Domian Joined Computer - Web Servers

RS_MCP

Hi,

Within our corporate network we have computers which are joined to our domain.

When these computers use a private/external/independant network connection as opposed to the corporate network they are unable to reach external web servers which are available on the Internet on port 80 and 443.

However from a none domain computer, as in my personal computer, I am able to reach the web server on the Internet.

Can anyone think why or have any troubleshooting steps?

Thanks 

Unforg1ven

Group Policy?

brad-

I think it starts with the firewall. Will the default gateway send packets out to those addresses? If so, it might be dns related.

Start pinging and tracerting from the firewall or gateway's interface to the destination and see where that gets you. If you can ping it, work your way back through until you cant.

HTH.

Bl8ckr0uter

I don't think it is DNS since you personal machine would use the same DNS servers as the domain connected machines (in theory).

What version of windows? Check the domain profile for Windows Firewall. That would be my guess and is probably the issue.

Unforg1ven

Bl8ckr0uter wrote: »

I don't think it is DNS since you personal machine would use the same DNS servers as the domain connected machines (in theory).

What version of windows? Check the domain profile for Windows Firewall. That would be my guess and is probably the issue.

Correct, the Domain profile will do so

RS_MCP

I have tried and tested from Windows XP and Windows 7 computers which are joined to our domain. The NAT and ACL on the firewall is fine, I am able to traceroute and ping the web server I am also able to telnet on to it via port 80 and 443.

It just does not display in IE.

Bl8ckr0uter

RS_MCP wrote: »

I have tried and tested from Windows XP and Windows 7 computers which are joined to our domain. The NAT and ACL on the firewall is fine, I am able to traceroute and ping the web server I am also able to telnet on to it via port 80 and 443.

It just does not display in IE.

Proxy settings in IE?

Different browser?

Safe mode (with networking)?

RS_MCP

No proxy specified, tried different browsers and safe mode with networking, still not working.

Bl8ckr0uter

RS_MCP wrote: »

No proxy specified, tried different browsers and safe mode with networking, still not working.

So you tried a different browser and safe mode and it failed and it still doesn't work?


What didn't work? Obviously if you used different browsers, you wouldn't get the "Internet explorer cannot display this page" . Did you get a similar message in chrome or firefox (or opera)?

Is it one particular web site? Multiple? All? It could be your home page (if you kept it the same for all browsers). I have seen this happen before? Do you have physical access to the machines?

Maybe something like this is in place:
block internet access through group policy in windows server 2003 - Tech Support Forum

MickQ

Let's get this straight.
PCs connected to the domain are having problems displaying webpages.
The problem only occurs when they are not connected to the domain's network.
When the PCs are not connected to the domain's network, they can ping (L3) and telnet (L7) to websites, but web browsers will not display the sites.

Are the browsers able to get an ACK back from the websites? (use a packet tracer).
Have you gone through your GPOs? (test machine, no GPOs, then apply bit by bit - testing browsers each time).
Have you used a hammer on the PCs? (Lump and sledge hammers work great).

RS_MCP

I have tried multiple browsers and I am unable to connect to the web service.

I am able to Ping it, traceroute to it and telnet to it on port 80, it just does not worki within a browser.

I have used a packet tracer and i am getting an ACK/GET request.

earweed

This has me stumped. From what I have read here these computers are fine if they are on the corporate network for web browsing but if they aren't in contact with their DCs and AD then they can't browse. Is there anything in group policy to do that.

blargoe

Bl8ckr0uter wrote: »

Is it one particular web site? Multiple? All? It could be your home page (if you kept it the same for all browsers). I have seen this happen before?

You still haven't answered this... is it all web sites inaccessible, or just a couple of specific servers? Are they your company's servers, but just published on the internet and generally available? If so, is split DNS in play?

Is the error you get in the browser a standard 404 page not found, or something else?

Bl8ckr0uter

blargoe wrote: »

You still haven't answered this... is it all web sites inaccessible, or just a couple of specific servers? Are they your company's servers, but just published on the internet and generally available? If so, is split DNS in play?

Is the error you get in the browser a standard 404 page not found, or something else?

He sort of did in another thread:

http://www.techexams.net/forums/off-topic/65307-bkdr_afcore-ab-spyware-malware.html