Solved

Sporadic LAN Disconnects

Posted on 2003-12-04
29
962 Views
Last Modified: 2007-12-19
I've got a network with 8 computers hooked into a hub.  Recently I have been getting alot of client disconnects.  Whats really strange is I have a file server that also shares it's DSL line via ICS.  On many of the computers I will be disconnected from the shared drive on the file server but will still be able to access the internet.  The only thing I have found that helps is to switch hubs.  Luckly I have a spare.  When I switch it out, it will function for about eight hours and then I will begin getting disconnects again.  I have rotated a total of three 8-port hubs and each time it works for a short time and then stops.  Any ideas or questions would be greatly appriciated.
0
Comment
Question by:egorzik
  • 14
  • 6
  • 4
  • +2
29 Comments
 
LVL 7

Expert Comment

by:Robing66066
Comment Utility
Power spikes?

Does turning the hub off and then on again help you?
0
 

Author Comment

by:egorzik
Comment Utility
No.  I've tried restarting the hub and that seems to have no effect.  It does run from a surge protector as well.
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
Is something flooding the network, overloading the hub?  You could put a packet sniffer on the network to see if any unusual traffic exists.  You could use a switch in place of the hub to see if that helps...
0
 
LVL 7

Expert Comment

by:Robing66066
Comment Utility
Can you ever put the same hub back in??
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
>On many of the computers I will be disconnected from the shared drive
>on the file server but will still be able to access the internet.

>I've tried restarting the hub and that seems to have no effect.

I'd go for the sniffer: www.ethereal.com (free)

btw: A lot of "hubs" today really are switches...
If you're only seeing traffic from the station you install it on, try your other hubs.

Are you running up to date virus software on all these machines?
Checked for Welchia / Blaster, etc?
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Checked for spy/adware?
http://www.spychecker.com/program/spybot.html

All patched up?
www.windowsupdate.com

Checked the port speed and duplex on your server to make sure it matches your switch/hub?
0
 

Author Comment

by:egorzik
Comment Utility
I've scaned all worksatations for a virus and nothing.  No spy/adware that I am aware of.  I keep all machines up to date patch wise.  I'll try a sniffer, I havent gone that route yet.

Yes, I can put the one of the other hubs back.  Is it possible for a hub to over heat?  It would be strange if that was what was causing it as, in my opinion, we have very little traffic for an 8-port (ie. very rarely is everyone on the computer accessing things from the file server/internet).

We did have Blaster32 a month or so back but I cleaned all the infected computers and patched them.  Actually we didnt have this problem even when we had the Blaster virus.  The only thing I had noticed with the Blaster virus is internet speeds were slow (we were on dialup then) and our outgoing bps was much higher than out incomming bps (which ofcourse is unusuall unless you share files over the internet).
0
 
LVL 7

Expert Comment

by:Robing66066
Comment Utility
OK.  So you can't just reboot the hub, but you can put it back after a period of time.  That sure suggests a physical problem to me.  Something about the envrionment is whacking those hubs for a short period of time.  Heat wouldn't be out of the question, but it's a damn strange problem, that's for sure.

I'd try moving the who kit and kaboodle somewhere else if you could.  Eliminate as much of the physical side as you can.  Simply replaceing a hub with another one should not fix this sort of a problem.  (You might also try turning off the offending hub for a few minutes and then restarting it.  If the reboot of the hub is too quick and something nasty is going on on your network that might account for the "switch it in laeter problem..."
0
 

Author Comment

by:egorzik
Comment Utility
Alittle information on the environment.  I have it located in a spare office.  This building was built about two years ago from the ground up and all the network and phone lines were installed by a local Phone/Internet/cable TV company (Fidelity Communications).  There a big company that covers half or more of Missouri.  One issue I have wondered about is the server is located about four feet from our phone system.  I have heard instances of the electromagnetic fields from such devices screwing up network lines (especially if there is alot of network activity).  Again, I'm just throwing this out there.  With a phone/internet company doing the install I would assume this is all safe but what do you guys think.

I appriciate the comments so far.  Keep 'um comming!
0
 

Author Comment

by:egorzik
Comment Utility
I do have one more thing to add.  I did have the UPS battery go out not to long ago.  I can't say for sure if the problems started when this occured but I thought that I would mention it.  I have a replacement battery on order.  As I mentioned before I do have it on a standard surge protector in the mean time (computer, hub, the whole deal).

Along with the previous post, moving the system presents somewhat of a problem as the building wire install keeps the hub tethered to the phone system area.  I could move the file server and leave the hub located by the phone system if you think this may be worth a shot.
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
Unless there is an electrical transformer or some other heavy duty equipment in that closet, PBX's generally don't generate interference as they are as susceptible as any computer. If you suspect EMI or RFI your exposed cable is going to be the problem more so than the machine itself. As you experienced this problem with the worm active, the sniffer is where I'd start.
0
 

Author Comment

by:egorzik
Comment Utility
I've got the sniffer running on the file server and one client.  Being computer savy but by far not an expert (i.e. I've built a few computers and can solve most hardware/network issues), what am I looking for with the sniffer?
0
 

Author Comment

by:egorzik
Comment Utility
OK, the network is now acting up after being connected successfully for around six hours.  I saved the Port Sniffer File (it's around 180 meg in size I think).  Now what exactly am I looking for in the file.  Everyone on the network is still able to access the DSL connection shared on the server but I cant get into the shared files.  I'm also able to print to a shared printer.  This time I tried to access the shared folders on the other clients from the file server and still, nothing.  I'm getting traffic as indicated on the hub by the LED when tring to access the network but no traffic when not trying to access it (does this indicate that it is NOT a traffic overflow, or can an overflow happen and then lock the hub regardless of current traffic?).

At this point I am going to leave things as they are so if you guys want me to try anything while I'm having the problem, I can.
0
 
LVL 7

Expert Comment

by:Robing66066
Comment Utility
At this point, I usually start comparing what is going on now with what is going on when things are working properly.  How many packets?  What type of packets?  Who is the big network hog?  Who is he talking to?  What happens when you try to connect to a share?

If you can compare things between when they are good and when they are bad, you can usually figure out who is responsible, even if you don't yet know why.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:egorzik
Comment Utility
Thanks Robing66066,  I'll start in on it and post my results.
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
the thing about ethereal vs a commercial sniffer is the analysis...
Sniffer Pro et al have neat TOP TEN BANDWIDTH graphs and traffic pattern pie charts...

You're looking for LOTS of traffic from one MAC address
0
 

Author Comment

by:egorzik
Comment Utility
Ok, I have started coparing sniffer files.  While I was doing that I unplugged the hubs power lead and left it sit for 10 minutes.  When I plugged the power lead back in it worked.  So, correct me if I am wrong, it sounds to me like I have one of the following problems:

1) The hub is overheating (this option is doubtful).

2) The hub is being flooded.

3) The hub is experiencing power spikes.

Does this sound right?
0
 
LVL 7

Expert Comment

by:Robing66066
Comment Utility
I wouldn't narrow it down quite so far yet.  I'd go here:

1.  Hub has a physical problem

2.  Hub is being flooded.
0
 

Author Comment

by:egorzik
Comment Utility
Two questions come to mind...

Can flooding a hub cause loss of some network traffic but not all (i.e. would that jive with my shared folders being unacceptable but sill having full access to the internet)?

Could a hub be effected by power spikes even while being run through a surge protector?
0
 

Author Comment

by:egorzik
Comment Utility
I would think we can toss out the physical problem as I have rotated three hubs and the problem occurs on each.  Do you agree?
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
I agree, its definitely not a physical problem with the hub itself as you have used multiple devices.  Yes, some traffic will still get through when a hub is flooded/overrun.  Analyze the sniffer results to look for any unusual and heavy traffic.  You can't get your hands on a managed switch can you?  You'd be able to better monitor the network.
0
 

Author Comment

by:egorzik
Comment Utility
Great... Looks like I have some work to do with the packet sniffer.
0
 
LVL 7

Expert Comment

by:Robing66066
Comment Utility
I was thinking a physical problem from the perspective of an envionmental problem that is causing a physical problem with whatever hub is put there, but I agree, the odds are pretty low.
0
 

Author Comment

by:egorzik
Comment Utility
One thing that stands out is I see alot of "LANMAN WPrintQGetInfo Request" any idea that that might be?  I'm seeing this in the log of the client.
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
What does the ip address in that mean to you?
Is this a broadcast?
can you post the whole line

0
 

Author Comment

by:egorzik
Comment Utility
I didn't save the log from that session, sorry.  I rescanned and now I'm not getting it.  I'll start saving all my logs from now on.

I don't know if this helps but Im getting this error on the file server running Win2K.  I cut this from the event log (should have checked that on Friday):

Event Type:      Error
Event Source:      ipnathlp
Event Category:      None
Event ID:      32003
Date:            12/4/2003
Time:            2:43:52 PM
User:            N/A
Computer:      SERVER
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
Data:
0000: 1f 00 00 00               ....    

Don't know if that will help...  I'm getting this from the server when I try to access another computer on the network while the hub is 'locked up'.
0
 

Author Comment

by:egorzik
Comment Utility
I think I have it fixed and I think it was saturation of the hub as was stated earlier.  I installed a router and disabled ICS.  Seems to have corrected the problem as it has not 'locked up' for the past five days.  Thanks for all your help guys!
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed, with points refunded (125)

modulo
Community Support Moderator
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now