Solved

Cannot resolve our ISP's own server names, have to run "Connect to Internet" Wizard from SBS Console. This keeps happening.

Posted on 2014-11-20
11
231 Views
Last Modified: 2014-12-06
This is SBS 2011. Our ISP is Shaw Cable.

We have a weird problem as below -
 We cannot open the URL http://webmail.shaw.ca in a browser, and we cannot ping webmail.shaw.ca
We cannot ping all of our ISP pop3 servers, such as shawmail.vc.shawcable.net

If we run "Connect to Internet" wizard from SBS Console, the above problems will all be gone. But, the problems will come back again in a day or two, so we will have to run the wizard again and again.

We have no problem with our own domain emails (@mycompany.com) and we have no problem with browsing any other web sites.

This is a DNS issue that is only related to our ISP name resolving. But I do not know where to start to troubleshoot.

Please help!

Thanks
0
Comment
Question by:techcity
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 2

Expert Comment

by:FinServCo
ID: 40456000
nslookup is a good tool to use for DNS issues.  You can attach to different servers and query for various DNS names.  

Is your forwarding configured correctly on your DNS server?  Typically an ISP will provide 2 or more DNS server IP addresses to be set on your DNS server as forwarders.  So your local machines look to the local DNS server for local DNS lookups (your internal domain) and then any requests that the local DNS server isn't authoritative for get forwarded on to the forwarders.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40456070
If the problem is limited to shaw.ca domains, then there is no need to keep running the CIECW.  The problem more likely lies somewhere in DNS.  FinServCo made a great point about the DNS forwarders, that's where I would start too.

I have a few clients using Shaw and their DNS can be flaky from time to time.  After confirming your DNS setup, I would contact their tech support department and see if they have something on their end that is blocking your IP (which I assume is static?).  Shaw's routers are infamous for seemingly blocking their own clients' IPs.  I've seen it before where their systems assume that checking email frequently is actually an attack from within their own network and then they block the IP address until it's renewed (likely why CIECW fixes the problem temporarily).  If Shaw cannot find a problem on their end, post back here.
0
 
LVL 2

Expert Comment

by:FinServCo
ID: 40456086
I've run into issues with our ISP where they've given us the order of preference for setting forwarders.  Then, when we've had problems, it's usually been the first server and when I changed the order it went away.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 1

Author Comment

by:techcity
ID: 40456116
FinServCo -
Unlike the previous versions, SBS 2011 stopped using DNS Forwarders. In stead, it uses root hints.
I guess I will have to add the forwarders back if I have no other choices.

Asif Bacchus -
Initially I thought Shaw blocked us and we were blocked a few times in the past month . But I do not think this is the case this time. Reasons are
1. Our server is behind our firewall. Running CEICW would not affect the public IP
2. When the problem happened, I tried to ping Shaw server from our firewall, it all worked fine. (name resolved successfully)
0
 
LVL 2

Accepted Solution

by:
FinServCo earned 500 total points
ID: 40456123
I think the default is to use root hints.  You could also try the Best Practice Analyzer.

http://support.microsoft.com/kb/2673284
0
 
LVL 1

Author Comment

by:techcity
ID: 40456207
Yes, the default is to use root hints. This is not like the previous versions anymore.
0
 
LVL 1

Author Comment

by:techcity
ID: 40456244
FinServCo -
I just ran BPA and found this. And I have deployed the solution accordingly. Will keep you guys posted...


Issue: The DNS parameter MaxCacheTTL is not set.

Impact: When name resolution is provided by root hints, Windows Server  2008 DNS Servers and Windows Server 2008 R2 DNS Servers may fail to resolve queries for the names of some top-level domains. If this occurs, the problem will continue until you clear the DNS Server cache or restart the DNS Server service. You may experience the problem with domains such as .co, .uk, .cn, and .br. However, the problem is not limited to those domains.

Resolution: For more information, see "Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains" at http://go.microsoft.com/fwlink/?LinkId=152402.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40456562
Umm, I think I'd like to correct you all on something here... SBS 2011 (basically Server 2008 R2) absolutely still uses forwarders and you *SHOULD* be using forwarders so that you do NOT run into the MaxCacheTTL issue with root hints.  Deploying the MaxCacheTTL fix is still not the worst idea since when forwarders are not available, windows will fall back to root hints.

To configure forwarders, open your DNS MMC, right-click on the server and go to properties.  Then select the Forwarders tab and click the edit button.  Fill in your desired forwarders (if more than one, also check the order is correct) and click OK.  The default option, that you may be referring to, is the check box located next to the edit button that says "Use root hints if no forwarders are available".  That should remain checked, but as the text suggests, Windows prioritizes forwarders over root hints.

As a side note, does you firewall provide DNS services also?  Are you using it as a DNS relay back to your server or is your server solely handling DNS?  For example, in my setups, I always use a BSD box as a firewall and let it handle DNS.  Then I point my forwarders to my BSD firewall which has its DNS servers set to my ISP/Google/etc.  I find BSD and *nix handle DNS better than windows.  I bring this up because if you are using a similar setup, then the problem may not be with the DNS on your SBS box at all, but rather on your firewall device.  In any case, you should still be using forwarders instead of root hints.

Sorry for the slight tangent, but I think it's important information as you continue to troubleshoot.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40457063
Is your SBS box fully up to date as I'm reasonably sure the MaxCache reg change was included in an update rollup.  Rather than using your ISPs DNS servers as the forwarders, use Google's 8.8.8.8 and 8.8.4.4
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40457137
@Cris, yup the update was related to KB 2615570 and applies to Server 2008 R2 so it also applies to SBS 2011.  Good call suggesting using Google's DNS since it also rules out any problems with Shaw's DNS servers being the issue.
0
 
LVL 1

Author Closing Comment

by:techcity
ID: 40484753
Thank you very much for all your inputs regarding this issue.
After running BPA and fixing MaxCacheTTL in registry, the problem has never came back yet. So running BPA is the key to fix the problem.

I am not sure why SBS2011 started using root hints to replace forwarders. Since root hints is the default, I would stick with it and did not try forwarders.

Thanks again!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question