Can't Access Own Website: SBS 2003

P

partner1220

Weaksauce
Joined
Aug 22, 2008
Messages
75
We're having problems access 'our own' externally hosted website with SBS 2003. I know this is commonly a DNS issue, but I cannot for the life of me get to the bottom of this. The site is hosted on a web host

Here are the facts:

- SBS 2003 w/single NIC. D-LINK DIR-655 router.
- DNS internally is handled by SBS, DNS forwarders set in order: 208.67.222.222, 208.67.220.220 (OpenDNS Servers)
- Trying to browse website from the SBS server or any other machine on network
- Gateway is router (192.168.1.1)
- Trying to access our own web site, hosted by a 3rd party. Trying both example.com and www.example.com - Both are simply redirected to search pages.
- Trying to get to OTHER websites hosted on this same IP also fail

Problem description:
1 - Website works fine outside this network (i.e., from my house, other sites)
2 - Pinging example.com resolves to correct IP and responses are received
3 - Nslookup resolves correct IP
4 - Trace resolves correct IP and completes successfully

Troubleshooting steps:
1 - ipconfig/flushdns
2 - Restarting DNS service on SBS 2003 server
3 - Adding host entry for the domain/IP
4 - Restarted SBS 2003 server
5 - Adding forward lookup zone for example.com > adding A record for www pointing to IP

I'm at a loss here - Any suggestions? I'm hoping I'm missing something blatantly obvious that I've just overlooked...
 
Last edited:
So you can't access the site internally? Usually that's a NAT issue and you need to do what's called hairpinning. Not sure if you can on a homegrade DLink though.
 
this site is hosted outside of your network then?

If so this is very odd. PM me the URL and i'll test.
 
Correct, it's hosted by a 3rd party webhost. It works perfectly fine for anyone outside, including other sites on the same ISP

Will send you the site, thanks
 
Something I should have mentioned...

On Tuesday, we switched ISPs and routers. The previous router was a very old Linksys Etherfast wired-only router. It worked fine with the Linksys router.

I'm fairly certain it worked after Tuesday, but I'm doubting myself as I didn't make any changes since Tuesday.
 
Jay_oasis said:
it seems to work fine for me as well. I think its a DNS issue.
Click to expand...

Thanks againg for taking a look. Any suggestions?

Internally, the name resolves (using ping, nslookup, tracert) to the same IP that it resolves to for me at home.
 
I wonder if its a ISP routing problem?

Do a trace route and see what happenes.

**EDIT**

I can see you have tried that as well
 
Ah it's hosted outside... sorry. I thought you meant it was hosted on the SBS server. Maybe try something like Wireshark and see what you get. Maybe compare a trace from your computer at home and one from work.
 
I have a hunch that your active directory name is the public full domain name...such as.
Your domain is www.example.com
and your SBS box also runs example.com ...instead of the more proper example.local
So you server thinks it owns the dubdubdub site...you'll need to go into your DNS management and edit the dubdubdub record to point to your public webhost.

At least the symptoms you describe point to that.
Although I have no idea why this behavior would change due to replacing some Stinksys router. That part of the puzzle doesn't make sense, perhaps just coincidence.
 
No proxy, no web filter. We cannot access that site either, which I see is on the same host

I haven't used WireShark much, but here's my elementary view:

When connecting from home: I see 8 TCP connections and an HTTP connection to the destination IP.
When connecting from onsite, I see 3 TCP connections to the destination IP

I'm sure there are more details that are useful here, could you guide me to what is useful?
 
If you can't get to any websites on that host its either a routing issue with your ISP or for some reason your IP has been blocked by the host.
 
Jay_oasis said:
If you can't get to any websites on that host its either a routing issue with your ISP or for some reason your IP has been blocked by the host.
Click to expand...

That's where I was leaning - I tried calling the ISP this morning and they gave me push back. I'll try connecting a machine directly to the modem, bypassing the router, and see what happens.

Thanks for your help, so far - I really appreciate it!
 
Look at the DNS setup on your SBS server, it is likely you have a DNS Zone that is the same as your Domain

Example:
website domain = host.com
Internal DNS Zone = Host.com

This will jack your DNS, you will have to manually enter the A records for your external sites
 
k1pp3r said:
Look at the DNS setup on your SBS server, it is likely you have a DNS Zone that is the same as your Domain

Example:
website domain = host.com
Internal DNS Zone = Host.com

This will jack your DNS, you will have to manually enter the A records for your external sites
Click to expand...

I think we have covered this already in the thread and proven that its not the problem
 
Correct - I confirmed there are no forward lookup zones for domain.com, only domain.local

I haven't been able to go directly to the modem yet, but we'll be doing that at 2:30. I'm hoping it still doesn't work, then we can at least go back to the ISP with something.

Also, yes I am using the same ISP internally and externally. Both are the 'business' service from this ISP as well
 
Last edited:
Run NSLookup on a client machine, who is responding and what is the response? Are you sure there isn't a rogue DHCP/DNS out there messing with things?
 
Sorry I meant I just confirmed it (After you asked)

One of the original troubleshooting steps I documented in the first post indicated I tried ADDING a fwd lookup sign for example.com with an A record for www. pointing to the correct IP, but I did remove it since.

Sorry for the confusion
 
you need to create a www record for your domain and use the ip of the webhost.

this is a common issue if your internal and external domain name is the same and your site is hosted outside of your organization.

I've had to fix this numerous times.

Basically ping your website from outside of the network to find the IP address, create an A record named www with that IP address.

edit: i guess you are saying this isn't the problem? I'd try it anyways, can you get to the site if you put the IP in a browser? Otherwise try different DNS servers, maybe something with your ISP dns servers. Did you change the forwarding on your local DNS server to the new ISP DNS servers?
 
Is the domain name the same as your AD domain? If so, you'll need to config your internal DNS to point the www record externally.
 
Database said:
you need to create a www record for your domain and use the ip of the webhost.

this is a common issue if your internal and external domain name is the same and your site is hosted outside of your organization.

I've had to fix this numerous times.

Basically ping your website from outside of the network to find the IP address, create an A record named www with that IP address.

edit: i guess you are saying this isn't the problem? I'd try it anyways, can you get to the site if you put the IP in a browser? Otherwise try different DNS servers, maybe something with your ISP dns servers. Did you change the forwarding on your local DNS server to the new ISP DNS servers?
Click to expand...

I already tried it, documented in original post. I've done this with other SBS configs and never had an issue.

MS DNS is forwarding to opendns Servers, provided in first post
 
Is openDNS only configured on the SBS2003 server or is it also configured on each workstation?
 
Download windows 2003 resource tool kit.
Make sure you have DNS set correctly to point at your self and only at your own dns server on the network connection (no outside DNS)
If this is good.
I also strongly recommand
Check your forwarder if you use them. Sometimes if you forward to a dns server that stupid slow it will cause this issue. I tend to never use forwarders for outside I let root hints to their job and let your DNS server build its own cache.

Cmd
net stop netlogon
ipconfig /registerdns
net start netlogon
dnscmd /clearcache

Go to cmd

dcdiag
Check errors
dcdiag /fix

netdiag
check errors
netdiag /fix

Lots of times I just dumped the whole dns to backup deleted then run dcdiag /fix and netdiag /fix to recreat the entire dns. (last resort since it breaks stuff 2k11 mostly 2003 seems to be ok.)

If you have mydomain.local domain DON'T create a a zone mydomain.com it will mess stuff up
 
All PCs point to DC for DNS as required

I did try pointing directly to opendns, same problem.

I think the key here is DNS is resolving correct IP
 
What happens when you change SBS 2003's DNS to another provider other than OpenDNS?

It just sounds like an issue where the traffic goes out but gets lost on the way back in.

Does a pathping to the website show all the hops you'd expect?
 
DNS is resolving to the right IP, but what happens if you go to the site by IP? Or are you on a shared server using virtual domains?
 
Brak710 said:
DNS is resolving to the right IP, but what happens if you go to the site by IP? Or are you on a shared server using virtual domains?
Click to expand...

It is a shared host, IP doesn't open regardless of where I am located

I cannot access ANY sites on this IP address
 
partner1220 said:
It is a shared host, IP doesn't open regardless of where I am located

I cannot access ANY sites on this IP address
Click to expand...

Setup a port mirror (or use it local on your computer), boot up Wireshark, and watch the request/response.

You either have something super fishy going on, or super easy... :rolleyes:

I'm sure this can be solved though, unless the shared host is somehow blocking or misrouting your location's IP/block.
 
Brak710 said:
Setup a port mirror (or use it local on your computer), boot up Wireshark, and watch the request/response.

You either have something super fishy going on, or super easy... :rolleyes:

I'm sure this can be solved though, unless the shared host is somehow blocking or misrouting your location's IP/block.
Click to expand...

I haven't used WireShark much, but here's my elementary view:

When connecting from home: I see 8 TCP connections and an HTTP connection to the destination IP.
When connecting from onsite, I see 3 TCP connections to the destination IP

I'm sure there are more details that are useful here, could you guide me to what is useful?
 
Well, I contacted both the ISP and the web vendor contacted their host (Which I believe is HostGator).

Neither one claimed any responsibility nor will confirm they made any changes, but a few hours after contacting them both, everything started 'magically' working again.

Unfortunately, I still have no idea what caused it, but it's working and I guess we'll accept it.

Thanks for your help and suggestions, everyone!
 
You must log in or register to reply here.
Back
Top