No internet access

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Guys

a real brain teaser this (although I bet someone has an answer I have
totally overlooked).
We have three static sites using 256k kilostreams to a Head Office that has
access to the internet. The problem is that these sites cannot access the
internet, but they Can if they run Terminal Services (I know this is obvious
because of how TS works).
The workstations are all Win2k SP4, 3x servers, 1xWin2000 DC, 1xWin2003 DC,
1x Win2003 Exch 2003 memb serv.

I have had the router configs tripled checked (they are fine), I have
checked the GPOs (they are not supplying any data to IE), I have checked the
DHCP server is issuing relevant DNS information (it is), and I have checked
the connection tab in IE (that's fine).
The same setup works for our Head Office which has the internet connection,
just any other site coming through here cannot.

If I do an NS Lookup the DNS server comes back fine, IP Config /all gives
the right infomation, the only thing I can think is that something is screwy
with our DNS? But everything else is ok. I manually created an Alias in the
DNS but this changed nothing. Nobody seems to have a clue why this is
happening. When searching for a page the browser will show the IP address
down the bottom but does the cannot load page bit, which made me think of the
DNS maybe. But I can ping a hostname at a remote site and get a reply. !?

Any ideas at all would be most appreciated, sorry about the long post.


-------
Tech Admin
West Midlands, England
Stressed and Tired!
--------

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
news:9C995A4D-C892-4709-96B7-13A40E0AEEA9@microsoft.com...
> Hi Guys
>
> a real brain teaser this (although I bet someone has an answer I have
> totally overlooked).
> We have three static sites using 256k kilostreams to a Head Office that
has
> access to the internet. The problem is that these sites cannot access the
> internet, but they Can if they run Terminal Services (I know this is
obvious
> because of how TS works).
> The workstations are all Win2k SP4, 3x servers, 1xWin2000 DC, 1xWin2003
DC,
> 1x Win2003 Exch 2003 memb serv.
>
> I have had the router configs tripled checked (they are fine), I have
> checked the GPOs (they are not supplying any data to IE), I have checked
the
> DHCP server is issuing relevant DNS information (it is), and I have
checked
> the connection tab in IE (that's fine).
> The same setup works for our Head Office which has the internet
connection,
> just any other site coming through here cannot.
>
> If I do an NS Lookup the DNS server comes back fine, IP Config /all gives
> the right infomation, the only thing I can think is that something is
screwy
> with our DNS? But everything else is ok. I manually created an Alias in
the
> DNS but this changed nothing. Nobody seems to have a clue why this is
> happening. When searching for a page the browser will show the IP address
> down the bottom but does the cannot load page bit, which made me think of
the
> DNS maybe. But I can ping a hostname at a remote site and get a reply.
!?
>
> Any ideas at all would be most appreciated, sorry about the long post.

You are focused on the wrong level of detail apparently.

What does ping (e.g., Ping www.yahoo.com) give you?

How about ping 68.142.197.79?

If DNS name works and IP fails you have a Name Resolution
(DNS) issue.

If the address fails, try Tracert to the address (or name if it
resolves) and see HOW FAR it gets.

Post your IPConfig /all (the text, no pictures please and please
don't type it in -- send to file or copy from screen and post.)

What SPECIFICALLY do you mean it works in Terminal Services?

If you have firewalls that block ICMP (Ping, Tracert) then
what happens if you use:

telnet www.yahoo.com 80

[Hit enter twice while watching the screen for text or a quick
flash of output then clear]

If telnet hangs on a blank screen, and then flashes SOMETHING
or shows a bunch of HTTP and/or HTML then you have connectivity
and likely an Internet Explorer problem.

Most likely IE problem (if specific) would be a Proxy (setting)
or Proxy server issue.

What firewalls are you using on to the Internet and personal
firewalls on the clients?

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks for the info Herb,

If I ping an external IP address or external DNS/FQDN then the ping times
out. If I try and telnet www.yahoo.com on port 80 I get: 'Could not open a
connection to host on port 80: connect failed'.

It's almost like there is a problem with port 80. When I say that internet
access works in a TS session, hat I specifically mean is, a user can run
Remote Desktop to a T Sserver on another site and open up IE in the session
and there is no problem. RDP uses port 389? Or is that wrong?

I doubt we have a proxy server issue or proxy setting issue as we don't
actually have a proxy server! IE browsers are set up for direct connection
which works for the PCs at the main office with the internet router.

Chris


"Herb Martin" wrote:

> "Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
> news:9C995A4D-C892-4709-96B7-13A40E0AEEA9@microsoft.com...
> > Hi Guys
> >
> > a real brain teaser this (although I bet someone has an answer I have
> > totally overlooked).
> > We have three static sites using 256k kilostreams to a Head Office that
> has
> > access to the internet. The problem is that these sites cannot access the
> > internet, but they Can if they run Terminal Services (I know this is
> obvious
> > because of how TS works).
> > The workstations are all Win2k SP4, 3x servers, 1xWin2000 DC, 1xWin2003
> DC,
> > 1x Win2003 Exch 2003 memb serv.
> >
> > I have had the router configs tripled checked (they are fine), I have
> > checked the GPOs (they are not supplying any data to IE), I have checked
> the
> > DHCP server is issuing relevant DNS information (it is), and I have
> checked
> > the connection tab in IE (that's fine).
> > The same setup works for our Head Office which has the internet
> connection,
> > just any other site coming through here cannot.
> >
> > If I do an NS Lookup the DNS server comes back fine, IP Config /all gives
> > the right infomation, the only thing I can think is that something is
> screwy
> > with our DNS? But everything else is ok. I manually created an Alias in
> the
> > DNS but this changed nothing. Nobody seems to have a clue why this is
> > happening. When searching for a page the browser will show the IP address
> > down the bottom but does the cannot load page bit, which made me think of
> the
> > DNS maybe. But I can ping a hostname at a remote site and get a reply.
> !?
> >
> > Any ideas at all would be most appreciated, sorry about the long post.
>
> You are focused on the wrong level of detail apparently.
>
> What does ping (e.g., Ping www.yahoo.com) give you?
>
> How about ping 68.142.197.79?
>
> If DNS name works and IP fails you have a Name Resolution
> (DNS) issue.
>
> If the address fails, try Tracert to the address (or name if it
> resolves) and see HOW FAR it gets.
>
> Post your IPConfig /all (the text, no pictures please and please
> don't type it in -- send to file or copy from screen and post.)
>
> What SPECIFICALLY do you mean it works in Terminal Services?
>
> If you have firewalls that block ICMP (Ping, Tracert) then
> what happens if you use:
>
> telnet www.yahoo.com 80
>
> [Hit enter twice while watching the screen for text or a quick
> flash of output then clear]
>
> If telnet hangs on a blank screen, and then flashes SOMETHING
> or shows a bunch of HTTP and/or HTML then you have connectivity
> and likely an Internet Explorer problem.
>
> Most likely IE problem (if specific) would be a Proxy (setting)
> or Proxy server issue.
>
> What firewalls are you using on to the Internet and personal
> firewalls on the clients?
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
news074D300-7DA0-4A39-AB38-67FD128FF1C5@microsoft.com...
> Thanks for the info Herb,
>
> If I ping an external IP address or external DNS/FQDN then the ping times
> out. If I try and telnet www.yahoo.com on port 80 I get: 'Could not open
a
> connection to host on port 80: connect failed'.

If ICMP (ping) is allowed through the firewalls
then the usual next test is to "TraceRt" (Or pathping)
to see how far you can go and return an answer.

If ICMP is not allowed or tracert stops (very) short,
then you method is the obvious next step (telnet on
a TCP service port.)

> It's almost like there is a problem with port 80.

It could be but then you could "telnet ftp.microsoft.com 21"
and see what happens. (Even a useful "connection" means
you get through.)

[Or trying an SMPT server on port 25, pop server on port 110.]

> When I say that internet
> access works in a TS session, hat I specifically mean is, a user can run
> Remote Desktop to a T Sserver on another site and open up IE in the
session
> and there is no problem. RDP uses port 389? Or is that wrong?

3389

So can you ping the TS box?

If not, one presumes the filter is between the client and
the TS.

What is the layout of the firewalls and other routers that
might stop this?

Is there a Proxy Server (ISA) or other proxy in the path?
(Proxy usually blocks ICMP-ping, and frequently blocks
many other protocols. The same is true for many other
firewalls and proxies.)

> I doubt we have a proxy server issue or proxy setting issue as we don't
> actually have a proxy server! IE browsers are set up for direct
connection
> which works for the PCs at the main office with the internet router.

So can you show your tracert?

Ipconfig /all

And describe your routers/firewalls....

(Please paste the command output text in here, don't
type it and please don't use pictures.)