Solved

School computers connect to web page, others cannot.

Posted on 2016-10-12
13
31 Views
Last Modified: 2016-10-26
I am the Network Admin for a small Christian School.  We have about 175 devices a mixture of windows 7 and 10 predominantly.

What I don't understand is that some computers can connect to a web site and others cannot connect to the same website.

Desktops seem to be able to connect and laptops cannot.  I thought it might be a wireless vs wired issue, but even if I turn off the wireless and connect with a wire, the laptop still cannot connect.

I have cleared the various caches and flushed the dns on the laptop.  I have tried 3 different browsers.

I do a ping test to the same web site from the wire connected laptop, it says destination unavailable. I can successfully ping google at the same time from the same laptop.  So it is not a connection to the network or internet issue.

On a desktop, I can ping both google and the other target website without a problem.

So what would block the same web site from one computer but not the other computer on the same network, sharing the same router, series of switches, wires, etc.?

In this test the computers are both windows 7.  We use opendns.org for our content filter. All computers have the same antivirus, thirtyseven4.  Firewall settings are the same and controlled by thirtyseven4 for each device from the server.

Thank you.

jerlo
0
Comment
Question by:Jerry Thompson
  • 5
  • 4
  • 2
  • +2
13 Comments
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
When you ping the website from the laptop and desktop, do they report the ping destination as the same address?

Do you have any user control software/ parental control software in use?
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
@Rich

The author stated:

"I do a ping test to the same web site from the wire connected laptop, it says destination unavailable."

@jerlo

From the laptop can you do an NSLookup on the website? What does it return? Do the same from the desktop and compare results.  Check that both the laptop and the Desktop are using the same DNS server?

Are you placing the laptops and desktops in different VLANs? If so, do you have anything in the router blocking the laptop VLAN? Look at the router and firewall logs for any denies.

Check the opendns settings for anything separating the two.
0
 
LVL 53

Expert Comment

by:strung
Comment Utility
I note you say you have 175 computers attached. Have you check your DHCP server to make sure your DHCP range is broad enough for that many computers?

Are the laptops getting a valid IP address (i.e., not in the 169.x.x.x range)?
0
 

Author Comment

by:Jerry Thompson
Comment Utility
Thank you all for your responses.

Rich: Yes, they are pinging the same IP address.  All content control is via opendns.org. So the router and server sends all the traffic through the opendns content filter servers.  No controls active on the server or workstations nor in the antivirus or router.

Pony10us: There are no vlans active although I would like to learn more to see if it would help manage the traffic.

Regarding nslookup:  I am not sure I did the right thing.  At a command prompt on both computers I typed nslookup >> then greekpeak.net >> Enter.

Desktop returned:
> greekpeak.net
Server:  [192.168.1.249]  (Local primary server)
Address:  192.168.1.249 (Correct local IP)

Non-authoritative answer:
Name:    greekpeak.net
Address:  192.138.189.83  (Correct destination ip)


Laptop returned
> greekpeak.net
Server:  unknown
Address:  192.168.1.249 (Correct local IP)

Non-authoritative answer:
Name:    greekpeak.net
Address:  192.138.189.83  (Correct destination ip)

If this is not what you meant, then I will need more information on how to do what you suggested.

Strung: I have given fixed ip addresses to most stationary assets such as desktop computers, printers, access points. DHCP basically handles the wireless traffic.  Currently 71% of available addresses are being used.

I am not aware of any units getting an invalid IP.

Any other thoughts or ideas?

Thank you.

jerlo
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
Okay, so NSLookup comes back with the same IP for the site.  You can't browse to the site from a laptop using the domain name.  Can you browse to it using the IP address?  If you can then it is DNS related.

I am going to take a risk and say the IP's you provided are not what was truly returned.  If that isn't the case then you have a duplicate IP for the desktop and laptop.
0
 
LVL 53

Expert Comment

by:strung
Comment Utility
Did you make sure that the fixed IP's were in the same subnet as used by the DHCP server, but outside the range used by the DHCP server. If not, you are going to get IP conflicts.

For instance, if you DHCP server is set to serve up IP addresses between 192.168.1.2 and 192.168.1.150, you need to use 192.168.1.151 to 192.168.1.254 for your fixed IP's.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 26

Expert Comment

by:pony10us
Comment Utility
Another thing I noticed it that the laptop returns Server: Unknown.  This is usually related to IPv6.

On the laptop go into your IPv6 properties, and set the IP and DNS address settings to be obtained automatically.

Then in Manage network adapters windows, change the view options to show Menu, then click on Advanced, Advanced, and make sure IPv4 is on top instead of IPv6.
0
 

Author Comment

by:Jerry Thompson
Comment Utility
Thanks again for a response.

Pony10us:  I cannot browse nor ping that IP address.  The current desktop I am using to test has a fixed IP and the laptop has one assigned by DHCP.

Strung: DHCP uses a different subnet from the fixed IP's.  DHCP uses 192.168.4.xxx while the fixed IP's use:
192.168.1.xxx
192.168.2.xxx
192.168.3.xxx

While this is likely excessive each has a purpose.

.1.xxx are for printers, servers, routers, AP's etc.

.2.xxx are for staff computers

.3.xxx are for student desktops.


Other information:


I tried two chromebooks and neither chromebook could not access greekpeak.net (Note: We've had problems with other sites, I am using greekpeak.net because it is the most recent issue.)

I connected to greekpeak.net with my samsung S5 using data, but could not connect using the schools wifi.

Thank you again.

Jerlo
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
Please check your IP address on the laptop:

Laptop returned
 > greekpeak.net
 Server:  unknown
 Address:  192.168.1.249 (Correct local IP)

".3.xxx are for student desktops."

Using separate subnets is sort of like using VLAN's.  You are basically isolating devices that can directly speak to each other.  

1. make sure that the DNS server is passing traffic from each of the subnets
2. make sure the switch trunk port is passing traffic for each of the subnets
3. make sure the router is passing traffic for each of the subnets

Have you checked the router, firewall and opendns logs for denies?
0
 
LVL 25

Expert Comment

by:DrDave242
Comment Utility
I don't think this is a DNS issue. Even though the reverse lookup of the DNS server's IP address was unsuccessful from the laptop for some reason (that's why nslookup shows "Server: Unknown"), it did resolve the website's name to the correct address. I get the same address from here, BTW.

It looks like either a firewall or content filter is blocking traffic, except that:
  • The laptop couldn't get through on either its wired or wireless adapter. That doesn't sound like firewall behavior, unless you're whitelisting traffic only from certain addresses, which sounds like an administrative nightmare.
  • Content filters will typically display a custom page when they block web traffic, rather than simply returning a 404, so that a user will know why they can't get through.
  • You mentioned that the firewall and content filter settings are the same for both machines.

When you connected the laptop to the wired network that the desktop is on, did you assign it a static IP address in the 192.168.3.0/24 range and make sure the subnet mask, gateway, and DNS settings matched those of the desktop?
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
A couple of other things to look at:

1. Is there a proxy involved?  If so then are both the desktop and the laptop configured the same way for that?

2. Are you blocking ping (ICMP) on the laptop? Perhaps with Windows Firewall?
0
 

Accepted Solution

by:
Jerry Thompson earned 0 total points
Comment Utility
Problem solved.

I had noticed weeks ago the subnet mask of my DHCP scope was 255.0.0.0.  I went to change it to 255.255.0.0 and it would not let me.  I figured I had to delete and recreate the scope, I was fearful of doing so in the middle of the school day.  I also did not see how that would stop me from reaching a website.

Today I talked with someone who knows more than I. He noticed the bad subnet, said that was the problem and helped me delete and rebuild the scope.

And now all works as it should.

It strikes me weird how 98% of the websites resolved fine and just a few would not.

Thank you for all your suggestions. they are greatly appreciated.

Jerlo
0
 

Author Closing Comment

by:Jerry Thompson
Comment Utility
A friend/consultant showed what the problem was and help be fix it.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now