Microsoft Security Bulletin MS14-066 – Critical November 11, 2014

Microsoft has released a critical patch via Windows Update that seals up a vulnerability that affects every modern version of Windows, including Windows Server 2003/2008/2012, Vista, 7, 8, 8.1, and Windows RT. 1

The patch, dubbed MS14-066, shores up a hole that would have allowed an attacker to remotely trigger code on your machine using specially crafted packets. Microsoft says they don’t know of any exploits that have actually used this, but it’s still a good idea to get the patch installed before there’s a problem. This isn’t too different from any other security patch, but the sheer number of machines affected means it’s good to make sure your system is up to date. You can grab the patch from Windows Update right now.

Published: November 11, 2014

Version: 1.0

This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.

For more information about this update, see Microsoft Knowledge Base Article 2992611.

The following software has been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Affected Software

Operating System Maximum Security Impact Aggregate Severity Rating Updates Replaced
Windows Server 2003
Windows Server 2003 Service Pack 2
(2992611)
Remote Code Execution Critical 2655992 in MS12-049
Windows Server 2003 x64 Edition Service Pack 2
(2992611)
Remote Code Execution Critical 2655992 in MS12-049
Windows Server 2003 with SP2 for Itanium-based Systems
(2992611)
Remote Code Execution Critical 2655992 in MS12-049
Windows Vista
Windows Vista Service Pack 2
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows Vista x64 Edition Service Pack 2
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows Server 2008 for x64-based Systems Service Pack 2
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows Server 2008 for Itanium-based Systems Service Pack 2
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
(2992611)
Remote Code Execution Critical 2982378 inSA2871997
Windows 7 for x64-based Systems Service Pack 1
(2992611)
Remote Code Execution Critical 2982378 inSA2871997
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(2992611)
Remote Code Execution Critical 2982378 inSA2871997
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(2992611)
Remote Code Execution Critical 2982378 inSA2871997
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems
(2992611)
Remote Code Execution Critical 2868725 inSA2868725
Windows 8 for x64-based Systems
(2992611)
Remote Code Execution Critical 2868725 inSA2868725
Windows 8.1 for 32-bit Systems
(2992611)
Remote Code Execution Critical None
Windows 8.1 for x64-based Systems
(2992611)
Remote Code Execution Critical None
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
(2992611)
Remote Code Execution Critical 2868725 inSA2868725
Windows Server 2012 R2
(2992611)
Remote Code Execution Critical None
Windows RT and Windows RT 8.1
Windows RT[1]
(2992611)
Remote Code Execution Critical 2868725 inSA2868725
Windows RT 8.1[1]
(2992611)
Remote Code Execution Critical None
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(2992611)
Remote Code Execution Critical 2207566 in MS10-085
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(2992611)
Remote Code Execution Critical 2982378 inSA2871997
Windows Server 2012 (Server Core installation)
(2992611)
Remote Code Execution Critical 2868725 inSA2868725
Windows Server 2012 R2 (Server Core installation)
(2992611)
Remote Code Execution Critical None

[1]This update is available via Windows Update only.

Does this update contain any additional security-related changes to functionality?
Yes. In addition to the changes that are listed in the Vulnerability Information section of this bulletin, this update includes changes to available TLS cipher suites. This update includes new TLS cipher suites that offer more robust encryption to protect customer information. These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication.

New Cipher Suites FIPS mode enabled Protocols Exchange Encryption Hash
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2 DH AES SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2 DH AES SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2 RSA AES SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2 RSA AES SHA256

Severity Ratings and Vulnerability Identifiers

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the November bulletin summary.

Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Affected Software Microsoft Schannel Remote Code Execution Vulnerability – CVE-2014-6321 Aggregate Severity Rating
Windows Server 2003
Windows Server 2003 Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2003 x64 Edition Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2003 with SP2 for Itanium-based Systems
(2992611)
Critical
Remote Code Execution
Critical
Windows Vista
Windows Vista Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows Vista x64 Edition Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008 for x64-based Systems Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008 for Itanium-based Systems Service Pack 2
(2992611)
Critical
Remote Code Execution
Critical
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
(2992611)
Critical
Remote Code Execution
Critical
Windows 7 for x64-based Systems Service Pack 1
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(2992611)
Critical
Remote Code Execution
Critical
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems
(2992611)
Critical
Remote Code Execution
Critical
Windows 8 for x64-based Systems
(2992611)
Critical
Remote Code Execution
Critical
Windows 8.1 for 32-bit Systems
(2992611)
Critical
Remote Code Execution
Critical
Windows 8.1 for x64-based Systems
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2012 R2
(2992611)
Critical
Remote Code Execution
Critical
Windows RT and Windows RT 8.1
Windows RT
(2992611)
Critical
Remote Code Execution
Critical
Windows RT 8.1
(2992611)
Critical
Remote Code Execution
Critical
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2012 (Server Core installation)
(2992611)
Critical
Remote Code Execution
Critical
Windows Server 2012 R2 (Server Core installation)
(2992611)
Critical
Remote Code Execution
Critical

Microsoft Schannel Remote Code Execution Vulnerability – CVE-2014-6321

A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

FAQ

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run arbitrary code on a target server.

How could an attacker exploit the vulnerability?
An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server.

What systems are primarily at risk from the vulnerability?
Server and workstation systems that are running an affected version of Schannel are primarily at risk.

For Security Update Deployment information, see the Microsoft Knowledge Base article “Microsoft Security Bulletin MS14-066 – Critical” in the Executive Summary.

Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure. See Acknowledgments for more information.

The information provided in the Microsoft Knowledge Base is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

  • V1.0 (November 11, 2014): Bulletin published.
Sources:

Install Workstation on an openSUSE 11 host

Overview of Steps to Install Workstation on an openSUSE 11 host

To install Workstation on an openSUSE 11 host:

  1. Install the required package dependencies.
  2. Install VMware Workstation.
  3. Change the run level of the vmware startup script
  4. Reboot the host.

Detailed Steps:

Installing the required package dependencies

During the default installation of the Operating System, the other required tools or packages are not installed. You must use software management to download and install the other required tools before installing VMware Workstation.

To install the required package dependencies in OpenSUSE 11.0 – 11.1:

  1. Click Application Launcher.
  2. Click Computer.
  3. Click Install/Remove Software.
  4. Type kernel-source in the search box and click Search.
  5. Select the checkbox next to kernel-source. This selects the package for installation.

Repeat Steps 4 and 5 for these packages:

kernel-syms

make

gcc

6. After selecting all of the required packages, click Accept.

To install the required package dependencies in OpenSUSE 11.2:

  1. Click Computer.
  2. Click Install Software.
  3. Type kernel-source in the search box.
  4. Select kernel-source.
  5. Click Install.

Repeat Steps 4 and 5 for these packages:

kernel-syms

make

gcc

6. Click Apply.

Installing VMware Workstation

To install VMware Workstation:

  1. Open a command prompt. For more information, see Opening a command or shell prompt (1003892).
  2. Run these commands:

cd Downloads

sudo sh VMware-Workstation-*

Notes:

These commands assume that you have downloaded VMware Workstation into your Downloads folder and there is only a single copy of VMware Workstation in your Downloads folder.

If you have more than one copy of the VMware Workstation bundle in your Downloads folder or the folder you are executing from, include the full name of the file and remove the* in the above command.

Workstation prompts you to reboot when the installation finishes.

Changing the run level of the VMware startup script

After installing and rebooting VMware Workstation, the startup script does not start and, therefore, you cannot start the virtual machines. To resolve this issue, change the run level of the VMware startup script. For more information, see VMware Workstation fails to load when restarting a SUSE Linux host after the initial installation (1007454).

Rebooting the host machine

After changing the run level of the startup script, reboot your host machine so that the startup script runs and the application is added to the Application Launcher.

Visit the VMWare Knowledge Base for more information:

https://kb.vmware.com/s/article/1026369

How to Disable Incognito Mode in Chrome

Here is how to disable Incognito Mode in Chrome for both Windows and Mac OS X.

What Is Incognito Mode?

Incognito Mode in Chrome is Google’s implementation of private browsing. Users can activate this mode and surf the internet without Chrome recording any cookies, usernames, passwords, or history. This can be a concern for parents because it could allow children to view pornography or other inappropriate material without leaving behind any traces. Incognito Mode in Chrome is similar to Private Browsing in Firefox and InPrivate Browsing in Internet Explorer.

Incognito Mode can be disabled in Google Chrome in Windows by editing the registry. It can be disabled in Mac OS X by editing the Chrome property list file.

How To Disable Incognito Mode In Windows

First, open the registry editor:

  1. Open the Start menu
  2. In the search box, type “regedit”
  3. A program called regedit.exe will appear, click on this
  4. If a warning comes up click Yes

Next, navigate to the Policies key:

  1. Start by double clicking on “Computer”
  2. Then, double click on “HKEY_LOCAL_MACHINE”
  3. Next, double click on “SOFTWARE”
  4. Finally, double click on “Policies”

Next, create a new entry called IncognitoModeAvailability:

  1. Right-click on “Policies” and select New >> Key
  2. Enter “Google” (without the quotes) as the name of the key
  3. Right-click on “Google” and select New >> Key
  4. Enter “Chrome” (without the quotes) as the name of the key
  5. Right-click on “Chrome” and select New >> DWORD (32-bit) Value
  6. Enter “IncognitoModeAvailability” (without the quotes) as the name
  7. Right-click on “IncognitoModeAvailability” and select “Modify…”
  8. Type a 1 in the “Value Data” text box
  9. Click OK and exit the Registry Editor program
  10. Restart Google Chrome and now if you open the settings menu, the “New incognito window” option will be disabled.

How To Disable Incognito Mode In Mac OS X

The file that needs to be edited is located at “/Users//Library/Preferences/com.google.Chrome.plist”. Normally the contents of the user’s Library folder are kept hidden to prevent accidental changes. To open the folder:

  1. Switch to the Finder application. You will know you have selected the Finder application when the bold word next to the Apple logo at the top-left of the screen says “Finder”. You can either click anywhere on the Desktop or select the left-most icon in the Dock, to switch to Finder.
  2. From the top menu, click “Go”, then “Go to Folder…”
  3. Paste in the following and press Go: “~/Library/Preferences” (without quotes)

The file to edit is called “com.google.Chrome.plist”. You will need to download a text editor program to make changes to this file; TextEdit, a program that comes with Mac OS X, will not work. An easy-to-use and free program that will work is TextWrangler.

Once you have a text editor program installed, open the file:

  1. Right-click on the file named “com.google.Chrome.plist” and select “Open With…”, then “Other” at the bottom.
  2. Locate and select your text editor program.
  3. The file will open within your program.

The last two lines of the file should currently be:

You will need to insert the following lines before these:

IncognitoModeAvailability
1

After the change, the last four lines should look like this:

IncognitoModeAvailability
1

Explanation: the IncognitoModeAvailability policy has three possible settings:

  • 0 = Incognito mode available
  • 1 = Incognito mode disabled
  • 2 = Incognito mode forced

Make sure Chrome is quit before saving. Even if all Chrome windows are closed, Chrome can still be running in the background. You will know if Chrome is quit if there is no glowing dot beneath Chrome’s logo in the Dock, or if Chrome’s logo is not in the Dock.

It might happen that, as you reopen the .plist after saving and closing, the last lines of the .plist file do not include your edit anymore. Before concluding that your edit failed, checked the rest of the file (in particular the first lines after ). It may be that the code has been reorganized and that your insertion has been moved somewhere else. This should not alter the effectiveness of the process.

Once you save the file, you can re-open Chrome. You will notice that if you click “File” in the top menu bar, the “New Incognito Window” option will be disabled. Notice that you might need to restart your system for the modification to be effective.

How to Disable Private Browsing in Firefox

What if you want to check your kid’s browsing history, but you can’t trace all the pages because they had Private Browsing on while they were surfing the Internet?

Notice: The following instructions will make it more difficult to enable private browsing, but not impossible. Additionally, it is easy to delete recent browsing history even without private browsing enabled. If you want to track internet activity more thoroughly, consider using software for your router. As always, being open and having a good relationship with your children is paramount, such that such measures function as a precaution, and not the main recourse.

How Do You Disable Private Browsing in Firefox?

Mozilla applications (such as Firefox) allow you to change the applications interface look by editing a file called userChrome.css. This file will be located in your profile folder. If it doesn’t exist you can create it manually or you can copy a file called userChrome-example.css and rename it to userChrome.css. It should be under

C:\\Users\\[User]\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\[random string].default\\chrome\\

Open the file on any text editor. Copy and paste the following lines after @namespace

/* Hide Private Browsing in App menu and Tools menu */
#appmenu_privateBrowsing, #privateBrowsingItem {display:none!important;}
/* Hide Sanitize item in App menu and Tools menu */
#appmenu_sanitizeHistory, #sanitizeSeparator, #sanitizeItem {display:none!important;}

Now Firefox will not have the option to start a Private Browsing session.

How to Make Changes to OpenDNS Take Effect

If you have applied changes to the OpenDNS Filter for your network, then your users will most likely have to flush their DNS cache in order for the changes to take effect.

If a user has not yet been to a blocked website during the time they have been using the internet, then when the site is blocked in OpenDNS it will be blocked without needing to flush the terminal’s DNS cache.

However, if for example you have just blocked Facebook.com on your network, and a user has already navigated to that web page, and has not restarted their machine or closed their browser, then they will continue to be able to access Facebook.com until the DNS cache for that machine has been flushed.

How to flush DNS cache in Linux / Windows / Mac

To flush DNS cache in Microsoft Windows (Win XP, Win ME, Win 2000):

  1. Start -> Run -> type cmd
  2. In command prompt, type ipconfig /flushdns
  3. Done! You Window DNS cache has just been flushed.

To flush the DNS cache in Linux, restart the nscd daemon:

  1. To restart the nscd daemon, type /etc/rc.d/init.d/nscd restart in your terminal
  2. Once you run the command your linux DNS cache will flush.

To flush the DNS cache in Mac OS X Leopard:

  1. Type lookupd -flushcache in your terminal to flush the DNS resolver cache.
    ex: bash-2.05a$ lookupd -flushcache
  2. Once you run the command your DNS cache (in Mac OS X) will flush.

To flush the DNS cache in Mac OS X:

  1. Type dscacheutil -flushcache in your terminal to flush the DNS resolver cache.
    ex: bash-2.05a$ dscacheutil -flushcache
  2. Once you run the command your DNS cache (in Mac OS X Leopard) will flush.

For more information, visit the following website:

https://sites.google.com/a/maine.edu/opendns/home/filtersettings/how-to-make-changes-to-opendns-take-effect

Solution: Windows not indexing Google Drive folder for easy search though the start menu

This fix works for all versions of Windows (Windows 7, 8, 8.1, and 10).

Go to the actual folder in its C:\Users\\Google Drive\  (NOT the Google Drive folder listed under ‘FAVOURITES’ which is a shortcut).

Right click ‘Google Drive’ > Security tab > Advanced > Click your username (mine showed ) > Click ‘Change Permissions’ > Check the ‘Include inheritable permissions…’ box > Click ok.

Search indexing of Google Drive should then begin in the background.

After changing these settings in an offending Windows 7 computer, indexing happened almost immediately.

For more information, check out Google’s product forum:

https://productforums.google.com/forum/#!topic/drive/5EPuLuwmLGI

QuickBooks Pro / Enterprise on a Domain Controller – Not going into Multi-User Mode

Hey everyone,

We found an issue with QuickBooks Pro or Enterprise running on a Domain controller and have found a fix for us.

After scouring the web for information, we couldn’t find a solution that was easy and worked repeatedly.  The problem is the QB Database service conflicts the DNS Server service which is required to run active directory in a single server environment.

Typically a quick fix was to stop the DNS Server service, then start the QuickBooksDB service. Ultimately, to fix the issue, change the QuickBooks service “Log On” from “./QBDataServicesUser” to “Local System” and check Allow service to interact with desktop. Once you have done this, it should start without issue.  Hope it works for you!

Here is how we fixed it:

The client was unable to open QuickBooks in multi-user mode on local pc from the database on the server, logged into their server and found the Quickbooks Database Server Manager was not running.

When I clicked the “start scan” button it said it could not start the services QuickBooksDB. So I logged into the services manager and tried to start the QuickBooksDB27 service manually. It would start but turn off immediately. This was the third version installed on the PC; the first version was QuickBooks 2015, then QuickBooks 2016, then QuickBooks 2017.

QuickBooksDB25 was “Log on as” .\QBDataServiceUser25, then QuickBooks 16 was “Log on” as Local System account, QuickBooks 2017 went back to “Log on” as ./QBDataServeicesUser27.

Since the QBDBMgrN.exe is looking for permission to from QuickBooksDB27 to start and the service would not start because it was using the same ports as DNS, I changed the “Log On” from “This account” to “Local System account” and checked “Allow service to interact with desktop,” clicked apply then OK.

Then, I went back to services on QuickBooksDB27, clicked “start the service” and the services started right up. I went back to the QuickBooks Database Server Manager and clicked the “start scan” button. This time it scanned the files and started the Quickbooks Database Server Manager and the user was able to log into QuickBooks on a local machine and switch to Multi-User Mode.

This is the second client I’ve had to do this for and it has worked without any more issues.

(Solved) Fix SoftPro 360 on Roaming Profile with Folder Redirection

SoftPro 360 is NOT designed to work on a roaming profile with folder redirection.  This article applies to those who have made their roaming profiles redirect their AppData folder.

The SoftPro 360 only installs to the local profile and not a server roaming profile.  It is assumed if SoftPro 360 gets hung up on data retrieval, it will freeze up SoftPro 360 and stop it from communicating with the server.

One of the commonly shared symptoms is the SoftPro login will say it cannot communicate with the server.  The SoftPro 360 folder may randomly disappear from either the local AppData folder or the Roaming AppData folder.  Upon reinstallation of SoftPro 360, it will appear to work correctly, but the symptoms stay the same.

The only way to reinstall properly is by removing the SoftPro 360 folders from the local and the roaming profiles.  Then, reinstall with admin privileges.  This is not a permanent fix but will make SoftPro 360 work again until the next glitch.

If you have a roaming profile which needs to have the software reinstalled, the following are the steps to make it work.

1.  Follow the path to %temp% which will give you the local profile
2.  Once in the local profile, navigate to the local/appdata folder, delete the 360 folder
3.  After the local folder is deleted, go to the server’s roaming profile \\server\profiles$\whoever and remove the 360 folder from the AppData folder
4.  Install with elevated privileges.  If the installation works correctly, you should see a command prompt pop up for a second.

How to turn off sound in Starcraft & Starcraft BroodWar

I was feeling a bit nostalgic and decided to play a game or two of the old Starcraft Broodwar. I don’t like in-game music much so I tried to find a way to turn off the background music. After scouring the internet, no one had an answer. I guessed a few things and tried CTRL S. It turned off the sound effects but not the music. Going off of my latest guess, I tried CTRL-M which turned the background music off. I thought I would post this here to help some of you all with the same issue. GL!

Turn off in-game sounds:

CTRL-S

Turn off in-game music:

CTRL-M

SOLVED – Company Website works on the web but not in my local network

If you have the issue where your website is showing up everywhere except for your local network, check out the following information.
The issue is your server was once set up to either host e-mail, like Exchange, or your website.  Now it is not hosting your website and you need to point your local DNS to the new IP address of the web server hosting your website.
To test this theory, you can easily change the HOSTS file in a computer on the network to point to the IP address of the web host.

How to Change the Host File:

To fix the issue network-wide, you have to change the DNS in the Domain Controller to point the domain to the actual external IP address of the web host.

How To Change the DNS:

  1. Go to the server that handles your DNS
  2. Open DNS manager
  3. Expand the server, Expand the Forward Lookup Zones
  4. Make sure that you have a zone called: yourdomain.com. If not, create it.
  5. Expand the zone
  6. Check to verify that you have two records;  An A record without anything and an A record with www.
The A record without anything will work for http://yourdomain.com
The A record with the www will work for http://www.yourdomain.com
Both of these records should point to your web host’s IP address.
Note: you do not have to check the box to create a reverse lookup as you do not host it on a local machine.
  1. Propagate the changes to other DNS if they exist and you are done.
  2. To be on the safe side, right-click the server and select Clear Cache.
  3. Then the clients need to run “ipconfig /flushdns” in cmd line

I would do it in the servers too to check.