Web site not working on Domain

Posted on 2014-08-20
Last Modified: 2014-09-05
A Customer of ours is having an issue of accessing one of the sites that they regularly log into.
I tried everything. Made it a trusted site. set it to compatibility mode. It even is getting blocked using different browsers.
they have a cisco RV042 router and are using SBS2008.

Is there web filtering in SBS2011. or on the router. I looked everywhere. They are not using any third party web filtering.
Question by:BBrayton
    LVL 18

    Accepted Solution

    There's no web filtering on SBS 2011 (server 2008R2), nor on simple RV042 router. Must be something else:

    - is this web site maybe on the same domain, as user's local domain? Some AD domains are (wrong!) setup by using user's public domain name as their local domain name, so since their local/public domain resolves inside LAN to, for example, and from public to, local users cannot browse this site

    - try PING and NSLOOKUP the problematic domain name (eg. Do both, ping and nslookup return the same public IP for this web site? If not, then your DNS is not properly setup.

    - is this web site on common ports, for example 80 or 443? Or is there some custom port, for example ? If so, then it *might* be router guilty, if it has OUTGOING filtering option. For example, I have a habbit to only allow OUTGOING traffic to ports 80, 443 and that's all. If any user complaints he/she cannot access something, I review each request and if it is safe, open additional outgoing rule on firewall.

    Author Comment

    I did put a static dns in the IPV4 settings and and the web site did work when I did that. SO you think it is a DNS issue?

    Author Comment

    The web site they are trying to reach is  and yes port 80 and 443 are both open on the router.
    LVL 18

    Expert Comment

    by:Andrej Pirman
    sorry for my late reply - I was absent.

    Yes, you probably have DNS issue here. Let me point out some basics config for SBS server:
    SBS must be the only domain controller in local domain, and easier to be also the only DHCP server. So it is important no other DHCP is in the same network!

    DHCP options should be:
    - DNS servers for clients should be IP of your SBS server, and maybe of some other DNS server inside your domain. Do NOT!!! put here any public DNS servers!

    Now, let's go to SBS's DNS server and configure it.
    Right-click on properties of DNS server, find FORWARDERS and put public DNS there, for example Google's DNS and Then find "Disable Recursion", I think it is under OPTIONS tab, and make sure it is NOT checked! I mean, you should NOT disable recursion.

    Now, what we've got?
    Client will try to resolve and will ask it's set DNS server, which is SBS server. If SBS server does have this domain name in its DNS, then SBS will return IP of the domain immediately. If not, then SBS will use Forwarders to ask for IP of domain name, in our case SBS will ask Google for IP of
    Google will tell SBS, and SBS will forward the answer to client computer, thus principle is named "forwarder".

    Now, the possible problem?
    If you local domain name is, say,, where "local" part is important, then in each and every case your SBS will know correct IP of And when your client will be at home, will not be resolvable, which is correct behavior, as this domain cannot exist (TLD .local is not allowed in public!).
    But what happens when your SBS domain name is, say, In such case, when your client is on your LAN, he/she will get LOCAL IP, for example, as IP of the But you are not Google, right? So in this case when on LAN, clients would not have access to real Google web page, because you make them think, that your SBS is :) That's WRONG!

    So, common problems arise when company has web site and they setup SBS domain named instead of company.local. If this is your case, then you should workaround:

    go to SBS DNS managmenent console and under FORWARD zone of "" add an A-record manually:
    A    www    <IP of your PUBLIC domain>

    Doing so, your SBS will know the correct PUBLIC IP of your web site and will not return error.

    - configure FORWARDERS on your SBS DNS properties
    - do NOT put public DNS servers in TCP/IP properties, nor in DHCP options, not for client and not for server

    For backup purposes it is enough to save SCREENSHOTS of settings before you change them. If you mess something, it is all easy repairable, no worry.

    Featured Post

    Do email signature updates give you a headache?

    Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

    Join & Write a Comment

    Suggested Solutions

    Learn about cloud computing and its benefits for small business owners.
    Monitoring systems evolution, cloud technology benefits and cloud cost calculators business utility.
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now