huntersp3
asked on
Question Revisited
Hello Friends,
I am still having a battle with my sister company's DSL ISP about cutting off their Internet access between the hours of 8:00 pm and 6:00 am. I have totally reset the router back to the default settings and still getting cut off. I talked with the ISP today and they say, once again, it is a setting in active directory that is causing the problem. For the life of me, I can't find a policy or setting that says to disconnect the service at those particular times. I know that I can restrict times that users logon through active directory but not restrict total internet access for everyone in the company. I asked the ISP if they could tell me where the setting is in active directory and they couldn't (surprise! surprise). My question is does anyone know of a setting in Windows 2003 Server active directory that could be doing this? Thanks for the help!!
I am still having a battle with my sister company's DSL ISP about cutting off their Internet access between the hours of 8:00 pm and 6:00 am. I have totally reset the router back to the default settings and still getting cut off. I talked with the ISP today and they say, once again, it is a setting in active directory that is causing the problem. For the life of me, I can't find a policy or setting that says to disconnect the service at those particular times. I know that I can restrict times that users logon through active directory but not restrict total internet access for everyone in the company. I asked the ISP if they could tell me where the setting is in active directory and they couldn't (surprise! surprise). My question is does anyone know of a setting in Windows 2003 Server active directory that could be doing this? Thanks for the help!!
What about on a router. Many routers have rules allowing you to block or allow traffic between specific times. If you are not sure where to locate, provide make and model we can be more specific.
There is nothing in the out of the box AD schema (2000 or 2003) to allow denying Internet access without disconnecting a computer from the network entirely. When this happens are the affected machines still able to communicate with other devices on the local network? If so AD is not the cause of the problem.
Have you tried turning on logging on your router; maybe logging to a syslog server or something similar? Proper logging on your router will be able tell you if the problem is on the ISP side. Also, does the router show as connected on the outside (Internet) interface during those times?
Are they running a firewall, proxy server, ISA server, or some other type of Internet gateway? Your problem is most likely whith a policy on one of these. See if you can connect a computer directly to the Internet during those hours.
Have you tried turning on logging on your router; maybe logging to a syslog server or something similar? Proper logging on your router will be able tell you if the problem is on the ISP side. Also, does the router show as connected on the outside (Internet) interface during those times?
Are they running a firewall, proxy server, ISA server, or some other type of Internet gateway? Your problem is most likely whith a policy on one of these. See if you can connect a computer directly to the Internet during those hours.
Sorry missed "totally reset the router back to the default settings " when I posted a minute ago.
--Rob
--Rob
ASKER
Hi Folks:
They are not running a ISA server and no firewall is installed on the server. They have a very simple setup. They have only one server running Windows 2003 SBS and Netopia Cayman 3346 DSL Router. In additon, presently, I have the firewall on the router disabled. The only thing I haven't done is to be on property at the times the cut off occurs. I might have to go on site at that time and see what is happening from the inside out. I am running two other larger networks but don't have the problems like with this smaller network.
They are not running a ISA server and no firewall is installed on the server. They have a very simple setup. They have only one server running Windows 2003 SBS and Netopia Cayman 3346 DSL Router. In additon, presently, I have the firewall on the router disabled. The only thing I haven't done is to be on property at the times the cut off occurs. I might have to go on site at that time and see what is happening from the inside out. I am running two other larger networks but don't have the problems like with this smaller network.
It is possible to script blocking access even as simple as a scheduled event to change a gateway address. Is this a system you set up or might someone have done some "tweaking" before you.
Is the outside interface of the router pingable from the outside? If so a simple ping should tell you if their connection to the ISP is still up during those hours.
Also, SBS 2003 Premium Edition comes with ISA 2004. You might try logging into the SBS machine to see if it's installed.
Also, SBS 2003 Premium Edition comes with ISA 2004. You might try logging into the SBS machine to see if it's installed.
You might also want to check the NIC properties for the Power Management stuff. Uncheck anything that says the OS will shut down the interface to conserver power.
You can tell if ISA server is installed by seeing if "%programfiles%\isa server" folder is present on the SBS 2003 machine or by going to
start > all programs > isa server
start > all programs > isa server
I think the suggestions above are pretty good. I mainly want a record of this issue. I'd be trying to ping the external IP of the DSL router when its down (if ping is not blocked) or when it is showing as down I would disconnect it from your backbone switch and connect a single PC, reboot the router and see if you can get out on the link.
ASKER
Ok Folks,
The service went down at 8:00 p.m. and I ran a tracert to my public ip address and here are the results. Maybe, I should not post who the provider is but here it is anyway. I took out my public ip address for security reasons--but it looks like that the service is being discontinued by Bell South? Where the requested time out is should be my public IP Address. I can't telnet to the address either.
1 173 ms 171 ms 163 ms nas30.houston4.tx.us.da.qw est.net [63.152.13.109]
2 167 ms 162 ms 157 ms 63.152.31.253
3 186 ms 165 ms 165 ms iah-edge-01.inet.qwest.net [63.152.125.29]
4 192 ms 154 ms 165 ms iah-core-02.inet.qwest.net [205.171.31.45]
5 164 ms 162 ms 166 ms dal-core-01.inet.qwest.net [67.14.2.2]
6 162 ms 168 ms 164 ms dap-brdr-01.inet.qwest.net [205.171.225.49]
7 222 ms 162 ms 157 ms so-1-2-0.edge1.Dallas1.Lev el3.net [209.245.240.1
65]
8 164 ms 168 ms 166 ms so-1-2-0.bbr2.Dallas1.Leve l3.net [209.244.15.165
]
9 170 ms 170 ms 166 ms ae-21-52.car1.Dallas1.Leve l3.net [4.68.122.45]
10 183 ms 178 ms 177 ms 67.72.4.2
11 * 187 ms * axr00msy-0-0-0.bellsouth.n et [65.83.236.33]
12 212 ms 200 ms 208 ms 65.83.237.107
13 231 ms 229 ms 227 ms 205.152.133.66
14 216 ms 219 ms 219 ms host-205-152-229-57.bgk.be llsouth.ne t [205.152.2
29.57]
15 224 ms 221 ms 220 ms 68.208.248.14
16 230 ms 232 ms 227 ms adsl-157-111-160.owb.bells outh.net [70.157.111.1
60]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * ^C
C:\>
The service went down at 8:00 p.m. and I ran a tracert to my public ip address and here are the results. Maybe, I should not post who the provider is but here it is anyway. I took out my public ip address for security reasons--but it looks like that the service is being discontinued by Bell South? Where the requested time out is should be my public IP Address. I can't telnet to the address either.
1 173 ms 171 ms 163 ms nas30.houston4.tx.us.da.qw
2 167 ms 162 ms 157 ms 63.152.31.253
3 186 ms 165 ms 165 ms iah-edge-01.inet.qwest.net
4 192 ms 154 ms 165 ms iah-core-02.inet.qwest.net
5 164 ms 162 ms 166 ms dal-core-01.inet.qwest.net
6 162 ms 168 ms 164 ms dap-brdr-01.inet.qwest.net
7 222 ms 162 ms 157 ms so-1-2-0.edge1.Dallas1.Lev
65]
8 164 ms 168 ms 166 ms so-1-2-0.bbr2.Dallas1.Leve
]
9 170 ms 170 ms 166 ms ae-21-52.car1.Dallas1.Leve
10 183 ms 178 ms 177 ms 67.72.4.2
11 * 187 ms * axr00msy-0-0-0.bellsouth.n
12 212 ms 200 ms 208 ms 65.83.237.107
13 231 ms 229 ms 227 ms 205.152.133.66
14 216 ms 219 ms 219 ms host-205-152-229-57.bgk.be
29.57]
15 224 ms 221 ms 220 ms 68.208.248.14
16 230 ms 232 ms 227 ms adsl-157-111-160.owb.bells
60]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * ^C
C:\>
Is allowing of ICMP requests enabled on the router/modem? i.e. can you get a response, and telnet through the day? Very odd the ISP would drop you at a given time.
ASKER
Yes, I can telnet. ping, and remote in during the day. In the morning the service will come back up at 6 am. To answer past questions, they are not running an ISA server. They are running SBS with Service pack 1 on the server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Folks,
The network is up and running at 6:00 a.m. and I did a trace route and here are the results. I took that last hop out (No. 16) because it is my public IP address.
1 169 ms 167 ms 158 ms nas29.houston4.tx.us.da.qw est.net [63.152.13.108
]
2 361 ms 908 ms 395 ms 63.152.31.126
3 215 ms 164 ms 159 ms iah-edge-08.inet.qwest.net [63.152.125.33]
4 158 ms 163 ms 193 ms iah-core-02.inet.qwest.net [205.171.31.25]
5 209 ms 170 ms 204 ms dal-core-01.inet.qwest.net [67.14.2.2]
6 939 ms 904 ms 1311 ms dap-brdr-01.inet.qwest.net [205.171.225.49]
7 169 ms 168 ms 160 ms so-1-2-0.edge1.Dallas1.Lev el3.net [209.245.240.1
65]
8 163 ms 166 ms 160 ms so-1-2-0.bbr2.Dallas1.Leve l3.net [209.244.15.165
]
9 1959 ms 746 ms 200 ms ae-21-54.car1.Dallas1.Leve l3.net [4.68.122.109]
10 204 ms 211 ms 182 ms 67.72.4.2
11 1969 ms 413 ms 188 ms axr00msy-0-0-0.bellsouth.n et [65.83.236.33]
12 204 ms 202 ms 202 ms 65.83.237.155
13 1838 ms 830 ms 232 ms 205.152.133.66
14 223 ms 217 ms 223 ms host-205-152-229-57.bgk.be llsouth.ne t [205.152.2
29.57]
15 1731 ms 777 ms 228 ms 68.208.248.14
Trace complete.
The network is up and running at 6:00 a.m. and I did a trace route and here are the results. I took that last hop out (No. 16) because it is my public IP address.
1 169 ms 167 ms 158 ms nas29.houston4.tx.us.da.qw
]
2 361 ms 908 ms 395 ms 63.152.31.126
3 215 ms 164 ms 159 ms iah-edge-08.inet.qwest.net
4 158 ms 163 ms 193 ms iah-core-02.inet.qwest.net
5 209 ms 170 ms 204 ms dal-core-01.inet.qwest.net
6 939 ms 904 ms 1311 ms dap-brdr-01.inet.qwest.net
7 169 ms 168 ms 160 ms so-1-2-0.edge1.Dallas1.Lev
65]
8 163 ms 166 ms 160 ms so-1-2-0.bbr2.Dallas1.Leve
]
9 1959 ms 746 ms 200 ms ae-21-54.car1.Dallas1.Leve
10 204 ms 211 ms 182 ms 67.72.4.2
11 1969 ms 413 ms 188 ms axr00msy-0-0-0.bellsouth.n
12 204 ms 202 ms 202 ms 65.83.237.155
13 1838 ms 830 ms 232 ms 205.152.133.66
14 223 ms 217 ms 223 ms host-205-152-229-57.bgk.be
29.57]
15 1731 ms 777 ms 228 ms 68.208.248.14
Trace complete.
I think Rob might be on to something.
I would check to make sure that the circuits used to power up the modem and router are not shut off by accident each night. You could use a UPS to see whether you get any more usage before the batteries drain down.
I would check to make sure that the circuits used to power up the modem and router are not shut off by accident each night. You could use a UPS to see whether you get any more usage before the batteries drain down.
ASKER
Hello Folks,
I have spoken with the electrician that takes care of the building and he says there is no power management program in the building. I will call Bell South again and see if I can speak with a supervisor about the issue and get past the help desk. Other than that, I think the next step is to be there at night and see what is going on.
I have spoken with the electrician that takes care of the building and he says there is no power management program in the building. I will call Bell South again and see if I can speak with a supervisor about the issue and get past the help desk. Other than that, I think the next step is to be there at night and see what is going on.
Agreed, if Bell South doesn't offer any information, I'd be there, check if it stays powered up and you can verify where the connection is lost.
ASKER
Hello All,
A Bell South Technician came and made an inspection of the line and said all looked good and he said that they do not have the ability to deny DSL access to customers based on certain time periods. So, I am back to square one. I have emailed Netopia about the issue and hopefully they will respond to question of "is there a set command in the router where I can specify times to turn of the service?". If there is, it is not apparently visable through the show command. The next step is to be on site when the service goes down and observe what is going on.
A Bell South Technician came and made an inspection of the line and said all looked good and he said that they do not have the ability to deny DSL access to customers based on certain time periods. So, I am back to square one. I have emailed Netopia about the issue and hopefully they will respond to question of "is there a set command in the router where I can specify times to turn of the service?". If there is, it is not apparently visable through the show command. The next step is to be on site when the service goes down and observe what is going on.
ASKER
Hello Everyone,
Does anyone know of a command that is in the Cayman Model 3346 (Version 7.1.1 Bulid r2) that could be blocking internet services at particular commands? I have been through the manual and I can't find one.
Thanks
Does anyone know of a command that is in the Cayman Model 3346 (Version 7.1.1 Bulid r2) that could be blocking internet services at particular commands? I have been through the manual and I can't find one.
Thanks
>>"at particular commands"
commands or times ?
I went through the manual yesterday page by page, and I couldn't find anything either. Some of their units do have that feature, and they seem to offer it as a software parental control option. Check the unit itself as well though, as they could add it with firmware updates.
commands or times ?
I went through the manual yesterday page by page, and I couldn't find anything either. Some of their units do have that feature, and they seem to offer it as a software parental control option. Check the unit itself as well though, as they could add it with firmware updates.
ASKER
Hello Folks,
Issue is solved. As I suspected, It was a Bell South issue, I went on site at 9:00 p.m. on Friday and found the Data Sync light flashing. Signed on to the router and the status showed waiting on DSL. I called Bell South and the line technician found that the line was out of sync. I appreciate all the comments and help this forum provides.
Issue is solved. As I suspected, It was a Bell South issue, I went on site at 9:00 p.m. on Friday and found the Data Sync light flashing. Signed on to the router and the status showed waiting on DSL. I called Bell South and the line technician found that the line was out of sync. I appreciate all the comments and help this forum provides.
Thanks huntersp3. Glad to hear you were able to resolve.
Could they explain why it was happening during a specific time period?
Could they explain why it was happening during a specific time period?
Do you have ISA Server. If you do are there any Internet Time Restrictions Set.
Do you have some other software on your Firewall that can prevent Internet Access at Certian times.