Cannot access own website internally

I have a client that cannot view their own externally hosted website on most of their PC's and servers when they are internal on the network. The only devices that works are their domain joined Terminal Server and local VM host server. You can ping the web address without any issues from all of the devices and it resolves to the IP address that is in the A record in DNS on the DC.

Their internal domain is {companyname}.local and their website is {company-name} I have completed an NSlookup for www.{company-name} and the non-authoritive answer comes back as the IP address of the A record.

They also use CyberDuck to upload documents to the webpage and this cannot connect either. The company recently undertook an email migration from on-site exchange to Office 365 but we cannot confirm whether this may have had any affect..
CRL ltdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
This will likely only work if both {companyname}.local + www.{companyname}.local both resolve to the company's IP address, per each machine's local /etc/hosts file or equivalent.

And, this is generally a bad idea... because...

Simple things like HTTPS will never work with this type of setup, because foo.local will never match the SSL cert.

Simple fix, only reference Websites by their public name.
CESNetwork AdministratorCommented:
in your local DNS server, is there a zone for {company-name} and an accompanying A record?
CRL ltdAuthor Commented:
There is a subtle difference between the internal and external. One is Comanyname.local and the website is (there's a hyphen in the website).

There is an entry in DNS called which has an A record pointing to the external web address.
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

CESNetwork AdministratorCommented:
So in *theory* it should resolve.  Can the DNS server ping it properly and resolve the website?  Is the terminal server using the correct DNS server?
From what you're describing, everything should work properly (repeat of comment from CES). From any of the machines where you're having issues, could you please show the result of a tracert?
CRL ltdAuthor Commented:
The DNS server and all of the PC's with issues can ping the website and resolve it without issues. I've pinged the website from an external source to confirm IP address is correct.

I have completed a tracert on a couple of the machines with issues and it goes all the way to the IP address of the webhost without issues.

I may be wrong, but I can't see it being a DNS issue however I am open to any suggestions
Is there a difference between how your terminal services service accesses the internet versus other systems? Like in web filtering and so on?
CRL ltdAuthor Commented:
I've just logged onto both servers and the TS is actually on a different public IP address to the DC and users. Could it be the ISP is blocking access to the website?
Yes. That is very possible. And funny enough I was going to ask if those were using a different public IP. Do you have an extra one you can test for the users without breaking anything?
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
You likely hit the problem.

Many ISPs provide both an internal + public IP for all their machines, so routing optimization can be done when machines inside the ISPs infrastructure are communicating with each other. This ensures fastest communications, as packets stay inside local, high speed network fabric.

Simple solution is still as I suggest above, just use a single, public IP for all site access, so no DNS or routing games are required to setup + maintain + debug.

As you've seen, this can create significant time to debug.
CRL ltdAuthor Commented:
The problem appears to be my ISP blocking it, however they say there's no reason it should be blocked and are suggesting that I should change the DNS from their servers to Google's DNS!

I've found a workaround where I have set a load balancing rule on the router to send anything addressed to the IP address of the website to go through the working WAN port. Fingers crossed they never get rid of this phone line.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CRL ltdAuthor Commented:
No one else has been able to give a solution to the issue and a workaround has been found for it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.