Solved

Cannot resolve our ISP's own server names, have to run "Connect to Internet" Wizard from SBS Console. This keeps happening.

Posted on 2014-11-20
11
225 Views
Last Modified: 2014-12-06
This is SBS 2011. Our ISP is Shaw Cable.

We have a weird problem as below -
 We cannot open the URL http://webmail.shaw.ca in a browser, and we cannot ping webmail.shaw.ca
We cannot ping all of our ISP pop3 servers, such as shawmail.vc.shawcable.net

If we run "Connect to Internet" wizard from SBS Console, the above problems will all be gone. But, the problems will come back again in a day or two, so we will have to run the wizard again and again.

We have no problem with our own domain emails (@mycompany.com) and we have no problem with browsing any other web sites.

This is a DNS issue that is only related to our ISP name resolving. But I do not know where to start to troubleshoot.

Please help!

Thanks
0
Comment
Question by:techcity
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 2

Expert Comment

by:FinServCo
ID: 40456000
nslookup is a good tool to use for DNS issues.  You can attach to different servers and query for various DNS names.  

Is your forwarding configured correctly on your DNS server?  Typically an ISP will provide 2 or more DNS server IP addresses to be set on your DNS server as forwarders.  So your local machines look to the local DNS server for local DNS lookups (your internal domain) and then any requests that the local DNS server isn't authoritative for get forwarded on to the forwarders.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40456070
If the problem is limited to shaw.ca domains, then there is no need to keep running the CIECW.  The problem more likely lies somewhere in DNS.  FinServCo made a great point about the DNS forwarders, that's where I would start too.

I have a few clients using Shaw and their DNS can be flaky from time to time.  After confirming your DNS setup, I would contact their tech support department and see if they have something on their end that is blocking your IP (which I assume is static?).  Shaw's routers are infamous for seemingly blocking their own clients' IPs.  I've seen it before where their systems assume that checking email frequently is actually an attack from within their own network and then they block the IP address until it's renewed (likely why CIECW fixes the problem temporarily).  If Shaw cannot find a problem on their end, post back here.
0
 
LVL 2

Expert Comment

by:FinServCo
ID: 40456086
I've run into issues with our ISP where they've given us the order of preference for setting forwarders.  Then, when we've had problems, it's usually been the first server and when I changed the order it went away.
0
 
LVL 1

Author Comment

by:techcity
ID: 40456116
FinServCo -
Unlike the previous versions, SBS 2011 stopped using DNS Forwarders. In stead, it uses root hints.
I guess I will have to add the forwarders back if I have no other choices.

Asif Bacchus -
Initially I thought Shaw blocked us and we were blocked a few times in the past month . But I do not think this is the case this time. Reasons are
1. Our server is behind our firewall. Running CEICW would not affect the public IP
2. When the problem happened, I tried to ping Shaw server from our firewall, it all worked fine. (name resolved successfully)
0
 
LVL 2

Accepted Solution

by:
FinServCo earned 500 total points
ID: 40456123
I think the default is to use root hints.  You could also try the Best Practice Analyzer.

http://support.microsoft.com/kb/2673284
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:techcity
ID: 40456207
Yes, the default is to use root hints. This is not like the previous versions anymore.
0
 
LVL 1

Author Comment

by:techcity
ID: 40456244
FinServCo -
I just ran BPA and found this. And I have deployed the solution accordingly. Will keep you guys posted...


Issue: The DNS parameter MaxCacheTTL is not set.

Impact: When name resolution is provided by root hints, Windows Server  2008 DNS Servers and Windows Server 2008 R2 DNS Servers may fail to resolve queries for the names of some top-level domains. If this occurs, the problem will continue until you clear the DNS Server cache or restart the DNS Server service. You may experience the problem with domains such as .co, .uk, .cn, and .br. However, the problem is not limited to those domains.

Resolution: For more information, see "Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains" at http://go.microsoft.com/fwlink/?LinkId=152402.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40456562
Umm, I think I'd like to correct you all on something here... SBS 2011 (basically Server 2008 R2) absolutely still uses forwarders and you *SHOULD* be using forwarders so that you do NOT run into the MaxCacheTTL issue with root hints.  Deploying the MaxCacheTTL fix is still not the worst idea since when forwarders are not available, windows will fall back to root hints.

To configure forwarders, open your DNS MMC, right-click on the server and go to properties.  Then select the Forwarders tab and click the edit button.  Fill in your desired forwarders (if more than one, also check the order is correct) and click OK.  The default option, that you may be referring to, is the check box located next to the edit button that says "Use root hints if no forwarders are available".  That should remain checked, but as the text suggests, Windows prioritizes forwarders over root hints.

As a side note, does you firewall provide DNS services also?  Are you using it as a DNS relay back to your server or is your server solely handling DNS?  For example, in my setups, I always use a BSD box as a firewall and let it handle DNS.  Then I point my forwarders to my BSD firewall which has its DNS servers set to my ISP/Google/etc.  I find BSD and *nix handle DNS better than windows.  I bring this up because if you are using a similar setup, then the problem may not be with the DNS on your SBS box at all, but rather on your firewall device.  In any case, you should still be using forwarders instead of root hints.

Sorry for the slight tangent, but I think it's important information as you continue to troubleshoot.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 40457063
Is your SBS box fully up to date as I'm reasonably sure the MaxCache reg change was included in an update rollup.  Rather than using your ISPs DNS servers as the forwarders, use Google's 8.8.8.8 and 8.8.4.4
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40457137
@Cris, yup the update was related to KB 2615570 and applies to Server 2008 R2 so it also applies to SBS 2011.  Good call suggesting using Google's DNS since it also rules out any problems with Shaw's DNS servers being the issue.
0
 
LVL 1

Author Closing Comment

by:techcity
ID: 40484753
Thank you very much for all your inputs regarding this issue.
After running BPA and fixing MaxCacheTTL in registry, the problem has never came back yet. So running BPA is the key to fix the problem.

I am not sure why SBS2011 started using root hints to replace forwarders. Since root hints is the default, I would stick with it and did not try forwarders.

Thanks again!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now