Hi!
I installed a trial version of WinGate 6.0.4 a while ago and after some tinkering I got everything to work the way I expected. Everything worked so well in fact that I forgot I was running under a trial license until it expired and my clients no longer had access to the Internet. So I went and purchased a WinGate 6.x Standard 6 concurrent users license and activated it. However, I am no longer able to get DNS resolution to work on my clients. My clients are able to ping by address. My clients are able to FTP by address (at least I think so... I am able to converse with some FTP servers to the point of having my login attempts rejected as unauthorized). But I am unable to ping by name from my clients ("Ping request could not find host _______. Please check the name and try again.") On the WinGate server everything works just fine. Any suggestions would be greatly appreciated.
Thanks,
Rimas
DNS no longer works after expired trial -> license purcha
Moderator: Qbik Staff
14 posts
• Page 1 of 1
DNS no longer works after expired trial -> license purcha
by rimas » Oct 27 05 6:27 am
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
by MattP » Oct 27 05 10:47 am
Hi,
Can you check that the WinGate Guest account is still active? If this account is disabled the DNS service will not work.
Is your DNS service bound to the loopback adapter and the internal adapter?
Are you network adapters configured as internal/external correctly on the network tab in GateKeeper.
Do you see any DNS resolution attempts in the activity screen when the LAN clients try to ping an external address?
Can you check that the WinGate Guest account is still active? If this account is disabled the DNS service will not work.
Is your DNS service bound to the loopback adapter and the internal adapter?
Are you network adapters configured as internal/external correctly on the network tab in GateKeeper.
Do you see any DNS resolution attempts in the activity screen when the LAN clients try to ping an external address?
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
by rimas » Oct 27 05 11:18 am
MattP wrote:Can you check that the WinGate Guest account is still active? If this account is disabled the DNS service will not work.
In the GateKeeper window on the Users tab I right-click on Guest and select properties. In the Properties window I see that "Account enabled" is checked, so I guess, yes, the Guest account is still active.
MattP wrote:Is your DNS service bound to the loopback adapter and the internal adapter?
Well, when my network adapter is configured as internal, I see both "MS TCP Loopback interface" and "Local Area Connection 2", but when my network adapter is configured as external, I see only "MS TCP Loopback interface".
MattP wrote:Are you network adapters configured as internal/external correctly on the network tab in GateKeeper.
See previous answer. Note that I can ping by address in either case, but when I set it to external (which is I think what it should be, right?), my previous FTP tests fail w/ an "Unknown error number" msg.
MattP wrote:Do you see any DNS resolution attempts in the activity screen when the LAN clients try to ping an external address?
No, I do not see any DNS resolution attempts in the activity screen. When my network adapter is configured internal, I don't see any activity whatsoever in the GateKeeper. When my network adapter is configured external, I see activity for ping by address and FTP by address, but not ping by name.
Thanks,
Rimas
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
by jamesc » Oct 27 05 5:19 pm
1. Is the DNS service started in the GateKeeper?
2. On the WinGate server, if you open up internet explorer, and set the proxy to 127.0.0.1 and the appropriate port number, can you access webpages ok?
3. Can we see an ipconfig/all from the WinGate server, and an example client? (Please mask part of any public ip addresses)
(Windows) Start menu --> Run --> cmd --> ipconfig/all
4. Have you deactivated the trial license?
5. What connection method do your clients use to connect to the WinGate server? NAT?
6. Are you using Active Directory
--> the DNS service should be bound to the internal card and the loopback.
--> The network card / modem pointing towards the internet should be marked as external, and the network card pointing towards the LAN should be marked as internal. An image can be seen of this at suggestion 2 of this knowledgebase article ... but if you can ping ip addresses on the internet, then your internal/external should be correct.
2. On the WinGate server, if you open up internet explorer, and set the proxy to 127.0.0.1 and the appropriate port number, can you access webpages ok?
3. Can we see an ipconfig/all from the WinGate server, and an example client? (Please mask part of any public ip addresses)
(Windows) Start menu --> Run --> cmd --> ipconfig/all
4. Have you deactivated the trial license?
5. What connection method do your clients use to connect to the WinGate server? NAT?
6. Are you using Active Directory
MattP wrote:
Are you network adapters configured as internal/external correctly on the network tab in GateKeeper.
See previous answer. Note that I can ping by address in either case, but when I set it to external (which is I think what it should be, right?), my previous FTP tests fail w/ an "Unknown error number" msg.
--> the DNS service should be bound to the internal card and the loopback.
--> The network card / modem pointing towards the internet should be marked as external, and the network card pointing towards the LAN should be marked as internal. An image can be seen of this at suggestion 2 of this knowledgebase article ... but if you can ping ip addresses on the internet, then your internal/external should be correct.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by rimas » Oct 28 05 4:13 am
jamesc wrote:1. Is the DNS service started in the GateKeeper?
Yes. In fact I have stopped and (re-)started the DNS service several times.
jamesc wrote:2. On the WinGate server, if you open up internet explorer, and set the proxy to 127.0.0.1 and the appropriate port number, can you access webpages ok?
On the WinGate server (i.e. the box running the WinGate software) I have complete access to the Internet, including being able to VPN into my employer's network.
jamesc wrote:3. Can we see an ipconfig/all from the WinGate server, and an example client? (Please mask part of any public ip addresses)
(Windows) Start menu --> Run --> cmd --> ipconfig/all
Sure... here you go...
- Code: Select all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-45-53-9F
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Ethernet adapter AGN Virtual Network Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AGN Virtual Network Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
Windows IP Configuration
Host Name . . . . . . . . . . . . : NetVista
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-09-5B-8D-9F-F2
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 192.168.0.100
Ethernet adapter AGN Virtual Network Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AGN Virtual Network Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
jamesc wrote:4. Have you deactivated the trial license?
No, I hadn't, but then I did (and even re-booted, just in case), but that didn't help.
jamesc wrote:5. What connection method do your clients use to connect to the WinGate server? NAT?
Yes, NAT, i.e. I have set the "Default Gateway" and "DNS Server" of the clients to the server's IP (i.e. 192.168.0.100).
jamesc wrote:6. Are you using Active Directory
No.
jamesc wrote:MattP wrote:
Are you network adapters configured as internal/external correctly on the network tab in GateKeeper.
See previous answer. Note that I can ping by address in either case, but when I set it to external (which is I think what it should be, right?), my previous FTP tests fail w/ an "Unknown error number" msg.
--> the DNS service should be bound to the internal card and the loopback.
--> The network card / modem pointing towards the internet should be marked as external, and the network card pointing towards the LAN should be marked as internal. An image can be seen of this at suggestion 2 of this knowledgebase article ... but if you can ping ip addresses on the internet, then your internal/external should be correct.
This seems to assume the presence of (at least) two network adapter cards. My server has a single NETGEAR GA311 Gigabit Adapter connected to an 8-port gigabit switch which is in turn connected to a broadband router, so I assume that the "correct" setting in my case is external, right?
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
by adrien » Oct 28 05 7:35 am
Ah
That could be it. If you have your adapter set as external, do you see any firewall hits when clients try to look up names?
By default the DNS server wouldn't bind to an adapter marked as external
Adrien
That could be it. If you have your adapter set as external, do you see any firewall hits when clients try to look up names?
By default the DNS server wouldn't bind to an adapter marked as external
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by rimas » Oct 28 05 8:09 am
Well, I had turned off WinGate's firewall during the trial period since it seemed to conflict with the firewall I was already running on the server (i.e. Zone Labs Integrity Desktop). When I turned it back on (to the "Low: Allow servers to run behind firewall" setting), yes, I see firewall hits when clients try to look up names.
Yes, I understand that by default the DNS server wouldn't bind to an adapter marked as external. However, I can force it to (by adding a "Bind only to 192.168.0.100 on Local Area Connection 2" policy), but that still does not allow my clients to resolve names.
Thanks,
Rimas
P.S. Twice now I have asked for confirmation that "external" is the correct setting for my situation (server w/ single adapter connected to switch connected to broadband router, w/ clients also connected to same switch), but have not received an answer. I know it is possible to run this topology w/ WinGate as I did so successfully during the trial period. Unfortunately, I do not know what the settings were during the trial period... :-)
Yes, I understand that by default the DNS server wouldn't bind to an adapter marked as external. However, I can force it to (by adding a "Bind only to 192.168.0.100 on Local Area Connection 2" policy), but that still does not allow my clients to resolve names.
Thanks,
Rimas
P.S. Twice now I have asked for confirmation that "external" is the correct setting for my situation (server w/ single adapter connected to switch connected to broadband router, w/ clients also connected to same switch), but have not received an answer. I know it is possible to run this topology w/ WinGate as I did so successfully during the trial period. Unfortunately, I do not know what the settings were during the trial period... :-)
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
by rimas » Oct 28 05 8:42 am
Hi,
I just noticed that with the WinGate firewall turned on to "low", I am now unable to ping the Internet by address from my clients. Attempts to do so seem to result in being deemed as "Spoof Attempt" by the WinGate firewall.
Regards,
Rimas
P.S. None of this affects attempts to ping the Internet (either by name or by address) directly from the machine running WinGate, which have been and continue to be successful.
I just noticed that with the WinGate firewall turned on to "low", I am now unable to ping the Internet by address from my clients. Attempts to do so seem to result in being deemed as "Spoof Attempt" by the WinGate firewall.
Regards,
Rimas
P.S. None of this affects attempts to ping the Internet (either by name or by address) directly from the machine running WinGate, which have been and continue to be successful.
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
by adrien » Oct 28 05 8:43 am
If you are behind a NAT/router, you are probablybest to set the adapter type to Internal, since there will be a few things that are blocked by default (such as outbound NetBIOS name lookups etc).
So are you running another firewall on the server? We have had problems with this in the past.
The firewall hits you are seeing proves that the clients are sending the requests to the right place, so if they aren't being answered, there are only 2 more links in the chain.
1. That WinGate is even receiving the requests. Do any DNS requests show up in the GateKeeper Activity screen, or in the history or DNS server log files?
2. That WinGate is able to fulfil the queries by in turn querying an up-stream DNS server.
I suspect the first one.
With WinGate stopped, if you go to a command prompt, type
netstat -an
do you see any UDP sockets on port 53? I'm wondering if something else is running on that port.
Adrien
So are you running another firewall on the server? We have had problems with this in the past.
The firewall hits you are seeing proves that the clients are sending the requests to the right place, so if they aren't being answered, there are only 2 more links in the chain.
1. That WinGate is even receiving the requests. Do any DNS requests show up in the GateKeeper Activity screen, or in the history or DNS server log files?
2. That WinGate is able to fulfil the queries by in turn querying an up-stream DNS server.
I suspect the first one.
With WinGate stopped, if you go to a command prompt, type
netstat -an
do you see any UDP sockets on port 53? I'm wondering if something else is running on that port.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by rimas » Oct 28 05 9:26 am
Adrien,
Thanks for the prompt response (and some clarification on the internal/external setting).
re: running another firewall on the server, well, I am not dead set against switching from the Zone Labs Integrity Desktop to the WinGate firewall, but as I said before, during the trial period I was running successfully w/ the Zone Labs firewall ON and the WinGate firewall OFF.
re: your response, don't "The firewall hits you are seeing proves that the clients are sending the requests to the right place" and "1. That WinGate is even receiving the requests." contradictory?!? I mean, if I see hits in the WinGate firewall, then WinGate is obviously receiving the requests. Unless we are distinguisihing WinGate firewall from WinGate DNS service...
In any case, to answer question #1, no, since the expiration of my trial license I have not seen any DNS requests show up in the GateKeeper Activity screen, or in the Histrory screen, or in the DNS server log files. All I see in the log files are things like this:
(yes, I know that these are from yesterday)
As for the output of netstat -an when WinGate is stopped, here it is...
Finally, I doubt the problem is #2 since from a command prompt on the box running WinGate I am able to resolve names no problem...
Cheers,
Rimas
Thanks for the prompt response (and some clarification on the internal/external setting).
re: running another firewall on the server, well, I am not dead set against switching from the Zone Labs Integrity Desktop to the WinGate firewall, but as I said before, during the trial period I was running successfully w/ the Zone Labs firewall ON and the WinGate firewall OFF.
re: your response, don't "The firewall hits you are seeing proves that the clients are sending the requests to the right place" and "1. That WinGate is even receiving the requests." contradictory?!? I mean, if I see hits in the WinGate firewall, then WinGate is obviously receiving the requests. Unless we are distinguisihing WinGate firewall from WinGate DNS service...
In any case, to answer question #1, no, since the expiration of my trial license I have not seen any DNS requests show up in the GateKeeper Activity screen, or in the Histrory screen, or in the DNS server log files. All I see in the log files are things like this:
- Code: Select all
10/26/05 11:55:33 Configuration changed
10/26/05 11:56:36 Configuration changed
10/26/05 17:22:14 Configuration changed
10/26/05 17:23:39 Service stopped
10/26/05 17:24:04 Service started successfully
10/26/05 17:27:20 Configuration changed
10/26/05 17:43:39 Configuration changed
(yes, I know that these are from yesterday)
As for the output of netstat -an when WinGate is stopped, here it is...
- Code: Select all
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1040 0.0.0.0:0 LISTENING
TCP 192.168.0.100:139 0.0.0.0:0 LISTENING
TCP 192.168.0.100:139 192.168.0.3:2479 ESTABLISHED
TCP 192.168.0.100:139 192.168.0.101:2521 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1064 *:*
UDP 0.0.0.0:2967 *:*
UDP 0.0.0.0:9370 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.0.100:123 *:*
UDP 192.168.0.100:137 *:*
UDP 192.168.0.100:138 *:*
UDP 192.168.0.100:1900 *:*
Finally, I doubt the problem is #2 since from a command prompt on the box running WinGate I am able to resolve names no problem...
Cheers,
Rimas
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
by adrien » Oct 28 05 4:26 pm
Hi
The packets hitting the firewall mean they are going to the right place, but the firewall blocks things right at the bottom of the network stack, and the DNS server is a few layers up. If something is blocking the packets in between the WinGate firewall and the DNS service in WinGate, then that will stop it working, and would cause the symptoms you are seeing.
things such as other firewalls can do this.
Did you re-install WinGate originally? Just wondering why you lost all the settings from the trial, and also wondering whether there is some sort of load-ordering issue going on with the other firewall.
You aren't running windows firewall as well are you?
Does your other firewall show any activity?
As for your other question. Not sure why you would see anything except a firewall hit. Normally no Nat will happen without more than one interface.
Adrien
The packets hitting the firewall mean they are going to the right place, but the firewall blocks things right at the bottom of the network stack, and the DNS server is a few layers up. If something is blocking the packets in between the WinGate firewall and the DNS service in WinGate, then that will stop it working, and would cause the symptoms you are seeing.
things such as other firewalls can do this.
Did you re-install WinGate originally? Just wondering why you lost all the settings from the trial, and also wondering whether there is some sort of load-ordering issue going on with the other firewall.
You aren't running windows firewall as well are you?
Does your other firewall show any activity?
As for your other question. Not sure why you would see anything except a firewall hit. Normally no Nat will happen without more than one interface.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by rimas » Oct 29 05 3:16 am
Hi Adrien!
Thanks for your persistence in helping me diagnose my problem, which is now resolved and everything is running just as it was during the trial period...
Well, I wasn't... at least not intentionally... But when I looked this morning, sure enough, the Windows firewall was turned on for some reason... I'm not quite sure how that happened... In any case, I turned off the Windows firewall and all was back to the way it was before. Interesting that the Windows firewall being on did not hinder my server from acting as a client, only from acting as a server...
Anyway, as I said before, thanks for all your help!
Regards,
Rimas
Thanks for your persistence in helping me diagnose my problem, which is now resolved and everything is running just as it was during the trial period...
adrien wrote:You aren't running windows firewall as well are you?
Well, I wasn't... at least not intentionally... But when I looked this morning, sure enough, the Windows firewall was turned on for some reason... I'm not quite sure how that happened... In any case, I turned off the Windows firewall and all was back to the way it was before. Interesting that the Windows firewall being on did not hinder my server from acting as a client, only from acting as a server...
Anyway, as I said before, thanks for all your help!
Regards,
Rimas
- rimas
- Posts: 13
- Joined: Oct 27 05 5:46 am
14 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 4 guests