Internal Website not working with client pcs using FQDN (server 2008)

Hi All,

I have a iis website running on a server 2008.
It is working fine internally if access it via an ip address: i.e  http://192.**.100:99
I can access remotely via   my fqdn:    http://remote.mydomain.com:99

i added a sub forward lookup zone on my DNs server (server 2008),

and from this server i can access the FQDN address ok i.e: http://remote.mydomain.com:99

However,
the client pcs on the network cannot access the FQDN address and need to use the internal ip.

i dont particularly want to add host file entries on client pcs.
Would like the domain to resolve internally and externally.


Hope someone can help.

Thanks
stephen
cstephen100Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
Can you resolve the FQDN from the command prompt on the client PCs?

Dan
0
it_saigeDeveloperCommented:
Are the client computers using the internal DNS server(s) as their DNS servers with no other DNS server entries?

Have you performed an ipconfig /flushdns && ipconfig /registerdns on a client computer and tested whether you were able to ping the server by it's FQDN remote.mydomain.com?

-saige-
0
Dan McFaddenSystems EngineerCommented:
And you only need to create an alias (CNAME) in DNS to allow the FQDN to resolve correctly.

Delete the "sub forward lookup zone" and add a CNAME that points to the server's hostname.

Also, how many websites are running on the server?

Under the site's binding info, add a host name to the FQDN you want to use.

Dan
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

cstephen100Author Commented:
thanks for your reply,

the pc's are connecting to the server 2008 dns server,

On the dns server, under Forward lookup Zones, i have:
mydomain.local  and
mydomain.com (i added this).

I added an A record initially on mydomain.com
however, based on below i removed the A record and added as  CNAme, but it doesn't resolve now unfortunately.
The websites (1) are located on another IIS server at present.

I have fqdn in the iis server at present and it resolves externally,

not sure if this is helping,
thanks
stephen
0
cstephen100Author Commented:
note: if i ping fqdn i get public ip,
Frm dns server, if A record in place i get the dns server ip
0
it_saigeDeveloperCommented:
Unless the site is using absolute pathing (as opposed to relative pathing), you should not need to use a split dns.

You should be able to just specify the host portion of the header (in this case 'remote' is the host portion) in your normal dns zone and ensure the the bindings for the IIS site utilize both definitions for the header; e.g. - remote and remote.mydomain.com.

The local clients can then access the site using http://remote instead of http://remote.mydomain.com.

-saige-
0
Jeff GloverSr. Systems AdministratorCommented:
Does your site use a host header name? If not, can you get to it using http://servername:99?
0
Dan McFaddenSystems EngineerCommented:
Let's take a few steps back...

The issue is that your internal users are resolving the external (Internet) IP address of the URL when they should be getting an internal (192.168.x.x) IP address.

Here's what I believe to be the issue:
1. your mydomain.com is hosted by a 3rd party DNS/Hosting provider
2. your internal DNS servers do not have a local entry for the domain, so they are resolving via DNS forwarding (talking to the root dns servers or a configured forwarding DNS destination) and receiving the external IP of the remote.mydomain.com URL
3. you are using a NAT to map the external IP to the internal IP on the IIS Server
4. your users are hitting the external interface of your router which is not a web server

Questions:
1. What URL do you want your internal users to use from inside your network?
2. What URL do you want your Internet users to use from outside your network?
3. Do you host your Internet domain in house or use a 3rd party provider?
4. What internal hostname does the IP address of the web server resolve to?
4a. if you do an nslookup 192.*.*.100  , what hostname is resolved?

The answers to these 3 questions will help in fixing the issue.

Dan
0
Jeff GloverSr. Systems AdministratorCommented:
Also, run Ipconfig /all from the DNS server (which you said resolved it correctly) and from a client (shich did not) are the DNS server addresses the same?
0
cstephen100Author Commented:
Thank you for the reply,

yes in principle you are correct:
ill repsond to questions below:


Questions:
1. What URL do you want your internal users to use from inside your network?
    ** - was hoping to use the same url (fqdn) - remote.mydomain.com, this would resolve then to internal sever.

2. What URL do you want your Internet users to use from outside your network?

    ** presently: remote.mydomain.com works fine.


3. Do you host your Internet domain in house or use a 3rd party provider?
         **         yes registered the domain with register.com

4. What internal hostname does the IP address of the web server resolve to?
         **   not sure what mean exactly, but have a hostname on the IIS server for the webpage.
               dns server: 192.168.114.12,
                    iiis server: 192.168.114.100
                                                             
4a. if you do an nslookup 192.*.*.100  , what hostname is resolved?
             **        server: dns.eircom.net  (not sure if this is what you mean)
                   
hope this helps,
thanks very much Stephen
0
cstephen100Author Commented:
just to note:
if i do: nslookup remote.mydomain.com , from another client the server: public pi

if reoved the a recod from forward lookup zone (mydomain.com)
and there is no entries in mydomain.local.

so unsure what to add itnto dns.

thanks
stephen
0
Jeff GloverSr. Systems AdministratorCommented:
OK, I have to make an assumption here so correct me if I am wrong. If you do an IPConfig /all on a client, does it return 192.168.114.12 as the DNS server address or something else?
 I assume you are using Register.com as your External DNS provider for mydomain.com.
I assume you have an Active directory domain named mydomain.local.

So, if these assumptions are correct, you will need to make a Primary Zone on your internal DNS server (192.168.114.12) for mydomain.com. In this zone, you will need to make an A record for remote.mydomain.com pointing to the IIS server internal address (192.168.114.100). You will also have to take into account the following. If there are any other A records in mydomain.com (hosted at Register) that point to other sites, not internal sites but external ones (this does not include MX records or SPF), then you will need to add them to the internal Zone.
If your clients are not pointing to your internal DNS server for resolution, then you need to change them to do that.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cstephen100Author Commented:
thank you again
i have followed this,
i have added the new zone in dns and the A record.  Entered the ip address for iis server,

i can from dns sever get the website when i use http://remote.mydomain.com

however, from client pcs it still seems to not resolve and trys to go to public ip.

hopefully i'm close
and thank you again
0
Jeff GloverSr. Systems AdministratorCommented:
Sounds like the client is using the external DNS as their DNS client,
Can you run IPConfig /all on a client and attach a screenshot ?(you are using internal IPs so no risk there. just blank the PC and domain name)
0
cstephen100Author Commented:
just attached ipconfig/all from the client pc,

If i ping the    remote.mydomain.com it actually pings the iis server,
0
Jeff GloverSr. Systems AdministratorCommented:
So can you open the site via the web address now from inside the network? If not, I would use the following command to test the site
telnet remote.mydomain.com 99

See if you get a connection. (you will need to enable the Telnet client on the workstation.

(also did not see the attachment)
0
Dan McFaddenSystems EngineerCommented:
So, since you have your "dotCOM" domain hosted externally, you do need to run a split-brained DNS configuration because you want your internal users to resolve the URL to a different IP address than the people accessing your website from the Internet

link:  http://blogs.technet.com/b/networking/archive/2015/05/12/split-brain-dns-deployment-using-windows-dns-server-policies.aspx

So, in the hosted mydomain.com DNS management utility, you should have an A record (for remote) pointing to the Internet IP of your website.

What you need to do, is on an internal DNS server (192.168.114.12), in DNS Manager, create a forward zone (not a sub-domain) called mydomain.com.  Inside the internal mydomain.com zone, create an A record for the host "remote" pointing to the internal IP Address 192.168.114.100.

Your internal workstations must all be using the internal DNS/DCs for DNS resolution for this to work.

On your computer, open a command prompt, type the following command:

ipconfig /flushdns

Then type the following command in the same command prompt:

nslookup remote.mydomain.com

It should return the internal IP address of 192.168.114.100

If it does not, you TCP/IP v4 configuration is not setup correctly.

On the IIS server, make sure the website is using the IP Address under the Binding option for the website.

If the nslookup works correctly, then the website should display correctly in a browser.

Dan
0
cstephen100Author Commented:
thank you all, got it going
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.