Solved

Browsers apparently time out = cannot reach web pages from inside LAN

Posted on 2006-11-10
22
293 Views
Last Modified: 2011-09-20
SBS 2003 Standard, SP2
Proliant ML350 G3 server

We have 10 clients in a SBS 2003 domain, the server has 2 NICs and acts as the gateway.

T1 <-> Router <-> SBS2003 <-> LAN w/ 10 clients

Web access from inside the LAN is markedly slower than from the server.  If I plug a client in on the other side of the server so that it can get directly  to the router and the WAN, it's snappy.  This is independent of client (all on XP Pro) - all of them do it, IE6 and IE7.

Bad enough, but fairly frequently, the pages time out (or "cannot be reached" - the message is pretty content free).  IE7 says:
--------------------------------------------------------------------
Internet Explorer cannot display the webpage
   
   Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.
 
   What you can try:
     Diagnose Connection Problems  
 
     More information
--------------------------------------------------------------------
 
Since the system was paging pretty heavily, I bumped up the memory from 2GB to 4GB - so that's not at issue anymore.

After the memory upgrade, there has been NO improvement in web access - access is still slow, timeouts are common (more than an annoyance when POST data is lost and a long transaction has to be restarted)

Where do I start to look for errors?
0
Comment
Question by:jjrrww
  • 8
  • 7
  • 4
  • +2
22 Comments
 
LVL 8

Expert Comment

by:dhoustonie
Comment Utility
Do you mean SBS 2003 SP1?
All patches updated for the server and workstations?
What is the hard drive configuration? RAid 1 or 5? SCSI or SATA? RPMs of disks? Partition sizes?
Can you post an IPConfig /all from the server and workstation please.
Thank you,
David
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
Could be a DNS issue.  How is the DNS set up on the clients?  Is the server configured to use DNS forwarders for external name resolution?  How are the NICs on the server configured, as to IP addy, subnet, gateway and DNS?
0
 
LVL 8

Expert Comment

by:dhoustonie
Comment Utility
Please provide the full Ipconfig /all for server and workstation, just to provide the information in a known format.
Thank you,
David
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
All Patches updated on both.  NIC drivers are up to date.

Server hard drives: Raid 5, 3 drives (rpm unknown - probably 10k, but I can check), SCSI, forming a 68GB partition.  Additional IDE drive, 250GB, mounted as a directory under C:, single partition.  IDE Drive is strictly backup and archival data.


-----------------------------------------------------------------------------

Server: Windows IP Configuration

   Host Name . . . . . . . . . . . . : mainserver
   Primary Dns Suffix  . . . . . . . : A-Alert.lan
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : A-Alert.lan



Ethernet adapter LAN Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-11-85-69-AC-66
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.82.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.82.100
   Primary WINS Server . . . . . . . : 192.168.82.100



Ethernet adapter WAN Connection:

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : 3Com 3C996B Gigabit Server NIC
   Physical Address. . . . . . . . . : 00-04-76-F2-E6-23
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.79.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.79.1
   DNS Servers . . . . . . . . . . . : 192.168.82.100
   NetBIOS over Tcpip. . . . . . . . : Disabled


-----------------------------------------------------------------------------
Workstation: Windows IP Configuration

        Host Name . . . . . . . . . . . . : Kevin
        Primary Dns Suffix  . . . . . . . : A-Alert.lan
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : A-Alert.lan

                                            A-Alert.lan



Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : A-Alert.lan
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
        Physical Address. . . . . . . . . : 00-13-20-43-6C-A5
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.82.42
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.82.100
        DHCP Server . . . . . . . . . . . : 192.168.82.100
        DNS Servers . . . . . . . . . . . : 192.168.82.100
        Primary WINS Server . . . . . . . : 192.168.82.100
        Lease Obtained. . . . . . . . . . : Friday, November 10, 2006 11:03:29 AM
        Lease Expires . . . . . . . . . . : Saturday, November 18, 2006 11:03:29 AM


0
 
LVL 8

Expert Comment

by:dhoustonie
Comment Utility
AsHypercat asked in DNS have you setup forwarders?
What AV or Anti Spyware do you have running on the server?
Thank you,
David
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
DNS forwarders - I think not (I set this up via the SBS wizards), but I'm still a DNS neophyte.  What should I look at to ensure you have what you want to know?

Server is running BitDefender Enterprise (File server and Exchange).  

My suspicions have actually been leaning there, but NOTHING is indicating what is happening.  Can I get some sort of log to trace activity and detect or at least document the web accesses that fail?


I'm not even reticent to yanking out the tool, but since it's intermittent, I won't really have proved anything until I wait long enough to assure myself that the problem is gone.  Kind of sketchy to have no A/V while I wait for adequate performance...
0
 
LVL 6

Expert Comment

by:manicsquirrel
Comment Utility
This may be way off base, but we've run into a lot of problems similar to what you're describing that was casued by this:

http://support.microsoft.com/default.aspx/kb/918165

Now, this KB only alludes to the tip of the iceberg.  It was subposed to be cleared up by a subsequent update but was not in all cases.  This KB doesn't describe all the problems either.  We even found a difference in loading a webpage by prepending http:// to the address.  I don't remember, but I think if you added it, pages wouldn't load.

Again, this is probably a long shot.  

I  really think its a DNS forwarding problem.  When you cannot hit an external web page, can you access the http://companyweb?  If you can, then I would definately think it's DNS issue.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Are you running the SBS version of BitDefender?

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
dhoustonie - yes: SBS 2003 SP1  (It's Exchange SP2)

I've never seen an access to http://companyweb timeout, but then, the pages that fail will almost always succeed if you simply reload, so failing on an external page and then hitting the local wouldn't accurately reveal anything.

Checking the MS support article now.

Bitdefender:  Their marketing packaging is difficult to decipher - unsure what bundling the SBS version would give you (it's nothing but a shrink-wrap to see it by), but, we have:

1. BitDefender for File Servers.
2. BitDefender for Exchange.
3. BitDefender WMI Add-on.
4. BitDefender Client Add-on.
5. BitDefender Enterprise Manager.

Which was sold under as Bitdefender for Exchange Server (and actually packaged as something called "Bitdefender Network Global" - their marketing people are NOT helping things)
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
I think you should try adding at least one external DNS server to your DNS forwarders tab and see if it helps.  Open the DNS management console and click on the server name.  Then right-click the server name and go to Properties.  The second tab is the Forwarders tab. Add an external DNS server to this tab - usually you would use the IP address(es) of one or more of your ISP's DNS servers.

Hope this helps!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Yeah... you're right that their marketing folks don't get it... and I wonder if their tech folks get it either.

http://msmvps.com/blogs/bradley/archive/2005/02/20/36544.aspx

I don't know anyone who's running BitDefender on an SBS, so I wonder if it's really optimized for that kind of deployment.  One thing that is important to understand is that because SBS is all in one box, a proper anti-virus solution has to be designed for this kind of situation so that it doesn't slow things down.  I'd suggest that you remove BitDefender and see if that speeds things up, and then replace it with something like TrendMicro's Client/Server/Messaging Suite which you can download and fully install.

Jeff
TechSoEasy
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:jjrrww
Comment Utility
Forwarders are (and were) in there.  

I just had a protracted delay while connected in with Remote Desktop - froze solid for 15 seconds, showed a disconnect (timeout?) and then reconnected.

I'm going to remove Bitdefender and see what we get.  Unfortunately, it's hard to be sure since it's on and off.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
I'm fairly confident that's what the problem is.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
and if it's not... then there's something else wrong which removing BitDefender should uncover.
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
Well, Bitdefender is removed.

On the one hand, Web access from the LAN seemed much faster.
On the other, I'm still getting delays.  One symptom, far less common, was that Remote Desktop would lock up for close to 25-30 seconds, flash as though it was going to time out, and then reconnect.  That is still happenning.

LAN access is more subjective, since the performance problem has come and gone.  I'm still watching that.

Is there any logging I could enable that would make note of these delays - for instance the RDC timeout?  Right now I have no data, only subjective observations.
0
 
LVL 8

Expert Comment

by:dhoustonie
Comment Utility
Some times you need to use forwarders other than the one supplied by your ISP. If you remove the forwarders completely you will use  the Root Hint Servers  this may be the best option to ensure that your ISP's DNS serversare not overloaded.
 David
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
One area we haven't touched upon is MTU settings.  There are a number of MTU issues with Server 2003 (a hotfix was released for post SP1 MTU issues http://support.microsoft.com/kb/898060 although I don't think this is necessarily your problem).  

You can adjust the MTU settings by following the steps in this article:  http://www.jsifaq.com/SF/Tips/Tip.aspx?id=9683

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
I can try the root hint servers - I'm trying to get a handle on current performance befor eI tweak any other knobs, but I'll definitely try that

I would expect however, that (assuming that the browsing and Remote Desktop issues are related) that the delay/freezing behavior of RDC sessions is NOT a DNS issue, since it is affecting a current session.  Correct reasoning?

Of course, if web browsing is now fine and this timeout issue persists, it would suggest a second problem.

Checking on the MTU settings...

Does anyone have a suggestion on some kind of logging to *detect* the issues as they are happening?  Problem is, I only have symptoms.  The behavior of the server *during* the problem remains unknown.  

John
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
MTU *definitely* was an issue.  I installed the patch and it broke a serious logjam.  Responsiveness from LAN to Internet has improved immensely.

I'm calling this solved.  I *seem* to still have some intermittent issues.  Far less frequent and they "feel" different.  There are still Bitdefender tendrills I have to clean up before I revisit it.


0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Great!  One thing that is often overlooked is that pretty much all internal network traffic is via TCP/IP.  So MTU settings are pretty critical, and there's very little documentation on the topic.  Glad things are funning better for you!

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:jjrrww
Comment Utility
What is a little distressing is that SP1 appears to be the REASON that MTU was twisted up.

Why then, does MS update not offer up the patch?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Because apparently, this is something that only occurs with certain deployments... depending on what else you have on your system, or how you have it configured to begin with.  It's not universal.

Jeff
TechSoEasy
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now