Link to home
Start Free TrialLog in
Avatar of shepp_it
shepp_it

asked on

Windows 7 (64 bit) loses internet connection periodically

Hello,
We have recently added a Windows 7 64 bit machine to our network.  Periodically the machine loses its internet connection as well as any external db connections.  When this happens the machine still says it is connected to the network with "Internet access".  Also, I am still able to RDC to other machines in the network when this happens.  

Any help or suggestions is appreciated.
Thanks.
Avatar of Tribus
Tribus
Flag of United States of America image

Sounds like perhaps a DNS issue...

Try manually setting your DNS to the main domain controller or the router on the network.

Just pulling at straws on this one, checking the basics first.
Try setting your dns to 4.2.2.2 its an att dns server thats virtually always up
Anything in the event log?
Sounds like you need to cleanup your TCP/IP.... it does get corrupt.
From the command prompt (as administrator) type:
netsh winsock reset
It will want to reboot your computer. Allow it. Test.
Let me know if it helped.
Bits ....                        
Avatar of shepp_it
shepp_it

ASKER

I don't see anything unusual in the Event Viewer.  I also tried: netsh winsock reset, but the problem still remains...
I should also note that when I lose the connection it comes back on its own after a few minutes.  Also when I connect outside of the network everything works fine.
My thoughts on this is that you would need to monitor the network traffic to know exactly what is happening when you lose the connection and when it comes back.
Have you heard of WireShark? Take a look at the introduction video and free download. It is considered the top app for this http://www.wireshark.org/
Bits ...
Are you running symantec endpoint protection. I had a similar issue and uninstalled symantec endpoint protection resolved the problem. Installed diferent av program and good to go
  Good luck
Not running symantec endpoint protection.
The fact that you state that the problem is not present when "...when I connect outside of the network everything works fine..." points me to the problem being a traffic issue.
It could be that your DHCP is assigning the same IP address to another computer... a conflict occurs and you lose connectivity temporarily and a few minutes later it regains connectivity with a new IP address... monitor if the IP address changes when the problem happens. If this is the case, restarting the DHCP server (router if this is the case) may solve it.
How many computers are on the network?
Bits ...
 
IP address stays the same.  No other computer has the same IP address.  I have also tried using a static IP but the same thing happens.  There are approx. 30 computers on the network.

Another thing I just discovered.  If I right click on the Local Area Connection, when I have lost my internet connection, and click "Diagnose" the connection is restored even though the message says "Troubleshooting couldn't identify the problem".  And conversely if I click on "Diagnose" when I have a connection, I then lose my connection.
What kind of Virus/Malware/Firewall software are you using? Did you take a look at Wireshark?
Bits ...
Using Windows FIrewall, and McAfee Viruscan.  No I haven't used Wireshark yet.  Do I just run it on the local machine?
Almost starting to sound like a intermittent problem with the interface card...
Well ... yes ... but you need to know how to use it and have an idea of what you are looking for. Did you see the tutorial videos on the link I posted above?
A network analyzer is a great tool but it's like flying an airplane...unless you know how to fly it, it's useless.
Try the following:
WindowsKey-R
Type: msconfig
Go to the "Services" tab and hide all Microsoft services and disable all the remaining.
Go to the "Startup" tab and disable all startup items. Reboot.
After the boot a screen will advise you that you disabled...etc... Click on "Don't warn me again" (I don't remember the exact wording but you get the idea.
Test ... If you don't lose the connectivity anymore you know the problem is either one of the services or one of the startup items.
You will then need to re-enable the services by groups: first half of them... reboot and test. If the problem is back then you know it is one of the services you just enabled... if it is not back then you know it might be in the remaining half so you enable half of the remaining half and so forth. The same for the startup items.
Bits ...
Tribus.... maybe... but he never loses connection to the local network, only to the internet.
Bits ...
Yeah I thought that too at first, but thought it was worth mentioning...
Also ... it works fine when he connects elsewhere and is not on the office network.
Bits...
I am going to have to say maybe it's the router/switch then inside the company network.  Either DNS is having an issue or something maybe with a switch port....?

Have you tried rebooting the switch/router?  Moved your cable to a different port?  Maybe a bad cable?
Well I have disabled all non-microsoft services as well as all items in the startup tab and still the problem exists.  I am also starting to think the problem might be with the switch.  Maybe try rebooting it after business hours today.
I was under the impression that you had already done this when I advised you above to do it in my CommentID: 29109274 ? This will most likely help.
Bits ...
One more thing to add, I just set up another Windows 7 machine but this one is 32 bit and so far there are no connection issues.
Try this:

Open up your "Device Manager", Right Click "Computer" and select "Properties".
On the left side you will see "Device Manager" in the column, click it.
Go to "Network Adapters" and click the "+" symbol.
Right Click the Wireless NIC and select "Uninstall", but keep the drivers (Watch for a check box about this).
Go to the top and click the "Action" menu selection near he top of the screen and select "Scan for Hardware Changes".
Your Wireless NIC will then be re-installed.

Connect to the network and test.  Make sure you have rebooted your router and broadband modem if necessary as well.
It is actually a wired connection.  The problem is 90% solved.  I reinstalled windows and removed all the Dell pre-installed software.  Now I only lose connection when I boot the machine or when it goes to sleep then comes back on.
Hi,

I ran wireshark and pinged google and waited for the connection to drop.
Connection got lost and the first warning and error messages I got are as following:

No.     Time        Source                Destination           Protocol Info
   8898 672.615351  D-Link_c4:a4:69       Broadcast             ARP      Who has 172.24.24.121?  Tell 172.24.24.1 (duplicate use of 172.24.24.1 detected!)

Frame 8898 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_c4:a4:69 (00:0d:88:c4:a4:69), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
[Duplicate IP address detected for 172.24.24.1 (00:0d:88:c4:a4:69) - also in use by 00:15:c5:e1:b8:c0 (frame 8891)]
    [Frame showing earlier use of IP address: 8891]
        [Expert Info (Warn/Sequence): Duplicate IP address configured (172.24.24.1)]
            [Message: Duplicate IP address configured (172.24.24.1)]
            [Severity level: Warn]
            [Group: Sequence]
    [Seconds since earlier frame seen: 3]
Address Resolution Protocol (request)

No.     Time        Source                Destination           Protocol Info
   8901 672.636721  172.24.24.121         172.24.24.1           TCP      49955 > rrac [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8

Frame 8901 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Dell_e9:dc:1c (00:21:70:e9:dc:1c), Dst: D-Link_c4:a4:69 (00:0d:88:c4:a4:69)
Internet Protocol, Src: 172.24.24.121 (172.24.24.121), Dst: 172.24.24.1 (172.24.24.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 52
    Identification: 0x5f78 (24440)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x0000 [incorrect, should be 0x12a1]
        [Good: False]
        [Bad : True]
            [Expert Info (Error/Checksum): Bad checksum]
                [Message: Bad checksum]
                [Severity level: Error]
                [Group: Checksum]
    Source: 172.24.24.121 (172.24.24.121)
    Destination: 172.24.24.1 (172.24.24.1)
Transmission Control Protocol, Src Port: 49955 (49955), Dst Port: rrac (5678), Seq: 0, Len: 0


172.24.24.1 is our switch. Can you help me understand what these frames are telling me?
I also noticed there are bunch of errors even before I lose the connection.
They are error from Internet Protocol, where it's showing src (my ip address), dst (one of our server) and "header checksum: 0x0000[incorrect, should be (another location)] "

I ran the wireshark on the other computer but there are no errors.
172.24.24.1 is actually not the switch. it is mcafee scm appliance. maybe mcafee causes issue with windows 7??
McAfee is always a problem maker... can you take it out of the equation for testing purposes?
Bits ...
Did you notice that you are getting duplicate IP address errors for 172.24.24.1 ?
You need to figure which of these machines are using these MAC addresses:
Device/Computer 1:       00:0d:88:c4:a4:69
Device/Computer 2:       00:15:c5:e1:b8:c0  
The problem is with one of them. The above are the ones that are conflicting and getting the same IP address. Are you using static IP's or dynamic (DHCP)?
 
Bits ....
we are using dhcp for clients computers and static for servers.
I tried arp -a 172.24.24.1 and it gives me 00:15:c5:e1:b8:c0. I don't know what has 00:0d:88:c4:a4:69...
The problem is without any doubt with that last MAC address as per your post above. Maybe a DHCP range misconfigured or a laptop user decided to assign a static IP.. Could even be a network printer or someone stealing your WiFi signal...

I would start by getting McAfee out of the variables.
Bits...
Hi I found something interesting. i did nslookup for 172.24.24.1, and it shows me "pixfirewall". I'm not too sure why, because we do have firewall in different ip address.

Anyway, let's forget about mcafee for one second. We have 4 windows server under the firewall. I ran arp -a 172.24.24.1 on each of them. For three of them, it gave me 00:15:c5:e1:b8:c0. And the other one gave me 00:0d:88:c4:a4:69. I'm wondering if both MAC address is coming from one device that has multiple network adapter and the one that shows 00:15:c5:e1:b8:c0 did not set up properly... That one is the most recently built server (64bit windows 2008) and we may have done it incorrectly, but why it doesn't cause a problem with xp machines we have...?

If you have any idea what is going on please let me know.. thanks for your help
I just wanted to update this thread with our solution.  We were using a McAfee SCM Appliance for SPAM filtering.  When we got rid of this appliance the problem went away.  Thanks everyone for your help.
I did tell you to get McAfee out of the variables in my CommentID: 30242191...  I'm glad to hear you solved it.
ASKER CERTIFIED SOLUTION
Avatar of BitsBytesandMore
BitsBytesandMore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Good post Bits, agreed.
Avatar of jazzIIIlove
it seems mcafee is the cumbersome here, also I suggest releasing arp with arp -d.