Slow LAN - One Workstation Only

Hey, Gang,

My customer had a Trojan problem a few weeks ago.  I had to format the drive on two (of 7) workstations to rid the LAN of the problem.

Since then, one of the workstations has been slow on the LAN, primarily pulling up documents from the server, & sending print jobs to the LAN printer.  The other workstations are OK.

I've moved the workstation to another desk & hooked it up to be sure it's not the LAN cabling, I've checked the NIC to be sure it wasn't set up improperly, & even changed the NIC out with no change.

One of the other workstations is identical, i.e, CPU, RAM, etc. & it's WAY faster than the problem child.  Internet access is OK, just accessing the server & the LAN printer.

I'm out of ideas.  What did I miss?

Thanks,

Larry
WLarryBAsked:
Who is Participating?
 
Rob WilliamsCommented:
Off line files is enabled by default when you do a re-install, perhaps it was not switched of at that time. Yes 40 GB would slow things down :-)
As for points you can split them up what ever way you see fit if you feel the answers helped troubleshoot the problem, or where you ultimately solved the problem yourself, you can post a request in the community support forum asking to have the question closed and points refunded.
http://www.experts-exchange.com/Community_Support/
Instructions can be found here:
http://www.experts-exchange.com/help.jsp#hi71

Glad to hear it is resolved.
Cheers,
--Rob
0
 
crawforditsCommented:
ping -t a downstream device and see what your reply times are
0
 
Rob WilliamsCommented:
Make sure that DNS on the client machine/workstation is configured correctly. Do an  ipconfig  /all  at a command line and verify, whether statically or dynamically assigned, that DNS points to your Internal DNS server, and only to the DNS server.  If the ISP's DNS is present it will cause slow logons and slow name resolution when trying to access network resources. The ISP's DNS should only be present as a forwarder in your server's DNS management console.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
WLarryBAuthor Commented:
Everything is automatic.  The router is the DHCP server (server on the LAN is NT 4.0 - it has a static IP address)

This system has been running like this for over 5 yrs.  Why would DNS issues surface now, & only on one system?

Thanks,

Larry
0
 
Rob WilliamsCommented:
Assuming everything is DHCP, and the same for all clients you are right, it is likely not the issue. However, you didn't mention that before, and in setting up a re-formated system it was possible the DNS configuration had changed. DNS can often be the source of slow access to network resources. also since the server is NT4, DNS plays a less important role.
0
 
drawlinCommented:
Close all programs and run netstat -b from command prompt on that workstation and one just like it.   Compare the differences.  If you have several connections on the problem computer, it may be a zombie.
0
 
WLarryBAuthor Commented:
Sorry I didn't include that info. Thought I was being pretty thorough :-(

Thanks, I'll try that.  It'll probably by Monday before I can, though
0
 
Smacky311Commented:
I don't see you mention that the problem workstation was formatted. Did you format this system to rid it of any trojan or other virus problems?
0
 
WLarryBAuthor Commented:
Yes, the problem workstation is one of the two that was reformatted.

The problem started about a week after that
0
 
Smacky311Commented:
"Yes, the problem workstation is one of the two that was reformatted.
The problem started about a week after that"
Sounds like you might have picked up another virus.
0
 
WLarryBAuthor Commented:
I ran netstat -b - didn't find anything unexpected.  I also have a program that monitors port activity.  I installed & ran that for over an hour with, again, nothing unexpected.

I'm pretty sure we don't have another virus/Trojan/worm, etc.  I've run anti-virus, anti-spyware programs both installed & online.  Nothing found. I also run the installed programs in Safe Mode.
0
 
Smacky311Commented:
Is this a windows xp machine?  If you do did you install Service Pack 2 before you put it on the internet?  Also, did you reinstall from a partition on the local infected machine, through network location, or CD's?
0
 
WLarryBAuthor Commented:
It's Windows XP Pro; I installed SP2 via the internet.  I formatted the HDD, & installed from the original CD in my office, dodwnloaded & installed all updates (including SP2), then took it back to the client's office & set it up on the LAN, installed his software, etc.
0
 
Smacky311Commented:
When you connect a pre-service pack 2 machine to the internet you expose yourself to a very large number of virii that are just waiting for some unpatched machines to hit the net.  This is a HUGE problem and its so bad that I always have to install SP2 before I connect my machines to the internet or they will usually get hit by a virus.
0
 
WLarryBAuthor Commented:
Even if you only go straight to MS' update site?
0
 
Smacky311Commented:
Yes, I have only read a little on it, but apparently there are several virii that build databases of IP addresses and simply cycle through them 24/7 looking for computers with holes.  There are many holes in windows without patches and many of which can be opened up without any user intervention.  Just like the grey window popups that were abused a couple users ago that were meant to give system warnings they can pop right into your system with ease.  I've seen it too many times...
0
 
Rob WilliamsCommented:
There is little risk if you are behind a hardware router/firewall, however without a firewall, I have seen a couple of machines infected in under 5 minutes.
0
 
WLarryBAuthor Commented:
I've run virus/Trojan/worm/spyware/adware scans MANY times, including an online scan from Trend Micro. Nothing found.  Are these virii not detectable by AV programs?
0
 
WLarryBAuthor Commented:
This IS behind a hardware firewall/router also.
0
 
Rob WilliamsCommented:
I am doubtful that is your problem.
Perhaps try running netdiag to see if there are any network, or name resolution issues. It is available as part of the windows resource kit, from the support section of some of the windows install CD's (best choice if available), or from http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
0
 
WLarryBAuthor Commented:
I'll do that in the morning.

Thanks,

Larry
0
 
WLarryBAuthor Commented:
Got it fixed.

Offline files had been activated, so it was trying to synch the server to the local drive.  That's almost 40GB!  Not sure how it got changed, because that's one of the things I always disable as default.  I went back & looked at my check list & that was checked, so I'm sure I didn't leave it on.  

The operator denies doing it - & I'm not sure she would know if she did.

Anyway, that fixed the problem.  

I went back through the comments, & I'm not sure how gets the points....
0
 
WLarryBAuthor Commented:
OOPS!

I wanted to split the points between RobWill & Smacky311.  They were the most persistent.  How do I change the point allocation?

Anyway, thanks, guys

Larry
0
 
Rob WilliamsCommented:
Thanks WLarryB.
To change you can just post a request to the moderators, to change or re-open so that you can change, in the community support forum:
http://www.experts-exchange.com/Community_Support/
Instructions:
http://www.experts-exchange.com/help.jsp#hi17 
--Rob
0
 
WLarryBAuthor Commented:
Thanks, guys. I appreciate you persistence!!!

Larry
0
 
Rob WilliamsCommented:
Thanks Larry, Cheers.
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.