Web site not working on Domain

Posted on 2014-08-20
Medium Priority
Last Modified: 2014-09-05
A Customer of ours is having an issue of accessing one of the sites that they regularly log into.
I tried everything. Made it a trusted site. set it to compatibility mode. It even is getting blocked using different browsers.
they have a cisco RV042 router and are using SBS2008.

Is there web filtering in SBS2011. or on the router. I looked everywhere. They are not using any third party web filtering.
Question by:BBrayton
  • 2
  • 2
LVL 18

Accepted Solution

Andrej Pirman earned 1500 total points
ID: 40275125
There's no web filtering on SBS 2011 (server 2008R2), nor on simple RV042 router. Must be something else:

- is this web site maybe on the same domain, as user's local domain? Some AD domains are (wrong!) setup by using user's public domain name as their local domain name, so since their local/public domain resolves inside LAN to, for example, and from public to, local users cannot browse this site

- try PING and NSLOOKUP the problematic domain name (eg. www.problematic.com). Do both, ping and nslookup return the same public IP for this web site? If not, then your DNS is not properly setup.

- is this web site on common ports, for example 80 or 443? Or is there some custom port, for example https://www.problematic.com:12345 ? If so, then it *might* be router guilty, if it has OUTGOING filtering option. For example, I have a habbit to only allow OUTGOING traffic to ports 80, 443 and that's all. If any user complaints he/she cannot access something, I review each request and if it is safe, open additional outgoing rule on firewall.

Author Comment

ID: 40275962
I did put a static dns in the IPV4 settings and and the web site did work when I did that. SO you think it is a DNS issue?

Author Comment

ID: 40275966
The web site they are trying to reach is paychexonline.com  and yes port 80 and 443 are both open on the router.
LVL 18

Expert Comment

by:Andrej Pirman
ID: 40306810
sorry for my late reply - I was absent.

Yes, you probably have DNS issue here. Let me point out some basics config for SBS server:
SBS must be the only domain controller in local domain, and easier to be also the only DHCP server. So it is important no other DHCP is in the same network!

DHCP options should be:
- DNS servers for clients should be IP of your SBS server, and maybe of some other DNS server inside your domain. Do NOT!!! put here any public DNS servers!

Now, let's go to SBS's DNS server and configure it.
Right-click on properties of DNS server, find FORWARDERS and put public DNS there, for example Google's DNS and Then find "Disable Recursion", I think it is under OPTIONS tab, and make sure it is NOT checked! I mean, you should NOT disable recursion.

Now, what we've got?
Client will try to resolve www.somedomain.com and will ask it's set DNS server, which is SBS server. If SBS server does have this domain name in its DNS, then SBS will return IP of the domain immediately. If not, then SBS will use Forwarders to ask for IP of domain name, in our case SBS will ask Google for IP of www.somedomain.com.
Google will tell SBS, and SBS will forward the answer to client computer, thus principle is named "forwarder".

Now, the possible problem?
If you local domain name is, say, www.google.local, where "local" part is important, then in each and every case your SBS will know correct IP of www.google.local. And when your client will be at home, www.google.local will not be resolvable, which is correct behavior, as this domain cannot exist (TLD .local is not allowed in public!).
But what happens when your SBS domain name is, say, www.google.com? In such case, when your client is on your LAN, he/she will get LOCAL IP, for example, as IP of the www.google.com. But you are not Google, right? So in this case when on LAN, clients would not have access to real Google web page, because you make them think, that your SBS is www.google.com :) That's WRONG!

So, common problems arise when company has web site www.company.com and they setup SBS domain named company.com instead of company.local. If this is your case, then you should workaround:

go to SBS DNS managmenent console and under FORWARD zone of "company.com" add an A-record manually:
A    www    <IP of your PUBLIC domain www.company.com>

Doing so, your SBS will know the correct PUBLIC IP of your www.company.com web site and will not return error.

- configure FORWARDERS on your SBS DNS properties
- do NOT put public DNS servers in TCP/IP properties, nor in DHCP options, not for client and not for server

For backup purposes it is enough to save SCREENSHOTS of settings before you change them. If you mess something, it is all easy repairable, no worry.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the wake of AWS' S3 outage, we want to discuss the importance of storage and data diversification in the event of a hack, crash, or system disruption. We spoke with Experts Exchange’s COO Gene Richardson for a deeper understanding.
The decision to migrate to the cloud is not a simple one—many factors, such a cost, ease of use, and ongoing maintenance come into play. The goal is always for cloud platforms to make storage and backups more seamless and effective. Here’s a look at…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question