Local users can't access external website with same domain name

Hello,

Recently I've been assigned to an old case where an employee made a (wrong) setup on a server where he used the same name for the internal domain and the external, for example domain.org. The website is on an external web server. External users have access to the website by using either http://domain.org or http://www.domain.org.
Local users will be seeing the default website IIS page on the domain controller.

mail.domain.org and webmail.domain.org are working fine on both ends but not the www.

I've read a few questions and tried some of their solutions on this forum but so far I didn't have any luck or I've been doing something wrong.

OS:
Windows Server 2008 Enterprise

For explanation purposes:
Internal server IP: 10.10.10.10
External website IP: 20.20.20.20

What I've done so far:
Local Server:
- I created a www A record in the local DNS server pointing to the external website 20.20.20.20.
- I installed IIS on the server and used the HTTP Redirection to http://www.domain.org

External Web Server(Web Hosting company; limited access):
- I removed the CNAME (alias) domain.org
- I added a WWW A record pointing to this website's IP address (www.domain.org A 20.20.20.20)  ---- The A record for domain.org was already there.

When I ping www.domain.org from inside the domain, I get the good external IP address 20.20.20.20.
When I do nslookup www.domain.org inside the domain, I get:
Server: Unknown
Address: ::1
Name: www.domain.org
Address: 20.20.20.20

When I do nslookup from outside the domain:
Server:Unknown
Address: 192.168.200.1             <------- (?? No network is using this ??)
Name: www.domain.org
Address: 20.20.20.20


From what I've read maybe the Web Hosting Company may be missing an A record somewhere?  Or maybe they're redirecting the www back to domain.org?

I'm a bit confused and out of ideas at this point.
martinlalancetteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it_saigeDeveloperCommented:
This:
Address: ::1

Is an IPv6 Address (I believe it signifies localhost; same as IPv4 localhost is 127.0.0.1).

First I would make sure that DNS is listening only on IPv4 addresses.Capture.JPG
Second, your first configuration should work (although I would not create a redirect from your internal web server), I would however, create an A record for www and point it to the IP address of the external website.

Just asking for clarification, the site in question is hosted externally, not internally?

-saige-
0
MacleanSystem EngineerCommented:
If the above fails add a SRV record with the domain name, and http as the service (Protocol = TCP)
enter the host offering the service as www.domain.com (Whatever your domain is)

This should work using the A record for your site.
If not change the domain name to the IP address and try that.
0
martinlalancetteAuthor Commented:
@saige

I changed the DNS to listen only to IPv4.
The A record for www was already made and pointing to the right address.
Yes, the website is hosted by an external company with a public address which I use to point the records to. (In  my example its 20.20.20.20)

Still not working.

@Maclean
I created a SRV record on the internal DNS server with the following:
Domain: domain.org
Service: _http
Protocol: _tcp
Priority: 0
Size/Weight*: 100
Port: 80
Host: www.domain.org   -----    20.20.20.20      (I tried both with the name and the IP of the website)
*: The server is in french and I wasn't sure of the actual translation of that particular property.

With either changes in hosts, I was still unable to access the website.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

MacleanSystem EngineerCommented:
Have you tried setting the external IP of the website per chance? To see if that makes any difference?
I'll have to think a bit more some later when I have more time.
0
martinlalancetteAuthor Commented:
No, I can't change the IP address of the website, it is owned and set by the hosting company (66.46.xx.xx).  This IP is shared with a few others of our clients' websites, but I didn't have any problems yet.

There's only that one domain where it's the same domain name as the external one, all the others were set up fine with .local and whatnot.
0
DrDave242Commented:
When you browse to www.domain.org from a machine outside your network, does the name in the browser's address bar change to domain.org when the page opens? If so, it's being redirected by the web server, and you'll need to remove that redirection or get the web host to do so.
0
martinlalancetteAuthor Commented:
@DrDave242
Yes, when I type the website address from a machine outside the network, the address changes to domain.org.  I've been trying to get the hosting company to change it for a week now (because before I posted here I thought it would solve the problem also), but it's been really hard to deal with them and they don't seem to be able to do properly what I ask them to. Hopefully, I'll get someone on customer support who can understand what I want soon.
I'll get back to you on that.
0
martinlalancetteAuthor Commented:
Well then.
After waiting for so long for the website "programmer" to add the "www" to the website, he wasn't successful. He said: "It won't work using the htaccess file because the website is using the WordPress APIs and it's complicated to add the www with that".  I call BS but I'll leave it at that, I'm no website programmer.

So, I'm just wondering if I could do it myself (with a little help from you guys) to add the www.
The website runs on an Apache server. It is Wordpress.
I tried this in the htaccess file at the top of the file:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

I remember trying other things but it didnt work either.

Anyway if everything fails, i'll have no choice but to rename my AD domain. If anyone has useful links or how-to methods, it would be great since I havent done that before.
0
DrDave242Commented:
I know nothing about WordPress or Apache, but this blog entry discusses using host headers in Apache. This also looks relevant, although it appears to be for an older version of Apache, so I'm not sure if everything there is still valid.
0
martinlalancetteAuthor Commented:
I'm sorry, I senet the wrong info here. The server is Apache but I only have access to the wordpress php files of the website. I can't access the server directly.

At this point, I'm also looking for information on how to change my domain name. I find the the step process of Microsoft's explanation a bit cold and hard to understand. If anyone  knows an easier way to explain how to do this, it'd really be helpful.
0
DrDave242Commented:
Renaming an AD domain can be a real pain (and if you have an Exchange server, forget it). Are you having trouble with a particular part of the process?

If you have a "spare" server that can be used as a DC temporarily, it can sometimes be easier to create a new domain and use the Active Directory Migration Tool to migrate everything to it rather than perform an in-place domain rename.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
martinlalancetteAuthor Commented:
Its really simple: One DC and AD(same server), Windows 2008, NO Exchange.
I'm reading:
http://social.technet.microsoft.com/wiki/contents/articles/1347.renaming-a-windows-server-2008-active-directory-domain-dsforum2wiki.aspx

For example, they say to copy rendom.exe repadmin.exe dfsutil.exe gpfixup.exe.
I just straight up copy them from the SERVER system32 folder to the MEMBERCLIENT local drive ?
I've seen videos (like the one below) where they do everything from the DC. Sure, he uses Remote Desktop to connect to the server but I dont get why he's doing it. It won't work if I do it all on the actual server?
Additionnally, that guy in particular doesn't do everything Microsoft wrote on their guide and does it seem to work fine. He doesn't use repadmin or dfsutil.

https://www.youtube.com/watch?v=RwXyi1_UDWo
0
DrDave242Commented:
I'm not sure why the guy in the video runs the commands directly on the DC rather than using a control machine. In fact, it looks like he attempts to connect to a control machine, then gives up and runs everything on the DC. Since there's no spoken audio, there's no way to tell why he did that. It appears to work just fine, though. I highly recommend making a full backup of your DC (including system state) before beginning the process, just in case something goes wrong.

You won't need to use repadmin at all; since you've only got one DC, there's no replication going on.

I'm going to have the song from that video stuck in my head for the rest of the day.
0
martinlalancetteAuthor Commented:
I still don't know why you need a control machine. Wouldn't it make more sense to make the changes on the actual server rather than going through another computer? Since anyway you're going to use Remote Desktop? What's the difference?

Looking between the Microsoft documentation and that video there doesn't seem to be much difference (he doesn't do the verifications and backups, though). I'll try it out on a dummy server at my office and see how it goes.

Thanks for your help. This case has been really annoying so far because no one seems to know anything (DNS, registrars, etc.) and no one seems to be able to find answers to what I'm asking ( force www to the WordPress/PHP website ). It's like all information went *poof* when it comes to this company's server and anything related.



lol I hear ya. Damnit!
0
MacleanSystem EngineerCommented:
Sorry for not having checked back for a while, been busy myself, but I see this is still ongoing.
With my original question some time back on setting the external IP of the website, I mean to say that when creating the SRV record

I created a SRV record on the internal DNS server with the following:
Domain: domain.org
Service: _http
Protocol: _tcp
Priority: 0
Size/Weight*: 100
Port: 80
Host: www.domain.org   -----    20.20.20.20      (I tried both with the name and the IP of the website)
*: The server is in french and I wasn't sure of the actual translation of that particular property.

I meant to say that in host, to set the external IP of the website.
Theoretically when a internal DNS lookup is done for www.domain.org, the http should take priority, and redirect the request to the external IP rather than internal
0
DrDave242Commented:
I still don't know why you need a control machine. Wouldn't it make more sense to make the changes on the actual server rather than going through another computer? Since anyway you're going to use Remote Desktop? What's the difference?
That's a good question. I'll admit, I don't know why the MS documentation insists that you use a control machine, and I can't find a clear explanation for it. My guess is that it's a lot more important in a more complex environment in which you've got multiple domains in your forest, especially if you're repositioning them (rearranging the hierarchy) as part of the rename operation. If there's only one domain in the forest, and especially if there's only one DC in that domain, a control machine likely isn't so important and may not be needed at all.

@Maclean: I don't think most web browsers query for SRV records. In fact, I'm not sure any of them do.
0
MacleanSystem EngineerCommented:
The browser does not query a record itself, but the DNS does, and any requests from a system to go to a website or other needs to use DNS in order to locate where to go. Having the SVR prioritize http to be directed to an external address should work. But perhaps there's something I might be missing :)

I'm merely going from my experience on a similar problem. New client their domain had same name as their website.
Their internal systems point to internal DNS servers, and they wanted that next to http://www.website.com that they could type in http://website.com internally, which won't work without redirecting http requests to this name via a SVR record to the website's public IP address. Worked like a charm for the client.
0
martinlalancetteAuthor Commented:
@Maclean
Yes, I've tried both SRV records (www.domain.org - and - 66.46.xx.xx public address)
It didn't make any difference. Should I wait longer when making changes our DNS server? Or since I'm already on it the changes should be instant?
0
DrDave242Commented:
Should I wait longer when making changes our DNS server? Or since I'm already on it the changes should be instant?
As long as you clear the client and server caches after making a change (ipconfig /flushdns on the client; dnscmd /clearcache on the server), you don't have to wait. However, I stand by my assertion that SRV records won't make any difference in this case, as the client won't query for them. (If you like, you can use Wireshark or some other packet sniffer to find out for sure.)
0
martinlalancetteAuthor Commented:
Forgot I still had this open.

I ended up renaming the domain and it worked fine.
0
martinlalancetteAuthor Commented:
I ended up renaming the domain using the Microsoft documentation, in addition of tips and advice from DrDave.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.