Server cannot connect to any host outside our network on port 80
We have a Windows 2012 server that is a domain controller running as a VM on a 2012 host. All domain functions are working properly. DCdiag reports everything passed. All computers and other servers on the domain are working as expected. However on this server port port 80 and 443 http requests to any outside host fails.
If we ping (ICMP) any outside host from this server like yahoo.com or google.com we get a response. However internet explorer does not resolve any web sites we get "This page can't be displayed". The network icon on the system tray has a yellow exclamation point. We “can” connect via IE to any inside server on port 80 or any other port. When using telnet we can connect to any host server on port 80 inside of the network. We can telnet to a mail server on port 25 outside the network. However we cannot telnet to port 80 on any server outside the network. All other servers and PCs do not have this issue, just this one server. This just started happening for no apparent reason.
We have tried rebooting, resetting Internet explorer to defaults, clearing DNS cache, disabling SEP antivirus and firewall, verifying DNS on the server is working for all other PCs, have the DNS on this server pointing to itself and another working DNS server. We unchecked the “automatically detect proxy” in internet explorer options. The gateway is correct as it resolves all hosts at the command prompt. We disabled and re-enabled the virtual NIC from the host and the guest. We have managed switches but all are default settings so we have no ACL set up anywhere.
Any help will be appreciated!
IEerror.JPG
If we ping (ICMP) any outside host from this server like yahoo.com or google.com we get a response. However internet explorer does not resolve any web sites we get "This page can't be displayed". The network icon on the system tray has a yellow exclamation point. We “can” connect via IE to any inside server on port 80 or any other port. When using telnet we can connect to any host server on port 80 inside of the network. We can telnet to a mail server on port 25 outside the network. However we cannot telnet to port 80 on any server outside the network. All other servers and PCs do not have this issue, just this one server. This just started happening for no apparent reason.
We have tried rebooting, resetting Internet explorer to defaults, clearing DNS cache, disabling SEP antivirus and firewall, verifying DNS on the server is working for all other PCs, have the DNS on this server pointing to itself and another working DNS server. We unchecked the “automatically detect proxy” in internet explorer options. The gateway is correct as it resolves all hosts at the command prompt. We disabled and re-enabled the virtual NIC from the host and the guest. We have managed switches but all are default settings so we have no ACL set up anywhere.
Any help will be appreciated!
IEerror.JPG
ASKER
nslookup resolves no problem. Just like pinging google. See below. However telnet to port 80 or http via IE to any outside host fails.
c:\nslookup
Non-authoritative answer:
Name: google.com
Addresses: 2404:6800:4003:c02::8a
173.194.126.196
173.194.126.194
173.194.126.206
173.194.126.197
173.194.126.198
173.194.126.193
173.194.126.199
173.194.126.192
173.194.126.195
173.194.126.200
173.194.126.201
C:\ping google.com
Pinging google.com [74.125.68.113] with 32 bytes of data
Reply from 74.125.68.113: bytes=32 time=187ms TTL=39
Reply from 74.125.68.113: bytes=32 time=186ms TTL=39
Reply from 74.125.68.113: bytes=32 time=188ms TTL=39
Reply from 74.125.68.113: bytes=32 time=186ms TTL=39
Ping statistics for 74.125.68.113:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 186ms, Maximum = 188ms, Average = 186ms
c:\nslookup
Non-authoritative answer:
Name: google.com
Addresses: 2404:6800:4003:c02::8a
173.194.126.196
173.194.126.194
173.194.126.206
173.194.126.197
173.194.126.198
173.194.126.193
173.194.126.199
173.194.126.192
173.194.126.195
173.194.126.200
173.194.126.201
C:\ping google.com
Pinging google.com [74.125.68.113] with 32 bytes of data
Reply from 74.125.68.113: bytes=32 time=187ms TTL=39
Reply from 74.125.68.113: bytes=32 time=186ms TTL=39
Reply from 74.125.68.113: bytes=32 time=188ms TTL=39
Reply from 74.125.68.113: bytes=32 time=186ms TTL=39
Ping statistics for 74.125.68.113:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 186ms, Maximum = 188ms, Average = 186ms
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
httpd://www.goolge.com using IE does not work. I went though every setting in our firewall. I can not find anything blocking this machine. It was working last week. In fact I can see traffic from this server on the sonicwall for DNS but no traffic for http. Bazar!
Check the ip if the server against the rules you have.
The obe to try is https://www.google.com try any bank https://www.yourbank.com
Do you have a rule blocking outgoing port 80 requests?
The point something changed and possibly an error in the restriction overlapped this server's IP. And thus denying it access to port 80 and possibly other external destination.
Enable logging and see if it records an event when this server tries to access. The bet, check IIS tools, Internet options to make sure you do not have a proxy configured there or auto discovery of proxy is what ........ I,e. Internet explorer see sthe auto config proxy, but the proxy is not configured to allow this system access.
There are many possibilities.
The obe to try is https://www.google.com try any bank https://www.yourbank.com
Do you have a rule blocking outgoing port 80 requests?
The point something changed and possibly an error in the restriction overlapped this server's IP. And thus denying it access to port 80 and possibly other external destination.
Enable logging and see if it records an event when this server tries to access. The bet, check IIS tools, Internet options to make sure you do not have a proxy configured there or auto discovery of proxy is what ........ I,e. Internet explorer see sthe auto config proxy, but the proxy is not configured to allow this system access.
There are many possibilities.
ASKER
It appears that for some strange reason an outgoing NAT policy on our SonicWall that has always been there was interfering with this machine. We made some changes on the SonicWall and it started working. I still have no idea why it stopped working.
a simple typo can do it. block a range of ips, entered 28 instead of 29 with the ip typo that took the preceeding segment
instead of 192.168.0.8/29 192.168.0.7/29 or 192.168.0.8/28.......
it was not noticed on other servers as they are not used to access external resources......
instead of 192.168.0.8/29 192.168.0.7/29 or 192.168.0.8/28.......
it was not noticed on other servers as they are not used to access external resources......
Can you reolve any.
Nslookup www.google.com
Do you have a proxy on the firewall which might not have excluded this system from being blocked.