none
Clients Cannot Access Internet through SBS

    General discussion

  • Some recent Microsoft Updates were installed and required a reboot of Windows Server.

    After the reboot, clients in the domain cannot access the Internet. I've rebooted many times since then and tried many things, but the clients no longer can connect to the Internet.

    SBS is running DNS, AD, RAS, DHCP etc with one NIC on the LAN and another NIC on the WAN. Everything seems to be set up correctly, just as it was before the reboot.

    Here is the current status.

    - The clients can see each other inside the Active Directory domain.

    - The Windows Server can connect to the Internet

    - When the command "NSlookup [name of any domain computer] [server ip address]" is run from a client computer, the ip address of the domain computer is returned.

    -  Event view shows now errors logged for DNS Server

    - "Ping [server ip address]" works fine from the client.

    - "Ping microsoft.com" from the client returns "request timed out"

    There must be one simple setting that is not correct. I cannot find it in any of the documentation on Technet.

    Please help!

    Friday, June 15, 2012 5:39 AM

All replies

  • Actually, "NSlookup [any internet domain name]" returns a valid IP address.  So perhaps the problem is not with DNS, but rather, that clients are getting blocked?

    On the client side, the Network Connection Status shows "IPV4 Connectivity: Internet". So, the client doesn't see any connection problem.

    Something on Windows Server is either not working, or is blocking client traffic to the Internet (again, the server is fine--I'm using it now to connect here)

    Friday, June 15, 2012 7:20 AM
  • When you do an nslookup from client for microsoft.com does it returns expected results?
    Friday, June 15, 2012 12:14 PM
  • Please confirm you are using SBS 2003 with 2 NICs and not SBS 2008 or SBS 2011. Also is ISA 2004 installed?

    Steve

    Friday, June 15, 2012 2:19 PM
  • Yes, when I do an nslookup from client for "microsoft.com" it returns IP addresses for Microsoft.com. 

    If I ping Microsoft.com, ping reports the IP address, but then the 4 pings time out.

    Friday, June 15, 2012 10:00 PM
  • I'm running SBS11 (Server 2K8 R2 SP1) with 2 NICs. 

    I do not believe ISA is running. I was looking for it in the Admin panel and didn't find it.

    I disabled IPV6 using the FixIT tool. (DHCP is still serving IPV6 addresses).

    I am not using Network Access Protection, nor other network access policies. Unless something changed in the last Windows update, I didn't have any group policy restricting network access.

    Clients are able to get IP addresses from DHCP and operate normally within in the domain on the LAN. Only when they try to get to the Internet, are they somehow getting blocked.

    Friday, June 15, 2012 10:07 PM
  • Sorry but 2 NICs are not supported on SBS 2011 so that is your first basic problem to solve. ISA was only supported on SBS versions prior to SBS 2008 so no you wouldn't have it installed. IPv6 should not be disabled on SBS 2011.

    Steve

    Friday, June 15, 2012 10:20 PM
  • and Leigh, one would hope you do not, in fact, work at MS. Please go into your profile and correct this.
    Friday, June 15, 2012 11:18 PM
  • Ok, I guess I'll have to go back to the drawing board, because I don't understand how SBS would work in a one-server config without 2 NICs.

    Could you refer me to a KB or How-To that describes the intended network topology?

    Saturday, June 16, 2012 12:03 AM
  • Thanks, I changed it to "Home". ...We are given MSDN subscriptions so we can have sandboxes for ongoing learning and professional development. It's not appropriate to call MSIT for that.
    Saturday, June 16, 2012 12:10 AM
  • Depending on the mechanism you receive the MSDN subscription through you may indeed have some associated 'support incidents', BUT I'm not encouraging you to burn them for items that may be answered in the forums.

    'home' works fine, vs seemingly identifying yourself as MS. (unless you really are an MS employee, which causes me some despair that 'MS expect consumers to be aware of product features and limitations while we have here an example of an MS employee that can't read same')

    Changes to Windows Server caused SBS Dev to drop '2 NIC deployment' on versions later than SBS03R2. There are various reasons why this happened but the major items concerned 'multi-homed DCs' and changes to RRAS.(AFAIK)

    I want to make sure that statement is as fully understood as possible. Changes to Windows Server (non-SBS) were the 'motivation' for the change. This was, to at least some extent, SBS Dev following Windows Server 'guidelines', making SBS _more_ 'Standard Server-like'.

    Versions of SBS >03 _only_ support a single network interface.

    Saturday, June 16, 2012 2:56 AM
  • The 2-NIC configuration had been working since installation.  Maybe there is confusion about the version of O/S I'm running, which includes Server 2008 R2 SP1.

    I now have it working, again.

    I disabled RRAS and re-enabled it. Then, everything was back to normal.

    Saturday, June 16, 2012 4:56 PM
  • There must be some confusion about the product I'm running.

    It has always been running with 2 NICs. And after I disabled and re-enabled RRAS, it is running fine, again!

    Regarding your despair, MS provides pre-sales support to inform customers of product features and limitations through 600,000+ certified partner personnel and through 1000's of MS Technical Specialist Professionals.   ...I don't understand why it's bad for people to learn about products outside of their normal job function and area of expertise.

    In any case, my SBS11/WS2K8R2 installation is running fine, again.

    Thanks for your help.

    Saturday, June 16, 2012 5:20 PM
  • Just to avoid confusion, any configuration for SBS 2008 and SBS 2011 that users more than one network adapter (nic) will not work properly, will "break" the wizards, and is not supported.  It is not possible to confirm that Leigh Huang is actually managing his SBS with the wizards, nor that he has proper functionality, but I give him the benefit of the doubt... perhaps he is. 

    Anyone else reading this thead should not take that a a green light to utilize more than ONE nic in their SBS 2008 or SBS 2011.  It is not supported.

    Since Leigh has expressed bewilderment as to how it works with one nic... it works exactly the same as any other Windows Server, with the edge device doing the firewalling and port forwarding.


    Larry Struckmeyer[SBS-MVP]

    Saturday, June 16, 2012 6:29 PM
    Moderator
  • There must be some confusion about the product I'm running.

    It has always been running with 2 NICs. And after I disabled and re-enabled RRAS, it is running fine, again!

    Regarding your despair, MS provides pre-sales support to inform customers of product features and limitations through 600,000+ certified partner personnel and through 1000's of MS Technical Specialist Professionals.   ...I don't understand why it's bad for people to learn about products outside of their normal job function and area of expertise.

    In any case, my SBS11/WS2K8R2 installation is running fine, again.

    Thanks for your help.

    However, your SBS (configured with 2NICs) and the whole content of this thread, is formally 'outside MS support parameters'.

    It is _very disappointing_ that an MS employee should wish to do this.

    Saturday, June 16, 2012 11:55 PM
  • The 2-NIC configuration had been working since installation.  Maybe there is confusion about the version of O/S I'm running, which includes Server 2008 R2 SP1.

    I now have it working, again.

    I disabled RRAS and re-enabled it. Then, everything was back to normal.


    Please 'unmark' this as 'answer'. It is a configuration in _direct conflict_ with SBS configuration parameters.
    • Proposed as answer by SuperGumby Sunday, June 17, 2012 12:18 AM
    Sunday, June 17, 2012 12:00 AM
  • Leigh

    As a moderator of this forum I have unmarked your response as an Answer.   The reason behind my action is that your proposed answer would lead one to believe that Small Business Server can be run satisfactorily with two active NICs, running RRAS.   Since SBS 2008, two nics have not been support over security issues regarding using a Domain Controller (The SBS Server) as an "Edge" device connected directly to the internet.  Following is a link to the a Blog from the SBS Product Team on supported Network Topologies http://blogs.technet.com/b/sbs/archive/2008/09/16/sbs-2008-supported-networking-topology.aspx    While this blog is targeted for SBS 2008, it applies to SBS 2011 as well.    The SBS MVPs and other community contributors have also created a WIKI/Build document for SBS 2011 on Technet which you can find here http://social.technet.microsoft.com/wiki/contents/articles/1709.sbs-2011-standard-build-info-en-us.aspx

    Since you are trying to learn the product, it's important that you follow best practices.

    I hope this information helps 


    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL

    Sunday, June 17, 2012 2:22 AM
    Moderator
  • and sorry Leigh, but this may give you a 'feel' for how much concern we (not just MVP but 'community' in general) have that this be adressed properly:

    The additonal network interface is known to interfere with SBS 'wizards'. _most_ experienced SBS admins will promote the use of the wizards. People who perform such 'outside the box' actions and ignore the use of the wizards often cause undue problem discussion and a perception that 'SBS is broken' when the simple fact is that _their implementation_ is wrong, and _causing_ such error.

    I (personally) am concerned that your 2 NIC config has existed for _some time_, suggesting you are either ignoring or 'working around' problems that would be experienced in such situation.

    _particularly_ in the case of an MS employee testing SBS, wanting to get familiar with the product, it is important that such be done properly.

    OTOH: If you want to 1st do SBS 'the SBS way' then explore how SBS functionality may be expanded, I would ask that you preface your questions with 'an SBS experiment' (or similar).

    Sunday, June 17, 2012 2:48 AM
  • Hi All,

    I am having same problems... Just after server updates... DHCP behaving strangely.... not internet access to clients... BAD ADDRESS or IP conflicts... MS exchnage firewall rules gone.....

    No error in event manager.

    Please can someone guide...

    Many Thanks

    Thursday, October 18, 2012 12:50 PM
  • HI Sharpwaves:

    Please start a new thread with your question and explain the symptoms and what update you installed before the problems began.  Old threads get very little viewing, and most are not inclined to read an entire thread of old posts to see what "same problems" you refer to.


    Larry Struckmeyer[SBS-MVP]

    Thursday, October 18, 2012 1:04 PM
    Moderator