Can't access outside websites sometimes

Hello experts,

I have an issue with outside webpages not coming up (google, yahoo, Microsoft…etc.)
Last two weeks we have been having a random hand full of users that fire up there computers in the morning and all is good, then later in the morning or midafternoon they can’t access any outside webpages. Can access inside (internally hosted websites) webpages. And not always the same users.

We have two internal DNS servers (2008 R2) that have been running smooth for a couple years now with no major updates or configurations. The only DNS logs on server show is an invalid domain name packet that is reject every now and then.  I have restarted DNS services on server, Restarted DNS servers.

When this happens to the users, I can still ping the outside world from client (google, Microsoft …etc.), even get an nslookup. But no outside webpages come up. (just blank white page saying “Can’t find webpage”)
At first I thought this was related to Internet Explorer 11, but couple days later users with 9, and 10 started having the same issue.  (all users are windows 7 boxes)

Ipconfig all looks good on clients (show right gateways and DNS servers, and good DHCP IP addy).

On the client I have tried just about everything I can think of, including:
  Flushing cache
  Cleaning out temp files (%temp%)
  Scan clients for viruses\malware (Antivirus\malwarebytes) "negative"
  Nslookup (good)
  Flushing client DNS
  Registering client DNS (ipconfig /registerdns)
  Disable/enable network adapter
  Updating network adapter driver
  Installing a second network adapter card
  Shutting down computer (hard shutdown), restarting
  Checking system files  (System File Checker – sfc /scannow)

We are using Internet Explorer ( I know, there is better, faster – It is what the our vendors support)
Not wanting to make this a “chrome, firefox” shootout….feels more like a DNS issue somehow, but can’t figure it out.

Everything works fine for everyone else, just these random few, and always different users.

We are not running a firewall inside and client firewalls are turn off. We have a Cisco firewall coming into domain (nothing change here – even restarted router and switches).

Bottom line, everything works good except for 1-2 hours in the day, some in the morning and some in the afternoon. And always just a few users.
Looking for any help……Let me know if you need any more info.

Any Ideas?

Thanks in advance.


   Fubr
FubrAsked:
Who is Participating?
 
strungConnect With a Mentor Commented:
Some sort of user limit, maybe? Sounds like the problem occurs when things get busy.

Maybe a router problem? Can't handle that many users?
0
 
tercex11Commented:
If you can ping yahoo.com from a command prompt on the PC, that means you can resolve the name, so it does not sound like a DNS issue.

My recommendation is the next time this issue comes up, first test more than one pc to make sure this is not a local PC issue. Assuming it is all PC's, then go to one of the PC's and first ping yahoo.com and see if it resolves the name to an IP and responds, assuming it does then try to telnet to port 80 in yahoo.com e.g. telnet yahoo.com 80 and see if it connects. If it connects the issue is browser specific, but if it does not, then something is blocking access to your ports when the issues arise. It could be you firewall, router, a proxy or it could be the local Windows firewall or antivirus causing the issues. I would start with the local PC and work you way forward.   Turn those services off an retest.
0
 
strungCommented:
Just to clarify, when you say you can "ping the outside world" do you mean ping by domain name or ping by IP address? If the former, it is not a DNS issue as terces says. I had assumed you had meant the latter.

Have you tried a tracert?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
MaheshArchitectCommented:
How you get internet on client computers ?

Through internal DNS servers and if they are forwarding queries to public DNS servers (ISP) ?

Please check with ISP about problem as I don't think there is any issue with your end
Some times DNS name resolution works perfectly but link may get chocked and become very slow so that you will face slow intrent connectiivty intermittently on random no of clients

Also check if anybody in office is using link heavily for some downloads etc

Mahesh
0
 
FubrAuthor Commented:
Thanks for the replies.

I don't think limit issue, as we have had a bigger user base in the past (double), but I will check DHCP pool in case pool is filled up. (shouldn't be issue with router)

when I say ping the outside world, I am pinging "cox.net", "google.com" all getting replies and IP address.

clients all us DHCP, which we then have 2 internal DNS servers which forward out to COX DNS servers.

I will check with ISP.
Now I did do a trace file (wireshark), but I'm to noobie with it to say "ahh that's the problem", but by the color code, I think there was some bad IP packets on one of the users that was having the issue.  1.92 is the user having the issues and 74.125.255.243 is Google the user in trying to access with browser.  (example enclose).

I will do some more testing to see if I can find out any thing more.
I did rotate the order of forwarding DNS servers, maybe help going to different server first.

Thanks, I will let you know of any updates.

  Fubr
WiresharkCap.png
0
 
FubrAuthor Commented:
Sorry for the delay….was on vacation for holidays.
Got back Monday the 6th, and still having issues.
Did check with ISP before I left on vacation and they did have different DNS servers that I didn’t have.
Look like this might fix the issue before I left.

Did single out one users and ping yahoo.com.
It resolves just fine, good ping times and resolved name to IP. Next I telnet to yahoo.com, port 80 and it connected.
Reminder, all other users are fine, and the affected users are not the same every day.
Only difference I have notice in the last 4 days is I have been able to shut down user computer, wait 10-20 seconds, start back up and they work fine.  Wasn’t able to do this before, and would last 30 minutes to an hour (no matter what I did), then be fine again.

With this user, it happen at noon. Most of our internet enabled staff leaves for lunch at this time, so I would think usage would be down (bandwidth wise).

Still scratching my head

  Fubr
0
 
FubrAuthor Commented:
Seems to be getting worst.
Went from 1-2 people every other day to last 3 days 3-4 users per day.
Mostly different users, but last three days couple same users each day.

Can still ping outside websites by name, can trace route and get replies when this happens.
Can do the telnet (telnet yahoo.com 80) and connect.

What blows my mind is everyone else is fine, and these users are fine up till this point.

I have cisco technician coming out tomorrow to check routers and switches.
Servers show no logs to indicate anything..........

I did find logs on one user PC during this, source GroupPolicy, event ID 1055
Windows could not resolve the computer name.
And...
source NETLOGON, event ID 5719
Computer wasn't able to set up a secure session with a domain controller.
was still able to ping domain controller by name and get reply.....???

Personal I'm still thinking some kind of DNS/replication. reading the logs above, makes me think that all of a sudden this PC can't talk to DC and DC doesn't know this PC!!
But everyone else is fine and no error logs to guide me on server.

I will follow up after cisco technician comes tomorrow.


  Fubr
0
 
FubrAuthor Commented:
Ok.....had the cisco tech go through router today (501 PIX), and turns out it "is" a license issue
(exceeding licenses)

strung hit it on the head....I would have argue this, but technician clear it up for me
We have a 50 user license, and that does not mean 50 users.
It means 50 devices!!
So every network printer, computer, server, smartphone, wireless device that has an IP or gateway configured, is talking to the router and it is logging this as a license.

Sad thing is Cisco End-of-Life these routers couple years back, so probably won't be able to upgrade the license on it. (maybe find an unlimited one on ebay)

My question now, for a work around (until I can get a new ASA) can I do a "clear local-host all" on the router?

Clearing out all local users, I would not have to restart router and break the VPN Connections (we have two sister sites connecting to our router by VPN connection)

Makes me wonder why it does not release these licenses when they are idle?

I notice when I do a "show local-host", I get a lot of computers that haven't been on the network in the last couple of months, not to mention computers that have been lock out from internet access. I'm hoping the "clear local-host all" will be a work around. If I do a "clear local-host ip-address" of some of these client devices, it frees up licensing.

Fubr
0
 
strungCommented:
Maybe you can set a short IP lease on the DHCP server.
0
 
FubrAuthor Commented:
I will play with it and see (any suggestions on lease time?)

Thanks strung!


  Fubr
0
 
strungCommented:
Try 12 hours
0
All Courses

From novice to tech pro — start learning today.