Solved

IE/Firefox web browser freezes/times out frequently with or without using Proxy (ISA 2006)

Posted on 2008-10-03
30
740 Views
Last Modified: 2013-12-14
I have a strange problem with several users complaing about our internet hanging up/freezing/timing out occasionally. I used IE and firefox to check it out myself. I recently installed ISA 2006 as a web cache / proxying server so i dont know if that is causing any problem. When i am browisng any website it works perfect but after a while it just doesnt seem to respond. Only way to work it again is either stop it and then refresh it or close the brower and open it again.Strangely it will work fine again.
I have tried several things to eliminate the cause.
1.Used proxy (ISA) : Result:- Same
2.Direct connection: Result:- Same
3.Add several more forwarders to out DNS server: Result:- Seem to work fine for a day and again same result.

Now i cant figure out if its our ISP or is it the proxy server or is that packets are getting dropped over the network or is it our router .The router we use is Netgear FVX 538.
Any suggestions please????
0
Comment
Question by:WannabeNerd
  • 14
  • 14
30 Comments
 
LVL 11

Expert Comment

by:EricTViking
ID: 22632272
In ISA Server go to ISA Server -> Alerts and look to see if you have any warning or errors. Could be that ISA IP Protection is kicking in and blocking connections (especially if you are browsign many pages at once).

The go to ISA Server -> Monitoring -> Logging and start a log query.  Replicate the problem on a client and watch the log to see if anything is getting blocked.

If you suspect DNS forwarders, you can disable forwarders all together and just use root hints. This will cause DNS lookups to be made directly with the internet root DNS servers and could rule out problems with forwarders.
0
 

Author Comment

by:WannabeNerd
ID: 22632308
thanks!!

No Alerts on the ISA server.I checked it before as well.
But Eric i am having the same problem if i take out ISA out of the picture.Even if i use the direct connection to the internet without using the proxy same thing happens. Doest it mean that possibly its not ISA.

About Root Hints.. If i get rid of the forwarders how will a add FQDN and ip..?

0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22632325
Is your ISA server a single NIC server?

With root hints, if you are using a Windows Server for DNS, you just set it not to use forwarders and it will resolve external DNS requests directly with the internet root DNS servers. This bypasses your ISPs DNS servers entirely.
0
 

Author Comment

by:WannabeNerd
ID: 22632471
Yes it is set up with a single NIC.

Yes i understand that. But how will i add the FQDN's in the root hints lists????...In order to get rid of the forwarders i have deleted all the forwarders from the list.

But when i use "copy from server" under root hints tab and give my ISP's DNS sever ip so it can get the list of name servers ,shouldnt the ip addresses get updated?????
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22632618
That's right. You delete all your forwarders from the list under the 'Forwarders' tab in DNS.

And your FQDNs in the root hints list should be left as they are. You don't need to add anything here unless you have deleted anything from the root hints list.

The root hints list is a list of all the main (root) DNS servers for the internet, you shouldn't add anything here unless it is a root server (definitely don't add an ISPs DNS server).

When you remove all your forwarders, Windows DNS will automatically carry out your DNS query against the root servers. There's nothing more you need to do to make this work ;-)
0
 

Author Comment

by:WannabeNerd
ID: 22632690
Thanks i understand what you said. If thats the case then i have done what you have said.. result of dcdiag for dns .. it failed but i assume because it cant find a name for our static ip..is there something which i need to do with it.
            DC: 4svr.BM.com
            Domain: BM.com


               TEST: Basic (Basc)
                  Warning: adapter [00000001] HP NC373i Multifunction

Gigabit Se
rver Adapter has invalid DNS server: 212.159.x.x (<name unavailable>)

               TEST: Records registration (RReg)
                  Network Adapter [00000001] HP NC373i Multifunction

Gigabit Ser
ver Adapter:
                     Error: Missing A record at DNS server 212.159.x.x

:
                     4svr.BM.com

                     Error: Missing CNAME record at DNS server

212.159.x.x :
                     87cb9cec-05d5-404c-90c2-cf0b7d03630f._msdcs.BM.com

                     Error: Missing DC SRV record at DNS server

212.159.x.x :
                     _ldap._tcp.dc._msdcs.BM.com

                     Error: Missing GC SRV record at DNS server

212.159.x.x :
                     _ldap._tcp.gc._msdcs.BM.com

                     Error: Missing PDC SRV record at DNS server

212.159.x.x :
                     _ldap._tcp.pdc._msdcs.BM.com

               Error: Record registrations cannot be found for all the

network a
dapters

         Summary of test results for DNS servers used by the above

domain contro
llers:

            DNS server: 212.159.x.x (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.BM.com.

failed on t
he DNS server 212.159.x.x

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  

RReg Ext
               

________________________________________________________________
            Domain: BM.com
               4svr                         PASS WARN PASS PASS PASS

FAIL n/a

         ......................... BM.com failed test DNS
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22633421
You definitely have problems with DNS ;-)

Make sure your domain controller is using your internal DNS server and not your ISP DNS server. i.e. on the TCPIP properties of your servers NIC, make sure the DNS address is set to your internal DNS server.

Same for all your clients, they should use your internal DNS server, your internal DNS server will then take care of resolving any external IPs via forwarders or root hints.

0
 

Author Comment

by:WannabeNerd
ID: 22633762
Yes i figured that out. Just after posting the above message i realised that i had kept the secondary dns as my ISP on my DNS server. Which i have removed now and after running the dcdiag again there were no errors reported. So now all my clients are directed to  a single dns server i.e my internal dns server. and on my dns server i have just one entry i.e its loopback address and no forwarders but just the root hints as per you..
So said i am still facing the same problems..In order to check if its something else..i connected a machine directly from my main switch which is directly connected to my router and the internet works perfectly..no hanging nothing but at the same time when i browse from other machines the problem still persists...its driving me nuts :-( :-(
0
 

Author Comment

by:WannabeNerd
ID: 22633787
The machine which i connected directly still uses the proxy and it had no issues at all..Which makes me beleive that the problem doesnt lie with my proxy server..Am i right in saying that?
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22634965
So are your clients connected to the same switch as your ISA proxy?  I'm not sure I understand your network topology, can you descibe your network setup a bit more?
0
 

Author Comment

by:WannabeNerd
ID: 22635123
Modem--->Router--->Main switch--->and several smart switches spread all over.Proxy is conencted to one of them and so are different clients.
I connected a laptop directly to the Main Switch and it worked ok for an hour and then again it had the same issue..I know its freakish and strange.. Its like when you are surfing a webpage it works fine and all of a sudden it gets lost and doesnt respond at all..anyway i have concluded its not my proxy server..in order to confirm it i will directly connect my laptop
1.to the modem and check how it responds
2.if its ok then i will connect it the router and see how it works
if it still doesnt work then i will bang my head  :-(
i dont know why but i have a gut feeling it will be my router...
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22636038
I would go with that approach, test your connection from one end to the other. From modem backwards.
0
 

Author Comment

by:WannabeNerd
ID: 22648962
I connected directly to modem and it was fine and then directly to the router and again it was fine. I checked the switches logs for dropped packets but found none. I really cant figure out where exactly the problem lies. When i browse any website it works perfectly but it just get stucks on some particular page and without refreshing it several times it wont work.
Isn't there any method or any means which can lead me to the possible cause. ??????? :-( :-(
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22654180
Have to say I'm running low on ideas for this one.

Do you have Anti-virus software running on your ISA server, if so which one?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:WannabeNerd
ID: 22657446
Not on the ISA but on the local Machines... kaspersky...
Not sure but can it be due to the reason that we have recently started using push emails which has  increased our upload quite significantly.?
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22663754
Sometimes AV software on the ISA box can interfere with HTTP routing. Often AV software inserts itself in the flow of HTTP traffic so it can scan it. Doesn't sound like you have any issues on your clients as they are Ok when directly connected.

I wouldn't have thought push email would affect ISA in this way, it's just HTTPS outgoing traffic and would have to be at extremely high volumes to cause slow downs.

Silly question maybe, have you got the latest SPs and updates on your ISA box?

Other than that i would look at things like whether you have http filtering enabled on your ISA box, also have alook at http compression on your internal network. This problem sounds to me like it will end up being a rogue checkbox somehwere.
0
 

Author Comment

by:WannabeNerd
ID: 22667415
No it wasnt silly at all, in fact i was being stupid not to check it in the first place :-).
1. ISA was running with sp1, so i have installed sp2 and all the latest updates.
2. Http filtering was enabled by default.
3. Http cpmpression was enabled but no networks specified.So i have specified "internal" for the Return Compressed Data and "external" for the Request compressed data.
I will monitor it today and update you later.
I dont understand one thing though.Would be grateful if you can explain it briefly.
In my network environment,i have 2 ways of going out and accessing the web,one through the proxy server (ISA) and other directly (bypassing the proxy).There are 2 firewalls. Router acting as primary and ISA as secondary.Now for argument sake lets take my pc only and that i want to access the web. I can choose one of them from Tools-->Internet Options-->connection-->Lan Settings.
Am i right in saying the following:-
1.If i click and choose the Automatically detect settings option and uncheck the proxy server option under that.My computer will not talk to the ISA server and it will directly go out through the Router meaing ISA doesnt play any part in me accesing the web
2.If i check the proxy server option any requests made by my pc will first go through the ISA then through the router.
Now my question is does ISA still play any part even if i check "Automatically detect settings" and uncheck "Use Proxy Server".If your answer is No then shouldnt it rule out that the problem lies with the ISA because i am having the same issues.
So said i hope it works well now that i have made these changes :-)
Thanks!!

0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22667957
Ah, glad to hear it - let's hope it does the trick :-)

In answer to

Q1:   When you check 'Automatically detect settings', IE will try to get configuration settings from a WPAD server. If you don't have this configured in DHCP and you don't have a server named wpad.yourdomain.com then 'Automatically detect settings' will do nothing. You will only have a WPAD server if you have explicitly configured one.      Unchecking the proxy server option will prevent IE from using the proxy server.

Q2: If you check the proxy option, IE will forward it's traffic to your proxy server.

In other words if you check 'Automatically detect settings' and uncheck 'Use a proxy' then IE should route all internet traffic through your default gateway.  Which should bypass ISA.  (Unless WPAD info is being picked up by the Automatic detection process.).
0
 

Author Comment

by:WannabeNerd
ID: 22668199
Thanks for clearing it up. So WPAD and WSPAD information will  become avaialble to the clients from ISA server only if i have enabled the Auto Discovery in the ISA. Since i have not enabled it and i have not configured any of my DHCP or DNS servers as a WPAD server it means that when i check the 'Automatically detect settings' and uncheck 'Use a proxy'  i am not using the ISA but going out through my default gateway i.e my router. Right? But then how will be i 100% sure that WPAD info is not picked up my pc by the Automatic detection process?
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22668267
As long as you don't have WPAD scope options in DHCP and no wpad A record in dns you should be Ok.

To be extra sure, you can disable (uncheck) auto discovery on your internal network properties in ISA server.
0
 

Author Comment

by:WannabeNerd
ID: 22668389
Thanks! Eric that rules out the problem with the ISA sever. Ok right now, i am not using ISA at all ( No wpad server,auto discovery off, uncheck "use proxy server",uncheck "automatically detect setting") and i am experiencing exactly whats been happening before..So doesnt it mean that the problem is not with the ISA server ?????
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22668426
Yes. Presumably your default gateway points to the router in which case there should be nothing pointing your client to ISA server.

If you're getting the same problem with the client not pointed at ISA, can you temporarily disable the NIC on ISA and see if the problem persists?
0
 

Author Comment

by:WannabeNerd
ID: 22668517
Yes you are right. Cant do it now , all the users are using the proxy and if their internet stops working they will attack me like anything :-). Once i do it and see how it behaves i will update you. Cheers!
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22668567
It certainly rules out ISA server ;-)  Time to move along the troubleshooting chain.

Maybe a firmware upgrade in your router or modem?

BTW if you suspect the problem is with your modem or router have a look at the MTU settings first. If these are too high you can end up with packets getting dropped to certain sites. Typical setting is 1432 but this does vary.
0
 

Author Comment

by:WannabeNerd
ID: 22677192
Eric. I have taken ISA server out of the network,i.e shut it down all together. Currently i am passing all my internet traffic through another proxy server (smoothwall) and it seems to be working fine until now but going by past experinces i dont want to conclude that it's definitely the ISA sever that was in some way interfering with the network yet. So i will still monitor it and see how it acts.
All this makes me wonder to ask you one more question.Can the ISA server interfere with client's internet traffic if its connected to the network but the clients dont use it as a proxy server?
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22677303
It *shouldn't* do, if it's setup just as a proxy with a single NIC all it should listen for is traffic directed to it on port 8080.

There could be fault with the ISA box causing it to jabber on the network maybe? Could be a problem with the NIC in the ISA server either physical fault or bad device drivers?

So I'd say that other than a hardware fault with the ISA server NIC, or some really bad drivers on the ISA NIC, the ISA server shouldn't affect the network in the way you are experiencing.

I think you're on teh right lines of leave the ISA off for a while to see if the fault goes away. If it does go away then re-introduce the ISA server but try stopping all ISA services and see if that makes a difference. Then bring up the ISA services one at a time until the fault repeats.
0
 

Author Comment

by:WannabeNerd
ID: 22677416
Yes i cant agree more.Apart from the driver fault or NIC fault, isnt there any possiblity that i might have somewhere,somehow choose the wrong setting while installing the ISA server. What i mean to say is there anywhere in ISA any option or any setting which i may have enabled or disabled which in turn interfere's with the network?
0
 
LVL 11

Accepted Solution

by:
EricTViking earned 500 total points
ID: 22681010
Not that I can think of. But you could run the ISA server BPA (Best Practices Analyser) to see if that throws up any anomolies. http://www.microsoft.com/downloads/details.aspx?FamilyID=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en

There could be something set in group policy that's forcing traffic to the ISA server, but you would know if you had configured that - it doesn't turn on by itself ;-)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now