IE Routing Problem

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

After booting their machines, users on our network can open Internet
Explorer and browse. After a few minutes, of browsing, however, they get
the "Can't find page..." screen. When tested from each user's machine,
Pinging/Tracing works fine, whether going by IP address or domain name (for
that matter, Outlook Express, which is pointing to a public news server,
always works fine too). Our small network is a Win2000 Domain, with the
Domain Server also serving as the DNS Server for the local machines.

Can anybody give me some guidance in how to troubleshoot this issue? Since
packets seem to be getting routed properly (pinging.tracing works fine), I
am at a loss as to where to look for further info on this problem.

Thanks for any help!

Dan
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:SGfNc.40$2w2.86014@news.uswest.net,
DDJ <johnson@milehi.com> posted a question
Then Kevin replied below:
> After booting their machines, users on our network can
> open Internet Explorer and browse. After a few minutes,
> of browsing, however, they get the "Can't find page..."
> screen. When tested from each user's machine,
> Pinging/Tracing works fine, whether going by IP address
> or domain name (for that matter, Outlook Express, which
> is pointing to a public news server, always works fine
> too). Our small network is a Win2000 Domain, with the
> Domain Server also serving as the DNS Server for the
> local machines.
>
> Can anybody give me some guidance in how to troubleshoot
> this issue? Since packets seem to be getting routed
> properly (pinging.tracing works fine), I am at a loss as
> to where to look for further info on this problem.

Are your clients using only the DC for DNS?

An ipconfig /all could be of help.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

Yes, they are using only the DC. I checked that...all values are correct
and consistent with the settings that have always been in place. That's why
I am thinking (along with the fact that all other routing using ping, etc
seems to be working) that this must have something to do with DNS settings
at the server level???


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eKdiBU2cEHA.2236@TK2MSFTNGP10.phx.gbl...
> In news:SGfNc.40$2w2.86014@news.uswest.net,
> DDJ <johnson@milehi.com> posted a question
> Then Kevin replied below:
> > After booting their machines, users on our network can
> > open Internet Explorer and browse. After a few minutes,
> > of browsing, however, they get the "Can't find page..."
> > screen. When tested from each user's machine,
> > Pinging/Tracing works fine, whether going by IP address
> > or domain name (for that matter, Outlook Express, which
> > is pointing to a public news server, always works fine
> > too). Our small network is a Win2000 Domain, with the
> > Domain Server also serving as the DNS Server for the
> > local machines.
> >
> > Can anybody give me some guidance in how to troubleshoot
> > this issue? Since packets seem to be getting routed
> > properly (pinging.tracing works fine), I am at a loss as
> > to where to look for further info on this problem.
>
> Are your clients using only the DC for DNS?
>
> An ipconfig /all could be of help.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your
> issue. To respond directly to me remove the nospam. from my
> email. ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:_rkNc.70$2w2.136612@news.uswest.net,
DDJ <johnson@milehi.com> posted a question
Then Kevin replied below:
> Yes, they are using only the DC. I checked that...all
> values are correct and consistent with the settings that
> have always been in place. That's why I am thinking
> (along with the fact that all other routing using ping,
> etc seems to be working) that this must have something to
> do with DNS settings at the server level???

I don't know I cannot see how DNS is configured, you don't say if DNS
resolves with nslookup, dig or netdig.
You didn't say what it has configured as its forwarder, if any. Where is the
ipconfig /all I asked for?
I don't have a clue and you haven't given one, other that it just quits
browsing. That can cover a lot of ground, I don't know if it is DNS or not I
have not ruled it out, yet. But, from what I've gather so for it is not DNS,
unless it is stuck in a forwarding loop. Does it forward to the router?
What does the router forward to?



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

Let me try to answer your questions as follows:

No problem getting the IP address for various public domains using nslookup.
As mentioned previously, ping, traceit, etc. all seem to have no problems
from the effected machines...we just can't browse after a few minutes.

Don't know what dig or netdig is.

Here is the results from an ipconfig /all on one of the boxes that isn't
working:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : mybox
Primary DNS Suffix . . . . . . . : DDJ.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DDJ.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(Ethernet
Adapter)
Physical Address. . . . . . . . . : 00-E0-18-CE-AD-2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.186
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DNS Servers . . . . . . . . . . . : 192.168.168.187

Basic configuration:

Each box is pointed to a firewall as the gateway (192.168.168.1) and to the
DC as the DNS Server (192.168.168.187). The DC points to the ISP-provided
two DNS servers. The common firewall gateway (192.168.168.1) forwards to
the router (192.168.168.2) which forwards to the ISP's router.

Please let me know if this isn't what you were looking for. Thanks for your
persistence!

Dan

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OkaoLM5cEHA.3944@tk2msftngp13.phx.gbl...
> In news:_rkNc.70$2w2.136612@news.uswest.net,
> DDJ <johnson@milehi.com> posted a question
> Then Kevin replied below:
> > Yes, they are using only the DC. I checked that...all
> > values are correct and consistent with the settings that
> > have always been in place. That's why I am thinking
> > (along with the fact that all other routing using ping,
> > etc seems to be working) that this must have something to
> > do with DNS settings at the server level???
>
> I don't know I cannot see how DNS is configured, you don't say if DNS
> resolves with nslookup, dig or netdig.
> You didn't say what it has configured as its forwarder, if any. Where is
the
> ipconfig /all I asked for?
> I don't have a clue and you haven't given one, other that it just quits
> browsing. That can cover a lot of ground, I don't know if it is DNS or not
I
> have not ruled it out, yet. But, from what I've gather so for it is not
DNS,
> unless it is stuck in a forwarding loop. Does it forward to the router?
> What does the router forward to?
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your
> issue. To respond directly to me remove the nospam. from my
> email. ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:NnBNc.61$%O5.7547@news.uswest.net,
DDJ <johnson@milehi.com> posted a question
Then Kevin replied below:
> Let me try to answer your questions as follows:
>
> No problem getting the IP address for various public
> domains using nslookup. As mentioned previously, ping,
> traceit, etc. all seem to have no problems from the
> effected machines...we just can't browse after a few
> minutes.
>
> Don't know what dig or netdig is.
>
> Here is the results from an ipconfig /all on one of the
> boxes that isn't working:
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : mybox
> Primary DNS Suffix . . . . . . . : DDJ.local
> Node Type . . . . . . . . . . . . : Broadcast
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : DDJ.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Realtek
> RTL8139(Ethernet Adapter)
> Physical Address. . . . . . . . . :
> 00-E0-18-CE-AD-2 DHCP Enabled. . . . . . . . . .
> . : No IP Address. . . . . . . . . . . . :
> 192.168.168.186 Subnet Mask . . . . . . . . . . .
> : 255.255.255.0 Default Gateway . . . . . . . . .
> : 192.168.168.1 DNS Servers . . . . . . . . . . .
> : 192.168.168.187
>
> Basic configuration:
>
> Each box is pointed to a firewall as the gateway
> (192.168.168.1) and to the DC as the DNS Server
> (192.168.168.187). The DC points to the ISP-provided two
> DNS servers. The common firewall gateway (192.168.168.1)
> forwards to the router (192.168.168.2) which forwards to
> the ISP's router.

Let me get this straight, the DC is pointing to your ISP's DNS in its NIC?

Major problem, you cannot use any DNS other than the DNS server that has the
AD domain zone in any position on any domain member . The DC is a member,
too. Remove the ISP's DNS from the NIC and configuire them only as
forwarders in the DNS service properties.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

OK. I removed the ISP's DNS from the NIC (and replaced with the IP of the
DC, which is the DNS Server for the domain). Also, I checked DNS service
properties and the ISP's DNS are listed there as forwarders (didn't need to
change).

However, this didn't solve the problem from the other boxes on the network.
Any other thoughts? Or do you need some other info?

Thanks!

Dan

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OtEC8XDdEHA.3864@TK2MSFTNGP10.phx.gbl...
> In news:NnBNc.61$%O5.7547@news.uswest.net,
> DDJ <johnson@milehi.com> posted a question
> Then Kevin replied below:
> > Let me try to answer your questions as follows:
> >
> > No problem getting the IP address for various public
> > domains using nslookup. As mentioned previously, ping,
> > traceit, etc. all seem to have no problems from the
> > effected machines...we just can't browse after a few
> > minutes.
> >
> > Don't know what dig or netdig is.
> >
> > Here is the results from an ipconfig /all on one of the
> > boxes that isn't working:
> >
> > Windows 2000 IP Configuration
> >
> > Host Name . . . . . . . . . . . . : mybox
> > Primary DNS Suffix . . . . . . . : DDJ.local
> > Node Type . . . . . . . . . . . . : Broadcast
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : DDJ.local
> >
> > Ethernet adapter Local Area Connection:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Realtek
> > RTL8139(Ethernet Adapter)
> > Physical Address. . . . . . . . . :
> > 00-E0-18-CE-AD-2 DHCP Enabled. . . . . . . . . .
> > . : No IP Address. . . . . . . . . . . . :
> > 192.168.168.186 Subnet Mask . . . . . . . . . . .
> > : 255.255.255.0 Default Gateway . . . . . . . . .
> > : 192.168.168.1 DNS Servers . . . . . . . . . . .
> > : 192.168.168.187
> >
> > Basic configuration:
> >
> > Each box is pointed to a firewall as the gateway
> > (192.168.168.1) and to the DC as the DNS Server
> > (192.168.168.187). The DC points to the ISP-provided two
> > DNS servers. The common firewall gateway (192.168.168.1)
> > forwards to the router (192.168.168.2) which forwards to
> > the ISP's router.
>
> Let me get this straight, the DC is pointing to your ISP's DNS in its NIC?
>
> Major problem, you cannot use any DNS other than the DNS server that has
the
> AD domain zone in any position on any domain member . The DC is a member,
> too. Remove the ISP's DNS from the NIC and configuire them only as
> forwarders in the DNS service properties.
>
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your
> issue. To respond directly to me remove the nospam. from my
> email. ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:OtEC8XDdEHA.3864@TK2MSFTNGP10.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> asked for help and I
offered my suggestions below:
<snip>
>> Basic configuration:
>>
>> Each box is pointed to a firewall as the gateway
>> (192.168.168.1) and to the DC as the DNS Server
>> (192.168.168.187). The DC points to the ISP-provided two
>> DNS servers. The common firewall gateway (192.168.168.1)
>> forwards to the router (192.168.168.2) which forwards to
>> the ISP's router.
>
> Let me get this straight, the DC is pointing to your ISP's DNS in its
> NIC?
>
> Major problem, you cannot use any DNS other than the DNS server that
> has the AD domain zone in any position on any domain member . The DC
> is a member, too. Remove the ISP's DNS from the NIC and configuire
> them only as forwarders in the DNS service properties.

Do you think he means "forwarded" to the ISP's DNS, and that the DCs are
actually only pointing to themselves for DNS (as required)?

If so, this might be an MTU issue or a firewall issue. Curious what rules
are in there? I'm not sure how the firewall which has a 192.168.168.1
address with the other NIC on the same segment, unless he's using OpenBSD
firewall in bridge mode where the packets are just arped across the
interfaces. I had that setup once before and works nicely, but never had any
issues with browser or name resolution. Maybe even its just that UDP 53 is
blocked.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:bXENc.93$%O5.9427@news.uswest.net,
DDJ <johnson@milehi.com> asked for help and I offered my suggestions below:
> OK. I removed the ISP's DNS from the NIC (and replaced with the IP
> of the DC, which is the DNS Server for the domain). Also, I checked
> DNS service properties and the ISP's DNS are listed there as
> forwarders (didn't need to change).
>
> However, this didn't solve the problem from the other boxes on the
> network. Any other thoughts? Or do you need some other info?
>
> Thanks!
>
> Dan
>

If I may jump in, after you removed the ISP's DNS, I assume that the client
machines do not have the ISP's DNS in there as well and they were removed?

After you changed that on the DC/DNS, restart the DNS service, then run a
netdiag /v /fix. Then goto one of the machines on your domain, provided that
the ISPs addresses have been removed, and clear the client side cache with
an:
ipconfig /flushdns

Then open a new browser and try it again.

Also, let us know if you can ping www.yahoo.com.
Also, run nslookup for us:

nslookup (hit enter)
> aol.com
(results show up here)

then try:

> yahoo.com
(results show up here)



Then I would like you to try one more thing:

nslookup (hit enter)
> set vc (hit enter)
> aol.com (hit enter)
(results show up here)

then

> yahoo.com (hit enter)
(results show up here)

Then paste the results for us please.

Thanks

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

The client machines did NOT have the ISP's DNS listed (they are all pointed
to the DC for DNS)

I restarted DNS on the DC, ran netdiag /v /fix, went to one of the machines
on the domain that wasn't working and ran ipconfig /flushdns. Opened a
browser, still didn't work.

See below for the info you requested...let me know if this isn't what you
wanted.

C:\>ping www.yahoo.com

Pinging www.yahoo.akadns.net [66.94.230.52] with 32 bytes of data:

Reply from 66.94.230.52: bytes=32 time=110ms TTL=51
Reply from 66.94.230.52: bytes=32 time=100ms TTL=51
Reply from 66.94.230.52: bytes=32 time=100ms TTL=51
Reply from 66.94.230.52: bytes=32 time=100ms TTL=51

Ping statistics for 66.94.230.52:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 100ms, Maximum = 110ms, Average = 102ms

C:\>nslookup
*** Can't find server name for address 192.168.168.187: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.168.187

> aol.com
Server: UnKnown
Address: 192.168.168.187

Non-authoritative answer:
Name: aol.com
Addresses: 149.174.130.216, 205.188.145.213, 64.12.187.24

> yahoo.com
Server: UnKnown
Address: 192.168.168.187

Non-authoritative answer:
Name: yahoo.com
Addresses: 216.109.124.73, 66.94.234.13, 66.94.231.98, 66.94.231.99
216.109.124.72

> nslookup
Server: UnKnown
Address: 192.168.168.187

*** UnKnown can't find nslookup: Non-existent domain
> set vc
> aol.com
Server: UnKnown
Address: 192.168.168.187

Non-authoritative answer:
Name: aol.com
Addresses: 149.174.130.216, 205.188.145.213, 64.12.187.24

> yahoo.com
Server: UnKnown
Address: 192.168.168.187

Non-authoritative answer:
Name: yahoo.com
Addresses: 216.109.124.73, 66.94.234.13, 66.94.231.98, 66.94.231.99
216.109.124.72

>

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:e49yXgFdEHA.3892@TK2MSFTNGP11.phx.gbl...
> In news:bXENc.93$%O5.9427@news.uswest.net,
> DDJ <johnson@milehi.com> asked for help and I offered my suggestions
below:
> > OK. I removed the ISP's DNS from the NIC (and replaced with the IP
> > of the DC, which is the DNS Server for the domain). Also, I checked
> > DNS service properties and the ISP's DNS are listed there as
> > forwarders (didn't need to change).
> >
> > However, this didn't solve the problem from the other boxes on the
> > network. Any other thoughts? Or do you need some other info?
> >
> > Thanks!
> >
> > Dan
> >
>
> If I may jump in, after you removed the ISP's DNS, I assume that the
client
> machines do not have the ISP's DNS in there as well and they were removed?
>
> After you changed that on the DC/DNS, restart the DNS service, then run a
> netdiag /v /fix. Then goto one of the machines on your domain, provided
that
> the ISPs addresses have been removed, and clear the client side cache with
> an:
> ipconfig /flushdns
>
> Then open a new browser and try it again.
>
> Also, let us know if you can ping www.yahoo.com.
> Also, run nslookup for us:
>
> nslookup (hit enter)
> > aol.com
> (results show up here)
>
> then try:
>
> > yahoo.com
> (results show up here)
>
>
>
> Then I would like you to try one more thing:
>
> nslookup (hit enter)
> > set vc (hit enter)
> > aol.com (hit enter)
> (results show up here)
>
> then
>
> > yahoo.com (hit enter)
> (results show up here)
>
> Then paste the results for us please.
>
> Thanks
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

Also, FYI...

I was wondering about the response after entering nslookup, then Enter, so I
rebooted the client box and ran the same command again and got the following
response:

C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.168.187: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.168.187

Since 192.168.168.187 is the DC and DNS Server, I know this means something
is wrong, but not what is wrong. Does this help in your analysis?
(interestingly, when I opened the browser after writing the above, it worked
fine the 1st, 2nd and 3rd time I opened it, but then failed on the 4th try).

Thanks!

"DDJ" <johnson@milehi.com> wrote in message
news:AMONc.1418$qo6.948@news.uswest.net...
> The client machines did NOT have the ISP's DNS listed (they are all
pointed
> to the DC for DNS)
>
> I restarted DNS on the DC, ran netdiag /v /fix, went to one of the
machines
> on the domain that wasn't working and ran ipconfig /flushdns. Opened a
> browser, still didn't work.
>
> See below for the info you requested...let me know if this isn't what you
> wanted.
>
> C:\>ping www.yahoo.com
>
> Pinging www.yahoo.akadns.net [66.94.230.52] with 32 bytes of data:
>
> Reply from 66.94.230.52: bytes=32 time=110ms TTL=51
> Reply from 66.94.230.52: bytes=32 time=100ms TTL=51
> Reply from 66.94.230.52: bytes=32 time=100ms TTL=51
> Reply from 66.94.230.52: bytes=32 time=100ms TTL=51
>
> Ping statistics for 66.94.230.52:
> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 100ms, Maximum = 110ms, Average = 102ms
>
> C:\>nslookup
> *** Can't find server name for address 192.168.168.187: Non-existent
domain
> *** Default servers are not available
> Default Server: UnKnown
> Address: 192.168.168.187
>
> > aol.com
> Server: UnKnown
> Address: 192.168.168.187
>
> Non-authoritative answer:
> Name: aol.com
> Addresses: 149.174.130.216, 205.188.145.213, 64.12.187.24
>
> > yahoo.com
> Server: UnKnown
> Address: 192.168.168.187
>
> Non-authoritative answer:
> Name: yahoo.com
> Addresses: 216.109.124.73, 66.94.234.13, 66.94.231.98, 66.94.231.99
> 216.109.124.72
>
> > nslookup
> Server: UnKnown
> Address: 192.168.168.187
>
> *** UnKnown can't find nslookup: Non-existent domain
> > set vc
> > aol.com
> Server: UnKnown
> Address: 192.168.168.187
>
> Non-authoritative answer:
> Name: aol.com
> Addresses: 149.174.130.216, 205.188.145.213, 64.12.187.24
>
> > yahoo.com
> Server: UnKnown
> Address: 192.168.168.187
>
> Non-authoritative answer:
> Name: yahoo.com
> Addresses: 216.109.124.73, 66.94.234.13, 66.94.231.98, 66.94.231.99
> 216.109.124.72
>
> >
>
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
> message news:e49yXgFdEHA.3892@TK2MSFTNGP11.phx.gbl...
> > In news:bXENc.93$%O5.9427@news.uswest.net,
> > DDJ <johnson@milehi.com> asked for help and I offered my suggestions
> below:
> > > OK. I removed the ISP's DNS from the NIC (and replaced with the IP
> > > of the DC, which is the DNS Server for the domain). Also, I checked
> > > DNS service properties and the ISP's DNS are listed there as
> > > forwarders (didn't need to change).
> > >
> > > However, this didn't solve the problem from the other boxes on the
> > > network. Any other thoughts? Or do you need some other info?
> > >
> > > Thanks!
> > >
> > > Dan
> > >
> >
> > If I may jump in, after you removed the ISP's DNS, I assume that the
> client
> > machines do not have the ISP's DNS in there as well and they were
removed?
> >
> > After you changed that on the DC/DNS, restart the DNS service, then run
a
> > netdiag /v /fix. Then goto one of the machines on your domain, provided
> that
> > the ISPs addresses have been removed, and clear the client side cache
with
> > an:
> > ipconfig /flushdns
> >
> > Then open a new browser and try it again.
> >
> > Also, let us know if you can ping www.yahoo.com.
> > Also, run nslookup for us:
> >
> > nslookup (hit enter)
> > > aol.com
> > (results show up here)
> >
> > then try:
> >
> > > yahoo.com
> > (results show up here)
> >
> >
> >
> > Then I would like you to try one more thing:
> >
> > nslookup (hit enter)
> > > set vc (hit enter)
> > > aol.com (hit enter)
> > (results show up here)
> >
> > then
> >
> > > yahoo.com (hit enter)
> > (results show up here)
> >
> > Then paste the results for us please.
> >
> > Thanks
> >
> > --
> > Regards,
> > Ace
> >
> > Please direct all replies ONLY to the Microsoft public newsgroups
> > so all can benefit.
> >
> > This posting is provided "AS-IS" with no warranties or guarantees
> > and confers no rights.
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> > Microsoft Windows MVP - Windows Server - Directory Services
> >
> > Security Is Like An Onion, It Has Layers
> > HAM AND EGGS: A day's work for a chicken;
> > A lifetime commitment for a pig.
> > --
> > =================================
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

"DDJ" <johnson@milehi.com> wrote in message
news:OZONc.1421$qo6.1191@news.uswest.net...
> Also, FYI...
>
> I was wondering about the response after entering nslookup, then Enter, so
I
> rebooted the client box and ran the same command again and got the
following
> response:
>
> C:\>nslookup
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 192.168.168.187: Timed out
> *** Default servers are not available
> Default Server: UnKnown
> Address: 192.168.168.187
>
> Since 192.168.168.187 is the DC and DNS Server, I know this means
something
> is wrong, but not what is wrong. Does this help in your analysis?
> (interestingly, when I opened the browser after writing the above, it
worked
> fine the 1st, 2nd and 3rd time I opened it, but then failed on the 4th
try).
>
> Thanks!
>

Thanks for posting this information.

The time outs or domain not found message with nslookup is just saying you
either don't have a reverse zone created for 192.168.168.x or you do but
don't have a PTR entry for 192.168.168.187 (the DNS server itself). Just a
message.... not an error.

As for the nslookup results, resolution is working and seems you have UDP
and TCP 53 open and working on both! That was what the 'set vc' switch does,
it forces TCP since by default nslookup uses UDP.

So now I'm thinking its an MTU issue. Do you have cable or ADSL?
Check this MTU test out please:

http://help.expedient.com/broadband/mtu_ping_test.shtml

Is there a proxy setting in the browser's options?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

We have ADSL.

Ran the provided test. Although the Win2000 box I was using did not have an
MTU value in the registry, I added. Per the MTU test, the optimal setting
would be 1404. NOTE: that this is the setting in our firewall as well (says
something about "fragment outbound packets larger than 1404")

The browser does not have an proxy settings in place.

Tested browser after adding MTU value...still doesn't work. The firewall
forwards packets to the router, do routers generally provide for an MTU
setting?

Thanks!


"Ace Fekay [MVP]" <firstnamelastname@hotmail.com> wrote in message
news:%23YqADmLdEHA.596@TK2MSFTNGP11.phx.gbl...
>
> "DDJ" <johnson@milehi.com> wrote in message
> news:OZONc.1421$qo6.1191@news.uswest.net...
> > Also, FYI...
> >
> > I was wondering about the response after entering nslookup, then Enter,
so
> I
> > rebooted the client box and ran the same command again and got the
> following
> > response:
> >
> > C:\>nslookup
> > DNS request timed out.
> > timeout was 2 seconds.
> > *** Can't find server name for address 192.168.168.187: Timed out
> > *** Default servers are not available
> > Default Server: UnKnown
> > Address: 192.168.168.187
> >
> > Since 192.168.168.187 is the DC and DNS Server, I know this means
> something
> > is wrong, but not what is wrong. Does this help in your analysis?
> > (interestingly, when I opened the browser after writing the above, it
> worked
> > fine the 1st, 2nd and 3rd time I opened it, but then failed on the 4th
> try).
> >
> > Thanks!
> >
>
> Thanks for posting this information.
>
> The time outs or domain not found message with nslookup is just saying you
> either don't have a reverse zone created for 192.168.168.x or you do but
> don't have a PTR entry for 192.168.168.187 (the DNS server itself). Just a
> message.... not an error.
>
> As for the nslookup results, resolution is working and seems you have UDP
> and TCP 53 open and working on both! That was what the 'set vc' switch
does,
> it forces TCP since by default nslookup uses UDP.
>
> So now I'm thinking its an MTU issue. Do you have cable or ADSL?
> Check this MTU test out please:
>
> http://help.expedient.com/broadband/mtu_ping_test.shtml
>
> Is there a proxy setting in the browser's options?
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

"DDJ" <johnson@milehi.com> wrote in message
news:DbSNc.25$u77.31198@news.uswest.net...
> We have ADSL.
>
> Ran the provided test. Although the Win2000 box I was using did not have
an
> MTU value in the registry, I added. Per the MTU test, the optimal setting
> would be 1404. NOTE: that this is the setting in our firewall as well
(says
> something about "fragment outbound packets larger than 1404")
>
> The browser does not have an proxy settings in place.
>
> Tested browser after adding MTU value...still doesn't work. The firewall
> forwards packets to the router, do routers generally provide for an MTU
> setting?
>
> Thanks!

Actually 1404 is really awfully low. The definition of an MTU is the actual
TCP packet size. The largest possible TCP packet size is 1500 bytes. ADSL
using PPPoE lowers the MTU to 1492, using up 8 bytes for the PPPoE overhead.
So 1492 is the common one I've seen it drop lower, depending on the ADSL
modem. The router will accomodate the modem. The lower it is, the more
difficulty there will be with IE and browsing.

What type of modem do you have?
What type of router do you have that is connected to the modem?

I was trying to re-read your previous response, but I apogize that I am
getting lost in your terminology. Here's what you previously posted:

======================
> Each box is pointed to a firewall as the gateway
> (192.168.168.1) and to the DC as the DNS Server
> (192.168.168.187). The DC points to the ISP-provided two
> DNS servers. The common firewall gateway (192.168.168.1)
> forwards to the router (192.168.168.2) which forwards to
> the ISP's router.
======================

Now this part (the paragraph below) is the part I really do not understand
because of the IP addresses that are mentioned, hence my previous thought
you were "arping" packets across an OpenBSD bridged firewall, which I know
not too many people use or know how to setup.
....
> "The common firewall gateway (192.168.168.1)
> forwards to the router (192.168.168.2) which forwards to
> the ISP's router."
....

Now, let's break this down. Your 'firewall' is also your router? What brand
is it?
That "common firewall gateway (192.168.168.1) you mention, is that the above
firewall/router? Or are you saing that the firewall gateway and the router
are two different things? Or is the router actually an ADSL modem?

From the way you described that, it seems like that the 'common firewall
gateway with an IP of 192.168.168.1, which is connected to your internal
subnet, which your internal subnet uses as a gateway, has its other
interface (which by definition of a 'router') configured wtih an IP on the
same subnet and is connected to your ISP's router with an IP on the same
subnet as the internal subnet, but should be a totally different subnet. So
based on the terminology used, I am completey lost on how this is
configured.

Can you break that down for me?
What name brand router?
What name brand firewall?
What name brand modem (if it is)?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

To try and make this easier to read, I have added my responses below...

"Ace Fekay [MVP]" <firstnamelastname@hotmail.com> wrote in message
news:uZ516jNdEHA.1356@TK2MSFTNGP09.phx.gbl...
>
> "DDJ" <johnson@milehi.com> wrote in message
> news:DbSNc.25$u77.31198@news.uswest.net...
> > We have ADSL.
> >
> > Ran the provided test. Although the Win2000 box I was using did not
have
> an
> > MTU value in the registry, I added. Per the MTU test, the optimal
setting
> > would be 1404. NOTE: that this is the setting in our firewall as well
> (says
> > something about "fragment outbound packets larger than 1404")
> >
> > The browser does not have an proxy settings in place.
> >
> > Tested browser after adding MTU value...still doesn't work. The
firewall
> > forwards packets to the router, do routers generally provide for an MTU
> > setting?
> >
> > Thanks!
>
> Actually 1404 is really awfully low. The definition of an MTU is the
actual
> TCP packet size. The largest possible TCP packet size is 1500 bytes. ADSL
> using PPPoE lowers the MTU to 1492, using up 8 bytes for the PPPoE
overhead.
> So 1492 is the common one I've seen it drop lower, depending on the ADSL
> modem. The router will accomodate the modem. The lower it is, the more
> difficulty there will be with IE and browsing.

I will change this after sending this message to see if it has any impact.
I remember that we originally changed it to accomodate a request from
SonicWall when setting up a VPN.

>
> What type of modem do you have?
> What type of router do you have that is connected to the modem?

We have a SonicWall SoHo 100 firewall (which is the IP = 192.168.168.1) and
an ActionTec DSL Modem/Router (LAN IP = 192.168.168.2, WAN IP should remain
private). All packets coming in through the ActionTec are routed to the
SonicWall. All client boxes point to the SonicWall as the Gateway and to
the DC (192.168.168.187) as the DNS. Should I not be posting all of this IP
info here for security reasons??? I have assumed that since they are
internal addresses, it doesn't matter, but let me know if you think
otherwise.

>
> I was trying to re-read your previous response, but I apogize that I am
> getting lost in your terminology. Here's what you previously posted:
>
> ======================
> > Each box is pointed to a firewall as the gateway
> > (192.168.168.1) and to the DC as the DNS Server
> > (192.168.168.187). The DC points to the ISP-provided two
> > DNS servers. The common firewall gateway (192.168.168.1)
> > forwards to the router (192.168.168.2) which forwards to
> > the ISP's router.
> ======================
>
> Now this part (the paragraph below) is the part I really do not understand
> because of the IP addresses that are mentioned, hence my previous thought
> you were "arping" packets across an OpenBSD bridged firewall, which I know
> not too many people use or know how to setup.
> ...
> > "The common firewall gateway (192.168.168.1)
> > forwards to the router (192.168.168.2) which forwards to
> > the ISP's router."
> ...
>
> Now, let's break this down. Your 'firewall' is also your router? What
brand
> is it?
> That "common firewall gateway (192.168.168.1) you mention, is that the
above
> firewall/router? Or are you saing that the firewall gateway and the router
> are two different things? Or is the router actually an ADSL modem?

If I understand how this works correctly, the SonicWall is the router,
although all the SonicWall does is pass outgoing packets to the ActionTec
(in addition obviously to handling incoming packets from the ActionTec).

>
> From the way you described that, it seems like that the 'common firewall
> gateway with an IP of 192.168.168.1, which is connected to your internal
> subnet, which your internal subnet uses as a gateway, has its other
> interface (which by definition of a 'router') configured wtih an IP on the
> same subnet and is connected to your ISP's router with an IP on the same
> subnet as the internal subnet, but should be a totally different subnet.
So
> based on the terminology used, I am completey lost on how this is
> configured.

I remember when we first set this up last year, I had also thought that we
needed to set the LAN side IP of the ActionTec to a different subnet than
the WAN side IP of the SonicWall (hope I said that right!). It was either
Qwest or SonicWall, however, that said we needed to do it this way. It WAS
working for some time though, so I am curious why it has gone crazy now.

Hopefully the above helps you understand. Let me know if not, and thanks
for your patience!

>
> Can you break that down for me?
> What name brand router?
> What name brand firewall?
> What name brand modem (if it is)?
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

FYI, I changed the MTU to 1492 on both the firewall and the client box...no
change, browser still fails after a few minutes.

Dan

"DDJ" <johnson@milehi.com> wrote in message
news:lGTNc.32$u77.37507@news.uswest.net...
> To try and make this easier to read, I have added my responses below...
>
> "Ace Fekay [MVP]" <firstnamelastname@hotmail.com> wrote in message
> news:uZ516jNdEHA.1356@TK2MSFTNGP09.phx.gbl...
> >
> > "DDJ" <johnson@milehi.com> wrote in message
> > news:DbSNc.25$u77.31198@news.uswest.net...
> > > We have ADSL.
> > >
> > > Ran the provided test. Although the Win2000 box I was using did not
> have
> > an
> > > MTU value in the registry, I added. Per the MTU test, the optimal
> setting
> > > would be 1404. NOTE: that this is the setting in our firewall as well
> > (says
> > > something about "fragment outbound packets larger than 1404")
> > >
> > > The browser does not have an proxy settings in place.
> > >
> > > Tested browser after adding MTU value...still doesn't work. The
> firewall
> > > forwards packets to the router, do routers generally provide for an
MTU
> > > setting?
> > >
> > > Thanks!
> >
> > Actually 1404 is really awfully low. The definition of an MTU is the
> actual
> > TCP packet size. The largest possible TCP packet size is 1500 bytes.
ADSL
> > using PPPoE lowers the MTU to 1492, using up 8 bytes for the PPPoE
> overhead.
> > So 1492 is the common one I've seen it drop lower, depending on the ADSL
> > modem. The router will accomodate the modem. The lower it is, the more
> > difficulty there will be with IE and browsing.
>
> I will change this after sending this message to see if it has any impact.
> I remember that we originally changed it to accomodate a request from
> SonicWall when setting up a VPN.
>
> >
> > What type of modem do you have?
> > What type of router do you have that is connected to the modem?
>
> We have a SonicWall SoHo 100 firewall (which is the IP = 192.168.168.1)
and
> an ActionTec DSL Modem/Router (LAN IP = 192.168.168.2, WAN IP should
remain
> private). All packets coming in through the ActionTec are routed to the
> SonicWall. All client boxes point to the SonicWall as the Gateway and to
> the DC (192.168.168.187) as the DNS. Should I not be posting all of this
IP
> info here for security reasons??? I have assumed that since they are
> internal addresses, it doesn't matter, but let me know if you think
> otherwise.
>
> >
> > I was trying to re-read your previous response, but I apogize that I am
> > getting lost in your terminology. Here's what you previously posted:
> >
> > ======================
> > > Each box is pointed to a firewall as the gateway
> > > (192.168.168.1) and to the DC as the DNS Server
> > > (192.168.168.187). The DC points to the ISP-provided two
> > > DNS servers. The common firewall gateway (192.168.168.1)
> > > forwards to the router (192.168.168.2) which forwards to
> > > the ISP's router.
> > ======================
> >
> > Now this part (the paragraph below) is the part I really do not
understand
> > because of the IP addresses that are mentioned, hence my previous
thought
> > you were "arping" packets across an OpenBSD bridged firewall, which I
know
> > not too many people use or know how to setup.
> > ...
> > > "The common firewall gateway (192.168.168.1)
> > > forwards to the router (192.168.168.2) which forwards to
> > > the ISP's router."
> > ...
> >
> > Now, let's break this down. Your 'firewall' is also your router? What
> brand
> > is it?
> > That "common firewall gateway (192.168.168.1) you mention, is that the
> above
> > firewall/router? Or are you saing that the firewall gateway and the
router
> > are two different things? Or is the router actually an ADSL modem?
>
> If I understand how this works correctly, the SonicWall is the router,
> although all the SonicWall does is pass outgoing packets to the ActionTec
> (in addition obviously to handling incoming packets from the ActionTec).
>
> >
> > From the way you described that, it seems like that the 'common firewall
> > gateway with an IP of 192.168.168.1, which is connected to your internal
> > subnet, which your internal subnet uses as a gateway, has its other
> > interface (which by definition of a 'router') configured wtih an IP on
the
> > same subnet and is connected to your ISP's router with an IP on the same
> > subnet as the internal subnet, but should be a totally different subnet.
> So
> > based on the terminology used, I am completey lost on how this is
> > configured.
>
> I remember when we first set this up last year, I had also thought that we
> needed to set the LAN side IP of the ActionTec to a different subnet than
> the WAN side IP of the SonicWall (hope I said that right!). It was either
> Qwest or SonicWall, however, that said we needed to do it this way. It
WAS
> working for some time though, so I am curious why it has gone crazy now.
>
> Hopefully the above helps you understand. Let me know if not, and thanks
> for your patience!
>
> >
> > Can you break that down for me?
> > What name brand router?
> > What name brand firewall?
> > What name brand modem (if it is)?
> >
> >
> > --
> > Regards,
> > Ace
> >
> > Please direct all replies ONLY to the Microsoft public newsgroups
> > so all can benefit.
> >
> > This posting is provided "AS-IS" with no warranties or guarantees
> > and confers no rights.
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> > Microsoft Windows MVP - Windows Server - Directory Services
> >
> > Security Is Like An Onion, It Has Layers
> > HAM AND EGGS: A day's work for a chicken;
> > A lifetime commitment for a pig.
> > --
> > =================================
> >
> >
> >
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:DbSNc.25$u77.31198@news.uswest.net,
DDJ <johnson@milehi.com> posted a question
Then Kevin replied below:
> We have ADSL.
>
> Ran the provided test. Although the Win2000 box I was
> using did not have an MTU value in the registry, I added.
> Per the MTU test, the optimal setting would be 1404.
> NOTE: that this is the setting in our firewall as well
> (says something about "fragment outbound packets larger
> than 1404")
>
> The browser does not have an proxy settings in place.
>
> Tested browser after adding MTU value...still doesn't
> work. The firewall forwards packets to the router, do
> routers generally provide for an MTU setting?

They way you should really test this is to ping the routers gateway to see
what the MTU you can send to the gateway and use that setting on the NIC.
e.g. Pinging 65.65.91.214 with 1468 bytes of data:

Reply from 65.65.91.214: bytes=1468 time=151ms TTL=64
Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64

Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 150ms, Maximum = 151ms, Average = 150ms

W:\>ping 65.65.91.214 -f -l 1469

Pinging 65.65.91.214 with 1469 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

W:\>ping 65.65.91.214 -f -l 1473

Pinging 65.65.91.214 with 1473 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

What this means is that somewhere between this machine which was 1500, and
my router's gateway the MTU is 1468 because 1469 times out and the NIC
fragments 1473. So I set this machine to 1468 + 28 bytes overhead = 1496.
If the router is set to 1404 + 28= 1432 is the MTU you machine needs to be
to get past the router. You just set your machine to the highest number that
does not time out.

The way to figure your MTU is to start with a number ping the routers
gateway until you find a packet size that does not time out, add 28 and set
your MTU to that number.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

Set the client box MTU to 1492 and the firewall's MTU to 1492.

Here's what I get when I run the ping you describe:

C:\>ping 63.228.79.254 -f -l 1464

Pinging 63.228.79.254 with 1464 bytes of data:

Reply from 63.228.79.254: bytes=1464 time=141ms TTL=2
Reply from 63.228.79.254: bytes=1464 time=130ms TTL=2
Reply from 63.228.79.254: bytes=1464 time=131ms TTL=2
Reply from 63.228.79.254: bytes=1464 time=130ms TTL=2

Ping statistics for 63.228.79.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% los
Approximate round trip times in milli-seconds:
Minimum = 130ms, Maximum = 141ms, Average = 133

C:\>ping 63.228.79.254 -f -l 1465

Pinging 63.228.79.254 with 1465 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 63.228.79.254:
Packets: Sent = 4, Received = 0, Lost = 4 (100% l
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms


I selected the 63.228.79.254 address to use because it was the second IP
listed when doing a tracerroute for www.yahoo.com. The first address listed
is our ActionTec modem (192.168.168.2), but I figured that was not the IP
you wanted me to use, correct? I assume the 63.228.79.254 address is the
address set to receive all packets coming from our network. The results are
the same if if use the 192.168.168.2 address. (Browser still fails).



"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:%23sGsWjOdEHA.3392@tk2msftngp13.phx.gbl...
> In news:DbSNc.25$u77.31198@news.uswest.net,
> DDJ <johnson@milehi.com> posted a question
> Then Kevin replied below:
> > We have ADSL.
> >
> > Ran the provided test. Although the Win2000 box I was
> > using did not have an MTU value in the registry, I added.
> > Per the MTU test, the optimal setting would be 1404.
> > NOTE: that this is the setting in our firewall as well
> > (says something about "fragment outbound packets larger
> > than 1404")
> >
> > The browser does not have an proxy settings in place.
> >
> > Tested browser after adding MTU value...still doesn't
> > work. The firewall forwards packets to the router, do
> > routers generally provide for an MTU setting?
>
> They way you should really test this is to ping the routers gateway to see
> what the MTU you can send to the gateway and use that setting on the NIC.
> e.g. Pinging 65.65.91.214 with 1468 bytes of data:
>
> Reply from 65.65.91.214: bytes=1468 time=151ms TTL=64
> Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
> Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
> Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
>
> Ping statistics for 65.65.91.214:
> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 150ms, Maximum = 151ms, Average = 150ms
>
> W:\>ping 65.65.91.214 -f -l 1469
>
> Pinging 65.65.91.214 with 1469 bytes of data:
>
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
>
> Ping statistics for 65.65.91.214:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 0ms, Maximum = 0ms, Average = 0ms
>
> W:\>ping 65.65.91.214 -f -l 1473
>
> Pinging 65.65.91.214 with 1473 bytes of data:
>
> Packet needs to be fragmented but DF set.
> Packet needs to be fragmented but DF set.
> Packet needs to be fragmented but DF set.
> Packet needs to be fragmented but DF set.
>
> Ping statistics for 65.65.91.214:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 0ms, Maximum = 0ms, Average = 0ms
>
> What this means is that somewhere between this machine which was 1500,
and
> my router's gateway the MTU is 1468 because 1469 times out and the NIC
> fragments 1473. So I set this machine to 1468 + 28 bytes overhead = 1496.
> If the router is set to 1404 + 28= 1432 is the MTU you machine needs to be
> to get past the router. You just set your machine to the highest number
that
> does not time out.
>
> The way to figure your MTU is to start with a number ping the routers
> gateway until you find a packet size that does not time out, add 28 and
set
> your MTU to that number.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your
> issue. To respond directly to me remove the nospam. from my
> email. ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:%23sGsWjOdEHA.3392@tk2msftngp13.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> posted a question
Then Kevin replied below:
> The way to figure your MTU is to start with a number ping
> the routers gateway until you find a packet size that
> does not time out, add 28 and set your MTU to that number.

In addition the new MTU setting requires a reboot, after which I got this:
W:\>ping 65.65.91.214 -f -l 1468

Pinging 65.65.91.214 with 1468 bytes of data:

Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
Reply from 65.65.91.214: bytes=1468 time=150ms TTL=64
Reply from 65.65.91.214: bytes=1468 time=151ms TTL=64

Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 150ms, Maximum = 151ms, Average = 150ms

W:\>ping 65.65.91.214 -f -l 1469

Pinging 65.65.91.214 with 1469 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:awVNc.50$2T3.89703@news.uswest.net,
DDJ <johnson@milehi.com> posted a question
Then Kevin replied below:
> I selected the 63.228.79.254 address to use because it
> was the second IP listed when doing a tracerroute for
> www.yahoo.com. The first address listed is our ActionTec
> modem (192.168.168.2), but I figured that was not the IP
> you wanted me to use, correct? I assume the
> 63.228.79.254 address is the address set to receive all
> packets coming from our network. The results are the
> same if if use the 192.168.168.2 address. (Browser still
> fails).

Browser fails, OK so lets go from there, does nslookup resolve the website
to an IP address?


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

See previous parts of this thread. Resolution is not a problem. With that
in mind, Ace thought it might have something to do with the MTU settings,
but I'm not sure that is still on the table.

This question may sound naive, but is there any software out there that will
tell you what IE is doing when processing user selections for a site? It's
pretty crazy, from my perspective, that pinging, tracing, etc. all seem to
work fine, but IE has a problem. Also, after a reboot, it only seems to
have this problem for a few minutes, then fails. Even after IE fails, all
other processes keep right on working (including logging on to this
newsgroup which may not be important because resolution is not required???).

Thanks!

Dan

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eEMu$KQdEHA.3704@TK2MSFTNGP09.phx.gbl...
> In news:awVNc.50$2T3.89703@news.uswest.net,
> DDJ <johnson@milehi.com> posted a question
> Then Kevin replied below:
> > I selected the 63.228.79.254 address to use because it
> > was the second IP listed when doing a tracerroute for
> > www.yahoo.com. The first address listed is our ActionTec
> > modem (192.168.168.2), but I figured that was not the IP
> > you wanted me to use, correct? I assume the
> > 63.228.79.254 address is the address set to receive all
> > packets coming from our network. The results are the
> > same if if use the 192.168.168.2 address. (Browser still
> > fails).
>
> Browser fails, OK so lets go from there, does nslookup resolve the website
> to an IP address?
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your
> issue. To respond directly to me remove the nospam. from my
> email. ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:lGTNc.32$u77.37507@news.uswest.net,
DDJ <johnson@milehi.com> asked for help and I offered my suggestions below:
<snip>

> I remember when we first set this up last year, I had also thought
> that we needed to set the LAN side IP of the ActionTec to a different
> subnet than the WAN side IP of the SonicWall (hope I said that
> right!). It was either Qwest or SonicWall, however, that said we
> needed to do it this way. It WAS working for some time though, so I
> am curious why it has gone crazy now.
>
> Hopefully the above helps you understand. Let me know if not, and
> thanks for your patience!
>

I see, so the Sonicwall has three interfaces, that makes sense. Now I
understand what's going on. THanks

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

When you say three interfaces, I don't understand. I'm thinking the LAN
side and the WAN side. What is the third?

Thanks,

Dan

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:es8UfvQdEHA.1152@TK2MSFTNGP09.phx.gbl...
> In news:lGTNc.32$u77.37507@news.uswest.net,
> DDJ <johnson@milehi.com> asked for help and I offered my suggestions
below:
> <snip>
>
> > I remember when we first set this up last year, I had also thought
> > that we needed to set the LAN side IP of the ActionTec to a different
> > subnet than the WAN side IP of the SonicWall (hope I said that
> > right!). It was either Qwest or SonicWall, however, that said we
> > needed to do it this way. It WAS working for some time though, so I
> > am curious why it has gone crazy now.
> >
> > Hopefully the above helps you understand. Let me know if not, and
> > thanks for your patience!
> >
>
> I see, so the Sonicwall has three interfaces, that makes sense. Now I
> understand what's going on. THanks
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

In news:MYXNc.80$2T3.116099@news.uswest.net,
DDJ <johnson@milehi.com> asked for help and I offered my suggestions below:
> See previous parts of this thread. Resolution is not a problem.
> With that in mind, Ace thought it might have something to do with the
> MTU settings, but I'm not sure that is still on the table.
>
> This question may sound naive, but is there any software out there
> that will tell you what IE is doing when processing user selections
> for a site? It's pretty crazy, from my perspective, that pinging,
> tracing, etc. all seem to work fine, but IE has a problem. Also,
> after a reboot, it only seems to have this problem for a few minutes,
> then fails. Even after IE fails, all other processes keep right on
> working (including logging on to this newsgroup which may not be
> important because resolution is not required???).
>
> Thanks!
>

Connecting to this newsgroup does require resolution. No way around that,
after all, since you are using Outlook Express, you supplied
news.microsoft.com for the news server here, correct?

As for the MTU, I would have probably chosen 1460 (seen this work many
times before) to try for the MTU. Restart the system after you set it, as
Kevin said. Also, I would try to eliminate the MTU setting all together in
the Sonicwall, if you can. Have you called Sonicwall about this issue?

So if it's not the MTU, then its definitley a browers issue. So far we've
established that resolution works, and pings and tracerts work. So that's
half of the puzzle, the other half is once IE gets the name resolved, it
connects!

Gots to ask... any viruses, adware, trojans, BHOs, etc etc? Have you tested
for that stuff?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)

Will change MTU to 1460 on local box and also try to eliminate at firewall
level...will report results back here.

One of the first things I did was to run virus checks on all boxes. Nothing
found.

Dan

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:OgQbW1QdEHA.3732@TK2MSFTNGP11.phx.gbl...
> In news:MYXNc.80$2T3.116099@news.uswest.net,
> DDJ <johnson@milehi.com> asked for help and I offered my suggestions
below:
> > See previous parts of this thread. Resolution is not a problem.
> > With that in mind, Ace thought it might have something to do with the
> > MTU settings, but I'm not sure that is still on the table.
> >
> > This question may sound naive, but is there any software out there
> > that will tell you what IE is doing when processing user selections
> > for a site? It's pretty crazy, from my perspective, that pinging,
> > tracing, etc. all seem to work fine, but IE has a problem. Also,
> > after a reboot, it only seems to have this problem for a few minutes,
> > then fails. Even after IE fails, all other processes keep right on
> > working (including logging on to this newsgroup which may not be
> > important because resolution is not required???).
> >
> > Thanks!
> >
>
> Connecting to this newsgroup does require resolution. No way around that,
> after all, since you are using Outlook Express, you supplied
> news.microsoft.com for the news server here, correct?
>
> As for the MTU, I would have probably chosen 1460 (seen this work many
> times before) to try for the MTU. Restart the system after you set it, as
> Kevin said. Also, I would try to eliminate the MTU setting all together in
> the Sonicwall, if you can. Have you called Sonicwall about this issue?
>
> So if it's not the MTU, then its definitley a browers issue. So far we've
> established that resolution works, and pings and tracerts work. So that's
> half of the puzzle, the other half is once IE gets the name resolved, it
> connects!
>
> Gots to ask... any viruses, adware, trojans, BHOs, etc etc? Have you
tested
> for that stuff?
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>