Solved

Can't access outside websites sometimes

Posted on 2013-12-12
11
303 Views
Last Modified: 2014-02-14
Hello experts,

I have an issue with outside webpages not coming up (google, yahoo, Microsoft…etc.)
Last two weeks we have been having a random hand full of users that fire up there computers in the morning and all is good, then later in the morning or midafternoon they can’t access any outside webpages. Can access inside (internally hosted websites) webpages. And not always the same users.

We have two internal DNS servers (2008 R2) that have been running smooth for a couple years now with no major updates or configurations. The only DNS logs on server show is an invalid domain name packet that is reject every now and then.  I have restarted DNS services on server, Restarted DNS servers.

When this happens to the users, I can still ping the outside world from client (google, Microsoft …etc.), even get an nslookup. But no outside webpages come up. (just blank white page saying “Can’t find webpage”)
At first I thought this was related to Internet Explorer 11, but couple days later users with 9, and 10 started having the same issue.  (all users are windows 7 boxes)

Ipconfig all looks good on clients (show right gateways and DNS servers, and good DHCP IP addy).

On the client I have tried just about everything I can think of, including:
  Flushing cache
  Cleaning out temp files (%temp%)
  Scan clients for viruses\malware (Antivirus\malwarebytes) "negative"
  Nslookup (good)
  Flushing client DNS
  Registering client DNS (ipconfig /registerdns)
  Disable/enable network adapter
  Updating network adapter driver
  Installing a second network adapter card
  Shutting down computer (hard shutdown), restarting
  Checking system files  (System File Checker – sfc /scannow)

We are using Internet Explorer ( I know, there is better, faster – It is what the our vendors support)
Not wanting to make this a “chrome, firefox” shootout….feels more like a DNS issue somehow, but can’t figure it out.

Everything works fine for everyone else, just these random few, and always different users.

We are not running a firewall inside and client firewalls are turn off. We have a Cisco firewall coming into domain (nothing change here – even restarted router and switches).

Bottom line, everything works good except for 1-2 hours in the day, some in the morning and some in the afternoon. And always just a few users.
Looking for any help……Let me know if you need any more info.

Any Ideas?

Thanks in advance.


   Fubr
0
Comment
Question by:Fubr
11 Comments
 
LVL 53

Accepted Solution

by:
strung earned 500 total points
ID: 39714002
Some sort of user limit, maybe? Sounds like the problem occurs when things get busy.

Maybe a router problem? Can't handle that many users?
0
 
LVL 5

Expert Comment

by:tercex11
ID: 39714014
If you can ping yahoo.com from a command prompt on the PC, that means you can resolve the name, so it does not sound like a DNS issue.

My recommendation is the next time this issue comes up, first test more than one pc to make sure this is not a local PC issue. Assuming it is all PC's, then go to one of the PC's and first ping yahoo.com and see if it resolves the name to an IP and responds, assuming it does then try to telnet to port 80 in yahoo.com e.g. telnet yahoo.com 80 and see if it connects. If it connects the issue is browser specific, but if it does not, then something is blocking access to your ports when the issues arise. It could be you firewall, router, a proxy or it could be the local Windows firewall or antivirus causing the issues. I would start with the local PC and work you way forward.   Turn those services off an retest.
0
 
LVL 53

Expert Comment

by:strung
ID: 39714047
Just to clarify, when you say you can "ping the outside world" do you mean ping by domain name or ping by IP address? If the former, it is not a DNS issue as terces says. I had assumed you had meant the latter.

Have you tried a tracert?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39714096
How you get internet on client computers ?

Through internal DNS servers and if they are forwarding queries to public DNS servers (ISP) ?

Please check with ISP about problem as I don't think there is any issue with your end
Some times DNS name resolution works perfectly but link may get chocked and become very slow so that you will face slow intrent connectiivty intermittently on random no of clients

Also check if anybody in office is using link heavily for some downloads etc

Mahesh
0
 

Author Comment

by:Fubr
ID: 39714234
Thanks for the replies.

I don't think limit issue, as we have had a bigger user base in the past (double), but I will check DHCP pool in case pool is filled up. (shouldn't be issue with router)

when I say ping the outside world, I am pinging "cox.net", "google.com" all getting replies and IP address.

clients all us DHCP, which we then have 2 internal DNS servers which forward out to COX DNS servers.

I will check with ISP.
Now I did do a trace file (wireshark), but I'm to noobie with it to say "ahh that's the problem", but by the color code, I think there was some bad IP packets on one of the users that was having the issue.  1.92 is the user having the issues and 74.125.255.243 is Google the user in trying to access with browser.  (example enclose).

I will do some more testing to see if I can find out any thing more.
I did rotate the order of forwarding DNS servers, maybe help going to different server first.

Thanks, I will let you know of any updates.

  Fubr
WiresharkCap.png
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Fubr
ID: 39771476
Sorry for the delay….was on vacation for holidays.
Got back Monday the 6th, and still having issues.
Did check with ISP before I left on vacation and they did have different DNS servers that I didn’t have.
Look like this might fix the issue before I left.

Did single out one users and ping yahoo.com.
It resolves just fine, good ping times and resolved name to IP. Next I telnet to yahoo.com, port 80 and it connected.
Reminder, all other users are fine, and the affected users are not the same every day.
Only difference I have notice in the last 4 days is I have been able to shut down user computer, wait 10-20 seconds, start back up and they work fine.  Wasn’t able to do this before, and would last 30 minutes to an hour (no matter what I did), then be fine again.

With this user, it happen at noon. Most of our internet enabled staff leaves for lunch at this time, so I would think usage would be down (bandwidth wise).

Still scratching my head

  Fubr
0
 

Author Comment

by:Fubr
ID: 39857736
Seems to be getting worst.
Went from 1-2 people every other day to last 3 days 3-4 users per day.
Mostly different users, but last three days couple same users each day.

Can still ping outside websites by name, can trace route and get replies when this happens.
Can do the telnet (telnet yahoo.com 80) and connect.

What blows my mind is everyone else is fine, and these users are fine up till this point.

I have cisco technician coming out tomorrow to check routers and switches.
Servers show no logs to indicate anything..........

I did find logs on one user PC during this, source GroupPolicy, event ID 1055
Windows could not resolve the computer name.
And...
source NETLOGON, event ID 5719
Computer wasn't able to set up a secure session with a domain controller.
was still able to ping domain controller by name and get reply.....???

Personal I'm still thinking some kind of DNS/replication. reading the logs above, makes me think that all of a sudden this PC can't talk to DC and DC doesn't know this PC!!
But everyone else is fine and no error logs to guide me on server.

I will follow up after cisco technician comes tomorrow.


  Fubr
0
 

Author Comment

by:Fubr
ID: 39860291
Ok.....had the cisco tech go through router today (501 PIX), and turns out it "is" a license issue
(exceeding licenses)

strung hit it on the head....I would have argue this, but technician clear it up for me
We have a 50 user license, and that does not mean 50 users.
It means 50 devices!!
So every network printer, computer, server, smartphone, wireless device that has an IP or gateway configured, is talking to the router and it is logging this as a license.

Sad thing is Cisco End-of-Life these routers couple years back, so probably won't be able to upgrade the license on it. (maybe find an unlimited one on ebay)

My question now, for a work around (until I can get a new ASA) can I do a "clear local-host all" on the router?

Clearing out all local users, I would not have to restart router and break the VPN Connections (we have two sister sites connecting to our router by VPN connection)

Makes me wonder why it does not release these licenses when they are idle?

I notice when I do a "show local-host", I get a lot of computers that haven't been on the network in the last couple of months, not to mention computers that have been lock out from internet access. I'm hoping the "clear local-host all" will be a work around. If I do a "clear local-host ip-address" of some of these client devices, it frees up licensing.

Fubr
0
 
LVL 53

Expert Comment

by:strung
ID: 39860328
Maybe you can set a short IP lease on the DHCP server.
0
 

Author Comment

by:Fubr
ID: 39860549
I will play with it and see (any suggestions on lease time?)

Thanks strung!


  Fubr
0
 
LVL 53

Expert Comment

by:strung
ID: 39860741
Try 12 hours
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now