Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, May 28, 2013 2:01 AM
Our client is running Windows 2008 R2 as DC/DNS. Every thing works except they can’t access their website hosted by a
hosting company. They get "The webpage cannot be found". However, if they replace the internal DNS (192.168.1.3 that is also DC/DNS IP address) with
their ISP DNS, they can access the website. All inside computers with the internal DNS have this problem. They don't have the problem to access other
websites.
If I ping nyrp.org, the public IP is x.x.x.x. However, I can’t access the website using the IP x.x.x.x in any Internet computers (inside or outside).
What could be the problem?
Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on
How to Setup Windows, Network, VPN & Remote Access on
http://www.howtonetworking.com
All replies (5)
Tuesday, May 28, 2013 4:26 AM ✅Answered
OK, lets go thru each item...
The most likely reason you can access nyrp.org by name and not IP is the web server is using host headers, aka many domains are being hosted on one server with the same IP address and the only way the server knows which web site it should serve is by the host name in the request.
You will need to do some trouble shooting for the DNS. When they ping nyrp.org from the LAN what do they get? Does it resolve? Does it resolve to the correct public IP?
If it does not resolve at all, it is likely the DNS server is not reaching the Internet to do the lookups/forwards.
If it resolves to a private IP then they have split DNS and will need records in their scope for the public IP of the nyrp.org.
If it resolves to the correct public IP, then there is something blocking the traffic like a firewall, proxy and/or content filter.
Tuesday, May 28, 2013 5:13 AM ✅Answered
Hi Bob,
I hope everything is going well.
On your internal DNS server, is nyrp.org your internal AD domain name?
I see that your local DNS resolves nyrp.org to 174.129.248.149. How about when you type in www.nyrp.org?
From my findings, when I type in www.nyrp.org, it works fine. However, when I type in http://nyrp.org, (without the www in it), it always redirects to www.nyrp.org.
Therefore, it appears you need an "www" 'A' host record under nyrp.org with IP 174.129.248.149.
-
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, May 28, 2013 4:34 AM
The DNS looks good and nslookup can resolve nyrp.orgas shown below.
C:\Users\Administrator>nslookup
Default Server: autodiscover.domain.local
Address: 192.168.1.3
> nyrp.org
Server: autodiscover.domain.local
Address: 192.168.1.3
Name: domain.org
Address: x.x.x.x
We don't use proxy. I also checked firewall and content filter. They don't block the website. Remember if I replace the internal DNS with ISP DNS, then the computer can access the nyrp.org.
Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on
How to Setup Windows, Network, VPN & Remote Access on
http://www.howtonetworking.com
Tuesday, May 28, 2013 2:13 PM
Hi Ace,
Thank you for the tip. I found the client created external domain DNS last night. I fixed the problem by deleting the external DNS. I do beleive adding www to the external DNS will fix the problem too. Thank you.
Percula, you are correct about host headers. So, thank you.
I have posted troubleshooting steps and resolution in this link:
LAN computers can't access company website with the internal DNS - Resolution with screenshots
Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on
How to Setup Windows, Network, VPN & Remote Access on
http://www.howtonetworking.com
Wednesday, May 29, 2013 2:43 AM
Hi Bob,
Glad I could help. Also, you may want to review the following for additional information and scenarios:
Can't Access Website with Same Name (Split Zone or no Split Brain)
Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM 1278 0
Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx
-
FYI, I clicked on your link, however I was prompted to update my Flash player. My Flash player is up to date, having updated it last week. I believe your site has been compromised and is prompting for a fake Flash file. You may want to investigate further.
-
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.