2012 Server No Internet Access Using IE
We have a Windows 2012 server that is a domain controller running as a VM on a 2012 host. All domain functions are working properly. DCdiag reports everything passed. All computers and other servers on the domain are working as expected.
If we ping any outside host from this server like yahoo.com or google.com we get a response. However internet explorer does not resolve any web sites we get "This page can't be displayed". The network icon on the system tray has a yellow exclamation point. This just started happening for no apparent reason.
We have tried rebooting, resetting Internet explorer to defaults, clearing DNS cache, disabling SEP antivirus and firewall, verifying DNS on the server is working for all other PCs, have the DNS on this server pointing to itself and another working DNS server. The gateway is correct as it resolves all hosts at the command prompt, Any help will be appreciated!
IEerror.JPG
If we ping any outside host from this server like yahoo.com or google.com we get a response. However internet explorer does not resolve any web sites we get "This page can't be displayed". The network icon on the system tray has a yellow exclamation point. This just started happening for no apparent reason.
We have tried rebooting, resetting Internet explorer to defaults, clearing DNS cache, disabling SEP antivirus and firewall, verifying DNS on the server is working for all other PCs, have the DNS on this server pointing to itself and another working DNS server. The gateway is correct as it resolves all hosts at the command prompt, Any help will be appreciated!
IEerror.JPG
Also, can you install telnet on the server and test port 80 to a known server? Preferably a MS server?
Sounds like a network/firewall acl.
Sounds like a network/firewall acl.
ASKER
I should have mentioned we did disable the automatic detect proxy and I checked the hosts file, there is nothing in it but the normal commented out lines.
As for the network firewall, I thought the same thing but I can't see any event logs in our sonic wall that suggest anything is being blocked. remember, we can ping any outside host from a command prompt.
As for the network firewall, I thought the same thing but I can't see any event logs in our sonic wall that suggest anything is being blocked. remember, we can ping any outside host from a command prompt.
Ping is ICMP 0
HTTP is TCP/80
Two different beasts. Install telnet client or wget, query a known good internet server and make sure you get a return header. If not, you're being blocked.
HTTP is TCP/80
Two different beasts. Install telnet client or wget, query a known good internet server and make sure you get a return header. If not, you're being blocked.
Install telnet client through add/remove progrmas/ windows features.
Open command prompt
type:
Push enter, screen should go blank. Type the word 'get' without quotes and push enter.
It should return the following:
Open command prompt
type:
telnet 64.233.171.103 80Push enter, screen should go blank. Type the word 'get' without quotes and push enter.
It should return the following:
HTTP/1.0 400 Bad Request
Content-Type: text/html; charset=UTF-8
Content-Length: 1504
Date: Mon, 14 Sep 2015 19:43:05 GMT
Server: GFE/2.0
<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content
="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 400 (Bad
Request)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px ar
ial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto
0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(/
/www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}
p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{b
order:0}@media screen and (max-width:772px){body{background:none;margin-top:0;ma
x-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/logos
/errorpage/error_logo-150x54.png) no-repeat;margin-left:-5px}@media only screen
and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/logos/e
rrorpage/error_logo-150x54-2x.png) no-repeat 0% 0%/100% 100%;-moz-border-image:u
rl(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) 0}}@media o
nly screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.goo
gle.com/images/logos/errorpage/error_logo-150x54-2x.png) no-repeat;-webkit-backg
round-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</sty
le>
<a href=//www.google.com/><span id=logo aria-label=Google></span></a>
<p><
b>400.</b> <ins>That Ç s an error.</ins>
<p>Your client has issued a malformed
or illegal request. <ins>That Ç s all we know.</ins>
Connection to host lost.ASKER
So I can not telnet to port 80 to any website from this server. We have 5 other servers, several on the same VM host all with no issues. ICMP, Tracert, work. Telnet to port 25 on our external mail server works. So this is isolated to http and https. I am still baffled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you access any web servers on the LAN from that server? It would be especially useful to test this with only a non-managed switch between the two devices to eliminate issues with ACL in the switch.
Have you tried any other browsers?
Have you tried any other browsers?
Telnet can't talk to port 80, so it's not a browser issue. I like the idea that it could be a managed switch.... That would be a cruel nightmare for an unaware admin.
ASKER
Yes! we can connect to any internal Server using the browsers or telnet. We have a sonicwall TZ400W. All switches managed but default configured.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you switch the VM's network card onto the same Network name under VM properties as one of your working servers?
Also, I know it's a DC, but can you power down, put a workstation on the network with the SAME ip address and see if you get the same results? If the workstation can get to the internet, you have something insanely funky in either your VM config or your OS installation, which would probably be best being reinstalled, considering it's just a DC.
I'm betting the farm that this is an ACL tied to an IP address. ANything wearing that IP address will probably not be able to browse internet.
Also, I know it's a DC, but can you power down, put a workstation on the network with the SAME ip address and see if you get the same results? If the workstation can get to the internet, you have something insanely funky in either your VM config or your OS installation, which would probably be best being reinstalled, considering it's just a DC.
I'm betting the farm that this is an ACL tied to an IP address. ANything wearing that IP address will probably not be able to browse internet.
ASKER
It appears that for some strange reason an outgoing NAT policy on our SonicWall that has always been there was interfering with this machine. We made some changes on the SonicWall and it started working. I still have no idea why it stopped working.
Thank you for your time and help!
Thank you for your time and help!
Delete your hosts file?