Solved

DNS GOING TO OUTSIDE SERVER INSTEAD OF LAN SERVER

Posted on 2006-11-21
75
1,373 Views
Last Modified: 2012-06-21
I have a medium sized network that I have been having DNS issues with.  We have one 2003 server that is the domain controller and is also the DNS server.  All the workstations are running WinXP Pro with Gigabyte switches and network cards.  My IP address for this network are 192.9.200.0 which was established well before I came into play.  I have been experiencing very slow connections to the internet and some applications that the server has the licenses for.  I have just noticed yesterday after months of playing with the DNS settings that my workstations are trying to access a connection with the server DNS/chia.arin.net which has an IP of 192.5.6.32.  I believe that this is happening because of our network address's, is there a way that I can prevent this from happening without having to change the IP address of the entire network?  I also have a Cisco 506E firewall and was wondering if there is a setting that needs to be changed to prevent our workstations from trying to register on chia.arin.net.
0
Comment
Question by:Chuck Finly
  • 34
  • 25
  • 16
75 Comments
 
LVL 19

Expert Comment

by:feptias
ID: 17986874
Do you have a reverse lookup zone for 192.9.200.x ? Not having one can cause a lot of queries to be sent to iana DNS servers, so the same may be true for the arin server. To fix it, just add the reverse lookup zone in your DNS management console and allow it to be populated automatically by DDNS.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17986926
What are DNS server settings set to in tcpip properies (or do ipconfig /all from cmd.exe prompt).

Client PC's should point to the 2003 server internal IP address only.
Server should point to itself only
Then the DNS server should have forwarders which point to the internet based ISP ones set in the forwarders tab of the DNS server.

The 192.x range used is not a big issue, just means you can't directly communicate with anyone on the internet using those addresses ... but it is vaguely possible you actually own that public address range and are using it internally.

It might also be that the domain name locally on PC's is wrogn (if they are not connected to the domain) and/or that the reverse lookup zone for your IP range is missing from the DNS server so it is actually tryng to register it's reverse lookup address (where you supply an IP address and return a hostname)

Check the DNS server settings on clients and server and come back if not clear what it should be.

Steve
0
 

Author Comment

by:Chuck Finly
ID: 17987187
The PC's are pointing to the DNS server and the server is pointing to itself.  I have the ISP's set for the forwarders, I didn't have a reverse lookup zone so I have added that for my IP range.  Now how do I know if the PC's are no longer pointing to the chia.arin.net server?  Will the PC's now show up in the reverse lookup zone?
0
 
LVL 19

Expert Comment

by:feptias
ID: 17987372
I'm not sure what you mean by "pointing to the chia.arin.net server". How did you establish that they were "trying to access a connection to this server" in the first place? Was it shown in the event log?

If the workstations start to add PTR records into the new reverse lookup zone (this may take time or a reboot before it occurs) then that suggests they were trying to register before and so it is very likely that this is the explanation of your problem. You can also force a workstation to re-register using DDNS by issuing the following command at the command prompt:
ipconfig /registerdns
0
 

Author Comment

by:Chuck Finly
ID: 17987429
Yes I found that entry in the event log.  So your saying that if they start showing up in the PTR records everything should be set?
 Let me go and try this on the PC's that I know have been experiencing slow connections.  The funny thing is that not all my PC's have been affected by this even though they were also trying to establish a connection to the chia.arin.net server.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17987507
I would not expect the absence of a reverse lookup zone to cause any significant problems - it might slow down the login process or add extra load onto the DNS server, especially in the morning when everyone is trying to login.

Perhaps you have two different problems.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17987583
Exactly... the PC's or DHCP server would try and register their entry in the reverse lookup zone for your address range... and that is 0.200.9.192.in-addr.arpa. which would previously have gone out to the net as this is not a private range.

Steve

0
 

Author Comment

by:Chuck Finly
ID: 17987896
I have changed the settings on the PC's that I'm having issues with and they are showing up in the reverse lookup zone however, going out to the internet and starting the control panel for instance are still taking a long time approximately 1 to 2 minutes.  I'm no longer getting the error in the event log that tells me it is trying to register to another DNS server.  

I work in a tool and die shop and the PC's that I'm having issues with are the ones located in our shop.  I have been having this issue for the past few years.  I feel like I'm getting close but just can't nail this down.  I have found that when a computer starts acting like this I just reformatt and the problem goes away for about 4 to 6 months then starts all over again.  There has to be something that I'm missing.  I have been told that maybe my cabling is an issue, I have purchased the Cat6 line and ran that direct from my main network switch directly to the computer that I was having issues with and nothing changed so I have kind of eliminated that possible problem.  I'm still wondering if it isn't my network address's, maybe somehow they are conflicting with the internet but I'm not sure.
I speed things up by using my ISP's DNS server settings on the PC's in the shop but by doing that I was getting the error that it was trying to record itself on there server.  Any suggestions would be helpful.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17988001
Does the problem only happen when you are using the internal DNS server. i.e. do you get fast access to Internet sites when you set the DNS server to point directly to the ISP's DNS server? Does it also make a difference to the slowness of opening the control panel?

Do you have good anti-spyware and anti-virus software? Slowness is often a sign of malware being present. It doesn't sound like a cabling problem if re-formatting the disk and re-installing Windows fixes it.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17988023
OK so the reverse lookup zone suggested has fixed the original problem then.

Is it only slow the first time you access something on the net?  It could be the DNS servers you have listed in forwarders on the server itself are no longer valid or over-worked.  I doubt cabling would make an issue here.

try typing from cmd.exe on the server

nslookup
www.somethingorother.com.   (complete with last period and any domain you fancy)
server yourispdns1
www.something.com.
server yourispdns2
www.something.com.
exit

Substitute the yourispdns1 etc. with the IP's you are using in your forwarders for DNS to test them at resolving a domain of your choice -- might be worth trying something not normally used to rule it out being in cache.

and see if it comes back in a reasonable time with the IP addresses.

Let us know how it goes
Steve
0
 
LVL 19

Expert Comment

by:feptias
ID: 17988050
hmm. We're answering two questions for 250 points. You're getting a bargain here!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17988129
Good point... especially once that is potentially split two ways (your first comment wasn't showing of course when I added mine feptias).  I think we have resolved issue 1 with the reverse lookup zone.  How about another Q for other issues hockeynut55 ?
0
 

Author Comment

by:Chuck Finly
ID: 17988553
Ok gentlemen I have increased the point value and will spit that between both questions.  I appreciate all the help and I wil try to test this later today.  My boss has put me on another project at the moment but should be able to get back to this soon, if not today then tomorrow.  I will let you know what I have found out.  Thanks
0
 

Author Comment

by:Chuck Finly
ID: 17995779
dragon-it
Ok I have done the above test and it appears to come back real quick with the IP address on the server.  I have done the test also on one of the PC's that I'm having an issue with also and it comes back quick from the server.  
Also once I have connected to the internet the next window comes up just as slow.  
0
 

Author Comment

by:Chuck Finly
ID: 17995921
One thing that I have noticed and I'm not sure if this makes a difference or not but my DHCP server has the server listed as trueserv1.mshome.net.  I went to manage the authorized servers and I see another entry there trueserv1.trueind.local should I switch to that one seeing how that is the actual domain?
0
 
LVL 19

Expert Comment

by:feptias
ID: 17997096
The mshome.net domain suggests something to do with Internet Connection Sharing or RRAS. Do you know if either of these has been enabled on any of the PC's or servers on your network? I did a quick search of the Experts Exchange PAQ database and one of the more promising suggestions for fixing that problem is to make sure you have the correct domain name defined in your DHCP Scope Options (or Server Options). It is option 015. Please check.
0
 

Author Comment

by:Chuck Finly
ID: 17997314
Ok option 15 says trueind, that is the domain name but should it have the .local after it?
0
 

Author Comment

by:Chuck Finly
ID: 17997565
I do have another server that is our web and ftp server with ICS started.  My main server is my DNS, DHCP, WINS and also my exchange server.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17997658
Option 015 should be set to the complete Windows domain name - trueind.local

Do you really need ICS enabled on that other server? Can you at least test the effect of disabling it for a while?

By the way, ICS and RRAS are not my strongest subjects, so I am kind of hoping that dragon-it might be able to contribute when he is next available. Also it is the end of the working day here in UK and I have to go soon and will be unavailable for much of tomorrow too. Sorry.
0
 

Author Comment

by:Chuck Finly
ID: 17997800
I will try to change the name for option 015 and will see about disableing the ICS and let you know.  My end of the day is near also and we have a holiday tomorrow so I will have to finish this up Friday.  Thank you for all your help thus far.
0
 

Author Comment

by:Chuck Finly
ID: 17997816
Sorry was confused between ICS and IIS, I have IIS running only not ICS.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17999519
Sorry guys, wasn't around today... also UK based and it is late now having been doing birthday stuff all day (year older again...)

Add a comment back here when you are back and we can go through remaining issues

Steve
0
 

Author Comment

by:Chuck Finly
ID: 18006960
Gentlemen I'm back in the office today but only until 3pm est. If either one of you are available to finish the remaing issues, please let me know.  Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18006973
I'm here. Can you recap current issue please.

Steve
0
 
LVL 19

Expert Comment

by:feptias
ID: 18006987
I'm here too.
0
 

Author Comment

by:Chuck Finly
ID: 18006999
Current issue is that I have a few computers that are taking up to 2 minutes trying to connect to the internet or to pull a license from the server for an application.  I have been making adjustments to the DNS and DHCP without any success.  I was asked to changed the scope option 015 from saying trueind to trueind.local and that hasn't helped as well.  I have noticed that even the login seems to be slow.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18007047
OK.  On a PC that is effected please post the complete ipconfig /all and the same for the server please.
0
 

Author Comment

by:Chuck Finly
ID: 18007156
The server:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : trueserv1
   Primary Dns Suffix  . . . . . . . : trueind.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : trueind.local

Ethernet adapter Intel 82544GC Based Network Connection - Onboard:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connection
   Physical Address. . . . . . . . . : 00-11-43-5B-10-45
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.9.200.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.9.200.1
   DNS Servers . . . . . . . . . . . : 192.9.200.101
   Primary WINS Server . . . . . . . : 192.9.200.101

On a PC:

Windows IP Configuration

        Host Name . . . . . . . . . . . . : trues11
        Primary Dns Suffix  . . . . . . . : trueind.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : trueind.local
                                            trueind

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . : trueind
        Description . . . . . . . . . . . : D-Link DGE-530T Gigabit Ethernet Adapter
        Physical Address. . . . . . . . . : 00-11-95-FD-CE-6C
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.9.200.34
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.9.200.1
        DHCP Server . . . . . . . . . . . : 192.9.200.101
        DNS Servers . . . . . . . . . . . : 192.9.200.101
        Primary WINS Server . . . . . . . : 192.9.200.101
        Lease Obtained. . . . . . . . . . : Wednesday, November 22, 2006 10:29:57 AM
        Lease Expires . . . . . . . . . . : Wednesday, November 29, 2006 10:29:57 AM



0
 
LVL 19

Expert Comment

by:feptias
ID: 18007524
Some quick comments (sorry, I am very busy today):
1. I would not expect to see IP Routing enabled on the server. Is there a reason for this?
2. Connection specific DNS suffix on the PC should be trueind.local.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18007597
Well spotted there, I've been off doing other things too.  Remove that in the properties of tcpip on that card...

All the rest looks OK to me.  The IP routing is on by default on server afaik and shouldn't have any issues here with only one interface... try what Feptias suggested first -- that might be coming from DHCP or manually entered, either way it's not right!
0
 

Author Comment

by:Chuck Finly
ID: 18007667
ok I have disabled the IP Routing on the server.  Now I get the following error message in my events viewer for the PC:

Event Type:      Warning
Event Source:      DnsApi
Event Category:      None
Event ID:      11163
Date:            11/24/2006
Time:            9:35:12 AM
User:            N/A
Computer:      TRUES11
Description:
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {8E9E51F9-17D1-4FA0-A174-05B1002BF790}
   Host Name : trues11
   Primary Domain Suffix : trueind.local
   DNS server list :
           192.9.200.101
   Sent update to server : 192.1.1.1
   IP Address(es) :
     192.9.200.34

 The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

 You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00               -#..    
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18007817
Have you got a reverse lookup DNS zone on your server for your subnet range, thought that got created earlier?
i
Steve
0
 
LVL 19

Expert Comment

by:feptias
ID: 18007842
Open the DNS Management Console on the server; Right-click the Forward Lookup Zone for trueind.local and select Properties. What is shown next to the words "Dynamic Updates" half way down the form? Also, what type of zone does it say it is - for example, AD-Integrated?
0
 

Author Comment

by:Chuck Finly
ID: 18007858
yes I have the reverse lookup DNS zone created.  I have noticed that since I changed the DNS scope option 015 to trueind.local that I have two entries when I do the ipconfig /all on  the PC for the DNS Suffix Search List.....trueind.local
                                                                                                                              trueind.local

Should that be like that?

For the DNS Forward zone Dynamic updates = Secure Only and the Type is AD-Integrated.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18007874
Where the **** is the 192.1.1.1 coming from for registering in DNS.  Feptias any ideas?

Are these constant errors on the server or just after restart?  What happens when you do

ipconfig /registerdns

does the error occur again?

Steve
0
 
LVL 19

Expert Comment

by:feptias
ID: 18007876
Good point dragon-it, why is it trying to send the update to 192.1.1.1 ??  Where did that IP address come from, I wonder?
0
 

Author Comment

by:Chuck Finly
ID: 18007959
I just went and restarted the computer and no errors this time around.  Gentlemen this has been an ongoing issue for the past couple of years.  I'm wondering if it is possible that the IP address 192.9.200.0 is causing conflicts with outside interfaces somewhere.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Chuck Finly
ID: 18007993
Does this mean anything, this is in my event viewer on the server:
The WinHTTPWeb Proxy Auto-Discovery Service has been idle for 15 minustes, it will be shutdown.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18008059
Shouldn't make any difference to anything.... I'm a bit stumped here.... hang on a minute.  What reverse lookup zones are showing in DNS -- is it showing as 192.9.200.x , trying to think here if we need to put in a reverse lookup zone forthe whole 192.x.x.x range?

Steve
0
 

Author Comment

by:Chuck Finly
ID: 18008080
It shows 192.9.200.x Subnet
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18008096
Wouldn't worry about that... I think thats the bit that works with WPAD to update proxy server details in Internet Explorer.  I presume you aren't running a proxy / ISA box.

Steve
0
 
LVL 19

Assisted Solution

by:feptias
feptias earned 250 total points
ID: 18008154
I do not believe that the use of the 192.9.200.0 IP address range would cause major problems if your internal DNS server is correctly configured. If a Windows DNS server has a forward lookup zone for your domain, then the Host records in that zone can return IP addresses in that range with no problem. You would also want to have the Reverse Lookup Zone for 192.9.200.0 for the reasons discussed earlier (and also for completeness in your DNS config to keep AD happy). The rest comes down to routing. It is a routable address range, whereas most LAN's are configured with non-routable addresses and NAT. However, if the LAN port on your router is configured for that IP range then it should know not to send packets for that address anywhere other than the LAN (unless you have special static routes configured). I suppose there could be some problem associated with broadcast packets, but this is getting into territory that is at the boundary of my knowledge.
0
 

Author Comment

by:Chuck Finly
ID: 18008242
Should I post my configuration for my PIX 506e firewall?  You mentioned that this is a routable address range, how do I change that so it's non-routable and will that make a difference?
We do have two buildings that are tied together by a fractional T1 line, however we don't have the same domain.  We kept them seperated figuring that it would be easier to maintain.  The only common thing is that there IP address are 192.9.201.0.  I'm not sure if that is conflicting with anything or not.  I have set up persistent routes so that we can access there files but not on all PC's, is that something that I may need to try?  
0
 
LVL 19

Expert Comment

by:feptias
ID: 18008385
I am not convinced it is routing because you said new PC's behave ok and after a period of time they get this slowness. (Also, I am not familiar with PIX firewalls.) I think we should focus on the most obvious symptoms initially.

Do you consistently get the slow connection to the Internet on the afflicted PC's? What type of Internet access is it - e.g. web browsing? Have you tried using NSLOOKUP on those same PC's to resolve the URL that is giving the slow access, or is it access that uses an IP address (therefore not requiring DNS lookups)?
0
 
LVL 19

Expert Comment

by:feptias
ID: 18008390
BTW, I have to go out very soon for an hour or so.
0
 

Author Comment

by:Chuck Finly
ID: 18008421
this is just for web browsing but I use this as a test, once access to the net is quick I know that all the other applications will work fine.  As for the NSLOOKUP, yes I have done that even on the affected PC and it returns back real quick.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18008947
What I wanted to establish is if the slow bit is the DNS name resolution. For example, if it is slow to browse a web site by name but it is quick to browse it by IP address, then this points to DNS being the slow component. I would expect NSLOOKUP to also be slow resolving names in that case.
0
 

Author Comment

by:Chuck Finly
ID: 18009006
Once the application is up like internet explorer I can fly to any website without any delays, it's just starting the application the first time.  I find this for all the software applications that have to retrieve a license from the server.  At least now the explorer comes up fairly quick.  I have even tried using a host file to see if that would help and it doesn't.  Could this have anything to do with WINS?  Like I have said this has been driving me nuts, I have another computer the exact same model and processor everything not but 50 feet away from the one I'm having problems with and that computer flies.  
0
 
LVL 19

Expert Comment

by:feptias
ID: 18009321
I'm unclear what you mean when you say "applications that have to retrieve a license from the server". Internet Explorer would not be getting a license from the server - can you give examples of applications that do?

It could have something to do with WINS because WINS is still used by many applications for browsing and finding shares and computers on the network. What makes you think the problem is associated with name resolution? You seem to suggest it is because you have mentioned DNS, the hosts file and now WINS - all of these are involved in name resolution. Please bear in mind that the problem could be something else that you haven't thought of yet. This means it is best if you can describe the symptoms and factual observations rather than assuming the problem has a specific cause and asking for help related to that.

Its moderately late here in UK so may have to leave this till tomorrow now.
0
 

Author Comment

by:Chuck Finly
ID: 18019874
Here is what is happening; I have 3 Windows 2003 Servers and approximately 45 PC's,  One server is my main server for exchange, file storage, backups, DNS, DHCP etc...Second server is strictly used to host my website and FTP site and the third is used for our office data and financial software.  We have several CAD and CAM packages that we use and I have all three servers acting as a license server for the different applications.  All the PC's and servers are connected using Dell Poweredge Gigabyte switches and the PC's have gigabyte NIC cards.  I have about 6 computers that are really slow in going onto the internet and slow accessing the licenses on the server.  The PC's run real slow until you disconect the ethernet cable, once that is done the computer fly's.  I have been playing with DNS, WINS and LM Host files just trying to come up with some reason as to why this happens.  Like I mentioned before, once I reformatted the hard drives then everything is fine for about 6 months and then it starts all over.  I have installed new NIC cards in the problem PC's plus run new cable as well, same response.  
0
 
LVL 19

Expert Comment

by:feptias
ID: 18019977
Do you have mapped drives on those slow PC's? I have seen problems like this where a mapped drive was pointing to a server that was no longer available and it would take minutes to open a simple 'File Open' form. When I deleted all the drive mappings and it was ok again. You could also try removing then re-joining the PC to the domain.

As mentioned before, can you check if browsing to a web site is slow when you use the web site name then does it make a difference if you try browsing to the same site using IP address. It would be useful to prove if the slow stage is the DNS name resolution or something else.
0
 

Author Comment

by:Chuck Finly
ID: 18020224
Yes I have mapped drives, but on the particular machines that I'm having issues with they don't have access to the other servers only the main.  The only time that I have a slow connection is when first starting the application, wether it's internet explorer, control panel or a CAM package that requires a license from the server.  Once the applications are open then everything seems to fine, it's just the initial start.  
0
 
LVL 19

Expert Comment

by:feptias
ID: 18027038
Do you have WINS installed and working on the server?
If yes, please confirm that you are able to open the WINS management console and check that it contains valid entries for the server.
If not, please take steps to activate it.

It may not be relevant, but assuming WINS is installed and working, the Node Type on the server should not be set to Unknown as shown in your earlier post of ipconfig /all output. It would be much better set to Hybrid. To set the node type manually, you have to edit the registry. There should be a registry key called NodeType of type DWORD. The location is:
HLM\System\CurrentControlSet\Services\NetBT\Parameters

For Hybrid, the value of NodeType must be set to 08.

For full details of all NetBT and TCP parameters in the registry see:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314053
0
 

Author Comment

by:Chuck Finly
ID: 18027480
yes I have WINS installed and running, I was able to open the WINS management console and there are valid entries for the server.  I have also checked the registery key and the value for the node ype was already at 08.
I have the other building listed in WINS as a replication partner, I don't remember why we set that up that way but I'm wondering if I should delete that entry.  The only tie that we have to the other building is a persistant route.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18028046
A replication partner would indicate that there is another WINS server running at the other site and the two are configured to exchange information. If there is no other WINS server or there is no possible need for them to share information then you could delete the entry.

It does not make sense that NodeType is already 08 at the same time as ipconfig /all shows Node Type as Unknown.

Please confirm if the slowness mentioned occurs only when Internet Explorer is first opened or each time a new site is browsed for the first time. Also, is there slowness each time you open the CAD/CAM applications or only the first time you open it each day. If the first time you open it each day, then is it only a reboot that makes it go slow again?
0
 

Author Comment

by:Chuck Finly
ID: 18028262
Once internet explorer is open I'm able to visit any website within seconds.  For the CAD/CAM applications, it always starts slow on the machines that I'm having issues with.  

I checked the server registry again and that parameter was already set to 8.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18028576
As you add more information to your description of the problem I am no longer convinced it is a DNS issue. It sounds more like a simple case of the primary disk drive being full or the machine not having enough memory (physical or virtual). Have you checked those or compared the good machines with the bad ones by looking at performance in the Task Manager. I suggest you try running Task Manager and leave it open on the Performance tab while you start one of these slow applications.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18028950
You say it takes a while to open ie.  Do you havge it set to automatic configuration in tools Internet options or an automatic config scipt set there?
0
 

Author Comment

by:Chuck Finly
ID: 18029046
All my machines have at least 80gig hard drives with at the lowest 1gig ram, most machines have 2gig if not 4gig ram so I know that the hard drives and the memory can't be the issue.  If that was the case then why is it only about 6 PC's that have this issue and not all 45?

All the computers are set the same for internet access automatic configuration.  

The only reason I kept thinking that it was something to do with DNS is that in the event viewer it was telling me that it was trying to establish a connection with a server that isn't even in my IP scope.  I have also found that if I switch the TCP/IP settings on the WINS tab from default to enable and back again that the issue may dissappear for a day but start right back the next day.  I'm still wondering if it has something to do with the IP address that we have for our LAN.  I have even tried host files and that doesn't seem to help either.  Like I have said this has been an ongoing battle around here for quite sometime.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18029426
It is quite possible for an 80GB hard disk to get full so it is not an unreasonable suggestion. Even if your regular applications would not fill that much disk space, there is always the risk that a rogue application (malware) or misuse of particular computers could cause disk space to get filled. That would also provide a feasible explanation for why some PC's are ok and others are not. However, I assume you have checked the free space and eliminated that possibility.

Have you tried leaving the NetBIOS settings on the WINS tab as enabled all the time?

Did you check Task Manager performance indicators while starting the slow application? This would at least allow us to eliminate the possibility that it is a CPU or memory intensive activity that is responsible.
0
 

Author Comment

by:Chuck Finly
ID: 18029591
Yes I have left the NetBIOS settings enabled all the time, it seems to help but not that much.

As for the task manager what indicators are you looking for that I can report back?
0
 

Author Comment

by:Chuck Finly
ID: 18029699
I left both the Task Manager and the Local Area Connection Status dialog boxes while starting IE.  After 80 seconds there was finally an increase in the bytes sent and received plus the commit charge increased.  While waiting for IE to start the system appears to lock, there was no movement in the commit charge on the task manager nor the bytes sent and received.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18029729
Isn't there a Performance tab on your Task Manager that shows a graph of CPU and another of memory?
0
 

Author Comment

by:Chuck Finly
ID: 18029765
Yes I have the CPU usage and the PF Usage is this the information you need for me to report on?  What do you want to know how long before the CPU usage changed and the memory allocation?
0
 
LVL 19

Expert Comment

by:feptias
ID: 18029892
I just wondered if the CPU went up dramatically during the slow start - or the memory usage.

Sometimes applications will almost grind to a halt because the CPU activity has jumped to 100% or the memory usage has jumped dramatically. I just want to eliminate this possibility. If it is not CPU then it tends to confirm your suspicions that it is DNS or NetBIOS. I would prefer it to be CPU because it would probably be easier to identify the problem. If it is DNS or NetBIOS then the options available for identifying the exact cause are somewhat limited. The first approach is to modify various options that might be relevant until we find one that makes a difference, then try to narrow down the possibilities from there. Another approach would be to use packet sniffing with Ethereal or similar. That is hard work and very time consuming - also beyond what would be reasonable for us to advice you through this web site.
0
 

Author Comment

by:Chuck Finly
ID: 18030008
I left both the Task Manager and the Local Area Connection Status dialog boxes while starting IE.  After 80 seconds there was finally an increase in the bytes sent and received plus the commit charge increased.  While waiting for IE to start the system appears to lock, there was no movement in the commit charge on the task manager nor the bytes sent and received.  Also the CPU usage meter didn't move until IE was open, it stayed at 0% the whole 80 seconds.  The PF usage stayed at 195MB for the whole 80 seconds as well, then when IE was finally open the CPU usage went up to 44% then back to 0% and the PF usage went from 195MB to 216MB.  The computer just seems to freeze for a minute and half then resumes.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18030221
I just tried searching the PAQ database with search phrases like "application slow open" and "IE slow open". Some of the questions it returns might be relevant - ideas included problems with an ethernet switch, but mostly they explanations for other users were malware. How confident are you that the slow PC's haven't been infected with spyware or similar? Have you tried running Hijackthis or Spybot Search and Destroy?

Dragon-it - any ideas?
0
 

Author Comment

by:Chuck Finly
ID: 18030324
We have Norton Corporate Antivirus with Spyware and that pretty much takes care of all the spyware.  Besides, yes the PC's we are talking about are slow to get IE started however, these computers only use the internet at lunch for the guys in the shop.  I use the IE as a test knowing that if that starts quick then all my other applications will start the same.

I have proved out that it's not the ethernet switch by running a new line direct from the switch's that are next to the server to the affected PC, there was no change in speed.
0
 
LVL 19

Expert Comment

by:feptias
ID: 18043895
1. Are there any errors reported in the event log (Application or System) on the slow PC?

2. Do you get very slow response when you try browsing the network from the "slow" PC? - i.e. in Windows Explorer, drill down through:
My Network Places -> Entire Network -> Microsoft Windows Network -> trueind.local

3. Do you get very slow response when you try opening/browsing any mapped network drives in Windows Explorer from the slow PC?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18043969
Sorry, haven't been able to reply for a while. Have you turned off "Use automatic config. script" or "Automatically detect settings" off in the connections tab like I suggested above, if you have sorry, still reading backwards through the posts!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18043992
Also have you tried the winsock fix for Xp... long shot but it does fix funny things sometimes!

netsh winsock reset

Steve
0
 

Author Comment

by:Chuck Finly
ID: 18052908
The error that I get and it's not everyday is that the computer is trying to find server 192.1.1.1

Once the windows explorer is open I can go to all network shares fairly quick.

The Internet options for connections don't have any boxes checked.

I have tried the netsh winsock reset and nothing changed.

I have a gentlemen that has helped us with server issues in the past, I talked with him the other day regarding these issues and he really feels that my IP address 192.9.200.x  is too close to a public IP address.  I am planning on changing our address scheme next weekend to see if that will take care of these issues.  I can let you gentlemen know after next weekend (Dec 9-10) if in fact that was the issue.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
ID: 18052930
It shouldn't be an issue if everything is configured correctly but yes if changing to a 192.168.x.0 or 10.x.x.0 or 172.16.0.0 to 172.63.0.0 range would be ideal as they are guarenteed private.

Steve
0
 

Author Comment

by:Chuck Finly
ID: 18052966
This is about the only thing left, we have tried all other options.  I know that it's not the PC itself, once the ethernet cable is unplugged the computer screams.
0
 

Author Comment

by:Chuck Finly
ID: 18117523
Gentlemen, I have revised our network to the new adress scheme of 192.168.10.xx and this has taken care of all the issuew we were having.  I want to thank you both for all your assistance and I have split the points between the both of you.  Again Thank you.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Resolve DNS query failed errors for Exchange
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now