USERS UNABLE TO GET TO WEBSITES

[BSM]

I have a problem in which , including myself, the users are unable to
get to certain websites. Either they get a paged cannot be found or go
straight to a MSN can't find <website> error page.
HERE IS THE KICKER.
My servers can get to those websites just fine

Here is my setup.

Clients get an IP Address from a DHCP server.
DHCP Server sends them DNS entries for 2 internal servers only.
The PC's are natted behind a firewall which isn't blocking anything
internally. They have a straight shot to the internet
There are NO PROXIES
There are NO ISA servers.

The DNS Servers are using Windows DNS and I have my servers statically
addressed with their dns entries pointing to the internal servers.

On the DNS Servers I have their DNS entries pointed to the internal
DNS servers. Within the DNS Admin tool I have 4 forwards pointing to
my ISP's DNS/Name servers and I have do not recursive turned on.

If I am missing anything else or if anyone has any more questions
please let me know... Thanks

They cannot get to the websites via name or IP address.

Below are my servers ipconfigs..

Servers


Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : DNS2
Primary DNS Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.net
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : removed

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.100.8.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.100.8.254

DNS Servers . . . . . . . . . . . : 10.100.8.2
10.100.8.5
Primary WINS Server . . . . . . . : 10.100.8.10

Here is another..



Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : DNS1
Primary DNS Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.net
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT
Network Connection
Physical Address. . . . . . . . . : removed

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.100.8.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.100.8.254

DNS Servers . . . . . . . . . . . : 10.100.8.5
10.100.8.2

 

[Scott Harding - MS MVP]

What IP' are used for the clients? Can you do a Nslookup on the clients and
resolve Internet domain names? Can the clients ping outside through the
firewall?

 

[BSM]

What IP' are used for the clients? Can you do a Nslookup on the clients and
resolve Internet domain names? Can the clients ping outside through the
firewall?

The clients use a DHCP address given out by the DNS servers.. Their
DNS entries are of the DNS internal servers. The dns servers CAN
access the website just fine. I really don't know what could be the
cause. They can do a nslookup just fine and resolve to the DNS primary
server. They can ping outside and get to other websites just fine.
This even happens on my machine, which is configured like everyone
elses. My servers and I are on the same network. My users are on a
different network. We all go through the same internet pipe. I figured
it could be a routing issues , reason I am also on the server segment
but I too am expierencing the same problem. I have just the default
group policy on for passwords/auditing.. I don't know if there is
something in the Group Policy entries I need to look at. I am stompped
with this one.

 

[Scott Harding - MS MVP]

Are they any Hosts or Lmhosts file on the machines with wrong entries for
these websites? Do you have a zone setup for this domain in your DNS server
with the wrong information. Is it only 1 website they cannot reach? What is
the site?

 

[Guest]

We had a similar problem on our network after applying the
latest Internet Explorer security patch. After removing
the patch, everything started working normally again.
Don't know if this is the cause of your problem, but it's
worth a look.

-J

 

[BSM]

Are they any Hosts or Lmhosts file on the machines with wrong entries for
these websites? Do you have a zone setup for this domain in your DNS server
with the wrong information. Is it only 1 website they cannot reach? What is
the site?

This applies to all 300 computers globally in my network.

They have no entries in their hosts/lmhosts files. everything is
default.

I believe the zone is setup correctly.. If it wasn't would my servers
not be able to get to the websites ??
I don't understand why my servers can get to the websites but not my
users..

www.hoopshype.com
www.nwbl.com

 

[BSM]

Which securtity patch was it? How do you uninstall a security patch ??

 

[Scott Harding - MS MVP]

I can get to both of these......Now wait a minute. You say "I believe the
zone is setup correctly.. " are you hosting these websites? Are you the SOA
for these? Do you actually have these as zones in your DNS servers? Is you
internal domain name one of these domain names?

 

[BSM]

I can get to both of these......Now wait a minute. You say "I believe the
zone is setup correctly.. " are you hosting these websites? Are you the SOA
for these? Do you actually have these as zones in your DNS servers? Is you
internal domain name one of these domain names?

No, these websites are external to us. I have cleared my DNS cache
off my DNS Servers and still cannot get to these websites. I also have
verified that the IP address of those websites are the same IP address
that was cached on my servers...

 

[Enkidu]

The clients use a DHCP address given out by the DNS servers.. Their
DNS entries are of the DNS internal servers. The dns servers CAN
access the website just fine. I really don't know what could be the
cause. They can do a nslookup just fine and resolve to the DNS primary
server. They can ping outside and get to other websites just fine.
This even happens on my machine, which is configured like everyone
elses.

Do you mean that *you* cannot get out, but the servers on the same
segment can?

My servers and I are on the same network. My users are on a
different network.

What do you mean here? What connects the two networks?

We all go through the same internet pipe.

?? Do you hace two connections to the firewall?

I figured it could be a routing issues , reason I am also on the server
segment but I too am expierencing the same problem. I have just the
default group policy on for passwords/auditing.. I don't know if there is
something in the Group Policy entries I need to look at. I am stompped
with this one.

Ah, that answers my earlier question! Have you tried tracert??

Cheers,

Cliff

 

[BSM]

Do you mean that *you* cannot get out, but the servers on the same
segment can?
What do you mean here? What connects the two networks?
?? Do you hace two connections to the firewall?
Ah, that answers my earlier question! Have you tried tracert??

Cheers,

Cliff

Traceroutes from multiple machines all end at the distination IP
address..