Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Problems connecting to internal server
I have what I believe is a DNS problem. I have an internal web server that my users access on a on regular basis. Lately some of them can't connect to the server. They get "Page Cannot be displayed. However if I have them connect to the network via a VPN connect they can connect to the server fine.
I can also get it to connect sometimes by switching from a wired connection to our Wi-Fi or from Wi-Fi to a wired connection.
I'm fairly sure it has something to do with DNS but I'm not sure where to start to try to find the issue.
I can also get it to connect sometimes by switching from a wired connection to our Wi-Fi or from Wi-Fi to a wired connection.
I'm fairly sure it has something to do with DNS but I'm not sure where to start to try to find the issue.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
So its completely random? What are they using for DNS? Do they work one day and not the next? Can you ping by name and IP?
How does the VPN server connect to your internal network? Do you have a single subnet, or multiple subnets? Do you have VLANs?
Unless you have a unique DNS server for the VPN connection and your internal server has a different IP address on the via VPN, I don't think this is a DNS issue. Normally a server's IP address and host name is the same on a VPN connection as it would be on your internal network.
Now just to make sure, your users are on your internal network also, right?
Unless you have a unique DNS server for the VPN connection and your internal server has a different IP address on the via VPN, I don't think this is a DNS issue. Normally a server's IP address and host name is the same on a VPN connection as it would be on your internal network.
Now just to make sure, your users are on your internal network also, right?
Hi Mwvarner,
We believe the issue is a below:
i)
Webserver hosted on the internal environment. Is it published on the internet?
ii)
Users are unable to access the website externally.
Kindly confirm if this externally means from a remote site location or the internet.
iii)
install tcping.exe tool in your workstations C drive in the windows folder
use the nslookup command to verify the DNS entry and tcping connectivity in the below cases:
a)
When connected via VPN.
b)
When connected minus VPN.
We believe the issue is a below:
i)
Webserver hosted on the internal environment. Is it published on the internet?
ii)
Users are unable to access the website externally.
Kindly confirm if this externally means from a remote site location or the internet.
iii)
install tcping.exe tool in your workstations C drive in the windows folder
use the nslookup command to verify the DNS entry and tcping connectivity in the below cases:
a)
When connected via VPN.
b)
When connected minus VPN.
Ok, Let forget about the VPN for a minute. Internally in the same office as the server some users can connect with no problem while others cannot.
1 Some of theses users connect fine on our internal WiFi while others connect fine on a wired connection. When one of them doesn't work I've disabled the connection temporarily and used the other and then I can connect. Even after I re enable the connection that didn't work I can continue to access the server for days or even weeks on that machine.
I also had a computer this afternoon that was connected via a wired connection. I couldn't access the server or ping by name. I pinged by IP address one time and then I could ping by name and connect to the server with no problem. The name of the server is backoffice.esieci.com and the internal IP address is 10.1.30.8. We are using a class B subnet internally if that matters.
1 Some of theses users connect fine on our internal WiFi while others connect fine on a wired connection. When one of them doesn't work I've disabled the connection temporarily and used the other and then I can connect. Even after I re enable the connection that didn't work I can continue to access the server for days or even weeks on that machine.
I also had a computer this afternoon that was connected via a wired connection. I couldn't access the server or ping by name. I pinged by IP address one time and then I could ping by name and connect to the server with no problem. The name of the server is backoffice.esieci.com and the internal IP address is 10.1.30.8. We are using a class B subnet internally if that matters.
Can you post the output of "ipconfig /all" from a machine that works and from one that is having the problem?
I tried connecting to the server today from my laptop. I got an error that the page could not be displayed.
I ran Ipconfig /all and the output is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:11:37 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:11:37 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I could ping the server by IP address but not by name.
I disabled and reenabled the Ethernet adapter on my laptop and then I was able to ping by name and access the server.
I ran the Ipconfig /all again and the output is below but the before and after outputs are exactly the same.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:26:23 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:26:23 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I also connected from another PC in my office and it connected the first time. The output from that Ipconfig /all is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : ESG-IT-001
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B6-AE-2B-C2-1E-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Surface Ethernet Adapter
Physical Address. . . . . . . . . : 58-82-A8-8F-2F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b942:e5e9:bf31:cbd7%
IPv4 Address. . . . . . . . . . . : 10.1.50.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 8:46:34 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 8:46:33 AM
Default Gateway . . . . . . . . . : 10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 492339880
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-F3-74-A0-58
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I ran Ipconfig /all and the output is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:11:37 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:11:37 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I could ping the server by IP address but not by name.
I disabled and reenabled the Ethernet adapter on my laptop and then I was able to ping by name and access the server.
I ran the Ipconfig /all again and the output is below but the before and after outputs are exactly the same.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:26:23 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:26:23 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I also connected from another PC in my office and it connected the first time. The output from that Ipconfig /all is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : ESG-IT-001
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B6-AE-2B-C2-1E-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Surface Ethernet Adapter
Physical Address. . . . . . . . . : 58-82-A8-8F-2F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b942:e5e9:bf31:cbd7%
IPv4 Address. . . . . . . . . . . : 10.1.50.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 8:46:34 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 8:46:33 AM
Default Gateway . . . . . . . . . : 10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 492339880
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-F3-74-A0-58
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I have noticed lately on some of my home computers that i use for testing IPV6 was messing things up. Try unchecking and see what happens. And get rid of the external dns. 208.67.220.220
Next time you have the problem issue the command:
ipconfig /displaydns > dnscached.txt
Then:
ipconfig /flushdns
Then look at the dnscached.txt file and see what IP address was returned.
Then definintly get rid of 208.67.220.220 from your DNS server list.
One of the FP's for Windows XP changed how MS did DNS lookups and every release of Windows since has done the same thing.
Before the fixpack was applied if you had DNS servers define like:
10.1.40.1
10.1.40.2
208.67.220.220
Windows would send a lookup request to 10.1.40.1, wait 30 seconds for a reply. If it received a reply, did not matter what the reply was, it would stop right there.
If it did not receive a reply, it would hten send a reqquest to 10.1.40.2 and wait 30 seconds for a reply. If it received a reply, did not matter what the reply was, it would stop right there.
If it did not receive a reply, it would hten send a reqquest to 208.67.220.220 and wait 30 seconds for a reply. No matter what it would stop right there.
The chances of you ever getting to 208.67.220.220 was slim and if you did get there, typically you were having other issues because your internal DNS servers were having problems and you might not be able to find any host name within your Windows domain.
After the fix pack was installed:
Windows would send the lookup request 10.1.40.1, 10.1.40.2, and 208.67.220.220 in that order, but all within a ms of each other and wait 5 seconds for a response. It would then accept the response from the 1st host that responded and then IN MEMORY, put that IP address first in the list. So if by chance 208.67.220.220 responded first, the next lookup request would be sent to 208.67.220.220, 10.1.40.1, and 10.1.40.2, in that order, still all within a ms of each other.
Now typically you would expect internal hsots (10.1.40.1 or 10.1.40.2) to respond before an external host (208.67.220.220), but in some instances you might get the exnternal host responding first.
Now what happens if the external DNS server does not have a entry for the host you are looking up, or better yet has a different IP address. Will remember I said that Windows accepts the 1st answer it get back, if if the 1st answer is NO SUCH HOST, then it assumes there is no such host. If it gets back the address of hostA is x.x.x.x, it accepts that and will try to connect to that IP address.
ipconfig /displaydns > dnscached.txt
Then:
ipconfig /flushdns
Then look at the dnscached.txt file and see what IP address was returned.
Then definintly get rid of 208.67.220.220 from your DNS server list.
One of the FP's for Windows XP changed how MS did DNS lookups and every release of Windows since has done the same thing.
Before the fixpack was applied if you had DNS servers define like:
10.1.40.1
10.1.40.2
208.67.220.220
Windows would send a lookup request to 10.1.40.1, wait 30 seconds for a reply. If it received a reply, did not matter what the reply was, it would stop right there.
If it did not receive a reply, it would hten send a reqquest to 10.1.40.2 and wait 30 seconds for a reply. If it received a reply, did not matter what the reply was, it would stop right there.
If it did not receive a reply, it would hten send a reqquest to 208.67.220.220 and wait 30 seconds for a reply. No matter what it would stop right there.
The chances of you ever getting to 208.67.220.220 was slim and if you did get there, typically you were having other issues because your internal DNS servers were having problems and you might not be able to find any host name within your Windows domain.
After the fix pack was installed:
Windows would send the lookup request 10.1.40.1, 10.1.40.2, and 208.67.220.220 in that order, but all within a ms of each other and wait 5 seconds for a response. It would then accept the response from the 1st host that responded and then IN MEMORY, put that IP address first in the list. So if by chance 208.67.220.220 responded first, the next lookup request would be sent to 208.67.220.220, 10.1.40.1, and 10.1.40.2, in that order, still all within a ms of each other.
Now typically you would expect internal hsots (10.1.40.1 or 10.1.40.2) to respond before an external host (208.67.220.220), but in some instances you might get the exnternal host responding first.
Now what happens if the external DNS server does not have a entry for the host you are looking up, or better yet has a different IP address. Will remember I said that Windows accepts the 1st answer it get back, if if the 1st answer is NO SUCH HOST, then it assumes there is no such host. If it gets back the address of hostA is x.x.x.x, it accepts that and will try to connect to that IP address.
The last comment seems to have worked for one of my branches today. One person couldn't connect. I ran command you suggested and there was no address for the server. I deleted the external DNS and restarted the computer and it connected fine. I want to give it at least one more try before I call this done but it looks good so far.
You don't want to have any host use a external DNS server, they should all point to your internal DNS servers and then they will forward requests for any unknown domains to external DNS servers.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial