Questions

WIN SBS cannot access the internet

+
0 Votes
Locked

WIN SBS cannot access the internet

skinnbones
I have a client whose server cannot access the internet.

My client (Company B) share's office space and an internet connection with another company (Company A). Company B's router is connected to Company A's router:

Company B's router:
(External)
ip: 192.168.0.151
sub: 255.255.255.0
gate: 192.168.0.101
DNS1: 192.168.253.254
DNS2: 192.168.0.101

(Internal)
ip: 192.168.1.1

Company B has a WIN SBS with 2 NICs that is also a VPN server (public ip forwarded to NIC 1). NIC 1 (external) is connected to Company A's router. NIC 2 (internal) is connected to a switch off of Company B's router. Company B's router also supplies DHCP to clients.

WIN SBS:
(NIC 1)
ip: 192.168.0.80
sub: 255.255.255.0
gate: 192.168.0.101
DNS1: 192.168.253.254
DNS2: 192.168.0.101

(NIC 2)
ip: 192.168.1.2
sub: 255.255.255.0
gate:
DNS1: 192.168.253.254
DNS2: 192.168.0.101

Company B's workstations access the internet and server fine and remote users access the server fine via VPN, but the server itself cannot access the internet (to download virus definitions, etc.). I've made adjustments to get the server online, but then it cannot be accessed via VPN (which is more important to the client since they have a few remote users), so I switched back to the above configuration. Any help with this would be greatly appreciated.
  • +
    0 Votes
    Churdoo

    So I suppose that the next thing that I would test would be PINGs to external hosts (by IP and by NAME). If the result of this test is such that you can PING by IP, but fail to resolve/ping by name, then I would suggest a hosed WINSOCK and to run a WINSOCK repair.

    +
    0 Votes
    skinnbones

    Thank you for the response. I forgot to mention that I cannot ping externally. Internally it works fine. I did take your suggestion and repaired winsock by using the netsh utility but it did not help. When I PING externally I get the following message:
    'Ping request could not find host website.com. Please check the name and try again'. Any thoughts?

    +
    0 Votes
    Churdoo

    If you can ping by IP but not by name, then it's either a DNS problem, or your WINSOCK is still hosed. Has any malware got on the server at all? If so, a stronger case for hosed WINSOCK, whether the malware was removed or not.

    I've not used the netsh winsock repair, only the manual method where you delete the WINSOCK and WINSOCK2 keys in the registry. The whole process is described in the following article in the section labled "Windows XP without Service Pack 2 instructions":
    http://support.microsoft.com/kb/811259

    And after doing anything with IP, I'd rerun the CEICW.

    +
    0 Votes
    skinnbones

    I cannot ping anything external by IP or by name. I did not run CEICW though. I will try that and let you know what happens. Thanks.

    +
    0 Votes
    CG IT

    if company A hosts the internet access, then company B"s router WAN interface is configured to be on company As LAN. Default gateway would be company As router and DNS would be the ISP DNS servers.

    For the SBS box with 2 NICs. you run the CIECW wizard and provide the information request where the external NIC for the SBS box connects to company Bs router and the internal NIC connects to a switch. DNS information is the ISPs DNS server.

    +
    0 Votes
    skinnbones

    Thank you for the reply. I will get the ISPs DNS information and try that. I will let you know if it works.

    +
    0 Votes
    CG IT

    remember that the CIECW will configure the NICs and that you do NOT change workstation DNS information manually to be the ISPs DNS servers.

    What will happen is that CIECW will configure the SBS external NIC with the ISPs DNS server and the internal NIC with the SBS DNS address. SBS then uses forwarders so that any query not resolved by SBS DNS is forwarded out the external NIC.

    So when the CIECW asks for the ISP DNS servers, you put them in the boxes provides and then click next. you don't manually configure any of the NICs. If you do, you will run into problems with RWW, OWA and the internal web site running on IIS.

  • +
    0 Votes
    Churdoo

    So I suppose that the next thing that I would test would be PINGs to external hosts (by IP and by NAME). If the result of this test is such that you can PING by IP, but fail to resolve/ping by name, then I would suggest a hosed WINSOCK and to run a WINSOCK repair.

    +
    0 Votes
    skinnbones

    Thank you for the response. I forgot to mention that I cannot ping externally. Internally it works fine. I did take your suggestion and repaired winsock by using the netsh utility but it did not help. When I PING externally I get the following message:
    'Ping request could not find host website.com. Please check the name and try again'. Any thoughts?

    +
    0 Votes
    Churdoo

    If you can ping by IP but not by name, then it's either a DNS problem, or your WINSOCK is still hosed. Has any malware got on the server at all? If so, a stronger case for hosed WINSOCK, whether the malware was removed or not.

    I've not used the netsh winsock repair, only the manual method where you delete the WINSOCK and WINSOCK2 keys in the registry. The whole process is described in the following article in the section labled "Windows XP without Service Pack 2 instructions":
    http://support.microsoft.com/kb/811259

    And after doing anything with IP, I'd rerun the CEICW.

    +
    0 Votes
    skinnbones

    I cannot ping anything external by IP or by name. I did not run CEICW though. I will try that and let you know what happens. Thanks.

    +
    0 Votes
    CG IT

    if company A hosts the internet access, then company B"s router WAN interface is configured to be on company As LAN. Default gateway would be company As router and DNS would be the ISP DNS servers.

    For the SBS box with 2 NICs. you run the CIECW wizard and provide the information request where the external NIC for the SBS box connects to company Bs router and the internal NIC connects to a switch. DNS information is the ISPs DNS server.

    +
    0 Votes
    skinnbones

    Thank you for the reply. I will get the ISPs DNS information and try that. I will let you know if it works.

    +
    0 Votes
    CG IT

    remember that the CIECW will configure the NICs and that you do NOT change workstation DNS information manually to be the ISPs DNS servers.

    What will happen is that CIECW will configure the SBS external NIC with the ISPs DNS server and the internal NIC with the SBS DNS address. SBS then uses forwarders so that any query not resolved by SBS DNS is forwarded out the external NIC.

    So when the CIECW asks for the ISP DNS servers, you put them in the boxes provides and then click next. you don't manually configure any of the NICs. If you do, you will run into problems with RWW, OWA and the internal web site running on IIS.