Problems connecting to internal server
I have what I believe is a DNS problem. I have an internal web server that my users access on a on regular basis. Lately some of them can't connect to the server. They get "Page Cannot be displayed. However if I have them connect to the network via a VPN connect they can connect to the server fine.
I can also get it to connect sometimes by switching from a wired connection to our Wi-Fi or from Wi-Fi to a wired connection.
I'm fairly sure it has something to do with DNS but I'm not sure where to start to try to find the issue.
I can also get it to connect sometimes by switching from a wired connection to our Wi-Fi or from Wi-Fi to a wired connection.
I'm fairly sure it has something to do with DNS but I'm not sure where to start to try to find the issue.
BillBondo
So its completely random? What are they using for DNS? Do they work one day and not the next? Can you ping by name and IP?
How does the VPN server connect to your internal network? Do you have a single subnet, or multiple subnets? Do you have VLANs?
Unless you have a unique DNS server for the VPN connection and your internal server has a different IP address on the via VPN, I don't think this is a DNS issue. Normally a server's IP address and host name is the same on a VPN connection as it would be on your internal network.
Now just to make sure, your users are on your internal network also, right?
Unless you have a unique DNS server for the VPN connection and your internal server has a different IP address on the via VPN, I don't think this is a DNS issue. Normally a server's IP address and host name is the same on a VPN connection as it would be on your internal network.
Now just to make sure, your users are on your internal network also, right?
Hi Mwvarner,
We believe the issue is a below:
i)
Webserver hosted on the internal environment. Is it published on the internet?
ii)
Users are unable to access the website externally.
Kindly confirm if this externally means from a remote site location or the internet.
iii)
install tcping.exe tool in your workstations C drive in the windows folder
use the nslookup command to verify the DNS entry and tcping connectivity in the below cases:
a)
When connected via VPN.
b)
When connected minus VPN.
We believe the issue is a below:
i)
Webserver hosted on the internal environment. Is it published on the internet?
ii)
Users are unable to access the website externally.
Kindly confirm if this externally means from a remote site location or the internet.
iii)
install tcping.exe tool in your workstations C drive in the windows folder
use the nslookup command to verify the DNS entry and tcping connectivity in the below cases:
a)
When connected via VPN.
b)
When connected minus VPN.
ASKER
Ok, Let forget about the VPN for a minute. Internally in the same office as the server some users can connect with no problem while others cannot.
1 Some of theses users connect fine on our internal WiFi while others connect fine on a wired connection. When one of them doesn't work I've disabled the connection temporarily and used the other and then I can connect. Even after I re enable the connection that didn't work I can continue to access the server for days or even weeks on that machine.
I also had a computer this afternoon that was connected via a wired connection. I couldn't access the server or ping by name. I pinged by IP address one time and then I could ping by name and connect to the server with no problem. The name of the server is backoffice.esieci.com and the internal IP address is 10.1.30.8. We are using a class B subnet internally if that matters.
1 Some of theses users connect fine on our internal WiFi while others connect fine on a wired connection. When one of them doesn't work I've disabled the connection temporarily and used the other and then I can connect. Even after I re enable the connection that didn't work I can continue to access the server for days or even weeks on that machine.
I also had a computer this afternoon that was connected via a wired connection. I couldn't access the server or ping by name. I pinged by IP address one time and then I could ping by name and connect to the server with no problem. The name of the server is backoffice.esieci.com and the internal IP address is 10.1.30.8. We are using a class B subnet internally if that matters.
Can you post the output of "ipconfig /all" from a machine that works and from one that is having the problem?
ASKER
I'll do that when I'm back in the office on Monday
ASKER
I tried connecting to the server today from my laptop. I got an error that the page could not be displayed.
I ran Ipconfig /all and the output is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:11:37 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:11:37 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I could ping the server by IP address but not by name.
I disabled and reenabled the Ethernet adapter on my laptop and then I was able to ping by name and access the server.
I ran the Ipconfig /all again and the output is below but the before and after outputs are exactly the same.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:26:23 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:26:23 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I also connected from another PC in my office and it connected the first time. The output from that Ipconfig /all is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : ESG-IT-001
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B6-AE-2B-C2-1E-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Surface Ethernet Adapter
Physical Address. . . . . . . . . : 58-82-A8-8F-2F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b942:e5e9:bf31:cbd7%
IPv4 Address. . . . . . . . . . . : 10.1.50.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 8:46:34 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 8:46:33 AM
Default Gateway . . . . . . . . . : 10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 492339880
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-F3-74-A0-58
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I ran Ipconfig /all and the output is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:11:37 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:11:37 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I could ping the server by IP address but not by name.
I disabled and reenabled the Ethernet adapter on my laptop and then I was able to ping by name and access the server.
I ran the Ipconfig /all again and the output is below but the before and after outputs are exactly the same.
Windows IP Configuration
Host Name . . . . . . . . . . . . : VM-10-1
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-77-3D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::496c:d02f:43ed:8da6%
IPv4 Address. . . . . . . . . . . : 10.1.50.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 11:26:23 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 11:26:23 AM
Default Gateway . . . . . . . . . : 192.168.168.20
10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 50334761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-2E-20-00
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I also connected from another PC in my office and it connected the first time. The output from that Ipconfig /all is below.
Windows IP Configuration
Host Name . . . . . . . . . . . . : ESG-IT-001
Primary Dns Suffix . . . . . . . : esieci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : esieci.com
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B6-AE-2B-C2-1E-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Surface Ethernet Adapter
Physical Address. . . . . . . . . : 58-82-A8-8F-2F-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b942:e5e9:bf31:cbd7%
IPv4 Address. . . . . . . . . . . : 10.1.50.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Monday, March 7, 2016 8:46:34 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2016 8:46:33 AM
Default Gateway . . . . . . . . . : 10.1.0.1
DHCP Server . . . . . . . . . . . : 10.1.40.1
DHCPv6 IAID . . . . . . . . . . . : 492339880
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-F3-74-A0-58
DNS Servers . . . . . . . . . . . : 10.1.40.1
10.1.40.2
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B4-AE-2B-C2-1F-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.esieci.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : esieci.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I have noticed lately on some of my home computers that i use for testing IPV6 was messing things up. Try unchecking and see what happens. And get rid of the external dns. 208.67.220.220
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The last comment seems to have worked for one of my branches today. One person couldn't connect. I ran command you suggested and there was no address for the server. I deleted the external DNS and restarted the computer and it connected fine. I want to give it at least one more try before I call this done but it looks good so far.
You don't want to have any host use a external DNS server, they should all point to your internal DNS servers and then they will forward requests for any unknown domains to external DNS servers.
Hi Glitjr,
Thanks for the above comment.
Appreciate it.
@Mwvarner: Refrain from using external DNS servers within a domain since they would not have visibility of the A record entries created within the organization.
Thanks for the above comment.
Appreciate it.
@Mwvarner: Refrain from using external DNS servers within a domain since they would not have visibility of the A record entries created within the organization.
Hi Mwvarner,
Just kind of inquisitive to know if you managed to capture the outputs of ipconfig/displaydns during and post the issue occurrence.
Kindly share the same if it is available with you.
Just kind of inquisitive to know if you managed to capture the outputs of ipconfig/displaydns during and post the issue occurrence.
Kindly share the same if it is available with you.