Re: ISA Server cannot access www.microsoft.com

From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 05/15/04 

Date: Sun, 16 May 2004 00:41:48 +0200

Hi Grant,

Try this:

If the error exists on all computers, it could be this:

Disable EDNS on the SBS 2003 server since it is a known cause of similar
behavior.

>From a command prompt, run the following:

dnscmd /Config /EnableEDnsProbes 0

For more information:

832223 Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS
Server
http://support.microsoft.com/?id=832223

828263 DNS query responses do not travel through a firewall in Windows
Server
http://support.microsoft.com/?id=828263

828731 An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/?id=828731 

-- 
Regards,
Marina
Microsoft SBS-MVP
"Grant Morgan" <grant@storeline.com.au> schreef in bericht
news:%23bZT$BIOEHA.3492@TK2MSFTNGP10.phx.gbl...
> I am a long time user of SBS2000, and recently upgraded to SBS2003 Premium
>
> SERVER: Dell Poweredge Xeon 2400 1024Mb Ram, 3 x mirrored 18gb SCSI (6
> drives total), Intel Gigabit NIC (running at 100Mb/s), Netcomm ADSL router
> with UPNP
>
> SOFTWARE: SBS 2003 premium using ISA2000 as firewall - ICW Run
Successfully.
> Using POP3 connector (ie. we don't host our own domain)
>
> CLIENTS: Win XP Pro SP1 running MS Firewall Client + IE 6 SP2
>
> Since the upgrade, no machine on the network can access www.microsoft.com
or
> www.symantec.com. Can access windowsupdate, msdn, technet, support site,
but
> nothing starting with www.microsoft.com (or go.microsoft.com) or
> www.symantec.com.
>
> If I disconnect the server and plug a laptop straight into the router,
there
> is no problem in accessing these sites.
>
> There is a INET 11004 error recorded in the Web Proxy log.
>
> Dumps from log and NSLookup appear below...
>
> HELP!
>
> Thanks
>
>
> Line from Web Proxy Log:
> ========================
> 192.168.16.58, STORELINE\MyUserName, Mozilla/4.0 (compatible; MSIE 6.0;
> Windows NT 5.1; .NET CLR 1.1.4322), Y, 5/13/2004, 9:20:19, w3proxy,
> SERVER, -, www.microsoft.com, -, 80, 23203, 484, 0, http, TCP, GET,
> http://www.microsoft.com/, -, Inet, 11004, 0x0, Small Business Internet
> Access Protocol Rule, Allow rule
>
>
> NSLookup with debug option:
> ===========================
> Default Server:  server.MyCompanyName.local
> Address:  192.168.16.2
>
> > set debug
> > microsoft.com
> Server:  server.MyCompanyName.local
> Address:  192.168.16.2
>
> ------------
> Got answer:
>     HEADER:
>         opcode = QUERY, id = 2, rcode = NXDOMAIN
>         header flags:  response, auth. answer, want recursion, recursion
> avail
>         questions = 1,  answers = 0,  authority records = 1,  additional =
0
>
>     QUESTIONS:
>         microsoft.com.MyCompanyName.local, type = A, class = IN
>     AUTHORITY RECORDS:
>     ->  MyCompanyName.local
>         ttl = 3600 (1 hour)
>         primary name server = server.MyCompanyName.local
>         responsible mail addr = hostmaster
>         serial  = 235
>         refresh = 900 (15 mins)
>         retry   = 600 (10 mins)
>         expire  = 86400 (1 day)
>         default TTL = 3600 (1 hour)
>
> ------------
> ------------
> Got answer:
>     HEADER:
>         opcode = QUERY, id = 3, rcode = NOERROR
>         header flags:  response, want recursion, recursion avail.
>         questions = 1,  answers = 2,  authority records = 0,  additional =
0
>
>     QUESTIONS:
>         microsoft.com, type = A, class = IN
>     ANSWERS:
>     ->  microsoft.com
>         internet address = 207.46.245.214
>         ttl = 1503 (25 mins 3 secs)
>     ->  microsoft.com
>         internet address = 207.46.245.222
>         ttl = 1503 (25 mins 3 secs)
>
> ------------
> Non-authoritative answer:
> Name:    microsoft.com
> Addresses:  207.46.245.214, 207.46.245.222
>
>

Relevant Pages

  • Re: queues problem Please help ASAP
    ... >> DNS query for internal DNS ... >>configure relay to be blocked from open relay ... >>The remote server did not respond to a connection attempt. ... > server to use the AD to verify the address on the inbound mail is ...
    (microsoft.public.exchange.admin)
  • Re: ISA Server cannot access www.microsoft.com
    ... might have something to do with a Cisco router? ... this server worked fine in our office through our ... The internet connection was through a new cisco 327 adsl ... >> 828263 DNS query responses do not travel through a firewall in Windows ...
    (microsoft.public.backoffice.smallbiz)
  • Re: HELP! Namer Server Times Out
    ... nadya posted their thoughts, ... > server - the primary name server is behind the same ... 828731 - An External DNS Query May Cause an Error Message in Windows Server ...
    (microsoft.public.win2000.dns)
  • SBS2003 ISA Server cannot access www.microsoft.com
    ... 828731 An External DNS Query May Cause an Error Message ... in Windows Server ... >If I disconnect the server and plug a laptop straight ... recursion, recursion ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 Premium download problems
    ... 828731 An External DNS Query May Cause an Error Message in Windows Server ... Microsoft SBS-MVP "Karl Middleton" schreef in bericht ... The server has a pair of Realtek 8139 NICs in it. ... Again, no problems> downloading. ...
    (microsoft.public.windows.server.sbs)