2012 Server No Internet Access Using IE

We have a Windows 2012 server that is a domain controller running as a VM on a 2012 host.  All domain functions are working properly.  DCdiag reports everything passed.  All computers and other servers on the domain are working as expected.

If we ping any outside host from this server like yahoo.com or google.com we get a response. However internet explorer does not resolve any web sites we get "This page can't be displayed".  The network icon on the system tray has a yellow exclamation point. This just started happening for no apparent reason.  

We have tried rebooting, resetting Internet explorer to defaults, clearing DNS cache, disabling SEP antivirus and firewall, verifying DNS on the server is working for all other PCs, have the DNS on this server pointing to itself and another working DNS server.   The gateway is correct as it resolves all hosts at the command prompt, Any help will be appreciated!
IEerror.JPG
TonygretAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
Disable automatically detect proxy in internet explorer options?

Delete your hosts file?
Chris HInfrastructure ManagerCommented:
Also, can you install telnet on the server and test port 80 to a known server?   Preferably a MS server?

Sounds like a network/firewall acl.
TonygretAuthor Commented:
I should have mentioned we did disable the automatic detect proxy and I checked the hosts file, there is nothing in it but the normal commented out lines.

As for the network firewall, I thought the same thing but I can't see any event logs in our sonic wall that suggest anything is being blocked.  remember, we can ping any outside host from a command prompt.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Chris HInfrastructure ManagerCommented:
Ping is ICMP 0

HTTP is TCP/80

Two different beasts.  Install telnet client or wget, query a known good internet server and make sure you get a return header.  If not, you're being blocked.
Chris HInfrastructure ManagerCommented:
Install telnet client through add/remove progrmas/ windows features.

Open command prompt

type:

telnet 64.233.171.103 80

Open in new window


Push enter, screen should go blank.  Type the word 'get' without quotes and push enter.

It should return the following:

HTTP/1.0 400 Bad Request
Content-Type: text/html; charset=UTF-8
Content-Length: 1504
Date: Mon, 14 Sep 2015 19:43:05 GMT
Server: GFE/2.0

<!DOCTYPE html>
               <html lang=en>
                               <meta charset=utf-8>
                                                     <meta name=viewport content
="initial-scale=1, minimum-scale=1, width=device-width">
                                                          <title>Error 400 (Bad
Request)!!1</title>
                     <style>
                                *{margin:0;padding:0}html,code{font:15px/22px ar
ial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto
0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(/
/www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}
p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{b
order:0}@media screen and (max-width:772px){body{background:none;margin-top:0;ma
x-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/logos
/errorpage/error_logo-150x54.png) no-repeat;margin-left:-5px}@media only screen
and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/logos/e
rrorpage/error_logo-150x54-2x.png) no-repeat 0% 0%/100% 100%;-moz-border-image:u
rl(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) 0}}@media o
nly screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.goo
gle.com/images/logos/errorpage/error_logo-150x54-2x.png) no-repeat;-webkit-backg
round-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
                                                                           </sty
le>
     <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
                                                                            <p><
b>400.</b> <ins>That Ç s an error.</ins>
                                          <p>Your client has issued a malformed
or illegal request.  <ins>That Ç s all we know.</ins>


Connection to host lost.

Open in new window

TonygretAuthor Commented:
So I can not telnet to port 80 to any website from this server. We have 5 other servers, several on the same VM host all with no issues.  ICMP, Tracert, work.  Telnet to port 25 on our external mail server works. So this is isolated to http and https.  I am still baffled.
Chris HInfrastructure ManagerCommented:
Wallah.  Your problem is a network ACL.  You may be best suited to creating another question relating specifically to your network equipment, so that it shows up on the front page as new.  Otherwise, if you know your firewall make and model and have access to it, we can probably help write an ACL/rule to fix.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CompProbSolvCommented:
Can you access any web servers on the LAN from that server?  It would be especially useful to test this with only a non-managed switch between the two devices to eliminate issues with ACL in the switch.

Have you tried any other browsers?
Chris HInfrastructure ManagerCommented:
Telnet can't talk to port 80, so it's not a browser issue.  I like the idea that it could be a managed switch.... That would be a cruel nightmare for an unaware admin.
TonygretAuthor Commented:
Yes!  we can connect to any internal Server using the browsers or telnet. We have a sonicwall TZ400W.  All switches managed but default configured.
CompProbSolvCommented:
I'm afraid that I overlooked the failure of telnetting on port 80.  I agree that it is not a browser issue.

On the other hand, "We have 5 other servers, several on the same VM host all with no issues. " is very significant.  I take this to mean that one VM on the server can not get to the internet with IE while other VMs can.  If this is correct, the next critical question is if the VMs are on the same subnet.  If so, then it would be a fairly specific rule on the switch that would block one VM and not the others.  What are the IPconfig results for the different VMs?
Chris HInfrastructure ManagerCommented:
Can you switch the VM's network card onto the same Network name under VM properties as one of your working servers?

Also, I know it's a DC, but can you power down, put a workstation on the network with the SAME ip address and see if you get the same results?  If the workstation can get to the internet, you have something insanely funky in either your VM config or your OS installation, which would probably be best being reinstalled, considering it's just a DC.

I'm betting the farm that this is an ACL tied to an IP address.  ANything wearing that IP address will probably not be able to browse internet.
TonygretAuthor Commented:
It appears that for some strange reason an outgoing NAT policy on our SonicWall that has always been there was interfering with this machine.  We made some changes on the SonicWall and it started working.  I still have no idea why it stopped working.

Thank you for your time and help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.