+ Post New Thread
Results 1 to 12 of 12
Internet Related/Filtering/Firewall Thread, CC3 to Vanilla now cant connect to internet through proxy in Technical; I dont know if anyone can help me with this but i would be very grateful if somebody could as ...
  1. #1

    Join Date
    Mar 2010
    Location
    Gloucestershire
    Posts
    152
    Thank Post
    20
    Thanked 3 Times in 3 Posts
    Rep Power
    10

    CC3 to Vanilla now cant connect to internet through proxy

    I dont know if anyone can help me with this but i would be very grateful if somebody could as its driving me batty!!

    We are a school who have recently moved from RM CC3 to a vanilla network, the servers (DNS, DHCP) were setup by a company, but since the move I can't connect to the internet through staffproxy.swgfl.org.uk (which is an external proxy, which allows for lighter filtering for staff). We have gone from Server 2003 to Server 2008r2. We have a smartcache that goes through an alternative proxy for students which is more heavily filtered and once I added this to DNS its working fine, but the staffproxy....... proxy wont. When i run the connection troubleshooter it says about DNS not resolving the name.

    I contacted SWGFL and they gave me a external DNS to use, I put this into my PCs DNS settings and it works, but i cant see why i have to use an external DNS because I went from 2003 to 2008r2. This is happening on all PCs and servers.

    Is there a setting that I need to change on Server2008r2?

    Any advice would be gratefully received, as when the staff come back if this is not working, I am going to get my a** chewed.

    Many thanks
    Sean

  2. #2
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    336
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    24
    On your new Server2008r2 setup you need to add the setings from the SWGFL as DNS forward addresses. Your old RM cc3 network would have been set up like this. So if your local (on site) DNS server can't resolve the address it forwards it to the SWGFL DNS servers. Once done your hosts should then be able to resolve external names like the staff proxy one.

    I expect if you currently try and ping somthing like google.co.uk from the command line it can't resolv the address.

    Once the local DNS server is set up to forward unresolved addresses to the SWGFL it will start working.

  3. Thanks to MicrodigitUK from:

    sadams1980 (3rd August 2012)

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    RM or no RM, DNS Forwarders are normal and required to resolve external requests (as mentioned above).

  5. Thanks to Michael from:

    sadams1980 (3rd August 2012)

  6. #4
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    336
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    24
    To configure a DNS server to use forwarders using the Windows interface
    Open DNS Manager.

    In the console tree, click the applicable DNS server.

    Where?

    DNS/Applicable DNS server

    On the Action menu, click Properties.

    On the Forwarders tab, under DNS domain, click a domain name.

    Under Selected domain's forwarder IP address list, type the IP address of a forwarder, and then click Add.

    Add the two SWGFL DNS server IP addresses to this list of forwarders.

    Then test and it should now work.

  7. Thanks to MicrodigitUK from:

    sadams1980 (3rd August 2012)

  8. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    Quote Originally Posted by Michael View Post
    RM or no RM, DNS Forwarders are normal and required to resolve external requests (as mentioned above).
    Slight and partial correction, they are required to resolve non-global requests such as stuff internal to your LEA network like the proxy. The DNS system actually has a bunch of root-hint servers that make up the core and can be used to dig down and resolve the addresses. This is much slower and less efficient than using a fowarded server from the likes of your ISP. It all boils down to the same thing, passing the requests up the chain to find the addresses but one is a top down approach and the other is a bottom up. As stated above, adding the LEA DNS in as the main fowarder to your DNS server is the right answer as using external DNS on internal client machines will also break internal DNS resoluion for your client breaking stuff like AD in very interesting and annoying ways.

  9. Thanks to SYNACK from:

    Michael (3rd August 2012)

  10. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    As well as the Forwarders in DNS Server, Birmingham LA also recommend internal then external DNS servers to be set in DHCP Server. I've never noticed any problems in doing this.

  11. Thanks to Michael from:

    sadams1980 (3rd August 2012)

  12. #7

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,264
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Quote Originally Posted by Michael View Post
    As well as the Forwarders in DNS Server, Birmingham LA also recommend internal then external DNS servers to be set in DHCP Server. I've never noticed any problems in doing this.
    If you've always had it set that way, you just might not have noticed that it isn't working as well as it could be.

    More prescriptively: if your DHCP is configured like this and serving an Active Directory Domain environment then you will notice a performance and reliability improvement by removing the external DNS Server reference in DHCP, and also from any client where it is statically configured. Assuming that your DC/DNS servers can communicate with the LA Forwarders.

  13. 2 Thanks to psydii:

    Michael (3rd August 2012), sadams1980 (3rd August 2012)

  14. #8

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,794
    Thank Post
    1,290
    Thanked 1,656 Times in 1,110 Posts
    Blog Entries
    22
    Rep Power
    507
    Quote Originally Posted by Michael View Post
    As well as the Forwarders in DNS Server, Birmingham LA also recommend internal then external DNS servers to be set in DHCP Server. I've never noticed any problems in doing this.
    You should not have external DNS servers configured on the client. This is a bad idea and against MS advice.
    Last edited by sparkeh; 3rd August 2012 at 01:42 PM.

  15. Thanks to sparkeh from:

    sadams1980 (3rd August 2012)

  16. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    There is a reason though and I cannot remember why top of my head... I could still remove it if you guys think it'll improve performance.

  17. Thanks to Michael from:

    sadams1980 (3rd August 2012)

  18. #10

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,794
    Thank Post
    1,290
    Thanked 1,656 Times in 1,110 Posts
    Blog Entries
    22
    Rep Power
    507
    MS advice on this:
    Do not configure the DNS client settings on the domain controllers to point to your Internet Service Provider's (ISP's) DNS servers. If you configure the DNS client settings to point to your ISP's DNS servers, the Netlogon service on the domain controllers does not register the correct records for the Active Directory, directory service. With these records, other domain controllers and computers can find Active Directory-related information. The domain controller must register its records with its own DNS server.

  19. 2 Thanks to sparkeh:

    Michael (3rd August 2012), sadams1980 (3rd August 2012)

  20. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    I've removed the external DNS settings from all DHCP Servers and updated static configs too. Internet connectivity tested OK, as of course I left Forwarders in place. If I find out why they're needed in future I'll post back!

    Thanks for the tips

  21. Thanks to Michael from:

    sadams1980 (3rd August 2012)

  22. #12

    Join Date
    Mar 2010
    Location
    Gloucestershire
    Posts
    152
    Thank Post
    20
    Thanked 3 Times in 3 Posts
    Rep Power
    10
    Thanks to everyone for the advice. I setup the forwarders and it is working fine. Thanks for all the help.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 25th June 2012, 10:44 AM
  2. GUI to see PCs / users connected to domain ???
    By klop in forum Windows Server 2008
    Replies: 0
    Last Post: 14th May 2012, 09:46 AM
  3. cant connect to our website when we dont type in www
    By pritchardavid in forum Windows
    Replies: 6
    Last Post: 23rd May 2011, 10:47 AM
  4. Replies: 16
    Last Post: 9th December 2010, 09:10 PM
  5. Replies: 2
    Last Post: 12th July 2010, 01:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •