USERS UNABLE TO GET TO WEBSITES

  • Thread starter Thread starter BSM
  • Start date Start date
B

BSM

I have a problem in which , including myself, the users are unable to
get to certain websites. Either they get a paged cannot be found or go
straight to a MSN can't find <website> error page.
HERE IS THE KICKER.
My servers can get to those websites just fine

Here is my setup.

Clients get an IP Address from a DHCP server.
DHCP Server sends them DNS entries for 2 internal servers only.
The PC's are natted behind a firewall which isn't blocking anything
internally. They have a straight shot to the internet
There are NO PROXIES
There are NO ISA servers.

The DNS Servers are using Windows DNS and I have my servers statically
addressed with their dns entries pointing to the internal servers.

On the DNS Servers I have their DNS entries pointed to the internal
DNS servers. Within the DNS Admin tool I have 4 forwards pointing to
my ISP's DNS/Name servers and I have do not recursive turned on.

If I am missing anything else or if anyone has any more questions
please let me know... Thanks
 
In BSM <[email protected]> posted a question
Then Kevin replied below:
: I have a problem in which , including myself, the users are unable to
: get to certain websites. Either they get a paged cannot be found or go
: straight to a MSN can't find <website> error page.
: HERE IS THE KICKER.
: My servers can get to those websites just fine
:
: Here is my setup.
:
: Clients get an IP Address from a DHCP server.
: DHCP Server sends them DNS entries for 2 internal servers only.
: The PC's are natted behind a firewall which isn't blocking anything
: internally. They have a straight shot to the internet
: There are NO PROXIES
: There are NO ISA servers.
:
: The DNS Servers are using Windows DNS and I have my servers statically
: addressed with their dns entries pointing to the internal servers.
:
: On the DNS Servers I have their DNS entries pointed to the internal
: DNS servers. Within the DNS Admin tool I have 4 forwards pointing to
: my ISP's DNS/Name servers and I have do not recursive turned on.
:
: If I am missing anything else or if anyone has any more questions
: please let me know... Thanks

Is this Win2k or Win2k3?
If Win2k3 try this:
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&Product=winsvr2003

Post back an ipconfig /all of your DCs.
 
In BSM <[email protected]> posted a question
Then Kevin replied below:
: I have a problem in which , including myself, the users are unable to
: get to certain websites. Either they get a paged cannot be found or go
: straight to a MSN can't find <website> error page.
: HERE IS THE KICKER.
: My servers can get to those websites just fine
:
: Here is my setup.
:
: Clients get an IP Address from a DHCP server.
: DHCP Server sends them DNS entries for 2 internal servers only.
: The PC's are natted behind a firewall which isn't blocking anything
: internally. They have a straight shot to the internet
: There are NO PROXIES
: There are NO ISA servers.
:
: The DNS Servers are using Windows DNS and I have my servers statically
: addressed with their dns entries pointing to the internal servers.
:
: On the DNS Servers I have their DNS entries pointed to the internal
: DNS servers. Within the DNS Admin tool I have 4 forwards pointing to
: my ISP's DNS/Name servers and I have do not recursive turned on.
:
: If I am missing anything else or if anyone has any more questions
: please let me know... Thanks

Is this Win2k or Win2k3?
If Win2k3 try this:
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&Product=winsvr2003

Post back an ipconfig /all of your DCs.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...


These are Windows 2000 Servers..
 
In BSM <[email protected]> posted a question
Then Kevin replied below:
: I have a problem in which , including myself, the users are unable to
: get to certain websites. Either they get a paged cannot be found or go
: straight to a MSN can't find <website> error page.
: HERE IS THE KICKER.
: My servers can get to those websites just fine
:
: Here is my setup.
:
: Clients get an IP Address from a DHCP server.
: DHCP Server sends them DNS entries for 2 internal servers only.
: The PC's are natted behind a firewall which isn't blocking anything
: internally. They have a straight shot to the internet
: There are NO PROXIES
: There are NO ISA servers.
:
: The DNS Servers are using Windows DNS and I have my servers statically
: addressed with their dns entries pointing to the internal servers.
:
: On the DNS Servers I have their DNS entries pointed to the internal
: DNS servers. Within the DNS Admin tool I have 4 forwards pointing to
: my ISP's DNS/Name servers and I have do not recursive turned on.
:
: If I am missing anything else or if anyone has any more questions
: please let me know... Thanks

Is this Win2k or Win2k3?
If Win2k3 try this:
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&Product=winsvr2003

Post back an ipconfig /all of your DCs.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...
Servers


Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : DNS2
Primary DNS Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.net
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : removed

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.100.8.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.100.8.254

DNS Servers . . . . . . . . . . . : 10.100.8.2
10.100.8.5
Primary WINS Server . . . . . . . : 10.100.8.10

Here is another..



Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : DNS1
Primary DNS Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.net
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT
Network Connection
Physical Address. . . . . . . . . : removed

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.100.8.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.100.8.254

DNS Servers . . . . . . . . . . . : 10.100.8.5
10.100.8.2
 
I have a problem in which , including myself, the users are unable to
get to certain websites. Either they get a paged cannot be found or go
straight to a MSN can't find <website> error page.
HERE IS THE KICKER.
My servers can get to those websites just fine
Click to expand...

Can the clients access web sites by IP? eg, is it a DNS problem, or a
general connectivity problem?

Assuming that can, and it's a DNS problem (and hence your reason for posting
here), are the web sites they can't access consistent? Have you tried doing
a "ipconfig /flushdns" on the clients to make sure it's not a local DNS
caching problem? Also, it might be worth looking in the cache records for
the DNS server and seeing if there is a record for one of the sites they
can't access, and if so, if the DNS cache looks "right".

A.
 
In BSM <[email protected]> posted a question
Then Kevin replied below:

: Servers
:
:
: Windows 2000 IP Configuration
:
:
:
: Host Name . . . . . . . . . . . . : DNS2
: Primary DNS Suffix . . . . . . . : domain.net
: Node Type . . . . . . . . . . . . : Hybrid
:
: IP Routing Enabled. . . . . . . . : No
:
: WINS Proxy Enabled. . . . . . . . : No
:
: DNS Suffix Search List. . . . . . : domain.net
:
: Ethernet adapter Local Area Connection:
:
:
:
: Connection-specific DNS Suffix . : domain.net
: Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
: Ethernet
: Physical Address. . . . . . . . . : removed
:
: DHCP Enabled. . . . . . . . . . . : No
:
: IP Address. . . . . . . . . . . . : 10.100.8.2
:
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
:
: Default Gateway . . . . . . . . . : 10.100.8.254
:
: DNS Servers . . . . . . . . . . . : 10.100.8.2
: 10.100.8.5
: Primary WINS Server . . . . . . . : 10.100.8.10
:
: Here is another..
:
:
:
: Windows 2000 IP Configuration
:
:
:
: Host Name . . . . . . . . . . . . : DNS1
: Primary DNS Suffix . . . . . . . : domain.net
: Node Type . . . . . . . . . . . . : Hybrid
:
: IP Routing Enabled. . . . . . . . : No
:
: WINS Proxy Enabled. . . . . . . . : No
:
: DNS Suffix Search List. . . . . . : domain.net
:
: Ethernet adapter Local Area Connection:
:
:
:
: Connection-specific DNS Suffix . : domain.net
: Description . . . . . . . . . . . : Intel(R) PRO/1000 XT
: Network Connection
: Physical Address. . . . . . . . . : removed
:
: DHCP Enabled. . . . . . . . . . . : No
:
: IP Address. . . . . . . . . . . . : 10.100.8.5
:
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
:
: Default Gateway . . . . . . . . . : 10.100.8.254
:
: DNS Servers . . . . . . . . . . . : 10.100.8.5
: 10.100.8.2
Your ipconfigs are good thank you for posting them.
The clients are getting these DNS addresses, too?
And both resolve the internet fine?

On a client is nslookup able to resolve names?
 
I have a problem in which , including myself, the users are unable to
get to certain websites. Either they get a paged cannot be found or go
straight to a MSN can't find <website> error page.
HERE IS THE KICKER.
My servers can get to those websites just fine

Here is my setup.

Clients get an IP Address from a DHCP server.
DHCP Server sends them DNS entries for 2 internal servers only.
The PC's are natted behind a firewall which isn't blocking anything
internally. They have a straight shot to the internet
There are NO PROXIES
There are NO ISA servers.

The DNS Servers are using Windows DNS and I have my servers statically
addressed with their dns entries pointing to the internal servers.

On the DNS Servers I have their DNS entries pointed to the internal
DNS servers. Within the DNS Admin tool I have 4 forwards pointing to
my ISP's DNS/Name servers and I have do not recursive turned on.

If I am missing anything else or if anyone has any more questions
please let me know... Thanks
Click to expand...

Test by setting the client that can't reach the sites to use the ISP's
DNS directly. If that still doesn't work, clear the browser cache,
remove or rename any HOSTS files and clear the name cache on the
workstation and try. If still no luck, it's not under your control.

There may be an issue with one of your ISP's DNS systems that isn't on
the others if it's intermittent.

Jeff
 
In BSM <[email protected]> posted a question
Then Kevin replied below:

: Servers
:
:
: Windows 2000 IP Configuration
:
:
:
: Host Name . . . . . . . . . . . . : DNS2
: Primary DNS Suffix . . . . . . . : domain.net
: Node Type . . . . . . . . . . . . : Hybrid
:
: IP Routing Enabled. . . . . . . . : No
:
: WINS Proxy Enabled. . . . . . . . : No
:
: DNS Suffix Search List. . . . . . : domain.net
:
: Ethernet adapter Local Area Connection:
:
:
:
: Connection-specific DNS Suffix . : domain.net
: Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
: Ethernet
: Physical Address. . . . . . . . . : removed
:
: DHCP Enabled. . . . . . . . . . . : No
:
: IP Address. . . . . . . . . . . . : 10.100.8.2
:
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
:
: Default Gateway . . . . . . . . . : 10.100.8.254
:
: DNS Servers . . . . . . . . . . . : 10.100.8.2
: 10.100.8.5
: Primary WINS Server . . . . . . . : 10.100.8.10
:
: Here is another..
:
:
:
: Windows 2000 IP Configuration
:
:
:
: Host Name . . . . . . . . . . . . : DNS1
: Primary DNS Suffix . . . . . . . : domain.net
: Node Type . . . . . . . . . . . . : Hybrid
:
: IP Routing Enabled. . . . . . . . : No
:
: WINS Proxy Enabled. . . . . . . . : No
:
: DNS Suffix Search List. . . . . . : domain.net
:
: Ethernet adapter Local Area Connection:
:
:
:
: Connection-specific DNS Suffix . : domain.net
: Description . . . . . . . . . . . : Intel(R) PRO/1000 XT
: Network Connection
: Physical Address. . . . . . . . . : removed
:
: DHCP Enabled. . . . . . . . . . . : No
:
: IP Address. . . . . . . . . . . . : 10.100.8.5
:
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
:
: Default Gateway . . . . . . . . . : 10.100.8.254
:
: DNS Servers . . . . . . . . . . . : 10.100.8.5
: 10.100.8.2
Your ipconfigs are good thank you for posting them.
The clients are getting these DNS addresses, too?
And both resolve the internet fine?

On a client is nslookup able to resolve names?


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
Click to expand...
yes the clients do get the same info.

the nslookup feature does work and resolve the names
 
Can the clients access web sites by IP? eg, is it a DNS problem, or a
general connectivity problem?

Assuming that can, and it's a DNS problem (and hence your reason for posting
here), are the web sites they can't access consistent? Have you tried doing
a "ipconfig /flushdns" on the clients to make sure it's not a local DNS
caching problem? Also, it might be worth looking in the cache records for
the DNS server and seeing if there is a record for one of the sites they
can't access, and if so, if the DNS cache looks "right".

A.
Click to expand...

Yes I have tried with both name and IP address of the website. Like I
said, my servers can get to it just fine. I posted their configs.

I did do a ipconfig /flushdns to still no avail...

I did a clear cache on both DNS servers and still no avail from the
clients.
 
Test by setting the client that can't reach the sites to use the ISP's
DNS directly. If that still doesn't work, clear the browser cache,
remove or rename any HOSTS files and clear the name cache on the
workstation and try. If still no luck, it's not under your control.

There may be an issue with one of your ISP's DNS systems that isn't on
the others if it's intermittent.

Jeff
Click to expand...

But that wouldn't explain why my servers can get to the websites just
fine but my users can't. I can hang a pc off my DMZ and still access
the websites just fine as well.
 
Yes I have tried with both name and IP address of the website. Like I
said, my servers can get to it just fine. I posted their configs.
Click to expand...

So the clients can't view a website by IP either?

In that case, it's not a DNS problem. It's "some other" network problem, so
you might be better off asking in a different group.

A.
 
Back
Top