Solved

Wierd IP Problem

Posted on 2002-05-29
13
262 Views
Last Modified: 2008-03-03
I am having a very strange problem.  I have a mail server with about 9 different email domains on it, each has its own IP address.  This server sits in the DMZ, with a PIX515 firewall in between it and our network.

On occasion, sometimes a couple of times a day, I lose connectivity to ONE particular ip address on the server from our network.  I can ping the ip address fine from the server itself, and I can ping any other bound ip on the server from my workstation, I just can't ping that ONE from my workstation (neither can any other pc on the network).  It is only one IP address, and a reboot fixes the problem.

This was happening on an NT 4.0 server, and since I wanted to upgrade it, i used this an excuse to do that.  So, I put a clean install of Windows 2000 server and rebuit it.  Still does it.  I also tried binding that particular IP address to a different NIC, it didn't help.

Any ideas at all?
0
Comment
Question by:tduplantis
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Is it one particular IP every time or is it random which IP on the server has the problem (but only one at a time)?  Is it possible there is a duplicate on the network somewhere or that this IP intersects with a DHCP scope?  Can you ping it from another machine inside the DMZ?
0
 
LVL 4

Author Comment

by:tduplantis
Comment Utility
There are two servers on the DMZ, I checked the other one and there is no duplicate IP's on the DMZ.  But, the more I think about it, it sounds like that could be the problem, I just don't know where the other IP can be coming from.  Maybe the pix, but there are no global address pools setup there.

I even tried moving the IP to a different NIC, so its most definately associated with ONLY that IP address.  I havn't tried to ping it from another server on the DMZ, but I have thought about it.  When it goes down, the whole building can't get mail or send, so I'm always to quick to reboot instead of trying that heh.  I will next time though.
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Yeah that would be good.  By pinging it with a local box we'll confirm that the problem is on the server (or local segment) rather than a firewall issue.

Are you seeing anything in the event logs?  You also may want to check the server's route table once the problem starts.  Also, after pinging from a different server, assuming it doesn't work, check that server's local arp cache (arp -a) to see if it at least is responding to arp requests or if the MAC is correct (if it's a duplicate, you'll often see the other device's MAC instead).

Another thing to check - is this a hub or switch on this segment?  If switch, is it manageable?  If so, it would be a good idea to look at the MAC/port table before and after the problem to see if that MAC is suddenly not in the table or on the wrong port.  I would actually check this BEFORE trying to ping it from anyplace.  On this note, I'm interested to see if a ping from another server works, if that possibly fixes the problem and the workstations will start to access it again.  Could be an ARP aging issue on the switch.
0
 
LVL 4

Author Comment

by:tduplantis
Comment Utility
I will look into those things.  I have made a copy of the routing table and the arp table on the server having problems.  I also made a record of the arp table on the PIX.  I'm not so sure that if I can ping from the other server on the DMZ, that it rules out the firewall.  As a matter a fact, I'm thinking that I will be able too, its stuff on the OTHER side of the PIX that can't ping this particular IP address when it starts to act up.

If the other server on the DMZ cannot ping it, that most definately rules out the firewall.  

Oh, these two servers are on an unmanaged 100MB hub too, so no luck there heh.
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
NT doesn't like that many IP addresses one a single box,  I thought the limit was 9 but yours is behaving as if 8 was the limit. Maybe the limitation is carried over to win2k as well.

Why do you have a different IP address for each domain name on the SMTP server? It's a very strange thing to do.
0
 
LVL 4

Author Comment

by:tduplantis
Comment Utility
Well, I could setup my mail server with one IP address and then use virtual domains.  Thing is, it was setup up this way before I came on and to change it now would mean everyone in the company would have use a different username to log into their appropriate domain.  For exampe, my username is tduplantis, right now i can go to web mail (we use both web mail, and pop3) and enter tduplantis, then my password.  If i changed it to use virtual domains, I would have to use tduplantis@rpc.net as my username.  The bosses dont want to do that for some reason.

I have another server with at least 18 ips binded to it, and we having no problems with it.  This is a windows 2000 server also.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 55

Expert Comment

by:andyalder
Comment Utility
If it's outlook web access this might help, one IP address but multiple OWA sites using host headers so no need to change the usernames, http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261953
0
 
LVL 4

Author Comment

by:tduplantis
Comment Utility
We are not using Outlook Web access.  The mail server we have is Imail 7.07.
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
Still applies, change each virtual site's properties from having a seperate IP address to using host headers. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q149426 (ignoring that it's mainly about the GUI limit in NT3.51) says it's a resource issue without saying what resource is imposing the limit. Might even be able to have more IP addresses if you use 1.1.1.1, 1.1.1.2 rather than 192.168.1.1, 192.168.1.2 etc.

http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20C%20cmd_line3.html says just to say "-i VIRTUAL" instead of putting "-i <address>" in which suggests to me it sets it up using host headers for you.
0
 
LVL 4

Author Comment

by:tduplantis
Comment Utility
Thanks Andy, I read the MS arcticle, is that for NT 4.0 or Windows 2000 though?  I'm not sure windows 2000 has the same resource limitation.  I don't believe this is a server issue.  I can ping the IP address fine from another server on the DMZ.  What i did notice is this.  The first paste is the arp table from my PIX firewall when everything is fine....

inside 10.1.254.161 00e0.1e89.45d1
DMZ 192.168.1.64 0090.27ac.78aa
DMZ 192.168.1.142 0090.27ac.78aa
DMZ 192.168.1.133 0090.2798.9eb3
DMZ 192.168.1.143 0090.27ac.78aa
DMZ 192.168.1.73 0090.27ac.78aa
DMZ 192.168.1.128 0090.2798.9eb3
DMZ 192.168.1.130 0090.2799.8cd7
DMZ 192.168.1.131 0090.2799.8cd7
DMZ 192.168.1.132 0090.2799.8cd7
DMZ 192.168.1.129 0090.2799.8cd7
DMZ 192.168.1.134 0090.2798.9eb3
DMZ 192.168.1.135 0090.2798.9eb3
DMZ 192.168.1.136 0090.2798.9eb3
DMZ 192.168.1.137 0090.2798.9eb3
DMZ 192.168.1.67 0090.27ac.78aa
DMZ 192.168.1.72 0090.27ac.78aa
DMZ 192.168.1.75 0090.27ac.78aa
DMZ 192.168.1.74 0090.27ac.78aa
DMZ 192.168.1.66 0090.27ac.78aa
DMZ 192.168.1.69 0090.27ac.78aa
DMZ 192.168.1.70 0090.27ac.78aa
DMZ 192.168.1.146 0090.27ac.78aa
DMZ 192.168.1.141 0090.27ac.78aa
DMZ 192.168.1.145 0090.27ac.78aa
DMZ 192.168.1.140 0090.27ac.78aa
DMZ 192.168.1.139 0090.27ac.78aa
DMZ 192.168.1.68 0090.27ac.78aa

Here's what it looks like after it stopped working:

inside 10.1.254.161 00e0.1e89.45d1
DMZ 192.168.1.64 0090.27ac.78aa
DMZ 192.168.1.145 0090.27ac.78aa
DMZ 192.168.1.73 0090.27ac.78aa
DMZ 192.168.1.140 0090.27ac.78aa
DMZ 192.168.1.139 0090.27ac.78aa
DMZ 192.168.1.133 0090.2798.9eb3
DMZ 192.168.1.143 0090.27ac.78aa
DMZ 192.168.1.146 0090.27ac.78aa
DMZ 192.168.1.72 0090.27ac.78aa
DMZ 192.168.1.74 0090.27ac.78aa
DMZ 192.168.1.129 0090.2799.8cd7
DMZ 192.168.1.69 0090.27ac.78aa
DMZ 192.168.1.70 0090.27ac.78aa
DMZ 192.168.1.66 0090.27ac.78aa
DMZ 192.168.1.67 0090.27ac.78aa
DMZ 192.168.1.142 0090.27ac.78aa
DMZ 192.168.1.130 0090.2799.8cd7
DMZ 192.168.1.136 0090.2798.9eb3
DMZ 192.168.1.71 0090.27ac.78aa
DMZ 192.168.1.135 0090.2798.9eb3
DMZ 192.168.1.131 0090.2799.8cd7
DMZ 192.168.1.134 0090.2798.9eb3
DMZ 192.168.1.75 0090.27ac.78aa
DMZ 192.168.1.144 0090.27ac.78aa
DMZ 192.168.1.137 0090.2798.9eb3
DMZ 192.168.1.68 0090.27ac.78aa
DMZ 192.168.1.141 0090.27ac.78aa
DMZ 192.168.1.132 0090.2799.8cd7


Notice the 192.168.1.128 is missing?  Well, I manually added it and it worked.  Now I just need to figure out WHY this particular IP address is dissappearing from my PIX's arp table.




0
 
LVL 55

Accepted Solution

by:
andyalder earned 100 total points
Comment Utility
It can still be the network card or its drivers that are at fault, remember NT/2k's default arp cache time is 10 minutes where as PIX has a 4 hour cache life. So if something went wrong with the server 20 minutes ago, (lets assume it responded with a corrupt arp reply), pix would still remember this but maybe not show it but the other server would have cleared the corruption by now. You can write a little batch file to run on the other server that pings this address every few seconds to prove I'm wrong thinking it's an intermittent server problem.

Interesting that it's the .128 address, which wouldn't be valid with a /25 subnetmask.

I guess you've tried the latest version of OS on the PIX, and presumably the label on the bottom shows "800-05622-02 A0" or greater. A different make of NIC in the server would be interesting as would reducing the PIX arp cache timeout.


Is it a pix on the outside of the DMZ as well or a single pix with 3 interfaces?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Do you have an unrestricted license on your PIX?
What is the subnet mask you are using on the servers and on the PIX interface?
What kind of switch do you have between the servers and the PIX? Have you tried clearing the arp cache on that?
0
 
LVL 4

Author Comment

by:tduplantis
Comment Utility
Sorry, I thought I accepted this long ago... i forgot what i did not to fix it !!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now