WLarryB
asked on
Slow LAN - One Workstation Only
Hey, Gang,
My customer had a Trojan problem a few weeks ago. I had to format the drive on two (of 7) workstations to rid the LAN of the problem.
Since then, one of the workstations has been slow on the LAN, primarily pulling up documents from the server, & sending print jobs to the LAN printer. The other workstations are OK.
I've moved the workstation to another desk & hooked it up to be sure it's not the LAN cabling, I've checked the NIC to be sure it wasn't set up improperly, & even changed the NIC out with no change.
One of the other workstations is identical, i.e, CPU, RAM, etc. & it's WAY faster than the problem child. Internet access is OK, just accessing the server & the LAN printer.
I'm out of ideas. What did I miss?
Thanks,
Larry
My customer had a Trojan problem a few weeks ago. I had to format the drive on two (of 7) workstations to rid the LAN of the problem.
Since then, one of the workstations has been slow on the LAN, primarily pulling up documents from the server, & sending print jobs to the LAN printer. The other workstations are OK.
I've moved the workstation to another desk & hooked it up to be sure it's not the LAN cabling, I've checked the NIC to be sure it wasn't set up improperly, & even changed the NIC out with no change.
One of the other workstations is identical, i.e, CPU, RAM, etc. & it's WAY faster than the problem child. Internet access is OK, just accessing the server & the LAN printer.
I'm out of ideas. What did I miss?
Thanks,
Larry
ping -t a downstream device and see what your reply times are
Make sure that DNS on the client machine/workstation is configured correctly. Do an ipconfig /all at a command line and verify, whether statically or dynamically assigned, that DNS points to your Internal DNS server, and only to the DNS server. If the ISP's DNS is present it will cause slow logons and slow name resolution when trying to access network resources. The ISP's DNS should only be present as a forwarder in your server's DNS management console.
ASKER
Everything is automatic. The router is the DHCP server (server on the LAN is NT 4.0 - it has a static IP address)
This system has been running like this for over 5 yrs. Why would DNS issues surface now, & only on one system?
Thanks,
Larry
This system has been running like this for over 5 yrs. Why would DNS issues surface now, & only on one system?
Thanks,
Larry
Assuming everything is DHCP, and the same for all clients you are right, it is likely not the issue. However, you didn't mention that before, and in setting up a re-formated system it was possible the DNS configuration had changed. DNS can often be the source of slow access to network resources. also since the server is NT4, DNS plays a less important role.
Close all programs and run netstat -b from command prompt on that workstation and one just like it. Compare the differences. If you have several connections on the problem computer, it may be a zombie.
ASKER
Sorry I didn't include that info. Thought I was being pretty thorough :-(
Thanks, I'll try that. It'll probably by Monday before I can, though
Thanks, I'll try that. It'll probably by Monday before I can, though
I don't see you mention that the problem workstation was formatted. Did you format this system to rid it of any trojan or other virus problems?
ASKER
Yes, the problem workstation is one of the two that was reformatted.
The problem started about a week after that
The problem started about a week after that
"Yes, the problem workstation is one of the two that was reformatted.
The problem started about a week after that"
Sounds like you might have picked up another virus.
The problem started about a week after that"
Sounds like you might have picked up another virus.
ASKER
I ran netstat -b - didn't find anything unexpected. I also have a program that monitors port activity. I installed & ran that for over an hour with, again, nothing unexpected.
I'm pretty sure we don't have another virus/Trojan/worm, etc. I've run anti-virus, anti-spyware programs both installed & online. Nothing found. I also run the installed programs in Safe Mode.
I'm pretty sure we don't have another virus/Trojan/worm, etc. I've run anti-virus, anti-spyware programs both installed & online. Nothing found. I also run the installed programs in Safe Mode.
Is this a windows xp machine? If you do did you install Service Pack 2 before you put it on the internet? Also, did you reinstall from a partition on the local infected machine, through network location, or CD's?
ASKER
It's Windows XP Pro; I installed SP2 via the internet. I formatted the HDD, & installed from the original CD in my office, dodwnloaded & installed all updates (including SP2), then took it back to the client's office & set it up on the LAN, installed his software, etc.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Even if you only go straight to MS' update site?
Yes, I have only read a little on it, but apparently there are several virii that build databases of IP addresses and simply cycle through them 24/7 looking for computers with holes. There are many holes in windows without patches and many of which can be opened up without any user intervention. Just like the grey window popups that were abused a couple users ago that were meant to give system warnings they can pop right into your system with ease. I've seen it too many times...
There is little risk if you are behind a hardware router/firewall, however without a firewall, I have seen a couple of machines infected in under 5 minutes.
ASKER
I've run virus/Trojan/worm/spyware/
ASKER
This IS behind a hardware firewall/router also.
I am doubtful that is your problem.
Perhaps try running netdiag to see if there are any network, or name resolution issues. It is available as part of the windows resource kit, from the support section of some of the windows install CD's (best choice if available), or from http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
Perhaps try running netdiag to see if there are any network, or name resolution issues. It is available as part of the windows resource kit, from the support section of some of the windows install CD's (best choice if available), or from http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
ASKER
I'll do that in the morning.
Thanks,
Larry
Thanks,
Larry
ASKER
Got it fixed.
Offline files had been activated, so it was trying to synch the server to the local drive. That's almost 40GB! Not sure how it got changed, because that's one of the things I always disable as default. I went back & looked at my check list & that was checked, so I'm sure I didn't leave it on.
The operator denies doing it - & I'm not sure she would know if she did.
Anyway, that fixed the problem.
I went back through the comments, & I'm not sure how gets the points....
Offline files had been activated, so it was trying to synch the server to the local drive. That's almost 40GB! Not sure how it got changed, because that's one of the things I always disable as default. I went back & looked at my check list & that was checked, so I'm sure I didn't leave it on.
The operator denies doing it - & I'm not sure she would know if she did.
Anyway, that fixed the problem.
I went back through the comments, & I'm not sure how gets the points....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OOPS!
I wanted to split the points between RobWill & Smacky311. They were the most persistent. How do I change the point allocation?
Anyway, thanks, guys
Larry
I wanted to split the points between RobWill & Smacky311. They were the most persistent. How do I change the point allocation?
Anyway, thanks, guys
Larry
Thanks WLarryB.
To change you can just post a request to the moderators, to change or re-open so that you can change, in the community support forum:
https://www.experts-exchange.com/Community_Support/
Instructions:
https://www.experts-exchange.com/help.jsp#hi17
--Rob
To change you can just post a request to the moderators, to change or re-open so that you can change, in the community support forum:
https://www.experts-exchange.com/Community_Support/
Instructions:
https://www.experts-exchange.com/help.jsp#hi17
--Rob
ASKER
Thanks, guys. I appreciate you persistence!!!
Larry
Larry
Thanks Larry, Cheers.
--Rob
--Rob