I just lost one hell of a looong post - I cant believe it! I must have spent at least 20 mins on it lol
Basically the short and sweet of the topic is as follows....
- Got a new router/firewall/vpn unit on trial - watchguard firebox X500
- Tested the settings off the rest of the nework and configured the new IP ranges as simply as possible
- All was good - installed it and wired it up to the Powys Cisco Router here
- changed the the DHCP ranges on the DC's - admin and curriculum (both seperate physical networks joined at the router) and appropriate IP's on the DC's
- removed all traces of the old IP addresses and ranges in all the settings I could find on the DC's
- All pc's were turned off by this point I think
- Concentrated on the admin network and checked each admin workstation - all fine after a few tweaks here and there - IE, Email delivery, etc. worked fine - few router firewall policy changes were needed along the way naturally
- In the process, I noticed my workstation on the other network wasn't accessing the internet anymore so ended up wiping it and started with a new XP install - working fine now (and still is)
- Both DC's at this point can access the internet fine too
- Spent a month of getting the VPN's setup and tested - relying on the county, Bromcom and watchguard which took so long - plus having two weeks off - annual leave!
Today, I turned on a few machines on the curriculum network and discovered that none of them - 98 or XP - would browse the internet, although things lke Spybot & SpywareBlaster updated their definitions fine from the web so they must be able to see the outside world - via proxy somehow.
[remember that in powys - as a rule of thumb - we use the county's proxy server based in their IT centre - for accessing the internet ]
Solved the 98 ones by adding a exception to the "dont use proxy for the following" text box in the Internet Options - I added the domain name and appended *. in front of it and it worked - Oddly :S
XP didnt work and everything I've tried today hasnt either. This would be:
- various combinations of the 98 solution above, including IP ranges etc.
- altering the DNS part of things in the TCP/IP protocol - i.e. manually adding the IP, removing t, etc.
- tried logging on to the domain - which takes 10 mins to log on (although where I was, it always takes a while as its the furtherest point on the network) - and logging on just to the local machine but neither makes a difference
- even removed the dns zone and the service/role itself and added it again, but this made no difference at all
Cant think of anything else to do - except wipe every XP machine and install the OS / software again - which is going to take a while - especially as I havent had a chance to redo the image of the main bulk of the range of desktops we have
If anyone can suggest any things I can try to save me from doing this - I'd will be a very very happy man [and oweing of some serious pint buying ]
I cant access edugeek at work at the moment - as I havent set the firewall to allow the correct access to the unfiltered settings I have on a specific IP address [pre-firewall installation] - but I'm hoping mark will email me any suggestions throughout the day - if you good folk can spare me the time
Any suggestions are welcome - no matter how obvious or silly they appear to be, but please no mocking (well, not too much) as it's not like I wanted to leave it all to the last minute lol
Many thanks ppl - I'll need to crack on with wiping XP machines otherwise (lucky we dont have TOO many computers lol)
Hope I havent left anything out - think I've covered the most of it
Also what about exceptions in the xp firewall ? and if that does not work disabling the firewall leaving the exceptions in there.
What about clearing out all temp files from %Temp% , cookies and prefetch and then try and restart them a few times checking each time to see if you have any internet connectivity.
I only just started as an IT Tech at kingswood and Im still learning the DNS and AD stuff but was told that loggin in for xp or any other machines as far as I know is only slow because of the period at the end of the forward look up zone I believe.
You could try and get rid of the last period in there if you have that in DNS lookup zones ie the last period domain.name.suffix. <-- notice the period at the end, that is the one I am talking about.
Those are probably obvious suggestions lol, other then that it is probably something in the router that needs to be configured because the router only let certain traffic through with regards to what subnet range etc etc which I am sure you know.
If any other network or IT Techs can correct me or add suggestions lol
On one of the systems that isn't currently connecting try typing "ipconfig flushdns" and then "ipconfig registerdns" and see what happens. Your systems might still be registered within DNS with their old addresses. Have you got dynamic DNS updates set on your servers?