Solved

School computers connect to web page, others cannot.

Posted on 2016-10-12
13
41 Views
Last Modified: 2016-10-26
I am the Network Admin for a small Christian School.  We have about 175 devices a mixture of windows 7 and 10 predominantly.

What I don't understand is that some computers can connect to a web site and others cannot connect to the same website.

Desktops seem to be able to connect and laptops cannot.  I thought it might be a wireless vs wired issue, but even if I turn off the wireless and connect with a wire, the laptop still cannot connect.

I have cleared the various caches and flushed the dns on the laptop.  I have tried 3 different browsers.

I do a ping test to the same web site from the wire connected laptop, it says destination unavailable. I can successfully ping google at the same time from the same laptop.  So it is not a connection to the network or internet issue.

On a desktop, I can ping both google and the other target website without a problem.

So what would block the same web site from one computer but not the other computer on the same network, sharing the same router, series of switches, wires, etc.?

In this test the computers are both windows 7.  We use opendns.org for our content filter. All computers have the same antivirus, thirtyseven4.  Firewall settings are the same and controlled by thirtyseven4 for each device from the server.

Thank you.

jerlo
0
Comment
Question by:Jerry Thompson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +2
13 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41840264
When you ping the website from the laptop and desktop, do they report the ping destination as the same address?

Do you have any user control software/ parental control software in use?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41840304
@Rich

The author stated:

"I do a ping test to the same web site from the wire connected laptop, it says destination unavailable."

@jerlo

From the laptop can you do an NSLookup on the website? What does it return? Do the same from the desktop and compare results.  Check that both the laptop and the Desktop are using the same DNS server?

Are you placing the laptops and desktops in different VLANs? If so, do you have anything in the router blocking the laptop VLAN? Look at the router and firewall logs for any denies.

Check the opendns settings for anything separating the two.
0
 
LVL 53

Expert Comment

by:strung
ID: 41840352
I note you say you have 175 computers attached. Have you check your DHCP server to make sure your DHCP range is broad enough for that many computers?

Are the laptops getting a valid IP address (i.e., not in the 169.x.x.x range)?
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:Jerry Thompson
ID: 41840650
Thank you all for your responses.

Rich: Yes, they are pinging the same IP address.  All content control is via opendns.org. So the router and server sends all the traffic through the opendns content filter servers.  No controls active on the server or workstations nor in the antivirus or router.

Pony10us: There are no vlans active although I would like to learn more to see if it would help manage the traffic.

Regarding nslookup:  I am not sure I did the right thing.  At a command prompt on both computers I typed nslookup >> then greekpeak.net >> Enter.

Desktop returned:
> greekpeak.net
Server:  [192.168.1.249]  (Local primary server)
Address:  192.168.1.249 (Correct local IP)

Non-authoritative answer:
Name:    greekpeak.net
Address:  192.138.189.83  (Correct destination ip)


Laptop returned
> greekpeak.net
Server:  unknown
Address:  192.168.1.249 (Correct local IP)

Non-authoritative answer:
Name:    greekpeak.net
Address:  192.138.189.83  (Correct destination ip)

If this is not what you meant, then I will need more information on how to do what you suggested.

Strung: I have given fixed ip addresses to most stationary assets such as desktop computers, printers, access points. DHCP basically handles the wireless traffic.  Currently 71% of available addresses are being used.

I am not aware of any units getting an invalid IP.

Any other thoughts or ideas?

Thank you.

jerlo
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41840659
Okay, so NSLookup comes back with the same IP for the site.  You can't browse to the site from a laptop using the domain name.  Can you browse to it using the IP address?  If you can then it is DNS related.

I am going to take a risk and say the IP's you provided are not what was truly returned.  If that isn't the case then you have a duplicate IP for the desktop and laptop.
0
 
LVL 53

Expert Comment

by:strung
ID: 41840668
Did you make sure that the fixed IP's were in the same subnet as used by the DHCP server, but outside the range used by the DHCP server. If not, you are going to get IP conflicts.

For instance, if you DHCP server is set to serve up IP addresses between 192.168.1.2 and 192.168.1.150, you need to use 192.168.1.151 to 192.168.1.254 for your fixed IP's.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41840708
Another thing I noticed it that the laptop returns Server: Unknown.  This is usually related to IPv6.

On the laptop go into your IPv6 properties, and set the IP and DNS address settings to be obtained automatically.

Then in Manage network adapters windows, change the view options to show Menu, then click on Advanced, Advanced, and make sure IPv4 is on top instead of IPv6.
0
 

Author Comment

by:Jerry Thompson
ID: 41840730
Thanks again for a response.

Pony10us:  I cannot browse nor ping that IP address.  The current desktop I am using to test has a fixed IP and the laptop has one assigned by DHCP.

Strung: DHCP uses a different subnet from the fixed IP's.  DHCP uses 192.168.4.xxx while the fixed IP's use:
192.168.1.xxx
192.168.2.xxx
192.168.3.xxx

While this is likely excessive each has a purpose.

.1.xxx are for printers, servers, routers, AP's etc.

.2.xxx are for staff computers

.3.xxx are for student desktops.


Other information:


I tried two chromebooks and neither chromebook could not access greekpeak.net (Note: We've had problems with other sites, I am using greekpeak.net because it is the most recent issue.)

I connected to greekpeak.net with my samsung S5 using data, but could not connect using the schools wifi.

Thank you again.

Jerlo
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41840757
Please check your IP address on the laptop:

Laptop returned
 > greekpeak.net
 Server:  unknown
 Address:  192.168.1.249 (Correct local IP)

".3.xxx are for student desktops."

Using separate subnets is sort of like using VLAN's.  You are basically isolating devices that can directly speak to each other.  

1. make sure that the DNS server is passing traffic from each of the subnets
2. make sure the switch trunk port is passing traffic for each of the subnets
3. make sure the router is passing traffic for each of the subnets

Have you checked the router, firewall and opendns logs for denies?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41842718
I don't think this is a DNS issue. Even though the reverse lookup of the DNS server's IP address was unsuccessful from the laptop for some reason (that's why nslookup shows "Server: Unknown"), it did resolve the website's name to the correct address. I get the same address from here, BTW.

It looks like either a firewall or content filter is blocking traffic, except that:
  • The laptop couldn't get through on either its wired or wireless adapter. That doesn't sound like firewall behavior, unless you're whitelisting traffic only from certain addresses, which sounds like an administrative nightmare.
  • Content filters will typically display a custom page when they block web traffic, rather than simply returning a 404, so that a user will know why they can't get through.
  • You mentioned that the firewall and content filter settings are the same for both machines.

When you connected the laptop to the wired network that the desktop is on, did you assign it a static IP address in the 192.168.3.0/24 range and make sure the subnet mask, gateway, and DNS settings matched those of the desktop?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41846870
A couple of other things to look at:

1. Is there a proxy involved?  If so then are both the desktop and the laptop configured the same way for that?

2. Are you blocking ping (ICMP) on the laptop? Perhaps with Windows Firewall?
0
 

Accepted Solution

by:
Jerry Thompson earned 0 total points
ID: 41854037
Problem solved.

I had noticed weeks ago the subnet mask of my DHCP scope was 255.0.0.0.  I went to change it to 255.255.0.0 and it would not let me.  I figured I had to delete and recreate the scope, I was fearful of doing so in the middle of the school day.  I also did not see how that would stop me from reaching a website.

Today I talked with someone who knows more than I. He noticed the bad subnet, said that was the problem and helped me delete and rebuild the scope.

And now all works as it should.

It strikes me weird how 98% of the websites resolved fine and just a few would not.

Thank you for all your suggestions. they are greatly appreciated.

Jerlo
0
 

Author Closing Comment

by:Jerry Thompson
ID: 41859972
A friend/consultant showed what the problem was and help be fix it.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month7 days, 9 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question