Solved

Cannot resolve our ISP's own server names, have to run "Connect to Internet" Wizard from SBS Console. This keeps happening.

Posted on 2014-11-20
11
230 Views
Last Modified: 2014-12-06
This is SBS 2011. Our ISP is Shaw Cable.

We have a weird problem as below -
 We cannot open the URL http://webmail.shaw.ca in a browser, and we cannot ping webmail.shaw.ca
We cannot ping all of our ISP pop3 servers, such as shawmail.vc.shawcable.net

If we run "Connect to Internet" wizard from SBS Console, the above problems will all be gone. But, the problems will come back again in a day or two, so we will have to run the wizard again and again.

We have no problem with our own domain emails (@mycompany.com) and we have no problem with browsing any other web sites.

This is a DNS issue that is only related to our ISP name resolving. But I do not know where to start to troubleshoot.

Please help!

Thanks
0
Comment
Question by:techcity
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 2

Expert Comment

by:FinServCo
ID: 40456000
nslookup is a good tool to use for DNS issues.  You can attach to different servers and query for various DNS names.  

Is your forwarding configured correctly on your DNS server?  Typically an ISP will provide 2 or more DNS server IP addresses to be set on your DNS server as forwarders.  So your local machines look to the local DNS server for local DNS lookups (your internal domain) and then any requests that the local DNS server isn't authoritative for get forwarded on to the forwarders.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40456070
If the problem is limited to shaw.ca domains, then there is no need to keep running the CIECW.  The problem more likely lies somewhere in DNS.  FinServCo made a great point about the DNS forwarders, that's where I would start too.

I have a few clients using Shaw and their DNS can be flaky from time to time.  After confirming your DNS setup, I would contact their tech support department and see if they have something on their end that is blocking your IP (which I assume is static?).  Shaw's routers are infamous for seemingly blocking their own clients' IPs.  I've seen it before where their systems assume that checking email frequently is actually an attack from within their own network and then they block the IP address until it's renewed (likely why CIECW fixes the problem temporarily).  If Shaw cannot find a problem on their end, post back here.
0
 
LVL 2

Expert Comment

by:FinServCo
ID: 40456086
I've run into issues with our ISP where they've given us the order of preference for setting forwarders.  Then, when we've had problems, it's usually been the first server and when I changed the order it went away.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Author Comment

by:techcity
ID: 40456116
FinServCo -
Unlike the previous versions, SBS 2011 stopped using DNS Forwarders. In stead, it uses root hints.
I guess I will have to add the forwarders back if I have no other choices.

Asif Bacchus -
Initially I thought Shaw blocked us and we were blocked a few times in the past month . But I do not think this is the case this time. Reasons are
1. Our server is behind our firewall. Running CEICW would not affect the public IP
2. When the problem happened, I tried to ping Shaw server from our firewall, it all worked fine. (name resolved successfully)
0
 
LVL 2

Accepted Solution

by:
FinServCo earned 500 total points
ID: 40456123
I think the default is to use root hints.  You could also try the Best Practice Analyzer.

http://support.microsoft.com/kb/2673284
0
 
LVL 1

Author Comment

by:techcity
ID: 40456207
Yes, the default is to use root hints. This is not like the previous versions anymore.
0
 
LVL 1

Author Comment

by:techcity
ID: 40456244
FinServCo -
I just ran BPA and found this. And I have deployed the solution accordingly. Will keep you guys posted...


Issue: The DNS parameter MaxCacheTTL is not set.

Impact: When name resolution is provided by root hints, Windows Server  2008 DNS Servers and Windows Server 2008 R2 DNS Servers may fail to resolve queries for the names of some top-level domains. If this occurs, the problem will continue until you clear the DNS Server cache or restart the DNS Server service. You may experience the problem with domains such as .co, .uk, .cn, and .br. However, the problem is not limited to those domains.

Resolution: For more information, see "Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains" at http://go.microsoft.com/fwlink/?LinkId=152402.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40456562
Umm, I think I'd like to correct you all on something here... SBS 2011 (basically Server 2008 R2) absolutely still uses forwarders and you *SHOULD* be using forwarders so that you do NOT run into the MaxCacheTTL issue with root hints.  Deploying the MaxCacheTTL fix is still not the worst idea since when forwarders are not available, windows will fall back to root hints.

To configure forwarders, open your DNS MMC, right-click on the server and go to properties.  Then select the Forwarders tab and click the edit button.  Fill in your desired forwarders (if more than one, also check the order is correct) and click OK.  The default option, that you may be referring to, is the check box located next to the edit button that says "Use root hints if no forwarders are available".  That should remain checked, but as the text suggests, Windows prioritizes forwarders over root hints.

As a side note, does you firewall provide DNS services also?  Are you using it as a DNS relay back to your server or is your server solely handling DNS?  For example, in my setups, I always use a BSD box as a firewall and let it handle DNS.  Then I point my forwarders to my BSD firewall which has its DNS servers set to my ISP/Google/etc.  I find BSD and *nix handle DNS better than windows.  I bring this up because if you are using a similar setup, then the problem may not be with the DNS on your SBS box at all, but rather on your firewall device.  In any case, you should still be using forwarders instead of root hints.

Sorry for the slight tangent, but I think it's important information as you continue to troubleshoot.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40457063
Is your SBS box fully up to date as I'm reasonably sure the MaxCache reg change was included in an update rollup.  Rather than using your ISPs DNS servers as the forwarders, use Google's 8.8.8.8 and 8.8.4.4
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40457137
@Cris, yup the update was related to KB 2615570 and applies to Server 2008 R2 so it also applies to SBS 2011.  Good call suggesting using Google's DNS since it also rules out any problems with Shaw's DNS servers being the issue.
0
 
LVL 1

Author Closing Comment

by:techcity
ID: 40484753
Thank you very much for all your inputs regarding this issue.
After running BPA and fixing MaxCacheTTL in registry, the problem has never came back yet. So running BPA is the key to fix the problem.

I am not sure why SBS2011 started using root hints to replace forwarders. Since root hints is the default, I would stick with it and did not try forwarders.

Thanks again!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question