No http access - server 2003

I have a server running 2003. The server has 2 NICs one for the LAN, the
other for VPN. Everything was working OK until about a month ago. To the
best of my knowledge I did not change anything other than there have been
Microsoft updates installed which might have caused this.

While the rest of the network appears to be working OK, I cannot access web
pages in IE or ping internet addresses from the server.

The server IS still able to contact MS for WSUS - no apparent errors there

I can access the server remotely using the VPN - again no apparent problem

The antivirus management software (AVG) is NOT able to download updates --
the client machines on the network fall back to downloading directly from
the internet.

The server connects to the internet through a Linksys router which has the
server's VPN port in the DMZ

I really don't know where to look for this problem since it is communicating
via the internet, just not http requests maybe?

Since this is multihomed computer, posting the results of ipconfig /all and
routing table here may help.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"news.microsoft.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have a server running 2003. The server has 2 NICs one for the LAN, the
>other for VPN. Everything was working OK until about a month ago. To the
>best of my knowledge I did not change anything other than there have been
>Microsoft updates installed which might have caused this.
>
> While the rest of the network appears to be working OK, I cannot access
> web pages in IE or ping internet addresses from the server.
>
> The server IS still able to contact MS for WSUS - no apparent errors there
>
> I can access the server remotely using the VPN - again no apparent problem
>
> The antivirus management software (AVG) is NOT able to download updates --
> the client machines on the network fall back to downloading directly from
> the internet.
>
> The server connects to the internet through a Linksys router which has the
> server's VPN port in the DMZ
>
> I really don't know where to look for this problem since it is
> communicating via the internet, just not http requests maybe?
>

"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:%23$(E-Mail Removed)...
> Since this is multihomed computer, posting the results of ipconfig /all
> and routing table here may help.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "news.microsoft.com" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I have a server running 2003. The server has 2 NICs one for the LAN, the
>>other for VPN. Everything was working OK until about a month ago. To the
>>best of my knowledge I did not change anything other than there have been
>>Microsoft updates installed which might have caused this.
>>
>> While the rest of the network appears to be working OK, I cannot access
>> web pages in IE or ping internet addresses from the server.
>>
>> The server IS still able to contact MS for WSUS - no apparent errors
>> there I can access the server remotely using the VPN - again no apparent
>> problem
>>
>> The antivirus management software (AVG) is NOT able to download
>> updates -- the client machines on the network fall back to downloading
>> directly from the internet.
>>
>> The server connects to the internet through a Linksys router which has
>> the server's VPN port in the DMZ
>>
>> I really don't know where to look for this problem since it is
>> communicating via the internet, just not http requests maybe?
>>
>



Windows IP Configuration

Host Name . . . . . . . . . . . . : hopewell-server
Primary Dns Suffix . . . . . . . : Hopewell.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Hopewell.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Physical Address. . . . . . . . . : 00-53-45-00-00-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection (WAN -.11):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O Acceleration
#2
Physical Address. . . . . . . . . : 00-30-48-63-C5-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
208.67.222.222
65.24.0.168

Ethernet adapter Local Area Connection ( Intranet -.10):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O Acceleration
Physical Address. . . . . . . . . : 00-30-48-63-C5-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
65.24.0.169

DNS Servers . . . . . . . . . . . : 127.0.0.1 is the problem. It is
recommended to setup the DC as DNS and don't use 172.0.0.1 or ISP DNS. This
search result may help too.

Troubleshooting DNSTo correct DNS settings and troubleshoot DNS problems,
you can 1) run nslookup from a command line is the default dns server the
one you expect. ...
www.chicagotech.net/dnstroubleshooting.htm


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"news.microsoft.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
> news:%23$(E-Mail Removed)...
>> Since this is multihomed computer, posting the results of ipconfig /all
>> and routing table here may help.
>>
>> --
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I have a server running 2003. The server has 2 NICs one for the LAN, the
>>>other for VPN. Everything was working OK until about a month ago. To the
>>>best of my knowledge I did not change anything other than there have been
>>>Microsoft updates installed which might have caused this.
>>>
>>> While the rest of the network appears to be working OK, I cannot access
>>> web pages in IE or ping internet addresses from the server.
>>>
>>> The server IS still able to contact MS for WSUS - no apparent errors
>>> there I can access the server remotely using the VPN - again no apparent
>>> problem
>>>
>>> The antivirus management software (AVG) is NOT able to download
>>> updates -- the client machines on the network fall back to downloading
>>> directly from the internet.
>>>
>>> The server connects to the internet through a Linksys router which has
>>> the server's VPN port in the DMZ
>>>
>>> I really don't know where to look for this problem since it is
>>> communicating via the internet, just not http requests maybe?
>>>
>>
>
>
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : hopewell-server
> Primary Dns Suffix . . . . . . . : Hopewell.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Hopewell.local
>
> PPP adapter RAS Server (Dial In) Interface:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP)
> Physical Address. . . . . . . . . : 00-53-45-00-00-
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.50
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
>
> Ethernet adapter Local Area Connection (WAN -.11):
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
> Acceleration #2
> Physical Address. . . . . . . . . : 00-30-48-63-C5-
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.11
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 127.0.0.1
> 208.67.222.222
> 65.24.0.168
>
> Ethernet adapter Local Area Connection ( Intranet -.10):
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
> Acceleration
> Physical Address. . . . . . . . . : 00-30-48-63-C5-
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.10
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 127.0.0.1
> 65.24.0.169
>

Thanks for the response

I'm not exactly clear on what you are recommending -

What should I have as the DNS for the WAN (.11) and the LAN (.10) ports -
both the same or what?

ALSO - I am puzzled by the fact that I cannot retrieve a web page by IP
address (I seemed to think this pointed away from a DNS problem) BUT WSUS is
working OK somehow



"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> DNS Servers . . . . . . . . . . . : 127.0.0.1 is the problem. It is
> recommended to setup the DC as DNS and don't use 172.0.0.1 or ISP DNS.
> This search result may help too.
>
> Troubleshooting DNSTo correct DNS settings and troubleshoot DNS problems,
> you can 1) run nslookup from a command line is the default dns server the
> one you expect. ...
> www.chicagotech.net/dnstroubleshooting.htm
>
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "news.microsoft.com" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>> news:%23$(E-Mail Removed)...
>>> Since this is multihomed computer, posting the results of ipconfig /all
>>> and routing table here may help.
>>>
>>> --
>>> Bob Lin, MS-MVP, MCSE & CNE
>>> Networking, Internet, Routing, VPN Troubleshooting on
>>> http://www.ChicagoTech.net
>>> How to Setup Windows, Network, VPN & Remote Access on
>>> http://www.HowToNetworking.com
>>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>>I have a server running 2003. The server has 2 NICs one for the LAN,
>>>>the other for VPN. Everything was working OK until about a month ago.
>>>>To the best of my knowledge I did not change anything other than there
>>>>have been Microsoft updates installed which might have caused this.
>>>>
>>>> While the rest of the network appears to be working OK, I cannot access
>>>> web pages in IE or ping internet addresses from the server.
>>>>
>>>> The server IS still able to contact MS for WSUS - no apparent errors
>>>> there I can access the server remotely using the VPN - again no
>>>> apparent problem
>>>>
>>>> The antivirus management software (AVG) is NOT able to download
>>>> updates -- the client machines on the network fall back to downloading
>>>> directly from the internet.
>>>>
>>>> The server connects to the internet through a Linksys router which has
>>>> the server's VPN port in the DMZ
>>>>
>>>> I really don't know where to look for this problem since it is
>>>> communicating via the internet, just not http requests maybe?
>>>>
>>>
>>
>>
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : hopewell-server
>> Primary Dns Suffix . . . . . . . : Hopewell.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : Yes
>> DNS Suffix Search List. . . . . . : Hopewell.local
>>
>> PPP adapter RAS Server (Dial In) Interface:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : WAN (PPP/SLIP)
>> Physical Address. . . . . . . . . : 00-53-45-00-00-
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.50
>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>> Default Gateway . . . . . . . . . :
>>
>> Ethernet adapter Local Area Connection (WAN -.11):
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>> Acceleration #2
>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.11
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>> 208.67.222.222
>> 65.24.0.168
>>
>> Ethernet adapter Local Area Connection ( Intranet -.10):
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>> Acceleration
>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.10
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>> 65.24.0.169
>>
>

"I cannot retrieve a web page by IP address" because this is multihomed
computer using the same IP range and two gateways, which also is not
recommended.

1. If VPN server is behind a firewall or router, you don't need setup it as
a multihomed computer.
2. If this is DC, it is not recommended to setup as VPN.
3. You should setup a DNS in the server with private IP address. In this
case both WAN and LAN are using the same IP range. This is the problem.
4. If you do want to setup the server as router with two NICs enabled, the
LAN default gateway should be blank.
issues of a multihomed computer with two NICs
Issues of a multihomed computer with two gateways. Case 1: The client
setup a Windows 2003 server with two NICs, one for Internet access one for
the LAN ...
www.chicagotech.net/Routers/2gateway2.htm

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"news.microsoft.com" <(E-Mail Removed)> wrote in message
news:eWPa7q$(E-Mail Removed)...
> Thanks for the response
>
> I'm not exactly clear on what you are recommending -
>
> What should I have as the DNS for the WAN (.11) and the LAN (.10) ports -
> both the same or what?
>
> ALSO - I am puzzled by the fact that I cannot retrieve a web page by IP
> address (I seemed to think this pointed away from a DNS problem) BUT WSUS
> is working OK somehow
>
>
>
> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> DNS Servers . . . . . . . . . . . : 127.0.0.1 is the problem. It is
>> recommended to setup the DC as DNS and don't use 172.0.0.1 or ISP DNS.
>> This search result may help too.
>>
>> Troubleshooting DNSTo correct DNS settings and troubleshoot DNS problems,
>> you can 1) run nslookup from a command line is the default dns server the
>> one you expect. ...
>> www.chicagotech.net/dnstroubleshooting.htm
>>
>>
>> --
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>
>>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>>> news:%23$(E-Mail Removed)...
>>>> Since this is multihomed computer, posting the results of ipconfig /all
>>>> and routing table here may help.
>>>>
>>>> --
>>>> Bob Lin, MS-MVP, MCSE & CNE
>>>> Networking, Internet, Routing, VPN Troubleshooting on
>>>> http://www.ChicagoTech.net
>>>> How to Setup Windows, Network, VPN & Remote Access on
>>>> http://www.HowToNetworking.com
>>>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>>I have a server running 2003. The server has 2 NICs one for the LAN,
>>>>>the other for VPN. Everything was working OK until about a month ago.
>>>>>To the best of my knowledge I did not change anything other than there
>>>>>have been Microsoft updates installed which might have caused this.
>>>>>
>>>>> While the rest of the network appears to be working OK, I cannot
>>>>> access web pages in IE or ping internet addresses from the server.
>>>>>
>>>>> The server IS still able to contact MS for WSUS - no apparent errors
>>>>> there I can access the server remotely using the VPN - again no
>>>>> apparent problem
>>>>>
>>>>> The antivirus management software (AVG) is NOT able to download
>>>>> updates -- the client machines on the network fall back to
>>>>> downloading directly from the internet.
>>>>>
>>>>> The server connects to the internet through a Linksys router which has
>>>>> the server's VPN port in the DMZ
>>>>>
>>>>> I really don't know where to look for this problem since it is
>>>>> communicating via the internet, just not http requests maybe?
>>>>>
>>>>
>>>
>>>
>>>
>>> Windows IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : hopewell-server
>>> Primary Dns Suffix . . . . . . . : Hopewell.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : Yes
>>> WINS Proxy Enabled. . . . . . . . : Yes
>>> DNS Suffix Search List. . . . . . : Hopewell.local
>>>
>>> PPP adapter RAS Server (Dial In) Interface:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : WAN (PPP/SLIP)
>>> Physical Address. . . . . . . . . : 00-53-45-00-00-
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.1.50
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>> Default Gateway . . . . . . . . . :
>>>
>>> Ethernet adapter Local Area Connection (WAN -.11):
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>>> Acceleration #2
>>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.1.11
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>> 208.67.222.222
>>> 65.24.0.168
>>>
>>> Ethernet adapter Local Area Connection ( Intranet -.10):
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>>> Acceleration
>>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.1.10
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>> 65.24.0.169
>>>
>>
>
>

Ok I changed the gateway and DNS settings as follows:

Windows IP Configuration

Host Name . . . . . . . . . . . . : hopewell-server
Primary Dns Suffix . . . . . . . : Hopewell.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Hopewell.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection (WAN -.11):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network
Connection with I/O Acceleration #2
Physical Address. . . . . . . . . : 00-30-48-63-C5-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1

Ethernet adapter Local Area Connection ( Intranet -.10):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network
Connection with I/O Acceleration
Physical Address. . . . . . . . . : 00-30-48-63-C5-4E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1


Note that from a CMD box I CAN ping servers by name (www.google.com) - is
there maybe a problem with winsocks or something?





"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "I cannot retrieve a web page by IP address" because this is multihomed
> computer using the same IP range and two gateways, which also is not
> recommended.
>
> 1. If VPN server is behind a firewall or router, you don't need setup it
> as a multihomed computer.
> 2. If this is DC, it is not recommended to setup as VPN.
> 3. You should setup a DNS in the server with private IP address. In this
> case both WAN and LAN are using the same IP range. This is the problem.
> 4. If you do want to setup the server as router with two NICs enabled, the
> LAN default gateway should be blank.
> issues of a multihomed computer with two NICs
> Issues of a multihomed computer with two gateways. Case 1: The client
> setup a Windows 2003 server with two NICs, one for Internet access one for
> the LAN ...
> www.chicagotech.net/Routers/2gateway2.htm
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "news.microsoft.com" <(E-Mail Removed)> wrote in message
> news:eWPa7q$(E-Mail Removed)...
>> Thanks for the response
>>
>> I'm not exactly clear on what you are recommending -
>>
>> What should I have as the DNS for the WAN (.11) and the LAN (.10) ports -
>> both the same or what?
>>
>> ALSO - I am puzzled by the fact that I cannot retrieve a web page by IP
>> address (I seemed to think this pointed away from a DNS problem) BUT WSUS
>> is working OK somehow
>>
>>
>>
>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> DNS Servers . . . . . . . . . . . : 127.0.0.1 is the problem. It is
>>> recommended to setup the DC as DNS and don't use 172.0.0.1 or ISP DNS.
>>> This search result may help too.
>>>
>>> Troubleshooting DNSTo correct DNS settings and troubleshoot DNS
>>> problems, you can 1) run nslookup from a command line is the default dns
>>> server the one you expect. ...
>>> www.chicagotech.net/dnstroubleshooting.htm
>>>
>>>
>>> --
>>> Bob Lin, MS-MVP, MCSE & CNE
>>> Networking, Internet, Routing, VPN Troubleshooting on
>>> http://www.ChicagoTech.net
>>> How to Setup Windows, Network, VPN & Remote Access on
>>> http://www.HowToNetworking.com
>>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>>
>>>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>>>> news:%23$(E-Mail Removed)...
>>>>> Since this is multihomed computer, posting the results of ipconfig
>>>>> /all and routing table here may help.
>>>>>
>>>>> --
>>>>> Bob Lin, MS-MVP, MCSE & CNE
>>>>> Networking, Internet, Routing, VPN Troubleshooting on
>>>>> http://www.ChicagoTech.net
>>>>> How to Setup Windows, Network, VPN & Remote Access on
>>>>> http://www.HowToNetworking.com
>>>>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>>I have a server running 2003. The server has 2 NICs one for the LAN,
>>>>>>the other for VPN. Everything was working OK until about a month ago.
>>>>>>To the best of my knowledge I did not change anything other than there
>>>>>>have been Microsoft updates installed which might have caused this.
>>>>>>
>>>>>> While the rest of the network appears to be working OK, I cannot
>>>>>> access web pages in IE or ping internet addresses from the server.
>>>>>>
>>>>>> The server IS still able to contact MS for WSUS - no apparent errors
>>>>>> there I can access the server remotely using the VPN - again no
>>>>>> apparent problem
>>>>>>
>>>>>> The antivirus management software (AVG) is NOT able to download
>>>>>> updates -- the client machines on the network fall back to
>>>>>> downloading directly from the internet.
>>>>>>
>>>>>> The server connects to the internet through a Linksys router which
>>>>>> has the server's VPN port in the DMZ
>>>>>>
>>>>>> I really don't know where to look for this problem since it is
>>>>>> communicating via the internet, just not http requests maybe?
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> Windows IP Configuration
>>>>
>>>> Host Name . . . . . . . . . . . . : hopewell-server
>>>> Primary Dns Suffix . . . . . . . : Hopewell.local
>>>> Node Type . . . . . . . . . . . . : Unknown
>>>> IP Routing Enabled. . . . . . . . : Yes
>>>> WINS Proxy Enabled. . . . . . . . : Yes
>>>> DNS Suffix Search List. . . . . . : Hopewell.local
>>>>
>>>> PPP adapter RAS Server (Dial In) Interface:
>>>>
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP)
>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.1.50
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>>> Default Gateway . . . . . . . . . :
>>>>
>>>> Ethernet adapter Local Area Connection (WAN -.11):
>>>>
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>>>> Acceleration #2
>>>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.1.11
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>> 208.67.222.222
>>>> 65.24.0.168
>>>>
>>>> Ethernet adapter Local Area Connection ( Intranet -.10):
>>>>
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>>>> Acceleration
>>>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.1.10
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>> 65.24.0.169
>>>>
>>>
>>
>>
>

"news.microsoft.com" <(E-Mail Removed)> wrote in message
news:uavg$(E-Mail Removed)...
> Ok I changed the gateway and DNS settings as follows:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : hopewell-server
> Primary Dns Suffix . . . . . . . : Hopewell.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Hopewell.local
>
> PPP adapter RAS Server (Dial In) Interface:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.50
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
>
> Ethernet adapter Local Area Connection (WAN -.11):
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network
> Connection with I/O Acceleration #2
> Physical Address. . . . . . . . . : 00-30-48-63-C5-4F
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.11
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 127.0.0.1
>
> Ethernet adapter Local Area Connection ( Intranet -.10):
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network
> Connection with I/O Acceleration
> Physical Address. . . . . . . . . : 00-30-48-63-C5-4E
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.10
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 127.0.0.1
>
>
> Note that from a CMD box I CAN ping servers by name (www.google.com) - is
> there maybe a problem with winsocks or something?
>
>
>
>
>
> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> "I cannot retrieve a web page by IP address" because this is multihomed
>> computer using the same IP range and two gateways, which also is not
>> recommended.
>>
>> 1. If VPN server is behind a firewall or router, you don't need setup it
>> as a multihomed computer.
>> 2. If this is DC, it is not recommended to setup as VPN.
>> 3. You should setup a DNS in the server with private IP address. In this
>> case both WAN and LAN are using the same IP range. This is the problem.
>> 4. If you do want to setup the server as router with two NICs enabled,
>> the LAN default gateway should be blank.
>> issues of a multihomed computer with two NICs
>> Issues of a multihomed computer with two gateways. Case 1: The
>> client setup a Windows 2003 server with two NICs, one for Internet access
>> one for the LAN ...
>> www.chicagotech.net/Routers/2gateway2.htm
>>
>> --
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>> news:eWPa7q$(E-Mail Removed)...
>>> Thanks for the response
>>>
>>> I'm not exactly clear on what you are recommending -
>>>
>>> What should I have as the DNS for the WAN (.11) and the LAN (.10)
>>> ports - both the same or what?
>>>
>>> ALSO - I am puzzled by the fact that I cannot retrieve a web page by IP
>>> address (I seemed to think this pointed away from a DNS problem) BUT
>>> WSUS is working OK somehow
>>>
>>>
>>>
>>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> DNS Servers . . . . . . . . . . . : 127.0.0.1 is the problem. It is
>>>> recommended to setup the DC as DNS and don't use 172.0.0.1 or ISP DNS.
>>>> This search result may help too.
>>>>
>>>> Troubleshooting DNSTo correct DNS settings and troubleshoot DNS
>>>> problems, you can 1) run nslookup from a command line is the default
>>>> dns server the one you expect. ...
>>>> www.chicagotech.net/dnstroubleshooting.htm
>>>>
>>>>
>>>> --
>>>> Bob Lin, MS-MVP, MCSE & CNE
>>>> Networking, Internet, Routing, VPN Troubleshooting on
>>>> http://www.ChicagoTech.net
>>>> How to Setup Windows, Network, VPN & Remote Access on
>>>> http://www.HowToNetworking.com
>>>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>>
>>>>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>>>>> news:%23$(E-Mail Removed)...
>>>>>> Since this is multihomed computer, posting the results of ipconfig
>>>>>> /all and routing table here may help.
>>>>>>
>>>>>> --
>>>>>> Bob Lin, MS-MVP, MCSE & CNE
>>>>>> Networking, Internet, Routing, VPN Troubleshooting on
>>>>>> http://www.ChicagoTech.net
>>>>>> How to Setup Windows, Network, VPN & Remote Access on
>>>>>> http://www.HowToNetworking.com
>>>>>> "news.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>>> news:(E-Mail Removed)...
>>>>>>>I have a server running 2003. The server has 2 NICs one for the LAN,
>>>>>>>the other for VPN. Everything was working OK until about a month ago.
>>>>>>>To the best of my knowledge I did not change anything other than
>>>>>>>there have been Microsoft updates installed which might have caused
>>>>>>>this.
>>>>>>>
>>>>>>> While the rest of the network appears to be working OK, I cannot
>>>>>>> access web pages in IE or ping internet addresses from the server.
>>>>>>>
>>>>>>> The server IS still able to contact MS for WSUS - no apparent errors
>>>>>>> there I can access the server remotely using the VPN - again no
>>>>>>> apparent problem
>>>>>>>
>>>>>>> The antivirus management software (AVG) is NOT able to download
>>>>>>> updates -- the client machines on the network fall back to
>>>>>>> downloading directly from the internet.
>>>>>>>
>>>>>>> The server connects to the internet through a Linksys router which
>>>>>>> has the server's VPN port in the DMZ
>>>>>>>
>>>>>>> I really don't know where to look for this problem since it is
>>>>>>> communicating via the internet, just not http requests maybe?
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Windows IP Configuration
>>>>>
>>>>> Host Name . . . . . . . . . . . . : hopewell-server
>>>>> Primary Dns Suffix . . . . . . . : Hopewell.local
>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>> WINS Proxy Enabled. . . . . . . . : Yes
>>>>> DNS Suffix Search List. . . . . . : Hopewell.local
>>>>>
>>>>> PPP adapter RAS Server (Dial In) Interface:
>>>>>
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP)
>>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.1.50
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>>>> Default Gateway . . . . . . . . . :
>>>>>
>>>>> Ethernet adapter Local Area Connection (WAN -.11):
>>>>>
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>>>>> Acceleration #2
>>>>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.1.11
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>>> 208.67.222.222
>>>>> 65.24.0.168
>>>>>
>>>>> Ethernet adapter Local Area Connection ( Intranet -.10):
>>>>>
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Intel(R) PRO/10 with I/O
>>>>> Acceleration
>>>>> Physical Address. . . . . . . . . : 00-30-48-63-C5-
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.1.10
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>>> 65.24.0.169
>>>>>
>>>>
>>>
>>>
>>
>
>

Since the DNS is set to 127.0.0.1 I presume that this is a domain
controller. It is not a good ides to run a domain controller on a multhomed
machine (or as a remote access server which becomes multhomed as soon as a
remote client connects).

If you must run this on a DC/DNS server make sure that you prevent the
"extra" IP addresses from registering in DNS. Also disable Netbios over
TCP/IP on all but the internal LAN NIC. See KB 292822 for a discussion on
this subject.

I notice that you still have not changed the DNS setting to point to the
LAN IP of the server instead of the loopback address as Bob suggested.

One correction -- I CAN ping internet addresses from the server


"news.microsoft.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have a server running 2003. The server has 2 NICs one for the LAN, the
>other for VPN. Everything was working OK until about a month ago. To the
>best of my knowledge I did not change anything other than there have been
>Microsoft updates installed which might have caused this.
>
> While the rest of the network appears to be working OK, I cannot access
> web pages in IE or ping internet addresses from the server.
>
> The server IS still able to contact MS for WSUS - no apparent errors there
>
> I can access the server remotely using the VPN - again no apparent problem
>
> The antivirus management software (AVG) is NOT able to download updates --
> the client machines on the network fall back to downloading directly from
> the internet.
>
> The server connects to the internet through a Linksys router which has the
> server's VPN port in the DMZ
>
> I really don't know where to look for this problem since it is
> communicating via the internet, just not http requests maybe?
>