I have been working on a DNS issue and need some more , but the
discussion on the last thread died. You can see it here:

http://groups.google.com/group/micro...288185b01f7eed

Recently I have been having problems accessing the Internet from
clients and the server on my SBS 2003 network. The Internet was
working well until about 6 weeks ago, when it suddenly started having
problems. Many websites are not found when the web address is typed
into IE. I am able to resolve all internal sites without problems.
Initially I thought I was having trouble with my old DSL modem, but
this was replaced with a new one and the issue has continued.

I have uninstalled and reinstalled the DNS on the SBS 2003 server and
this ed somewhat. I can now get some web sites but most do not
come up. Interestingly, I can go to Google, do a search for the
website I want and open some sites through the Google link without
problem,
except for being a little slow to start loading the page.

The forwarders are configured properly.

When I connected my laptop computer directly to the DSL modem, I had
no problems going to any website and there was no delay in loading
pages.

I cannot think of anything that has changed with my network other than
the fact that I recently accessed my server from home using Remote
Desktop over my Watchguard Firebox VPN connection. This was the first
time I had done this since setting up the network. I am not sure about
the timing between doing this and having the Internet problems because
I usually do not use the network (it is in my wife's office).

Current IPconfig for the server:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ADHMSVR
Primary Dns Suffix . . . . . . . : adhm.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : adhm.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-12-3F-7E-CB-92
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.100
Primary WINS Server . . . . . . . : 192.168.16.100

Client IPconfig:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\dpurselle>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ADHM1
Primary Dns Suffix . . . . . . . : adhm.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : adhm.local
adhm.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : adhm.local
Description . . . . . . . . . . . : Broadcom 440x 10/100
Integrated Controller
Physical Address. . . . . . . . . : 00-0B-DB-CD-E3-C8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.100
DHCP Server . . . . . . . . . . . : 192.168.16.100
DNS Servers . . . . . . . . . . . : 192.168.16.100
Primary WINS Server . . . . . . . : 192.168.16.100
Lease Obtained. . . . . . . . . . : Saturday, January 05, 2008
9:10:39 AM
Lease Expires . . . . . . . . . . : Sunday, January 13, 2008
9:10:39 AM

In news:c392d13a-0426-42bf-a40a-1d429f124567@t1g2000pra.googlegroups.com,
Dave <atldave32@aol.com> typed:
> I have been working on a DNS issue and need some more , but the
> discussion on the last thread died. You can see it here:
>
> http://groups.google.com/group/micro...288185b01f7eed
>
> Recently I have been having problems accessing the Internet from
> clients and the server on my SBS 2003 network. The Internet was
> working well until about 6 weeks ago, when it suddenly started having
> problems. Many websites are not found when the web address is typed
> into IE. I am able to resolve all internal sites without problems.
> Initially I thought I was having trouble with my old DSL modem, but
> this was replaced with a new one and the issue has continued.
>
> I have uninstalled and reinstalled the DNS on the SBS 2003 server and
> this ed somewhat. I can now get some web sites but most do not
> come up. Interestingly, I can go to Google, do a search for the
> website I want and open some sites through the Google link without
> problem,
> except for being a little slow to start loading the page.
>
> The forwarders are configured properly.
>
> When I connected my laptop computer directly to the DSL modem, I had
> no problems going to any website and there was no delay in loading
> pages.
>
> I cannot think of anything that has changed with my network other than
> the fact that I recently accessed my server from home using Remote
> Desktop over my Watchguard Firebox VPN connection. This was the first
> time I had done this since setting up the network. I am not sure about
> the timing between doing this and having the Internet problems because
> I usually do not use the network (it is in my wife's office).
>
<snip>

DSL? What type of DSL? ADSL or SDSL? If ADSL it's more than likely an MTU
issue. Known issue with ADSL not able to connect to certain domains. Here
are ways to test it. Just don't change anything in the reg just yet. Also if
ADSL, configure the modem to stay always ON. If not, this can cause other
issues.

How do I find my optimum MTU setting AT&T Southeast Forum FAQ -
dslreports.com:
http://www.dslreports.com/faq/5793

MTU Ping Test:
http://.expedient.com/broadband/mtu_ping_test.shtml

Optimal MTU configuration for PPPoE ASDL Connections:
http://www.mynetwatchman.com/kb/ADSL/pppoemtu.htm

Troubleshooting MTU Size in PPPoE Dialin Connectivity-ADSL - Cisco ...:
http://www.cisco.com/en/US/tech/tk17...80093bc7.shtml



Does the Watchguard support EDNS0?

Testing Firewalls for IPv6 and EDNS0 Support (or just call Watchguard's
support line)
http://www.icann.org/committees/security/sac016.htm

Cannot send mail to certain domains (an MTU and EDNS0 issue):
http://forums.msexchange.org/m_18003..._7/key_/tm.htm

I see in the previous thread you had a multihomed DC. Good you changed it to
single homes and staying away from multihoming.

Some third party security software, unless you have an increased sec pol in
place, will also cause similar problems.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

In message <uI#KoZkXIHA.484@TK2MSFTNGP06.phx.gbl> "Ace Fekay [MVP]"
<PleaseAskMe@SomeDomain.com> wrote:

>DSL? What type of DSL? ADSL or SDSL? If ADSL it's more than likely an MTU
>issue.

MTU has nothing to do with ADSL vs SDSL. Rather, it's PPPoE which
causes MTU issues.

In news:tvagp3po0bptfpu0bkj276olltm880vcl4@4ax.com,
DevilsPGD <spam_narf_spam@crazyhat.net> typed:
> In message <uI#KoZkXIHA.484@TK2MSFTNGP06.phx.gbl> "Ace Fekay [MVP]"
> <PleaseAskMe@SomeDomain.com> wrote:
>
> > DSL? What type of DSL? ADSL or SDSL? If ADSL it's more than likely
> > an MTU issue.
>
> MTU has nothing to do with ADSL vs SDSL. Rather, it's PPPoE which
> causes MTU issues.

That's what I stated.

I never said anywhere in my post that SDSL causes MTU issues, only ADSL.

ADSL is synonymous with PPPoE and PPPoE has the 8 byte overhead the robs it
from the default MTU of 1500 causing issues. Read the links. Re-read my
post.

Ace

In message <#uKxhDxXIHA.1208@TK2MSFTNGP05.phx.gbl> "Ace Fekay [MVP]"
<PleaseAskMe@SomeDomain.com> wrote:

>In news:tvagp3po0bptfpu0bkj276olltm880vcl4@4ax.com,
>DevilsPGD <spam_narf_spam@crazyhat.net> typed:
>> In message <uI#KoZkXIHA.484@TK2MSFTNGP06.phx.gbl> "Ace Fekay [MVP]"
>> <PleaseAskMe@SomeDomain.com> wrote:
>>
>> > DSL? What type of DSL? ADSL or SDSL? If ADSL it's more than likely
>> > an MTU issue.
>>
>> MTU has nothing to do with ADSL vs SDSL. Rather, it's PPPoE which
>> causes MTU issues.
>
>That's what I stated.
>
>I never said anywhere in my post that SDSL causes MTU issues, only ADSL.

ADSL does *not* cause MTU issues. PPPoE does. Not all ADSL providers
force PPPoE down your throat.

Thanks for the information above. After doing the above tasks,
adjusting the MTU a bit, and still having no success, I added 2
additional AT&T DNS servers besides the ones they told me to use. This
fixed my problem.

In news:pf1kp31vi1bc8bhdqjjn2k2hom4or933pu@4ax.com,
DevilsPGD <spam_narf_spam@crazyhat.net> typed:

> ADSL does *not* cause MTU issues. PPPoE does. Not all ADSL providers
> force PPPoE down your throat.

I said ADSL is synomous with PPPoE. I have not yet heard of ADSL being
offered without it. Therefore using logical deduction, ADSL, because of
PPPoE, causes MTU issues.

And as far as your throat comment, I'm kind of surprised after all the
I've offered you in the past. We're professionals, at least I thought as
much.

Ace

In message <uPKau49XIHA.1168@TK2MSFTNGP02.phx.gbl> "Ace Fekay [MVP]"
<PleaseAskMe@SomeDomain.com> wrote:

>In news:pf1kp31vi1bc8bhdqjjn2k2hom4or933pu@4ax.com,
>DevilsPGD <spam_narf_spam@crazyhat.net> typed:
>
>> ADSL does *not* cause MTU issues. PPPoE does. Not all ADSL providers
>> force PPPoE down your throat.
>
>I said ADSL is synomous with PPPoE. I have not yet heard of ADSL being
>offered without it. Therefore using logical deduction, ADSL, because of
>PPPoE, causes MTU issues.

TELUS, Nucleus, Radiant, and half a dozen smaller companies in Western
Canada, to bring up a few examples. I'm confident that there are
others, but since I have never attempted to order ADSL elsewhere, I
can't speak to any personally. There definitely used to be one in LA
though, as I had a friend down there that moaned about how much more he
paid and that he "couldn't" change to a cheap ISP because they used
PPPoE, his did not.

I worked for a company based in the late 90s and earlier parts of this
decade which deployed four different ADSL technologies, three of which
existed before the local telco offered any form of ADSL (so we did not
simply wholesale DSL ports, we used telco dry copper loops, or in some
cases, ran our own copper out), and at no time did we ever deploy PPPoE.

>And as far as your throat comment, I'm kind of surprised after all the
>I've offered you in the past. We're professionals, at least I thought as
>much.

The annoyance wasn't addressed at you, but rather, the providers who
force PPPoE upon their customers, despite it's technical limitations and
general hassle. It wasn't intended as any form of personal attack, and
I apologize for any offense.

Personally, I consider the smaller packet size to be a design flaw,
given that had jumbo-packets been supported in the original spec, before
hardware deployments began, the PPPoE overhead could have been a
non-issue.

In news:ipllp3pn4iasvd6kvd0e49dvvdihdklmum@4ax.com,
DevilsPGD <spam_narf_spam@crazyhat.net> typed:
> In message <uPKau49XIHA.1168@TK2MSFTNGP02.phx.gbl> "Ace Fekay [MVP]"
> <PleaseAskMe@SomeDomain.com> wrote:
>
> > In news:pf1kp31vi1bc8bhdqjjn2k2hom4or933pu@4ax.com,
> > DevilsPGD <spam_narf_spam@crazyhat.net> typed:
> >
> > > ADSL does *not* cause MTU issues. PPPoE does. Not all ADSL
> > > providers force PPPoE down your throat.
> >
> > I said ADSL is synomous with PPPoE. I have not yet heard of ADSL
> > being offered without it. Therefore using logical deduction, ADSL,
> > because of PPPoE, causes MTU issues.
>
> TELUS, Nucleus, Radiant, and half a dozen smaller companies in Western
> Canada, to bring up a few examples. I'm confident that there are
> others, but since I have never attempted to order ADSL elsewhere, I
> can't speak to any personally. There definitely used to be one in LA
> though, as I had a friend down there that moaned about how much more
> he paid and that he "couldn't" change to a cheap ISP because they used
> PPPoE, his did not.
>
> I worked for a company based in the late 90s and earlier parts of this
> decade which deployed four different ADSL technologies, three of which
> existed before the local telco offered any form of ADSL (so we did not
> simply wholesale DSL ports, we used telco dry copper loops, or in some
> cases, ran our own copper out), and at no time did we ever deploy
> PPPoE.
>
> > And as far as your throat comment, I'm kind of surprised after all
> > the I've offered you in the past. We're professionals, at
> > least I thought as much.
>
> The annoyance wasn't addressed at you, but rather, the providers who
> force PPPoE upon their customers, despite it's technical limitations
> and general hassle. It wasn't intended as any form of personal
> attack, and I apologize for any offense.
>
> Personally, I consider the smaller packet size to be a design flaw,
> given that had jumbo-packets been supported in the original spec,
> before hardware deployments began, the PPPoE overhead could have been
> a non-issue.

Good explanation on how some carriers offer different provisioning. I would
assume PPPoE is cheaper, but more that the limited packet size of the layer
2 standard limited what they could do with it. So I see what you mean about
the limited packet size design could be looked at as a design flaw. I guess
they had no insight for expansion. So the PPPoE folks didn't have much
choice other than to stick to the layer 2 standard trying to come up with
something other than cable for increased broadband speeds by the demanding
public.

I thought that it was addressed to me. Yesterday was a long day. I apologize
for the assumption. :-)

Cheers!

Read inline please.

In news:859447ef-08a9-48d9-ad1f-176ee88ea5b4@q39g2000hsf.googlegroups.com,
Dave <atldave32@aol.com> typed:
> Thanks for the information above. After doing the above tasks,
> adjusting the MTU a bit, and still having no success, I added 2
> additional AT&T DNS servers besides the ones they told me to use. This
> fixed my problem.

I don't see how adding any DNS server fixed your issue, the problem is in
your default gateways on your clients. You have the SBS as the Default
gateway, when you need the router as the default gateway.

Server:
IP Address. . . . . . . . . . . . : 192.168.16.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1<----------------
DNS Servers . . . . . . . . . . . : 192.168.16.100
Primary WINS Server . . . . . . . : 192.168.16.100

Clients:
IP Address. . . . . . . . . . . . : 192.168.16.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.100<------------
DHCP Server . . . . . . . . . . . : 192.168.16.100
DNS Servers . . . . . . . . . . . : 192.168.16.100
Primary WINS Server . . . . . . . : 192.168.16.100



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

In news:eEVU12VYIHA.4880@TK2MSFTNGP03.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> typed:

> I don't see how adding any DNS server fixed your issue, the problem
> is in your default gateways on your clients. You have the SBS as the
> Default gateway, when you need the router as the default gateway.
>
> Server:
> IP Address. . . . . . . . . . . . : 192.168.16.100
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.16.1<----------------
> DNS Servers . . . . . . . . . . . : 192.168.16.100
> Primary WINS Server . . . . . . . : 192.168.16.100
>
> Clients:
> IP Address. . . . . . . . . . . . : 192.168.16.9
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.16.100<------------
> DHCP Server . . . . . . . . . . . : 192.168.16.100
> DNS Servers . . . . . . . . . . . : 192.168.16.100
> Primary WINS Server . . . . . . . : 192.168.16.100

Didn't even catch that. Good eye, Kevin.

So apparently something did change 6 weeks ago in DHCP Options.

Ace

Read inline please.

In news:OmMEaZWYIHA.5912@TK2MSFTNGP06.phx.gbl,
Ace Fekay [MVP] <PleaseAskMe@SomeDomain.com> typed:
> In news:eEVU12VYIHA.4880@TK2MSFTNGP03.phx.gbl,
> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> typed:
>
>> I don't see how adding any DNS server fixed your issue, the problem
>> is in your default gateways on your clients. You have the SBS as the
>> Default gateway, when you need the router as the default gateway.
>>
>> Server:
>> IP Address. . . . . . . . . . . . : 192.168.16.100
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.16.1<----------------
>> DNS Servers . . . . . . . . . . . : 192.168.16.100
>> Primary WINS Server . . . . . . . : 192.168.16.100
>>
>> Clients:
>> IP Address. . . . . . . . . . . . : 192.168.16.9
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> 192.168.16.100<------------ DHCP Server . . . . . . . . . . .
>> : 192.168.16.100 DNS Servers . . . . . . . . . . . :
>> 192.168.16.100 Primary WINS Server . . . . . . . :
>> 192.168.16.100
>
> Didn't even catch that. Good eye, Kevin.
>
> So apparently something did change 6 weeks ago in DHCP Options.
>
> Ace

I think this is the one that was previously multi-homed with both NICs on
the same subnet.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

In news:%23CsBrWcYIHA.1204@TK2MSFTNGP03.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> typed:
> I think this is the one that was previously multi-homed with both
> NICs on the same subnet.

So the 16.1 gateway is probably from the disabled NIC and forgot to change
it.

Ace

Read inline please.

In news:uJ4muDnYIHA.3400@TK2MSFTNGP03.phx.gbl,
Ace Fekay [MVP] <PleaseAskMe@SomeDomain.com> typed:
> In news:%23CsBrWcYIHA.1204@TK2MSFTNGP03.phx.gbl,
> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> typed:
>> I think this is the one that was previously multi-homed with both
>> NICs on the same subnet.
>
> So the 16.1 gateway is probably from the disabled NIC and forgot to
> change it.
>
> Ace

Here is the original ipconfig from his previous thread:
Trouble accessing internet on SBS 2003 network,
My reponse then was to disable the 192.168.16.100 NIC, and put the router's
IP in for the Default Gateway.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ADHMSVR
Primary Dns Suffix . . . . . . . : adhm.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : adhm.local

Ethernet adapter WAN:

Connection-specific DNS Suffix . : adhm.local
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-48-54-85-65-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.13
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DHCP Server . . . . . . . . . . . : 192.168.16.100
DNS Servers . . . . . . . . . . . : 192.168.16.100
Primary WINS Server . . . . . . . : 192.168.16.100
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : Friday, January 04, 2008
10:55:39 AM
Lease Expires . . . . . . . . . . : Saturday, January 12, 2008
10:55:39 AM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-12-3F-7E-CB-92
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.100
Primary WINS Server . . . . . . . : 192.168.16.100


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

In news:%23bB3oopYIHA.5348@TK2MSFTNGP03.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> typed:

> Here is the original ipconfig from his previous thread:
> Trouble accessing internet on SBS 2003 network,
> My reponse then was to disable the 192.168.16.100 NIC, and put the
> router's IP in for the Default Gateway.

That looks familiar. Well, he knows what to do now.

Ace