Gregg Brooke
asked on
Can't Get to Website From Internal Network
Our company website is abccompany.com while our e-mail domain is .net, i.e., elduderino@abccompany.net. Long story behind that but it hasn't been a problem until now.
GoDaddy is our webhosting provider and has pointed .com and .net to the site. This has worked for the last four years. Now, nobody can get to site using .net from inside our network but using .com works. At home, at Starbuck's, in a hotel....no problem with using either .com or .net. The DNS settings on the GoDaddy console look correct and I certainly haven't changed any of them. Only the webmaster and I have access to the GoDaddy account and she said that she hasn't changed anything.
My network:
Windows Server 2008 R2 - domain controller (AD, Peachtree Accounting and files)
Windows Server 2008 R2 - app server (a print management app and a knowledge base using IIS)
Using Active Directory
Ubiquiti UniFi APs and controller
60-70 wireless devices, 25 wired devices (printers and desktops)
Using VLANs
192.168.1.1 - management network
192.168.10.x - wired devices
192.168.15.x - VoIP phones
192.168.20.x - wireless devices
192.168.25.x - not used at this time
We have MPLS and a cloud firewall through our provider, Windstream. It hasn't given us any problems in the past and I haven't talked to them yet about this issue.
Does this sound like an internal issue and, if so, where do I start looking? If I'm in the wrong forum, please advise.
GoDaddy is our webhosting provider and has pointed .com and .net to the site. This has worked for the last four years. Now, nobody can get to site using .net from inside our network but using .com works. At home, at Starbuck's, in a hotel....no problem with using either .com or .net. The DNS settings on the GoDaddy console look correct and I certainly haven't changed any of them. Only the webmaster and I have access to the GoDaddy account and she said that she hasn't changed anything.
My network:
Windows Server 2008 R2 - domain controller (AD, Peachtree Accounting and files)
Windows Server 2008 R2 - app server (a print management app and a knowledge base using IIS)
Using Active Directory
Ubiquiti UniFi APs and controller
60-70 wireless devices, 25 wired devices (printers and desktops)
Using VLANs
192.168.1.1 - management network
192.168.10.x - wired devices
192.168.15.x - VoIP phones
192.168.20.x - wireless devices
192.168.25.x - not used at this time
We have MPLS and a cloud firewall through our provider, Windstream. It hasn't given us any problems in the past and I haven't talked to them yet about this issue.
Does this sound like an internal issue and, if so, where do I start looking? If I'm in the wrong forum, please advise.
Are you using the .net domain internally (as Windows Domain name)?
Check what each one resolves to in DNS as well, or ping them
ASKER
We are not using the .net as the Windows domain. That is a completely different name from the website and uses .local.
DNS on the 2008 R2 box?
DNS on the 2008 R2 box?
Yes, or whatever your clients are using.
You say that .com AND .net worked for the past four years? But now it doesn't. Has any changes been made at your end?
Does it work if you use www.abccompany.net?
If you do a whois lookup does abccompany.net point to the website (abccompany.com)
Does it work if you use www.abccompany.net?
If you do a whois lookup does abccompany.net point to the website (abccompany.com)
ASKER
Yes, .com and .net both worked for the past four years. I have not made changes to the GoDaddy DNS settings nor to the DNS configuration on the domain controller. The webmaster has access to GoDaddy but she said she hasn't changed anything.
Trying to hit the site with http://www.abccompany.net does not work from the inside but it works from the outside.
Whois for abccompany.net didn't shed any light on the problem but, though I already looked, I called GoDaddy and went through the DNS settings with them. It's all correct.
I am working off-site the next day or so but will try to look at the DNS on the domain controller to see what I can see.
Trying to hit the site with http://www.abccompany.net does not work from the inside but it works from the outside.
Whois for abccompany.net didn't shed any light on the problem but, though I already looked, I called GoDaddy and went through the DNS settings with them. It's all correct.
I am working off-site the next day or so but will try to look at the DNS on the domain controller to see what I can see.
What's your MX record? something like mail.abccompany.net? Do you have a zone in AD for your email? i.e. abccompany.net and an A record for mail in that zone?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, what we need to know is that abccompany.net and .com resolve internally to the same location. From a workstation you can do nslookup abccompany.net and nslookup abccompany.com for a command prompt.
ANd resolving to the same address is correct???
ASKER
Was out of the office for a few days. I am working on getting the information requested now.
ASKER
MX record is homesteadhospice-com.mail. protection .outlook.c om for the .com and homesteadhospice-net.mail. protection .outlook.c om for the .net.
There is no zone in AD for e-mail.
NSLOOKUP results:
I confirmed with GoDaddy that 184.168.46.68 is the correct IP address.
TRACERT for that IP:
There is no zone in AD for e-mail.
NSLOOKUP results:
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
I confirmed with GoDaddy that 184.168.46.68 is the correct IP address.
TRACERT for that IP:
C:\>tracert 184.168.46.68
Tracing route to p3nw8shg322.shr.prod.phx3. secureserv er.net [184.168.46.68]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.10.1
2 <1 ms <1 ms <1 ms 10.0.1.1
3 2 ms 3 ms 1 ms 172.16.0.1
4 2 ms 2 ms 2 ms crit-asfo0ain.sfo0.cbeyond .net [192.168.250.1]
5 2 ms 2 ms 2 ms h212.98.132.40.static.ip.w indstream. net [40.132.
98.212]
6 2 ms 2 ms 2 ms h200.58.132.40.static.ip.w indstream. net [40.132.
58.200]
7 38 ms 38 ms 38 ms 198.32.132.165
8 42 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt. phx3.gdg [184.168.0.69
]
9 41 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt. phx3.gdg [184.168.0.69
]
10 39 ms 38 ms 38 ms ip-97-74-255-129.ip.secure server.net [97.74.255.
129]
11 42 ms 41 ms 41 ms p3nw8shg322.shr.prod.phx3. secureserv er.net [184.
168.46.68]
Trace complete.
Tracing route to p3nw8shg322.shr.prod.phx3.
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.10.1
2 <1 ms <1 ms <1 ms 10.0.1.1
3 2 ms 3 ms 1 ms 172.16.0.1
4 2 ms 2 ms 2 ms crit-asfo0ain.sfo0.cbeyond
5 2 ms 2 ms 2 ms h212.98.132.40.static.ip.w
98.212]
6 2 ms 2 ms 2 ms h200.58.132.40.static.ip.w
58.200]
7 38 ms 38 ms 38 ms 198.32.132.165
8 42 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt.
]
9 41 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt.
]
10 39 ms 38 ms 38 ms ip-97-74-255-129.ip.secure
129]
11 42 ms 41 ms 41 ms p3nw8shg322.shr.prod.phx3.
168.46.68]
Trace complete.
so this is probably your internal DNS not resolving it, if I ping homesteadhospice.net and homesteadhospice.com they resolve to 184.168.46.68.
Sense you are using an internal DNS, can you test your external DNS server you are hitting as well. You must have something off internally
Sense you are using an internal DNS, can you test your external DNS server you are hitting as well. You must have something off internally
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
who are these private networks?
2 <1 ms <1 ms <1 ms 10.0.1.1
3 2 ms 3 ms 1 ms 172.16.0.1
2 <1 ms <1 ms <1 ms 10.0.1.1
3 2 ms 3 ms 1 ms 172.16.0.1
ASKER
10.0.1.1 is the local network for the building I'm in...corporate HQ. Assigned by Windstream. Each of the 20 offices has its own - 10.0.2.1, 10.0.3.1, etc. All internet access is routed through Windstream's cloud firewall. DHCP is handled by the Windstream routers in the branch offices and by the L3 switch in the corporate office. Some Cisco engineers we contracted set up the VLANs in the corporate office. DNS servers are 192.168.10.2 (primary), which is the domain controller. Secondary DNS servers are whatever Windstream DNS server is local to that office.
We cannot hit the website using .net from any of the offices,
I don't know of the 172.16.0.1 network. I will need to ask the Cisco guys if they have something to do with that.
It sounds more and more like it is the DNS on the domain controller. Funny, because it has worked for four years in its current configuration.
We cannot hit the website using .net from any of the offices,
I don't know of the 172.16.0.1 network. I will need to ask the Cisco guys if they have something to do with that.
It sounds more and more like it is the DNS on the domain controller. Funny, because it has worked for four years in its current configuration.
have you tried the same nslookup on the DC? 172.16.0.1 could be windstream too.
what if you make a temp change on a workstation to a public dns like 8.8.8.8 which is google's
what if you make a temp change on a workstation to a public dns like 8.8.8.8 which is google's
ASKER
NSLOOKUP from the command line on the domain controller
There does appear to be a forward lookup zone for homesteadhospice.net. I am beginning to think that when I configured Lync that it wiped out something.
I would like to provide a screenshot for you. Is there a way to do that without having the whole planet see it?
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
There does appear to be a forward lookup zone for homesteadhospice.net. I am beginning to think that when I configured Lync that it wiped out something.
I would like to provide a screenshot for you. Is there a way to do that without having the whole planet see it?
you can click on my name and message me, that could make sense, if it altered the DNS records.
can you also check the dns server you are using externally?
in dns it would be the forwarder under properties,
then use nslookup, then server and ip address
c:\nslookup
> server 8.8.8.8 (for example)
should return
Default Server: google-public-dns-a.google .com
Address: 8.8.8.8
then
> homesteadhospice.net
Server: google-public-dns-a.google .com
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
in dns it would be the forwarder under properties,
then use nslookup, then server and ip address
c:\nslookup
> server 8.8.8.8 (for example)
should return
Default Server: google-public-dns-a.google
Address: 8.8.8.8
then
> homesteadhospice.net
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
ASKER
This is from my workstation.
66.240.67.234 and 216.199.0.132 are the Windstream DNS servers. Our DHCP hands out 192.168.102 as the primary DNS, 66.240.67.234 as the secondary and 216.199.0.132 as the tertiary.
Tried a couple of other Windstream DNS servers in Georgia and they returned the same results.
Haven't yet checked with our Cisco guys or with Windstream to find out where the 172.16.0.1 network came from.
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> server 8.8.8.8
Default Server: google-public-dns-a.google .com
Address: 8.8.8.8
> homesteadhospice.net
Server: google-public-dns-a.google .com
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
> homesteadhospice.com
Server: google-public-dns-a.google .com
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.com
Address: 184.168.46.68
> server 66.240.67.234
Default Server: nsatl.fdn.com
Address: 66.240.67.234
> homesteadhospice.net
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.net.HHNET .local
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.com.HHNET .local
Addresses: 198.105.244.65
198.105.254.65
> server 216.199.0.132
Default Server: nsjax.fdn.com
Address: 216.199.0.132
> homesteadhospice.net
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.net.HHNET .local
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.com.HHNET .local
Addresses: 198.105.244.65
198.105.254.65
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> server 8.8.8.8
Default Server: google-public-dns-a.google
Address: 8.8.8.8
> homesteadhospice.net
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
> homesteadhospice.com
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.com
Address: 184.168.46.68
> server 66.240.67.234
Default Server: nsatl.fdn.com
Address: 66.240.67.234
> homesteadhospice.net
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.net.HHNET
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.com.HHNET
Addresses: 198.105.244.65
198.105.254.65
> server 216.199.0.132
Default Server: nsjax.fdn.com
Address: 216.199.0.132
> homesteadhospice.net
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.net.HHNET
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.com.HHNET
Addresses: 198.105.244.65
198.105.254.65
66.240.67.234 and 216.199.0.132 are the Windstream DNS servers. Our DHCP hands out 192.168.102 as the primary DNS, 66.240.67.234 as the secondary and 216.199.0.132 as the tertiary.
Tried a couple of other Windstream DNS servers in Georgia and they returned the same results.
Haven't yet checked with our Cisco guys or with Windstream to find out where the 172.16.0.1 network came from.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys,
I certainly appreciate all the help and suggestions you have been offering.
I am off-site again, addressing issues at a new office. I will try your suggestions as soon as I can and report back.
I certainly appreciate all the help and suggestions you have been offering.
I am off-site again, addressing issues at a new office. I will try your suggestions as soon as I can and report back.
ASKER
Gentlemen,
I believe the problem is in the DNS on my domain controller and I believe it was changed when I set up Lync through Office 365. I spoke at length with the webmaster and she said the problem began after March 2015, which is when I configured Lync.
I have to go to a remote office out of state for a week or so and won't be able to focus on this for that length of time. I split the points because each of you helped me zero in on the problem.
This is not a mission-critical problem so I will look further into it when I am back in the office.
Meanwhile, thanks for all your help.
Gregg
I believe the problem is in the DNS on my domain controller and I believe it was changed when I set up Lync through Office 365. I spoke at length with the webmaster and she said the problem began after March 2015, which is when I configured Lync.
I have to go to a remote office out of state for a week or so and won't be able to focus on this for that length of time. I split the points because each of you helped me zero in on the problem.
This is not a mission-critical problem so I will look further into it when I am back in the office.
Meanwhile, thanks for all your help.
Gregg