Windows XP Network keeps dropping out.

coopa
coopa used Ask the Experts™
on
Have installed XP Pro at work recently.  

It seems to work fine for aroube 3 hours and then I lose my network connection... Web still works fine (have leased line and remote dns servers) but our windows 2000 servers keep losing authentication... I get the message:

"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

I will not get a network connection until I restart the computer.

Any idea what can be causing this... I think it has something to do with the Win2000 server setup.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
My first guess would be IP leasing.  Is it set to expire the lease at 3 hours?

Author

Commented:
I have a fixed IP.  So err no...  Any other ideas.  I think it's a server config as all XP machines have had similar problems here but all win2k machines have not.

Commented:
Nothing that I can think of.  I am sure there will be other ideas, though.
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Author

Commented:
think I have fixed it.... During setup I renamed the PC.  So I think authentication was failing due to that.

I have since used the network identification wizard and it seems to have worked a treat.  No more lags on login and seems not to lose network connections... may delete this question soon.

Author

Commented:
nope....  just lot my connection again.
But seemed to retuen when running the network identification wizard.

Why is it not remembering me?
Top Expert 2007

Commented:
1) DO oyu have the latst NIC drivers ?
2) Do you have the latest SP1 and patches ?

also - This has helped in the past :

Slow SMB Performance When You Copy Files from Windows XP to a Windows 2000-Based Domain                       Controller

                      Smaller shops need to consolidate services. You'll often find the same machine acting as domain controller,
                      mail server and file server. If you work in such a shop, you may have noticed that when you copy files from a
                      Windows XP box to a Windows 2000 domain controller that things go REALLY SLOW. I used to think it was a
                      figment of my imagination until I read the article below. Check it out for the fix. It worked for me:
                     http://support.microsoft.com/default.aspx?scid=kb;en-us;Q321169

----------

I hope this helps !
Top Expert 2007

Commented:
ALso :
 A Description of the Repair Option on a Local Area Network or High-Speed Internet
                 Connection

                 Here's the answer to a question I've had for a long time. What the heck does that "Repair" option for a
                 network connection actually do? It's not in the help file, but it's on the Microsoft Web site. Here's what it
                 does:

                      Sends an ipconfig /renew
                      Flushes the ARP cache with a arp -d
                      Reloads the NetBIOS name cache with a nbtstat -R
                      Updates its WINS server with an nbtstat -RR
                      Clear out the DNS client cache with an ipconfig /flushdns
                      Reregisters the client with a DDNS server with a ipconfig /registerdns

                 Check out the original article over at:
                 http://www.winxpnews.com/rd/rd.cfm?id=020709CO-Repair_Option

I hope this helps !

Author

Commented:
1) DO oyu have the latst NIC drivers ?
Yeah,
2) Do you have the latest SP1 and patches ?
Yep.

Machine is prolly fine, most likely to be a network configuration error IMHO.

Author

Commented:
I have looked at the 1st article.  I am sure that TweakXP changes this regestry value... infact i have just checked and it has.

and the repair option did not work when i tried it earlier.

Again I think it's a server config issue.

Author

Commented:
Hmmm the main server I am having problems connecting to is an NT4 server....  I thought it was on 2000 but no.
Top Expert 2007

Commented:
Check the event logs on both machines.

also reinstall sp6a and any other relevant patches on the server.



 I hope this helps !
Windows XP Pro works very good as a Windows 2000 server network client.  However, it is necessary for you to join the WinXP machine to your Win2K domain.  Only WinXP Pro can do this:

On your WinXP Pro machine:
(1) Right-click on My Computer and click on properties
(2) Click on Computer Name tab
(3) Click on Network ID button
(4) Follow the instructions given, you will need the Win2K server's admin account name & password in order to join the WinXP Pro to the domain.

That should fix your problem.

Author

Commented:
stanfordlaw,  I have done this, infact I have to do this about three times a day !

Everytime my network drops out, running the Network ID wizard is the only way to bring it back up again.

I am still having these problems.
I had a similar problem after we changed to a 2000 domain controller. I kept losing access to various network resources etc. XP Service Pack 1 did not fix the problem. Suggestions:

1) We found that the DNS was setup incorrectly on both the workstations and the DC. Check this out

2) If possible try using a fixed IP address to see if this resolves the problem. A few people have had problems with DHCP but not in our case


I still have the problem although it tends to drop connection over a longer period i.e. Can be OK for 2 days and then drop.


Author

Commented:
> 1) We found that the DNS was setup incorrectly on both
> the workstations and the DC. Check this out

Both are okay, we have external DNS servers.

> 2) If possible try using a fixed IP address to see if
> this resolves the problem. A few people have had
> problems with DHCP but not in our case

I use a fixed IP.  Infact I have tried fixed AND DHCP... but still get dropuots...

The dropouts occur after about 20 minutes of no network activity.   It's really getting to me now... may rebuild my machine with Win2000.
I have a cpl questions coopa:

(1) External DNS, is it a DNS server that can be used by Windows 2000 Active Directory.  Active Directory depends heavily on DNS and if your current DNS servers does not support that..... it is a problem.

(2) When your network access dropped, could you still ping the server?
One more thing coopa:

After your network connection dropped... what events are logged in your event viewer?  Look under both Systems & Application logs and post them here if you could.

Thx.
Convinced it is the DNS - Check out Q314861

"After the client locates a domain controller, the domain controller entry is cached. If the domain controller is not in the optimal site, the client flushes the cache after 15 minutes and discards the cache entry. The client then attempts to find an optimal domain controller in its own site. "
Convinced it is the DNS - Check out Q314861

"After the client locates a domain controller, the domain controller entry is cached. If the domain controller is not in the optimal site, the client flushes the cache after 15 minutes and discards the cache entry. The client then attempts to find an optimal domain controller in its own site. "

Author

Commented:
>(1) External DNS, is it a DNS server that can be used
>by Windows 2000 Active Directory.  
I am not sure... I would say no.
I think it may be possible that we are running a local DNS for internal use only.
I am not the system administrator so I'm not sure how this has been set up, but I'd guess he would have followed the default settings if there are such things.

> (2) When your network access dropped, could you
> still ping the server?
Yes...  I can ping the server no problems at all... but when I try and access a directory I get:
"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

Sounds like active directory is set up wrong to me...  But I guess DNS could cause this too...
Particularly if "The client then attempts to find an optimal domain controller in its own site".

Author

Commented:
> Check out Q314861
Is this an msdn article... of so can I have the full link please.

Author

Commented:
C:\>ping siebel

Pinging siebel [195.157.86.5] with 32 bytes of data:
Reply from 195.157.86.5: bytes=32 time<1ms TTL=128
.........

C:\>w:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Author

Commented:
FROM MY EVENT LOG:
The Security System could not establish a secured connection with the server cifs/siebel.  No authentication protocol was available.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Author

Commented:
ANOTHER ONE:
The Security System detected an attempted downgrade attack for server cifs/siebel.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Author

Commented:
RELATED?
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Author

Commented:
AFTER RUNNING THE NETWEORK ID WIZARD:

This computer has been successfully joined to domain 'TISL0'.
Find full article at

http://support.microsoft.com/default.aspx?scid=kb;en-us;314861

** Includes some tips on testing your setup
coopa, are there any other workstations in your site that are either Windows 2000 Pro or XP?  It seems like the DNS server that is being used does not support active directory.  Win2k Pro and XP needs DNS to find the domain controllers to authenticate.  If you have the only WinXP/2k Pro workstation at the site, then the win2k server active directory has not been set up correctly.  Let me know if that is true.
sorry i missed the comment you posted a while back that your server is only NT4.  Check to see if the NT4's WINS service is set up correctly.  The problem doesn't seem to be originated from your XP workstation.

Author

Commented:
Okay just tried something else - because of all this talk about DNS servers...

I have added the INTERNAL DNS server to the list of my DNS servers (that used to be just two EXTERNAL DNS servers which probaly don't support Active Directory)

So i now have 2 external and the one internal DNS servers in my TCP/IP configuration...  I

I will let you know how it goes.

Author

Commented:
stanfordlaw

> coopa, are there any other workstations in
>your site that are either Windows 2000 Pro or XP?

All are 2000.... none have problems.
We now have two XP workstations, both have network dropout issues.

Our PDC is a 2000 server but our primary file server, is NT4.

Author

Commented:
#########################################
Not a single drop out so far today !!!!!
#########################################

Author

Commented:

8o(

Just dropped again.
OK, you PDC is a win2k server, it needs to be the primary DNS server for itself and all workstations/member servers on the network (AD integrated).

If your XP doesn't get the IP address from the DHCP, you need to set the primary DNS to your Win2K server as well, you can set other external DNS as your secondary or tertiary if your Win2K server doesn't give you lookups for outside your network.  This is to ensure that all workstations know where to find the AD server to get authenticated.

I assume seibel is your winxp computer right?  It doesn't seem like you are using private IP, try pinging the servers instead of your own computer after dropout.
a cpl more things you can check:

(1) remove all other protocols on your XP leaving only TCP/IP

(2) If you have 2 NICs, make sure the one connected it the first one in the order it is binded.  Open network connections, click on advanced then advanced settings.  Under connections, make sure the NIC connected is at the top of the list. under bindings for that NIC, make sure TCP/IP is the first one for both file & printer sharing and client for MS networks.

Commented:
Hi Coopa.
Thanks to Google I found this discussion. We have *exactly the same* problem!

Further info:
I run a network that has 2000 and XP (Pro) machines. Only the XP machines have the problem.

"My Network Places" *always* displays the other machines. The problem only arises when you have accessed a directory or file on, say machine A(XP), (Either through locally running software *or* Windows Explorer) then try to access machine B(XP) (by simply double clicking on the other machine on the network or running software that needs access to it). Very occasionally, e.g. after a restart, it allows access to both. After using one a for a little while, then the other denies access.

You say "running the Network ID wizard is the only way to bring it back up again". No. A restart, or even simply logging out and then logging in again cures the problem. Temporarily. Use machine B for a while, and then machine A or D won't play. (One can *always* get at a 2000 machine).

We thought at one time (like you) that the problem arose when there was a period of inactivity from the local machine to the network, but this is not the case. We have tried keeping it busy, but the problem still happens.

So..... all I can do is add to the description of the problem and its symptoms, hoping that someone might come up with the solution.

Keep in touch!! ;-)

Regards
Rod

Author

Commented:
> You say "running the Network ID wizard is the only way to bring it back up again". No

It's not the ONLY way to bring it back up... but the QUICKEST way.... this really does work for me.
I do it around 10-15 times a day, everytime the connection is lost...

It's an absolute pain in the arse.
Commented:
I can sympathise with your feelings, and a pain in that place for many months is no fun whatsoever.

Hopefully, this is very good news for you.....

Control Panel
Admin Tools
Local Security Policy
Local Policies
Security Options

look down the list for "Microsoft Network server: amount of idle time required before suspending session - default = 15 minutes".

Right click and Properties.

Set this to an obscenely large number of minutes.
99,999

next...
on the same list... find:
"Microsoft Network Server: Disconnect clients when logo hours expire". Right click and Properties.

Set at "disabled"

..... and enjoy the pleasure of no more pain in the posterior.

Best regards
Rod

Commented:
Forgot to mention.... do it on *every* XP machine on your network.

Rod

Author

Commented:
Trying now... Will let you know... Fingers crossed.

Commented:
Forgot to mention.... do it on *every* XP machine on your network.

Rod

Author

Commented:
um... no you did mention that.... 8o)

Author

Commented:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Maybe a restart will apply this new setting then ?

Author

Commented:
Have restarted and have have had the same problem all day.

Sorry CDBooks, that doesn't fix it.

Commented:
All day Friday, all day today. We have not had a single problem with it.

One other thing, that we did ages ago, (it didn't solve the problem on its own) but which might have a bearing on the problem also:

Control panel
Network connections
right click Local area connection, then Properties
General tab... "connect using" will display your network card...

on the network card section... "configure"
Power management

there you will find an item checked *on* by default..
"Allow the computer to turn off this device to save power"

Uncheck it!

regards
Rod

Author

Commented:
re: Turn off Power management

okay trying that now.

Author

Commented:
No luck there either... came in this morning, and no network.

I'm sure this an issue with the fact that I run XP on a network that isn't correctly configured.  It seems strange though how all 2000 machines are fine but all xp machines are not.

What is this message about exactly ?
"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

for some reason this machine is just kicked off the authenticated list.

It is due to the fact that you can't really set up an propper domain when you have NT4 2000 and XP machines on it ?   I think that is what our network administrator is trying to say... is it because the NT4 file server does not have the ability to run on a 2000 domain ?  

the nt4 machine is our fileserver, the 2000 server is our pdc and the xp machine is a workstation... maybe the 2000 machine is not correctly logging with the nt4 machine to tell it that i am an authenticated user ?

I don't know... I have run out of ideas.
It is due to the fact that you can't really set up an propper domain when you have NT4 2000 and XP machines on it ?   I think that is what our network administrator is trying to say... is it because the NT4 file server does not have the ability to run on a 2000 domain ?  

No - This is the same setup as we run. Its just the config that needs tweaking...

Author

Commented:
okay what do I "tweak" ?

I have access to the pdc now... so i can check settings that you recommend i check.
OK, you PDC is a win2k server, it needs to be the primary DNS server for itself and all workstations/member servers on the network (AD integrated).

If your XP doesn't get the IP address from the DHCP, you need to set the primary DNS to your Win2K server as well, you can set other external DNS as your secondary or tertiary if your Win2K server doesn't give you lookups for outside your network.  This is to ensure that all workstations know where to find the AD server to get authenticated.

I assume seibel is your winxp computer right?  It doesn't seem like you are using private IP, try pinging the servers instead of your own computer after dropout.

Is your NT4 file server a member server of the domain or a stand-alone server?

Author

Commented:
seibel - NT4 fileserver
Richc - my computer (XP)
tslpdc - (win 2000 pdc)

Changing DNS settings now.

Author

Commented:
have to restart tslpdc - (our win 2000 pdc) after adding itself as it's primary DNS.

Can't do this till later.

Author

Commented:
Hmmm, not one single dropout all day !

Could be that I was working on files on the server all day (and saving regularly)... or could be that some strange mystical force has fixed the bloody thing.

My money's on the "mystical force".

8o)
I have been following the discussion for a few weeks now because of the same issue. The difference is, we are running 2000 Server, Advanced Server, and XP Pro. Our PDC and DNS are separate boxes and are 2000 Servers, our DHCP is a Linksys Router. No NT4.0 here. We also have the connection problem with XP to XP connections. As far as the "Mystical Force", we are able to keep the connection open as long as we maintain some traffic, like saving and browsing the other box often. There seems to be an idle "Time out" period between 1 to 3 hours. We tried to narrow this down, but its appears random. Hope this helps in some small way.
I have been following the discussion for a few weeks now because of the same issue. The difference is, we are running 2000 Server, Advanced Server, and XP Pro. Our PDC and DNS are separate boxes and are 2000 Servers, our DHCP is a Linksys Router. No NT4.0 here. We also have the connection problem with XP to XP connections. As far as the "Mystical Force", we are able to keep the connection open as long as we maintain some traffic, like saving and browsing the other box often. There seems to be an idle "Time out" period between 1 to 3 hours. We tried to narrow this down, but its appears random. Hope this helps in some small way.

Author

Commented:
Well as far as I can tell my connection is now fixed...

The problem is I don't know who to give the points to, as I'm not sure what actually solved it in the end... also I'm not sure if it will return on next reboot.

I'm going to reboot my machine tonight, and see if it works tomorrow.

If it does and I still can't work out what fixed it, i will give my points to the "Mystical Force"

8o)

Author

Commented:
CDBooks, stanfordlaw,  Summerisle_lord.

I think the combination of your efforts fixed this problem.

Thankyou.

Author

Commented:
Thanks for your persistance !

Author

Commented:
stanfordlaw,  Summerisle_lord... points posted as separate questions.
I'm also getting the error message:  "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

I haven't looked into the Security Options settings yet, but I can add this:

I'm having the problem connecting from one XP machine to another, doing things such as"
   dir \\machine\share

I have found that the connection can be reset by attempting to map a drive letter.  The mapping will fail, but that clears out the faulty connection, and I didn't want a drive letter mapped anyway.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial