Solved

Slow LAN - One Workstation Only

Posted on 2006-11-04
27
455 Views
Last Modified: 2008-03-04
Hey, Gang,

My customer had a Trojan problem a few weeks ago.  I had to format the drive on two (of 7) workstations to rid the LAN of the problem.

Since then, one of the workstations has been slow on the LAN, primarily pulling up documents from the server, & sending print jobs to the LAN printer.  The other workstations are OK.

I've moved the workstation to another desk & hooked it up to be sure it's not the LAN cabling, I've checked the NIC to be sure it wasn't set up improperly, & even changed the NIC out with no change.

One of the other workstations is identical, i.e, CPU, RAM, etc. & it's WAY faster than the problem child.  Internet access is OK, just accessing the server & the LAN printer.

I'm out of ideas.  What did I miss?

Thanks,

Larry
0
Comment
Question by:WLarryB
  • 12
  • 7
  • 5
  • +2
27 Comments
 
LVL 9

Expert Comment

by:crawfordits
ID: 17873899
ping -t a downstream device and see what your reply times are
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17873974
Make sure that DNS on the client machine/workstation is configured correctly. Do an  ipconfig  /all  at a command line and verify, whether statically or dynamically assigned, that DNS points to your Internal DNS server, and only to the DNS server.  If the ISP's DNS is present it will cause slow logons and slow name resolution when trying to access network resources. The ISP's DNS should only be present as a forwarder in your server's DNS management console.
0
 

Author Comment

by:WLarryB
ID: 17874052
Everything is automatic.  The router is the DHCP server (server on the LAN is NT 4.0 - it has a static IP address)

This system has been running like this for over 5 yrs.  Why would DNS issues surface now, & only on one system?

Thanks,

Larry
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17874086
Assuming everything is DHCP, and the same for all clients you are right, it is likely not the issue. However, you didn't mention that before, and in setting up a re-formated system it was possible the DNS configuration had changed. DNS can often be the source of slow access to network resources. also since the server is NT4, DNS plays a less important role.
0
 
LVL 5

Expert Comment

by:drawlin
ID: 17874341
Close all programs and run netstat -b from command prompt on that workstation and one just like it.   Compare the differences.  If you have several connections on the problem computer, it may be a zombie.
0
 

Author Comment

by:WLarryB
ID: 17874388
Sorry I didn't include that info. Thought I was being pretty thorough :-(

Thanks, I'll try that.  It'll probably by Monday before I can, though
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17877292
I don't see you mention that the problem workstation was formatted. Did you format this system to rid it of any trojan or other virus problems?
0
 

Author Comment

by:WLarryB
ID: 17878147
Yes, the problem workstation is one of the two that was reformatted.

The problem started about a week after that
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17883602
"Yes, the problem workstation is one of the two that was reformatted.
The problem started about a week after that"
Sounds like you might have picked up another virus.
0
 

Author Comment

by:WLarryB
ID: 17883689
I ran netstat -b - didn't find anything unexpected.  I also have a program that monitors port activity.  I installed & ran that for over an hour with, again, nothing unexpected.

I'm pretty sure we don't have another virus/Trojan/worm, etc.  I've run anti-virus, anti-spyware programs both installed & online.  Nothing found. I also run the installed programs in Safe Mode.
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17883839
Is this a windows xp machine?  If you do did you install Service Pack 2 before you put it on the internet?  Also, did you reinstall from a partition on the local infected machine, through network location, or CD's?
0
 

Author Comment

by:WLarryB
ID: 17883887
It's Windows XP Pro; I installed SP2 via the internet.  I formatted the HDD, & installed from the original CD in my office, dodwnloaded & installed all updates (including SP2), then took it back to the client's office & set it up on the LAN, installed his software, etc.
0
 
LVL 4

Assisted Solution

by:Smacky311
Smacky311 earned 100 total points
ID: 17884045
When you connect a pre-service pack 2 machine to the internet you expose yourself to a very large number of virii that are just waiting for some unpatched machines to hit the net.  This is a HUGE problem and its so bad that I always have to install SP2 before I connect my machines to the internet or they will usually get hit by a virus.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 

Author Comment

by:WLarryB
ID: 17885034
Even if you only go straight to MS' update site?
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17886661
Yes, I have only read a little on it, but apparently there are several virii that build databases of IP addresses and simply cycle through them 24/7 looking for computers with holes.  There are many holes in windows without patches and many of which can be opened up without any user intervention.  Just like the grey window popups that were abused a couple users ago that were meant to give system warnings they can pop right into your system with ease.  I've seen it too many times...
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17886681
There is little risk if you are behind a hardware router/firewall, however without a firewall, I have seen a couple of machines infected in under 5 minutes.
0
 

Author Comment

by:WLarryB
ID: 17886686
I've run virus/Trojan/worm/spyware/adware scans MANY times, including an online scan from Trend Micro. Nothing found.  Are these virii not detectable by AV programs?
0
 

Author Comment

by:WLarryB
ID: 17886693
This IS behind a hardware firewall/router also.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17886701
I am doubtful that is your problem.
Perhaps try running netdiag to see if there are any network, or name resolution issues. It is available as part of the windows resource kit, from the support section of some of the windows install CD's (best choice if available), or from http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
0
 

Author Comment

by:WLarryB
ID: 17886718
I'll do that in the morning.

Thanks,

Larry
0
 

Author Comment

by:WLarryB
ID: 17894832
Got it fixed.

Offline files had been activated, so it was trying to synch the server to the local drive.  That's almost 40GB!  Not sure how it got changed, because that's one of the things I always disable as default.  I went back & looked at my check list & that was checked, so I'm sure I didn't leave it on.  

The operator denies doing it - & I'm not sure she would know if she did.

Anyway, that fixed the problem.  

I went back through the comments, & I'm not sure how gets the points....
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 150 total points
ID: 17895536
Off line files is enabled by default when you do a re-install, perhaps it was not switched of at that time. Yes 40 GB would slow things down :-)
As for points you can split them up what ever way you see fit if you feel the answers helped troubleshoot the problem, or where you ultimately solved the problem yourself, you can post a request in the community support forum asking to have the question closed and points refunded.
http://www.experts-exchange.com/Community_Support/
Instructions can be found here:
http://www.experts-exchange.com/help.jsp#hi71

Glad to hear it is resolved.
Cheers,
--Rob
0
 

Author Comment

by:WLarryB
ID: 17897616
OOPS!

I wanted to split the points between RobWill & Smacky311.  They were the most persistent.  How do I change the point allocation?

Anyway, thanks, guys

Larry
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17903158
Thanks WLarryB.
To change you can just post a request to the moderators, to change or re-open so that you can change, in the community support forum:
http://www.experts-exchange.com/Community_Support/
Instructions:
http://www.experts-exchange.com/help.jsp#hi17
--Rob
0
 

Author Comment

by:WLarryB
ID: 17913895
Thanks, guys. I appreciate you persistence!!!

Larry
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17916036
Thanks Larry, Cheers.
--Rob
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now