Network Connection

Discussion in 'Server Networking' started by Zak, May 8, 2009.

  1. Zak

    Zak Guest

    Hello

    Please can you assit with following:

    From last December I have been experiencing network connection problem on my
    network using Server 2003 and Exchange 2003 SP2. At first the problem
    occured once in a while but after a month it started to happen more often.
    These problems included outlook connecting and disconnecting, slow logon to
    client, delays in accesing shared drives, delayed wirte to our account system
    which is shared from the server and lost is connection to remote desktop. I
    upgraded
    the server to SP2 and install the updated to disable the SNP and the TCP
    Offload, this solved the problem for a short while.

    In March this year the errors reappeared, this time the problems were
    resolved by running netdiag /fix and ipconfig /flushdns.

    On Monday I had to shut down the server due to power failure which lasted
    longer that UPS battery and we booted the sever up on Tuesday morning the
    problem reoccured. I have ran the netdiag /fix again and all that have happen
    is the we experience the problem for about 30min about 4 to 5 times a day.
    These problem are been experienced by all out client pc some with Vista and
    the rest with XP.
     
    Zak, May 8, 2009
    #1
    1. Advertisements

  2. Hello Zak,

    For the clients make sure that you use following policy to prevent logon
    with cached credentials:
    Computer Configuration\Administrative Templates\System\Logon "Always wait
    for network at computer startup and logon"

    Additional post an unedited ipconfig /all from the DC/DNS server and a problem
    machine so we can exclude DNS configuration problems.

    You should also make sure on all machines that the latest SP and patches
    are installed.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], May 8, 2009
    #2
    1. Advertisements

  3. Zak

    Zak Guest

    Hello Meinolf

    I have check the clients PC and enabled the "Always wait for network at
    computer startup and logon". All PC have the latest SP, the last update was
    run on the 14/04/2009 and all the PCs are 100% up to day according to the
    WSUS.

    I am going to run another update this weekend and below are the IPconfig,
    first one is from the DC/DNS and the second from my PC:

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : anza-server1
    Primary Dns Suffix . . . . . . . : ANZA.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : ANZA.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : ANZA.local
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-15-17-26-67-88
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.1
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.2
    DNS Servers . . . . . . . . . . . : 192.168.0.1

    C:\Documents and Settings\Administrator>

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Zakaria.ANZA>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : anza2
    Primary Dns Suffix . . . . . . . : ANZA.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : ANZA.local
    ANZA.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : ANZA.local
    Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
    Physical Address. . . . . . . . . : 00-1A-4D-22-12-76
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.0.10
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.2
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.1
    Primary WINS Server . . . . . . . : 192.168.0.1
    Lease Obtained. . . . . . . . . . : 08 May 2009 08:11:40 AM
    Lease Expires . . . . . . . . . . : 09 May 2009 08:11:40 AM

    C:\Documents and Settings\Zakaria.ANZA>
     
    Zak, May 8, 2009
    #3
  4. Hello Zak,

    The ipconfig output looks ok. For the policy run gpupdate /force on the client,
    reboot or wait the refresh time which can be between 90-120 minutes.

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], May 8, 2009
    #4

  5. Are there any event log errors on the DCs or clients?
    What apps and services are installed on the DC?
    What AV are you using?


    Usually hardware is the last thing we think of. But in this case, I must
    ask, how is the switch? Have you tried changing the port the server is
    plugged in to? How about the Exchange server? Change ports, too, or is that
    installed on the DC (not recommended due to performance conflicts and drive
    controller settings differences between the DC's requirements and changes it
    makes to the controller, and Exchange's requirements).

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer


    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    "Efficiency is doing things right; effectiveness is doing the right
    things." - Peter F. Drucker
    http://twitter.com/acefekay
     
    Ace Fekay [Microsoft Certified Trainer], May 8, 2009
    #5
  6. Zak

    Zak Guest

    Hello Meinolf

    I have updated the clients and the server this weekend, and also updated the
    group policy on all the clients. And My Problems still exists.

    Ace, currently we are using Symantec EndPoint MR3, I have checked the
    Hardware, I have replaced the switch, changed ports on the switch and server,
    used teh second available network point and othing resolved the problems.
    Also we currntly only have one server and we are five users. The server is
    our DC and has Exchange, WSUS 3.0 SP1 and our Accounting software.

    I have checked the error log, the client have no error and I found the
    following on the server. These error start around the time I began to
    experiencing the problem last year till when I repaired the DNS last month.
    Before and after that there are no errors.

    Error 4521

    Event Type: Warning
    Event Source: DNS
    Event Category: None
    Event ID: 4521
    Date: 2009/04/16
    Time: 05:41:17 PM
    User: N/A
    Computer: ANZA-SERVER1
    Description:
    The DNS server encountered error 32 attempting to load zone Internet from
    Active Directory. The DNS server will attempt to load this zone again on the
    next timeout cycle. This can be caused by high Active Directory load and may
    be a transient condition.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    Error 4004

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 4004
    Date: 2009/04/04
    Time: 10:32:11 PM
    User: N/A
    Computer: ANZA-SERVER1
    Description:
    The DNS server was unable to complete directory service enumeration of zone
    ANZA.local. This DNS server is configured to use information obtained from
    Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat
    enumeration of the zone. The extended error debug information (which may be
    empty) is "". The event data contains the error.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 2a 23 00 00 *#..

    Error 4015

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 4015
    Date: 2009/04/04
    Time: 10:32:11 PM
    User: N/A
    Computer: ANZA-SERVER1
    Description:
    The DNS server has encountered a critical error from the Active Directory.
    Check that the Active Directory is functioning properly. The extended error
    debug information (which may be empty) is "". The event data contains the
    error.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 51 00 00 00 Q...

    Error 6702

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 6702
    Date: 2008/11/18
    Time: 03:41:38 PM
    User: N/A
    Computer: ANZA-SERVER1
    Description:
    DNS server has updated its own host (A) records. In order to ensure that
    its DS-integrated peer DNS servers are able to replicate with this server, an
    attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error
    code.

    If this DNS server does not have any DS-integrated peers, then this error
    should be ignored.

    If this DNS server's Active Directory replication partners do not have the
    correct IP address(es) for this server, they will be unable to replicate with
    it.

    To ensure proper replication:
    1) Find this server's Active Directory replication partners that run the DNS
    server.
    2) Open DnsManager and connect in turn to each of the replication partners.
    3) On each server, check the host (A record) registration for THIS server.
    4) Delete any A records that do NOT correspond to IP addresses of this
    server.
    5) If there are no A records for this server, add at least one A record
    corresponding to an address on this server, that the replication partner can
    contact. (In other words, if there multiple IP addresses for this DNS
    server, add at least one that is on the same network as the Active Directory
    DNS server you are updating.)
    6) Note, that is not necessary to update EVERY replication partner. It is
    only necessary that the records are fixed up on enough replication partners
    so that every server that replicates with this server will receive (through
    replication) the new data.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 2a 23 00 00 *#..
     
    Zak, May 11, 2009
    #6
  7. Hello Zak,

    What is the zone "internet" in event id 4521? Make sure your server and clients
    are registered correct in the ANZA.local zone. Are the servers DHCP client
    services set to automatic and are started? Needed for correct DNS registration/update.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], May 11, 2009
    #7
  8. I am curious as Meinolf, what is the zone called "Internet" that the error
    message is indicating?

    Also, how is your Forwarder setup? What is it pointing to?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], May 11, 2009
    #8
  9. Zak

    Zak Guest

    The zone call internet was a mistake and has no configuration on it.

    Basically when configured by very first Server 2003 as a DC for a client
    some years back, I had no internet connectivity so I added the ISP DNS IPs on
    to the DHCP and distributed them to the Clients PCs and I had internet. So
    everytime I setted up a new server if I had no internet connection I would
    distribute the ISP DNS using DHCP.

    Now if you go back to my orginal post I mentioned about a month ago I
    repairded the DNS on my server which resolved the problem. I repaired the DNS
    becaued my server was setup in the same manner using DHCP to distribut the
    ISP DNS to our clients for internet and while searching on the internet I
    found a few KBs which said that the ISP DNS IP needed to be in a forwarded.

    I have read a few KBs about configuring a DNS for internet AD and clients
    etc and I followed http://support.microsoft.com/kb/323380/en-us

    I removed the ISP DNS from the DHCP and I started at step 3 of the KB hence
    the internet zone. Thats how there is an internet zone. It is a primary zone
    and I tried to delete it but I could not find it.

    The forwarder has both the ISP DNS IPs only, also all the PCs are registered
    to the correct ANZA.local. and the DHCP services is set to automatic and
    started.
     
    Zak, May 11, 2009
    #9
  10. Hello Zak,

    Step 3 is for configuring the basic DNS setting in your domain. So in your
    case it has been ANZA.local. So remove the "internet" zone if exist, there
    is no need for.

    If you have removed the "." (root) zone you can configure the forwarders
    with the ISP/s DNS server. And as you said the domain machines should only
    use the domain DNS server, this one forwards all request it can not answer
    to the ISP's DNS server.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], May 11, 2009
    #10
  11. Zak

    Zak Guest

    Hello Meinolf

    I have had a look at the DNS, and there is not dot zone.

    When I expand the Forward Lookup Zone all I have is _msdcs.Anza.local and a
    Anza.local.
     
    Zak, May 11, 2009
    #11
  12. Hello Zak,

    Did you also check the other parts i asked in my previous posting, registration
    in the zone and DHCP client service set to automatic and started?

    Any reverse lookup zone in use on the DNS server?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], May 11, 2009
    #12
  13. Zak

    Zak Guest

    Hello Meinolf

    Yes I did check the previous pary, all the clients are registred to
    Anza.local and the DHCP is set to automatic and startered.

    On the reverse lookup zones I have one folder call 192.168.0.x Subnet,
    inside there i a few item including a SOA and NS pointing to the server name
    and few with ip address, which are pointers which is point to the clients.
    Each PC appers there once but one of the Notebooks are there 4 times with
    different IPs. This Notebook normally connects wireless.
     
    Zak, May 11, 2009
    #13
  14. The multiple entries are because the DHCP server cannot remove the entries. You can set credentials on the DHCP server (DHCP server properties, last tab, credentials button), so the DHCP server will be able to update the current record instead of creating a new one. Also set scavenging to scavenge (remove) old entries.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], May 12, 2009
    #14
  15. Zak

    Zak Guest

    Hello

    I have enabled credential on the DHCP server and set scavenging to scacenge
    old entries.

    So far the problems still exists but they are appearing less often. So far
    today we only experienced the problems once.
     
    Zak, May 12, 2009
    #15

  16. You will need to manually delete the old records, too. After that, scavenging should take effect moving forward.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], May 13, 2009
    #16
  17. Zak

    Zak Guest

    Hello Ace

    I have deleted the old records.
    The problems still exist.
     
    Zak, May 13, 2009
    #17

  18. THe slow connectivity and disconnects would not seem to be caused by DNS and DHCP, based on your settings. The scavenging and credentials changes just makes sure taht the client records remain fresh.

    As for the disconnects, that needs to be addressed specifically. Do you see any Event log errors on the clients and DC(s) - (only one DC?)?

    How many users do you have?
    What AV solution is being used?
    Does this occur just while on the network or remote VPN clients as well (if you are using VPN)?
    What age and condition is the switch in?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], May 13, 2009
    #18
  19. Zak

    Zak Guest

    Hello Ace

    How many users do you have? We have 4 users, 4PC (1 with Vista, 3 with XP)
    2 Notebooks (XP)
    What AV solution is being used? Symantec EndPoint Protection 11.0 MR3
    Does this occur just while on the network or remote VPN clients as well (if
    you are using VPN)? We don't have any VPN Clients and problem occures on all
    the network clients.
    What age and condition is the switch in? The swicth is about 2 or 3 months
    old. I The previous switch was about 6 months old when I replaced it as i
    thought it was Hardware problem. Both switch are 3Com 10/100/1000 unmanaged.

    Here with are the error log from one of the clients, there are no error on
    the DC at the same time:

    Event Type: Information
    Event Source: Outlook
    Event Category: None
    Event ID: 26
    Date: 2009/05/13
    Time: 01:59:27 PM
    User: N/A
    Computer: ANZA2
    Description:
    Connection to Microsoft Exchange has been lost. Outlook will restore the
    connection when possible.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    Event Type: Information
    Event Source: Outlook
    Event Category: None
    Event ID: 26
    Date: 2009/05/13
    Time: 01:59:27 PM
    User: N/A
    Computer: ANZA2
    Description:
    Connection to Microsoft Exchange has been restored.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: LSASRV
    Event Category: SPNEGO (Negotiator)
    Event ID: 40961
    Date: 2009/05/13
    Time: 01:01:27 PM
    User: N/A
    Computer: ANZA2
    Description:
    The Security System could not establish a secured connection with the server
    ldap/anza-server1.ANZA.local/. No authentication
    protocol was available.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    Zak, May 13, 2009
    #19

  20. Ok, the LSASRV's can be caused by lack of a reverse zone or lack of a PTR in the reverse zone for this machine and the DC.

    Since you are running Symantec Endpoint, Exchange, WSUS, (anything else running, such as SQL, etc?), are they all running on one server?
    How many servers do you have?
    Is the server in the ipconfigs previously posted, the only server/DC you have?

    Keep in mind, if Exchange is on a DC, there is an inherit issue with the combination. When a DC is promoted, it will automatically disable write-behind cache on the controller. This cannot be changed as long as it remains as a DC. However, this slows the machine down. Yes, you're probably thinking why would they do that? It is to protect the NTDS.dit file (the actual AD database) if power failure were to occur. HOwever, Exchange requires write-behind cache for performance reasons. This will drag Exchange services down considerably. If you also have WSUS, which may be busy downloading or processing updates, and a central AV app running, such as in your case Symantec, this will further drown it. Hopefully you have WSUS set to download sometime in the middle of the night, and apply updates shortly afterwards, not during prod hours.

    Now if this box is an SBS server, it is psuedo-designed to have Exchange on the same box as a DC, however understanding it is for a smaller enviornment, it still slows it down; one of the drawbacks and compromises for such a product.

    Nonetheless, wih the combination of all services and products on one box, it may literally be running short on performance. How much RAM is on the machine, etc? When you look in task manager, perf tab, what does the ram usage (PF Usage) is compared to the physical installed RAM? How about CPU usage?

    You earlier also mentioned the following. Can you elaborate exactly what KB articles the update is and the TCP offload (are you talking about the TCP Chimney?) are that you followed, and exactly what you were experiencing that caused you to install the updates?

    "install the updated to disable the SNP and the TCP
    Offload, this solved the problem for a short while. "

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], May 14, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.