Solved

DNS issue? - external internet browsing unavailabe for a while after logon

Posted on 2007-11-27
21
224 Views
Last Modified: 2010-04-07
Hi there,

I am getting nowhere fast on this issue despite my searching for answers so I thought I would join and post in here as there may be some quick fix. Please understand that I have come from a more desktop/software support with some networking and server admin sort of background and am now cutting my teeth on DNS/DHCP and server admin in small to medium businesses.

I look after a site that runs MS SBS 2003 SP2 and Win XP SP2 on the desktop  I believe that I have some sort of DNS issue that is causing their current problems.

Symptoms:
At various times, users will be unable to browse the internet for a minute or two and then it will come good again all of a sudden. Additionally, there is one user in particular will start their system in the morning, they will log on and immediately after they log on will go to browse the internet and it will simply time out. In the bottom left corner will be the 'contacting site 74.125.19.147' (Google's IP add - his home page). If he then leaves this for 5-10 minutes it will suddenly start working of it's own accord. At the time the issue is happening, all internal networking appears to be fine - he can ping the server by hostname, Outlook/Exchange works happily. I will find it happens to me sporadically when I connect my laptop to their network (not joining the domain).

Changes:
A few months back I changed their ISP over from a company called Dragnet - http://www.dragnet.com.au/ to Westnet. It appeared to go fairly smoothly and I don't believe this issue occurred from day one of the changeover. There were some issues with Windows security updates not having been done for a while - the handover from their previous provider (I took them over about 6 months ago) hasn't been great - and it appeared that may have been causing some issues. They are all updated now though and the problem remains.

Config:
The server is running DNS/DHCP - single network card - with the router as def gateway and all clients set to obtain IP settings automatically. An IP config on the client machine looks normal, with the DNS server and DHCP server as the SBS server and default gateway as the router. Their ISP is Westnet (I'm in Australia) and they have a static ip assigned.

What have I tried:
I have run AV/Malware scans on server/clients, after the issue began I did note that the DNS servers I had entered on the server had been left as the old ISP's DNS servers, though I don't think this should have mattered and it didn't fix anything when I changed to the new ISP's svrs. I did find this article here on EE... http://www.experts-exchange.com/Networking/Windows_Networking/NT/Q_22089445.html but it seemed a bit different to my issue. I have checked the 'forwarders' tab in DNS as per the article and it does have the DNS servers of their ISP. I have begun reading through all the info mentioned in this article and will continue to do so however as yet I haven't struck anything that appeared to me to be something obvious to check. I have heard from various colleagues that sometimes SBS can do DNS a bit poorly but didn't know if this was true or just an inability to configure SBS DNS well.

I apologise in advance if there is some hand holding required here but I've heard great things about this site that I had to give it a go. I hope I have given enough info in this preliminary post.
0
Comment
Question by:aligntech
21 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20357052
Check the basics:
Make sure that your clients have your own Windows DNS server set to be their preferred (and ONLY) DNS server. Also check the Default Gateway setting. These may be set manually in the TCP/IP settings on the machine or may be set with DHCP Options.

Make sure that your own DNS server is set to forward external lookups to the DNS servers of your ISP - see http://www.petri.co.il/configure_dns_forwarding.htm
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20357679
SBS does DNS just fine... and there is no inability to configure SBS DNS... so your colleagues don't know what they are talking about.

Please post a COMPLETE ipconfig /all from both the SBS and a sample workstation.  That's the quickest and easiest way to resolve this.

Jeff
TechSoEasy

P. S.  You did just great with regards to posting.  :-)
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20357707
Also, please advise what you are using for your Router and Switch, if you are using one. (make/model).

Jeff
TechSoEasy
0
 

Author Comment

by:aligntech
ID: 20361977
Thanks so much for the prompt responses to this.

KCTS, I did actually mention details relating to your questions in my first post but they may have got lost in the tome of information ;-) . Just to summarise those points (and I have double checked after your questions too).

Config:
The server is running DNS/DHCP - single network card - with the router as def gateway and all clients set to obtain IP settings automatically. An IP config on the client machine looks normal, with the DNS server and DHCP server as the SBS server and default gateway as the router.

However as you have requested and Jeff - and I apologise as I really should have posted this in my first post, here are the actual ipconfig /all results:

SERVER
Windows IP Configuration

   Host Name . . . . . . . . . . . . : das-dc
   Primary Dns Suffix  . . . . . . . : das.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : das.local

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.52.115
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
   Physical Address. . . . . . . . . : 00-13-D4-83-D6-47
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.52.41
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.52.1
   DNS Servers . . . . . . . . . . . : 192.168.52.41
   Primary WINS Server . . . . . . . : 192.168.52.41

CLIENT
Windows IP Configuration

        Host Name . . . . . . . . . . . . : DASPC07
        Primary Dns Suffix  . . . . . . . : das.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : das.local
                                            das.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : das.local
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
        Physical Address. . . . . . . . . : 00-13-D4-22-7E-95
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.52.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.52.1
        DHCP Server . . . . . . . . . . . : 192.168.52.41
        DNS Servers . . . . . . . . . . . : 192.168.52.41
        Primary WINS Server . . . . . . . : 192.168.52.41
        Lease Obtained. . . . . . . . . . : Wednesday, 28 November 2007 7:25:50
AM
        Lease Expires . . . . . . . . . . : Thursday, 6 December 2007 7:25:50 AM

Also in the 'what I have tried:'
I did find this article here on EE... http://www.experts-exchange.com/Networking/Windows_Networking/NT/Q_22089445.html but it seemed a bit different to my issue. I have checked the 'forwarders' tab in DNS as per the article and it does have the DNS servers of their ISP.

I have double checked anyway though and the forwarders are set (though I don't have any 'enable forwarders' check box as mentioned on petri.co.il). The addresses in there are 203.21.20.20 and 203.10.1.9 in that order which are Westnet's DNS servers.

Thanks again for the swift replies.

Kind regards,
Daniel
0
 

Author Comment

by:aligntech
ID: 20379861
My apologies, I've just realised that I haven't yet posted the model details of router switch. So here it is... also, I have just found something else to report - I'm on site here atm. I connect my laptop to the network here when I'm here and sometimes I experience this same problem that they do.

Well it just happened to me and when it did, I checked pinging my machine from the server. When I pinged my host name it resolved to ip of 112 yet my ip from ipconfig on my machine is 109. I then did an ipconfig /flushdns on the server and it didn't nothing - still resolved to 112. I did an ipconfig/registerdns on my machine and this also did nothing - still server was resolving to 112. I have then done a /release /renew and now the server is correctly resolving hostname to 109. Should it take all this jigging to get the server to figure this out or does this indicate there is something wrong and is it related?

Errr as I was saying before ...
Router: Netgear DG834
Switch: D-Link 1016R
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20379940
"I don't have any 'enable forwarders' check box as mentioned on petri.co.il)"

The reason for that is that the article is demonstrating DNS Properties from a Windows 2000 Server.  That box is no longer there.

Can you confirm if the switch is actually a DES-1016R or DES-1016R+ ?

Because if it's not the "+" model, then I'd suspect that switch is fairly old (more than 4 years old), and may be wearing out.  So it may be a good idea to replace the switch and see if that resolves the problems.

Jeff
TechSoEasy

0
 

Author Comment

by:aligntech
ID: 20379995
You mean to say switches wear out? ;-) I should have thought to give that a test a lot sooner. Oh well, lesson learned.

Ok, just checked and definitely no + there, including on model sticker on bottom. Might be time to go shopping to test the theory. I will be having quite a few drinks if it is as simple as that.. I'll let you know how it goes.

cheers,
Daniel
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20380036
I've seen switches burn out after only a year or two.  Since they are handling all the traffic in the LAN they get a lot more use than many people think, and after running 24/7 at a fairly high heat level (put your hand on it just to see what I mean), they will tend to cause the silicon boards inside to deteriorate.

Jeff
TechSoEasy
0
 

Author Comment

by:aligntech
ID: 20380102
Hi again Jeff,

one thing I just wanted to ask that occurred to me before I go doing all this work putting a new switch in. Are you telling me that it could still be the switch even though at the time when the browsing issue occurs, pinging and comms appear to be fine to the server i.e. Outlook still works fine on machines that can't browse.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20380206
absolutely.

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:aligntech
ID: 20381780
Have put in temporary switches - 2 8 ports (local shops don't tend to carry 16 ports - in a big country town - and I haven't managed to order a spare 16 to have in the gear bag). Same issue. Since last posting, I have also installed and run Microsoft Best Prac Analyzer (not going to truncate that to four chars). Results as follows:

Task Offloading is enabled :  fixed
 
  TCP Chimney is enabled :  fixed

  Free disk space very low :  monitoring so is ok
 
  EDNS is enabled :  fixed
 
 Microsoft Exchange Server 2003 SP 1 is running :

  Microsoft Outlook 2003 missing :  
 
  POP3 Connector snap-in has not been updated :  

  Windows SBS 2003 Service Pack 1 is running :  Interesting. System properties reports it as SP2
 
Router is at the latest firmware also.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20383033
"Windows SBS 2003 Service Pack 1 is running :  Interesting. System properties reports it as SP2"

I know it's confusing, but the SP2 you see reported is for Windows Server 2003, not SBS 2003.  

Since this issue seems to be intermittent and wasn't a problem before changing ISP's, I'm wondering if it's related to MTU settings.  So I did a quick Google Search on:  Westnet MTU Settings  and I found a few good articles, specifically this one:
http://forums.whirlpool.net.au/forum-replies.cfm?t=432199

So, you might try dropping the MTU to 1452 and see if that solves the problem.  On the router that's fairly simple.  To change it on the server you should use DrTCP found here:  http://www.dslreports.com/drtcp

Jeff
TechSoEasy
0
 

Author Comment

by:aligntech
ID: 20394562
Hi again Jeff. Sorry, it's been a big few days so haven't been able to proceed any further. Thanks for your further suggestion. I will be looking into them as soon as I can and reporting back.

Just on the intermittent thing it does seem to be a little more consistent than I first thought. It seemst that generally speaking, when a machine logs on it may experience the issue fairly reliably. Also, when one client logs on and experiences the symptoms, it can take another client down too. It's happened twice to me on my laptop. I was browsing happily, I turned another client machine on, it couldn't browse and suddenly neither could I.

Daniel
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20399558
That still can be MTU... so please adjust that before we look further.

Jeff
TechSoEasy
0
 

Author Comment

by:aligntech
ID: 20400044
Have adjusted MTU to 1452. Will monitor for results.

cheers,
Daniel
0
 

Author Comment

by:aligntech
ID: 20426892
Hi Jeff,

adjusting to 1452 didn't seem to do anything. I really am starting to wonder if there is some sort of infection that's happened. Scans haven't revealed much but I haven't been doing scans off boot disks etc and I recently purchase AVG's rescue CD and am going to give each machine the runover.

Other than this I can only assume it is somehow DNS/DHCP related. Today when I was on site and my laptop suffered the issue a release, renew of ip addr seemed to fix the issue. However that isn't always the case. I had another machine experience the problem and a release/renew did nothing.

Any other suggestions are welcome of course.

cheers,
Daniel
0
 

Accepted Solution

by:
aligntech earned 0 total points
ID: 20436699
Hi there  Jeff... well there's good news and bad news, and great news. The good news is I've fixed the problem, the bad news is, it was my fault after all, the great news is that I will never ever make such a silly mistake ever again and I have a great opportunity to really look after my client in how I deal with it.

The reason no one  jumped out with a quick answer on what might have been causing this is that it's likely no one has been stupid enough to manage to do what I did. Guess who managed to leave both routers accidentally plugged in to the network with the same ip causing the clients to be very confused over which 'gateway' to go through.

Luckily it won't kill my business and I will be sure to repay all the hours I spent looking at this as free hours back to my client... it's the only thing to do. Thanks to those who offered advice, please don't snicker in the corner too much over my ridiculous mistake ;-)

... and lastly, now you know that if anyone poses a question about intermittent dropouts in internet browsing ever again, get 'em to make sure they don't have two routers connected with the same ip!!!

cheers,
Daniel
0
 

Author Comment

by:aligntech
ID: 20436716
And can someone advise me how I should close this off now given that I essentially found the solution myself? Can I assign points to you Jeff for at least trying to do all you could to help me? I'd like to.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20436868
Glad you got it worked out.  Assigning points to me really wouldn't be appropriate... you found the answer yourself.  To close this, you need to just post a quick request to the Community Support Zone.

http://www.experts-exchange.com/help.jsp#hi70

Jeff
TechSoEasy
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20605502
Closed, 500 points refunded.
Computer101
EE Admin
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now