Avatar of Synergon
Synergon
Flag for United States of America asked on

External Web Site Access

Good morning,

I have a 2003 SBS domain (i.e. 123.com) and a website that is hosted outside of the domain with the same domain name.  From within the network, I am unable to access the website but I can access it from outside the internal network.  I modified the Hosts file on one of the systems to reflect the public address and the website name (i.e. www.123.com) but it gave me an error 500 on the page.  I have tried adding an Alias www entry in DNS but it did not work.  Any help with this issue is much appreciated.
Microsoft Legacy OSMicrosoft Server OSSBS

Avatar of undefined
Last Comment
Synergon

8/22/2022 - Mon
Hattrick96

In IIS, go into the properties of the website and look at the security settings. There is a spot where you can allow/disallow IP ranges.  The first place I'd check is to make sure internal ranges are allowed.  Also, check the local Windows Firewall to makes sure there are no firewall-related blocks going on.
Rob Williams

Presumably in DNS you have a forward lookup zone  123.com, if not you need to create it.  Then you need to create a Host (A) record that woints  www to the IP of your Web site.

The problem is your server handles DNS for your domain and it has no record for www, and because it is autoritive for the domain, it does not forward the DNS request to an outside DNS server such as your ISP's.   Normaly you would use a different internal domain such as 123.local to avoind this problem, but with SBS you cannot change this after the server is built.
Mark Mahacek

Without the host entry, when you do a nslookup www.123.com what is the IP address being returned? If you get the proper IP of the server, then it either is an issue with the firewall blocking IP's or part of the web server's bindings that may have host header redirection.

Check this setting in IIS:
Web site (right click) Properties
Web Site Tab ... Advanced Button
Do you have multiple identifies for the web site?  Is the host header value blank?  If not, you need a record for www.123.com or to remove the value.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Synergon

ASKER
From the SBS, I run the nslookup and then the www site and it resolved to the internal IP address of the SBS (it only has one NIC).  If I ping the full www.site.com name from the SBS, it resolves to its public address.

I attempted to create a forward lookup zone as suggested, but I don't think I did it correctly.  I did create the A record for www and put in the public address and I even modified the Hosts file with the public address and then the www.site.com to no avail.

Incidentally, I noticed that when I created the www record on the SBS, the other two DNS servers added a www record but pointed it to the SBS.  The other two are 2000 servers.  It may mean nothing.
Mark Mahacek

The nslookup will always pull the DNS's entry for a host name while the ping will look at the host file.  This is why you got the two different IP's being returned.

When you are within the network, can you access the site via the internal and external IP's?  If you can get the site via IP and not DNS, this confirms the issue as DNS related.
Synergon

ASKER
Hattrick96, the website is external and not hosted on the SBS.

RobWill, I understand the concept of naming the internal domain differently from the actual domain.  Unfortunately, I inherited this mess.  I appreciate your help.  Can you shed some light on how to add a forward lookup for the domain?  I have scoured the Internet but have had no positive luck yet.

mmahaek, as I initially stated, the website is not hosted internally.  It is hosted by another company but it is using the same domain name as the internal domain.

I misspoke in my initial post.  I created an "A" record and not an "Alias".  Even so, it still did not work.  Nothing seems to be working.  I will tackle this tomorrow.  Any help is appreciated.  Thanks in advance.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mark Mahacek

Okay.  I wasn't sure if "hosted outside the domain" meant off site or internally but not domain joined.
If your nslookup for www.123.com on the SBS server returned the IP of the SBS server, then the DNS record is not pointing to the correct location.
I'm assuming all your internal workstations point to the SBS server for DNS resolution.
Synergon

ASKER
Correct.  The SBS is the primary DNS server to which all workstations point.
Rob Williams

If the internal and external Domain name is the same, i.e the same suffix such as 123.com, there should already be a 123.com zone under Forward Lookup Zones.  Is that the case?  We can proceed from there.

Ideally you want to have something similar to the attached image
DNSCapture1.JPG
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Synergon

ASKER
RobWil, there is a zone for the domain and I have added the www record pointing to the website public IP address but still no systems or servers can get to the site.  "HTTP 500 - Internal server error" is what is reported on the web page.  I am sure it is something simple that I am missing here.
Rob Williams

Is the web site accessible by that IP?  Some use host headers and are not accessible in that way.t test by using  http://123.123.123.123

Also don't forget to flush the DNS cache
ipconfig  /flushdns
Synergon

ASKER
I did flush the DNS cache and tried to get to the site using the IP address as you said but I just get the following default page message:  "If you feel you have reached this page in error, please contact the web site owner".  I get the same thing from my external system but the website comes up when I enter the URL.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Rob Williams

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Synergon

ASKER
I am splitting up the points because both persons were helpful in the resolution to the problem.  And here it is:

A forwarder was in place from the old website pointing to the new one.  I called the hosting company and had it removed.  After that was done, I was able to access the website from the internal network.  The other problem is that any pictures or links on the site were redirecting to the SBS because the www. was left out of the domain name URL associated with them.  Each time the home page loaded, I had to click cancel on logon prompts that were the result of the pictures trying to open on the SBS.  So, I have contacted the company who maintains the website and let them know they need to add the www. to the domain name.  This should fix the issue.  Thanks for your time and efforts.