although this is not true for other sites like Google.com, Dell.com, USAToday.com, etc, etc, etc.    There are sites we can get to some respond well, others respond very slowly, and some don't respond at all.    

To reiterate (for issue focus) ALL sites respond fast for XP boxes joined to the same domain and for Win 7 boxes on the network but not joined to the domain.  All boxes on the LAN use the servers DNS as the primary (including the server itself).  This does not seem to be a DNS issue even though it logically should be.  I am not sure what issue is though.

Okay, so it's not a DNS issue.  

I see where you've fiddled with IE (turning off add-ons, etc).  I asked previously if you tried installing FireFox or Chrome but you didn't answer.  Have you?  And if not, can you?  That will tell us if it's browser-specific.

Please reread my original post.  The last sentence in the 2nd paragraph says:  "In order to isolate IE9 as a cause we tried Chrome on the Win 7 PC's with no improvement."

I have tried Chrome on the Win 7 boxes on the domain and the server.  I have since even  tried Firefox on one Win 7 box.  There was no change in results.

Have you tried turning off the enhanced security fot IE just for the heck of it?

we don't use enhanced security in IE9 on anything, servers or PC's but the problem exists in Chrome as well

If you do a tracert to www.yahoo.com, from an affected machine ,does it complete?

Tes  reslts shown below

Tracing route to yahoo.com [206.190.36.45]

over a maximum of 30 hops:



  1    48 ms    48 ms    61 ms  dsl.chi.dls.net [209.242.13.92]
  2    49 ms    48 ms    47 ms  f5.core2.chi.dls.net [209.242.20.245]
  3    48 ms    48 ms    48 ms  g8-5.border1.chi.dls.net [209.242.19.162]
  4    50 ms    50 ms    50 ms  127.0.0.1 [69.31.110.77]
  5    48 ms    48 ms    49 ms  69.31.111.137
  6    49 ms    48 ms    49 ms  exchange-cust1.ch1.equinix.net [206.223.119.16]
  7   103 ms   101 ms   100 ms  ae-8.pat2.dnx.yahoo.com [216.115.96.121]
  8   126 ms   126 ms   198 ms  ae-8.pat1.gqb.yahoo.com [216.115.96.122]
  9   123 ms   122 ms   124 ms  ae-0.msr1.gq1.yahoo.com [66.196.67.1]
 10   111 ms   112 ms   110 ms  xe-10-0-0.clr1-a-gdc.gq1.yahoo.com [98.137.31.139]
 11   110 ms   110 ms   110 ms  et-17-1.fab5-1-gdc.gq1.yahoo.com [98.137.31.180]
 12   111 ms   110 ms   110 ms  po-13.bas1-7-prd.gq1.yahoo.com [206.190.32.21]
 13   715 ms   735 ms   716 ms  ir1.fp.vip.gq1.yahoo.com [206.190.36.45]
Trace complete.

Anything in the hosts file in C:\Windows\System32\drivers\etc?

We do have both a Hosts and an LMHosts file.  These files are the same on all computers and servers in the Domain.  These IPs reflect the locations of local computer plus the 4 servers on in the Domain

Hosts
127.0.0.1                   localhost
192.168.20.101      abcsql
192.168.20.102      abcdatabase
192.168.20.103      abcgc
192.168.20.104      abcvm

LMHosts
127.0.0.1                   localhost                        #pre
192.168.20.101      abcsql            #pre
192.168.20.102      abcdatatbase      #pre
192.168.20.103      abcgc            #pre
192.168.20.104      abcvm            #pre

Please disregard the last post.  It was form a different problem that we are researching with EE.

We do however use both a Host and LMHost on this system as seen below.  The IP is the server.  All PC's on the Domain have this. Sorry for the confusion

Hosts
127.0.0.1                   localhost
192.168.1.2      mhbmdc

LMHost
192.168.1.2      mhbmdc            #pre

Question

Since this problem only occurs on the Win2008 SBS server and on Win 7 workstations and only those computers support IPv6, is there a link to our inability to access certain sites and the fact that the IPv6 protocol, while not specifically used or required on this network, is enabled.    The server DHCP is not set to deliver IPv6 addresses (no defined range) but the IPv6 DHCP is enabled and under server options there is a IPv6 values under DNS Recursive Name server.

I would simply disable this protocol but I am not sure of the affect on the network.

We disabled all IPV6 on our windows 7 computers not being used not needed.

No ill effects at all. Our network is very stable.

Be a long time before ISP's support IPV6

Just disable it.

This issue is still open with no solution.  We have tried everything suggested with no success.  We are still waiting for a solution

Hi,

Have you checked with another browser? if the websites are working on different web browsers then we can rule out the issue with the browser settings.

Have you reset IE advanced settings? Check the settings like http 1.1 and 2.0 etc, if that is already not enabled, please enable it and see it works.

Additionaly check the security level of IE, add the website in trusted sites etc..

Hope this shade some lights

Just curious...what are you us for a firewall/router?   Cisco ASA by chance?   I had a site where all the XP machines were just fine...Vista/Win7 couldn't get out...changed to a netgear router..everyone good.

so if have Chrome/Firefox/Safari installed on one of the Win7 machines...have you tried then removing IE?

What add in's are installed?

I was thinking along the same way,had a Checkpoint firewall with a subscription that would block certain sites (HP)as an example.

Please read the entire thread on this before replying.  

We have tried other browsers (as indicated in the thread), checked security settings, etc, etc.  Our Firewall is a Sonicwall TZ170.  There are NO outbound blocks.  The key points here are;
- ALL computers on the Domain (server too) use the Win2008 SBS server as a primary DNS
- The forwarders in the DNS server are correct
- ALL XP computers joined to the Domain can access ALL internet sites with no delay or hang
- ALL Windows 7 (x32 & x64) computers on the network, but NOT a member of the domain, can access ALL internet sites with no delay or hang
- All Windows 7 computers joined to the domain, and the Win2008 SBS server itself, cannot access all sites.  This does not mean that they can’t access some sites with no delay or hang, but there are several sites that they cannot access at all.  Our example has been www.yahoo.com but this is NOT the only site
- We can ping Yahoo.com and we can do an NSLookup to yahoo.com from the server and the Win 7 computers on the domain but cannot access the site.
- We have tried the EE recommended registry hacks with no result
- We have tried using different DNS forwarders suggested by the ISP as well as Open and Google DNS servers suggested by EE with no change.
- We have tried bypassing the servers DNS server by temporarily using the ISP’s DNS servers as the primary and secondary DNS with no change.  Had this actually worked though it could not have been a solution as the internal DNS is required for Domain system.

This problem is on-going and prevents users form accessing sites that they need to access.

Whats the latest SBS 2008 update rollup you have installed?
if you have not installed UR6...I would go that route

Just curious...does WSUS work?

Try 206.190.36.45 in your url.
Lets see if it resolves by IP.


If your windows 7 box is NOT joined to the domain,but uses the server as dns,it can or cannot resolve out to Yahoo?

If it can,that sounds like  gpo blocking websites.

And just for the heck of it,use the http:connect tool and join a w7 box that way and see what happens.

How are you accessing Yahoo and Youtube from a bookmark?
Fresh Google search / saved to favourites?
Try using a new URL on each
Which country are you in?
It may be a compatibility thing with windows 7 and your bookmark and country?,
I tested this on my windows 7 pro x32 bit and since I'm in Australia this the URL I get http://au.yahoo.com/?p=us << note it's au.yahoo=us for yahoo
Same with Chrome
youtube from Australia
http://www.youtube.com/?gl=AU&hl=en-GB
Could be the URL is outdated?

Windows SBS is up to date with all SPs and critical updates

WSUS works fine an all PCs and the server

206.190.36.45 does not resolve as a URL in any browser on any computer including my personal laptop.  Keep pin mind here thought that Yahoo.com is NOT the only site that the Win 7 Domain computers CANNOT get to

The GPO was actually our first thought.  I checked the GPO and found that url blocking is not defined.  The thing is all Win XP's PC's joined to the domain CAN get to ALL sites (including Yahoo.com). Since the GPO pertains to XP and well as Win 7 boxes on the domain, you would think that if it were a GPO issue that the XP boxes would have the same problem.

I have not tried attaching another Win 7 box to the domain but there are 5 on it now that all have the same problem (along with the server itself).  In every case where I tried to access sits like yahoo.com from a Win 7 box not joined to the domain I was able to get to all sites (including yahoo.com).  

This is really weird I will admit and has us baffled.   There are however others on the internet having  same problem. Some have found a solution in a registry hack which we also tried.  Others found a solution by clearing the servers DNS cache frequently.  We have of course tried that too with no resolution

All attempts to access sites (like Yahoo.com) were done from a fresh URL using Internet explorer, Chrome, and Firefox.  All with the same result

We are in the USA,  Illinois to be specific

It is important to remember here that Yahoo.com is NOT the only site we cannot access form Win 7 boxes on the domain, it is only an example.   That does not mean that win 7 boxes on the domain cant get to any site, they can.  The problem is some sites not all sites.  As noted above this seemed like GPO but we are pretty sure that  GPO blocking is NOT defined.  Also as noted above ALL Win XP boxes can get to all sites and U Tube.

Thanks for the help everyone .  We are stumped as are others found on an internet search having the same problem with Win 2008 SBS

This sounds like an MTU issue.

But before we go there, I would suggest that you connect a laptop directly to your Internet Modem and see if you can access the sites.  This would remove the possibility of any part of your network causing the problem.

If you still can't access the sites, then the issue is with your ISP.

However, if you can access the sites, then add your router/firewall back and connect directly to that with your laptop.  

At that point, I would suspect you cannot access the sites.  If this is true, you need to adjust the MTU settings.  

To resolve you can follow this article:
http://www.dslreports.com/faq/5793

FYI, I've answered this before:  http:Q_22900636.html

Jeff
TechSoEasy

I have tried this and I can access all sites with my Win 7 laptop connected directly to the ATT DSL modem.  However, as noted in the posts above, I can also access all sites using my "Non- Domain joined"  Win 7 laptop plugged into any jack on the LAN.  In addion I can access all sites from any "Domain joined" Win XP computer.   The problem is that all Win 7 "domain joined" computers and the Windows 2008 SBS server itself cannot.    That isnt to say that these computers cant access "any" site, they can access "some" but even those are slow to respond.    There are however sites that they cant access at all like Yahoo,com (which is our example but not the only in-accessible site).

I know this is baffeling but if you search the internet we are not the only ones with the problem.   We have tried all of the resolutions offered by IE as well as our own internet research on the problem.  So far we do not have a fix so the problem persists for those users with Win 7 joined PCs' on the network.  

Thanks for your help

Do you have internet protocol version 6 (TCP/IPv6) and ( TCP/IPv4)
Control Panel\Network and Internet\Network and Sharing Center
Local area network
Tried rebooting the server?
Use the Windows Help and the inbuilt troubleshoot network connection?

I would still suggest that it may be an MTU issue.

However, can you please provide a COMPLETE ipconfig /all from both your SBS as well as a workstation on the LAN.

Thanks.

Jeff
TechSoEasy

From a command prompt, do a tracert  206.190.36.45 and post results.
tracert.PNG

Tracing route to ir1.fp.vip.gq1.yahoo.com [206.190.36.45]

over a maximum of 30 hops:



  1    49 ms    48 ms    48 ms  dsl.chi.dls.net [209.242.13.92]

  2    51 ms    50 ms    49 ms  f5.core1.chi.dls.net [209.242.15.58]

  3    52 ms    51 ms    50 ms  g5-2.border1.chi.dls.net [216.145.227.118]

  4    51 ms    51 ms    52 ms  vlan-353.ar1.ord1.us.nlayer.net [69.31.110.77]

  5    48 ms    48 ms    49 ms  ae1-60g.cr2.ord1.us.nlayer.net [69.31.111.137]

  6    51 ms    89 ms    52 ms  exchange-cust1.ch1.equinix.NET [206.223.119.16]

  7   117 ms   121 ms   104 ms  ae-8.pat2.dnx.yahoo.com [216.115.96.121]

  8   127 ms   128 ms   125 ms  ae-6.pat1.gqb.yahoo.com [216.115.101.195]

  9   127 ms   126 ms   152 ms  ae-1.msr1.gq1.yahoo.com [66.196.67.5]

 10   114 ms   122 ms   141 ms  xe-10-0-0.clr1-a-gdc.gq1.yahoo.com [98.137.31.139]

 11   135 ms   112 ms   114 ms  et-17-1.fab5-1-gdc.gq1.yahoo.com [98.137.31.180]

 12   123 ms   113 ms   111 ms  po-15.bas2-7-prd.gq1.yahoo.com [206.190.32.41]

 13   223 ms   208 ms   216 ms  ir1.fp.vip.gq1.yahoo.com [206.190.36.45]



Trace complete.

Hmm...and yet by ip address in a url it won't resolve?

You should at least get the error page as it is not using your dns lookup.
yahoo.PNG

Can you get out to the stanford ndt server?

If so ,try running the test and post results.

http://netspeed1.stanford.edu:7123/

I can get to the site and I ran the test.  Results below.  

You are correct on the fact that I also cannot get to yahoo.com using http://206.190.36.45 on this system.  It just hangs the same as trying to go to www.yahoo.com.  

To add to this thread.   Last Sunday the server failed due to losing 2 of the RAID drives (what are the chances?) and had to be rebuilt.  In order to see if the internet problem was a server config I chose to rebuild from scratch and recover from a data backup rather than using an image.    The problem did not go away.

 Thanks

TCP/Web100 Network Diagnostic Tool v5.5.4a
click START to begin

** Starting test 1 of 1 **
Connected to: netspeed1.stanford.edu  --  Using IPv4 address
Checking for Middleboxes . . . . . . . . . . . . . . . . . .  Done
checking for firewalls . . . . . . . . . . . . . . . . . . .  Done
running 10s outbound test (client-to-server [C2S]) . . . . . 312.0kb/s
running 10s inbound test (server-to-client [S2C]) . . . . . . 1.26Mb/s
Your PC is connected to a Cable/DSL modem
 [S2C]: Packet queuing detected

click START to re-test

Try another router.

I could do that but remember that;

1.  we can get to some sites and not others (ie Dell.com and google.com respond fine while Yahoo.com and some others like U-tube sites do not)

2. Win XP PCs on the domain can get to ALL sites (inc yahoo.com) but Win 7 PC's on the domain (and the server itself) cannot

3. Win 7 PC's NOT joined to the domain can get to ALL sites (incl yahoo.com).

4. All PC's on the LAN (joined to the domain or not) use the server as their DNS server

5. I have set one win 7 PC joined to the domain to point directly to the ISPs DNS servers with NO improvment.

6. Using the site IP address rather than the DNS name does not fix the problem.

There are 2 boxes that connect the LAN to the WAN; a DSL modem supplied by the ISP and a Sonicwall firewall.  Connecting directly to either with a Win 7 laptop and using the ISPs DNS does not have the problem (this is basically the same as #3 above).

The ISP provided us with a new DSL modem with no improvment.  A new firewall for the office however would cost over $1k and, based on the tests above,  there is nothing to indicate that the firewall is the problem.  The law partners are not going to allow that expense without some reason.

So if you physically bypass the firewall all together and join the W7 boxes to the domain,you can get to the blocked sites?

No, that is not what I said.  What I said was that there are 2 boxes between the LAN and the WAN, a modem and a firewall.  There was never a time when I eliminated the firewall.  NAT is done at the firewall level so it cannot be removed.     Please re read my last post  especially points 2 and 3.  This is very important information.  These points indicate that the firewall is NOT the problem.  Its logs are clear and no packets are being rejected at that level. There are no outbound port blocks configured in the firewall much less any that would delineate between an XP and Win7 box joined to the domain or a Win7 box on the LAN not joined to the domain.  

I have been in IT for over 30 yrs and have never seen this problem.  It is perplexing to us and to EE as well as to all of the other IT pros I have shown it to.  It however persists even after a full sever rebuild.  It also persists for others on the internet who also have no answers.  

Thanks for sticking wih us in this.   I will try anything as long as it does not interfere with the law firms ability to do work during work hrs or open them up to attack.

Just as a test,eliminate the firewall.

If your problem disappears,you have an answer.

I've had funny issues with firewalls in the past and this is just basic eliminate one at a time.

I had a Checkpoint that would allow me to reach HP's website,but would not allow me to download patches.

How do you eliminate the firewall without changing IP addresses on the internal LAN.     The modem supplied by the ISP does not have NAT capability.  Also since the firm has an Exchange server the IP address of the server must stay as is and the one to one NAT must be maintained in order for the firm to receive email.  I have thought about how I would go about eliminating the firewall even for a test but cannot come up with a solution.

What's the model number of the ATT modem?

Most SOHO routers (Cisco,Linksys,Dlink) are U plug and play these days using the SBS connect wizard.

You don't need a $1k firewall to bypass the Sonicwall for testing.
I had one of mine go bad(I had to reset it every day or two) and set up a temp router till they could ship me a new one.

I used a Linksys($100) and it worked just fine.

And by the way,Sonicwall tech support is free as long as they have a subscription service,so maybe a call to them might behoove you.

As long as you know the static IP that you were given,the wizard would configure the router including port forwarding.

Your same issue on another thread.

https://www.experts-exchange.com/questions/28158658/Replaced-XP-computer-with-a-Win7-Pro-PC-now-cant-access-most-websites.html?anchorAnswerId=39254244#a39254244


http://blog.tiensivu.com/aaron/archives/990-KB-934430-Vista-TCP-window-autotuning-inter-op-issue-gets-a-KB-article.html

OK I temporarily replaced the Sonicwall TZ170 with a new TZ215 destined to another client.  No improvment.  The TZ170 is back in place now.

I dont know the model of the DSL "modem" (not router) but it is in bridge mode and passing all packets to the firewall.  There is therfore no NAT, no DHCP, no DNS, etc being done at the modem level.  The ONLY thing the modem is doing is PPPOE authentication and port forwarding.

I did try disabling autotunning on one Win 7 PC on the domain but it did not help.   That link though was for VISTA not Win 7 and it did not take into consideration the conditioons outlined in this thread (shown again below)

It is interesting that others have the same problem on a seperate blog on EE that also have not been resolved.    The 3 main things  to remember here (if you reread this thread and go over the conditions of the problem)
1.   All XP PC's joined to the SBS domain can access all sites
2.   All Win7 PC's joined to the domain (including the SBS server itself) can access some sites but not others (Like Yahoo, AOL, etc)
3.   All PC's (XP and Win 7) not joined to the domain (but still getting their IPs from the SBS server and using the SBS server as the DNS server) can get to all sites including Yahoo and AOL.

Someone suggested connecting a Win 7 PC directly to the firewall to see if it works.  This of course is bogus since connecting a PC directly to the firewall is the same as connecting it to the LAN switch since the firewall is also connected to the LAN switch.  It does not matter where a PC is plugged into the LAN the conditions above are still true.

This is still a problem at this small law firm although it seems that those with Win 7 PC's on the domain can get to the specific law sites they need to get to in order to work.  They just cant get to sites like Yahoo.com, AOL.com, USAToday.com, and several others that are of minimal importance to the firms function.   We provide IT services to several large and small firms.  Only this small firm uses SBS.   Since we have never seen this condition in over 30yrs in the IT business and have never used SBS prior to this, I believe this is a Win2008 SBS "domain" problem but I cannot find or prove it.    I have tried all of the suggestions you have offered but the problem continues.

I would be interested to follow the alternate blog that you have posted.  So far though I see no resolution there either

So... since you are still at this issue, I suggest that you use the FixIT tool provided in this KB article http://support.microsoft.com/kb/934430 on the affected systems.  (I realize it says it is for Vista, but it is valid for Win7 as well).

If that doesn't resolve your problem, then I would still state this may be an MTU issue as I suggested over a month ago.

Jeff
TechSoEasy

I have run the fix it tool but thee was no change in conditions. The problem still exits even after a full rebuild of the server as noted above.     We are not the only one having this issue with an SBS donain and Win7 PC;s joined to it  (note that XP PC's joined to it do NOT have the problem).     There are other tech blogs and even other threads in this tech blog that  cite the same issue.     Apparantly none have been resolved

Well, then it sounds like its time for you to run an analysis and actually VIEW the requests to see where they are going.

You can use Microsoft's NetMon for that:
http://blogs.technet.com/b/netmon/p/downloads.aspx

Jeff
TechSoEasy

Jeff

I downloaded and ran netmon on the server.   I then started a capture and saved it.  Unfortunatly I cannot upload a cap file to you.  How do I do this.    

What I did was
1. Started a capture
2. opened IE and went to Google - no problem
3. entered http://yahoo.com on the url line - IE froze
4.  I let the capture run for a minute or so oin this state then stopped the capture.

I am not sure what I am looking for in the Internet explorer portion of the capture.  How do I get this data to you

Thanks
Denny

Jeff

I have uploaded an Excel copy of the IE portion of the netmon capture.  Not sure what it says but as sson as I tried to go to yahoo,com (and this is an example only) IE wetn into a permanent waiting mode.  Thjsi is the same thing it does on a Win 7 workstation connected to this domain.   It doies not doe this for an XP PC joined ot this domain OR a Win 7 PC not joined ot the domain

Thanks
Denny
IE-capture-for-EE.xlsx

Ok, so you have a bunch of Fast-Retransmits.

Follow the cleanup outlined in this article:
http://blogs.technet.com/b/sbs/archive/2009/08/31/running-netsh-on-windows-2008-vista-causes-invalid-registry-entries-to-be-created.aspx


Jeff

Jeff

I have applied the fix but need to schedule a server restart to se eif it fixed anything.   I will let you knwo when that is done

Denny

Jeff

I rebooted the server after applying your fix.  Nothing changed.    Keep in mind that the 2008 SBS server is the internal DNS and DHCP server for the Domain.  DHCP addresses include the server as the DNS server.   To review the conditions;

1.  Windows 7 PC's joined to the domain, and the 2008 SBS domain server, cannot access some sites (ie yahoo.com) but can access others.  They cannot run UTube videos

2.  Windows XP PC's joined to the domain can access all sites and UTube videos

3. Windows 7 PC's NOT joined to the Domain can access all sites and run UTube videos

Since the DNS address is the same for both joined and non-joined domain PC's, these conditions make no sense to me but they are a fact.    I am not sure what is different between joined vs non-joined, or XP vs Win7 PC's.  I see others are having the same issue wiht SBS though (I am not a fan)

The Win7 machines that aren't joined to the domain are getting the same DHCP settings, right?  So the ONLY thing that could be causing this issue is GROUP POLICY because that is the only thing that would be different between joined and non-joined machines.

I know you said you already ran a gpresult /z, but instead please run the following on a domain-joined Win7 machine:

gpresult /h gp.html

Then post the resulting html file back here for review.

Jeff

The suggestions offered were excellent but it appears the problem is wiht the ISP and not the internal DNS server.    Whiel we ar enot sure of this yet this thread can be closed until we have mor informatin from the ISP