locked
Unable to access Websites from SBS2008 Server - only RRS feed

  • General discussion

  • Hi I have a really odd issue that I cannot seem to resolve.  I have the SBS2008 server setup and working fine resolving DNS as it should be for all domain PC's on the single NIC IP of 192.168.10.2.  However the actual server itself cannot access websites by name or by IP address.  I have added a secondary DNS server (google 8.8.8.8) to the single static IP NIC (
    i92.168.10.2 but this has not resolved it.  I have also removed the IP of the DNS server (its own IP Address)  and still no luck.

    If i use https://google.com then https://encrypted.google.com opens ok as google beta.

    I have tried a new Browser (firefox)and still no joy.

    I have added a new inbound and outbound rule into the firewall for iexplore.exe and still no luck.

     NSLOOKUP from the server resolves mail.google.com to an external IP ok.

    Obviously this is a DNS issue of sorts but I cannot seem to see where it may have a problem.

    Could someone be kind enough to offer a potential solution.....could it be a sockets issue on the NIC or something?

     

     

    Many thanks in advance.

    Stuart Smith

     

     

     

     

    Tuesday, January 25, 2011 12:21 PM

All replies

  • Hi Stuart,

     

    Thanks for posting here.

     

    So the issue is that server can only access external encrypted web site but other sites.

    Is this issue also occur red on other network based application ? like windows update or live messenger ?

     

    What the particular error system prompt shown in browser ? please disable “show friendly HTTP error messages” in internet explorer settings.

     

    Please modify back network settings (primary DNS entry ,DNS forwarder)before you perform above testing .

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, January 26, 2011 7:09 AM
  • Hi Stuart,

    In addition to Tiger's suggestions, if you configure a Forwarder to an ISP's DNS, such as 4.2.2.2 or 8.8.8.8, does it resolve the issue? A Forwarder can be configured by opening the DNS conslole, then right-click the DNS server name, choose properties, then Forwarders tab.

    If this resolves it, it would appear to be an EDNS0 issue. EDNS0 allows larger UDP DNS packet sizes to 1280 bytes, whereas some older, legacy or non-updated router/firewalls do not allow this type of traffic.

    Let us know if this works.

    And yes, definitely only use 192.168.10.2 for all of your internal machines, as you've already configured.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, January 30, 2011 2:07 PM
  • Sorted this.  It was the router which had a rule that was blocking the access.  Resolved when rule was removed.
    Monday, February 7, 2011 7:08 PM
  • Good to hear! :-)

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Monday, February 7, 2011 8:58 PM