WAN Connection Intermittently Drops Off

Posted on 2009-02-13
Last Modified: 2013-11-09

I have an issue I've been trying to resolve for some time.
We have an HP Proliant ML350 server configured with Windows Server 2003 Standard, Service Pack 2, and is configured as a member of the workgroup each workstation belongs to.
In this server there are 2 network connections, a LAN and a WAN.

The LAN connects from the On-Board NIC to a switch, which connects to the router provided by our ISP. This connection is set up with a static IP behind the router, with an address of 192.168.0.XX and Subnet

The WAN connects from an installed NIC card (Broadcom's NC373i) in a similar way, excepting that it is set up with 3 IP Addresses directly assigned by our ISP (therefore not behind the router, but something similar to what you would get if you browse to ).

The issue we are having is that occasionally, the WAN connection will "drop off", or loose all connectivity with the Web. This thus causes clients to be unable to login to our system, and the browser to be unable to load anything. Of course this is even more annoying if it happens over the weekend and I have to run in to the office to restore the connection.

In order for me to quickly fix the drop off, I have to run a Repair on the WAN connection and then verify that something pulls up in the browser. The frustrating part is that sometimes it will go days without the problem, and then sometimes it is dropping off 4 or 5 times in one day.

I've already tried updating the drivers too, but to no avail.
Any advice would be greatly appreciated. We'd like to tackle this problem right away and not have to worry about it any longer.

Question by:CICSuperTech
    LVL 15

    Expert Comment

    Here's what I'd do:

    1. Change all cables (on patch panel, behind server, etc.)

    2. Check the power settings on the NIC along with the duplex settings (make sure the duplex speed is the same on the server NIC & the switch port).

    3. Just for giggle, I'd go over the event log on the server

    4. If you have a DHCP server make sure the IP address of the server is not within the scope of the DHCP database.

    5. I'd also put wireshark on a machine & plug it into the same switch the server is plugged into & run it to see if you can see anything funcky going on.

    6. Does the server NIC have TOE enabled? If so, disable it & reboot.,295582,sid98_gci1310734,00.html#

    7. Change switch ports on the switch.

    7. If all this fails, I'd put a new NIC in the server.

    I hope this helps!
    LVL 38

    Expert Comment

    This particular question sounds familiar to me. Have I been working with you on this issue?

    Author Comment

    @ChiefIT --
    Sorry but the question you linked me to is from another user. However, our situation is somewhat similar. Main differences are the server is a workgroup member, not a domain controller. Each computer in the facility connects using static IP's and through a router. The only issue is with this particular server, in which it has 2 adapters - onboard configured like the other office computers, with a private IP (; the 2nd being the NC373i gigabit ethernet adapter card configured with direct IP addresses assigned by our ISP. It is through those IP Addresses that our clients are able to interact with our server. On occasion that connection will timeout and we would have to manually run a repair on it (right-click the connection in the system tray, choose Repair). After that, it chugs along again just fine.

    @Wantabe2 --
    1. That was the first thing we tried, changing the cables. In place right now is a cable I personally made and tested successfully. As a note, if it WAS a cable problem, then there wouldn't BE a connection (rather than what we have now of having a successful connection with an occasional intermittent timeout).

    2. Mind directing me to where I mind find these settings? I'll do a search in the meantime to pull any information.

    3. Event Log doesn't give any indication as to why the timeout.

    4. No DHCP server. All computers are configured statically, and again - the connection on the server having issues is configured statically with direct IP Addresses assigned by our ISP.

    5. Wireshark wouldn't run on the computer I loaded it on to (XP Machines). However I know the switch/router isn't at fault since the rest of the office computers stay connected just fine (though they are configured with the static private IPs

    6. This relates to the same thing I reported on your first suggestion about the cable. If there was an issue with the switch port, the connection would always have a problem, not off and on.

    7. The server is very "picky" about the devices that can be plugged in to it. To replace the adapter, I would have to find one that is specifically made to work with this machine. The NIC in there now was a hefty chunk of change, brand new I believe. So technically it shouldn't be having a problem. This option will be reserved as a LAST resort.

    As an added note, I did walk through the MTU suggestion ChiefIT gave the other individual in the question he linked to. The highest buffer size I could send was 1472, so I entered 1500 (1472 + 28) as the optimal MTU setting. We'll see if that makes a difference. I followed the steps detailed here to set this:;en-us;283165

    I greatly appreciate the assistance.
    LVL 38

    Expert Comment

    Multihoming a computer can confuse the computer and cause intermittent hangups. Multihoming is defined as having multiple IPs, (meaning in your case multiple nics). Have you considered going to a domain level, one NIC with your server providing AD, DNS and maybe DHCP if you choose. It seams a waste to use a 2003 server as a member server of a non-domain environment. A lot of centralized functions come with administering a domain.

    The dual nics that come standard with many servers are used for a couple different reasons.
    1) Network load balancing for larger networks (of 250 nodes or more)
    2) routing over the server if you don't have or choose not to have a hardware router.
    3) A VPN connection to the outside world.

    Other than those three reasons, multihoming a computer will produce intermittnet communications with nodes within the network or to the outside world.

    Since this is a workgroup environment, I need to ask what you are actually contacting the server for. I would certainly knock out one nic and have a DNS server on internally. Otherwise, your internal clients may be seeking DNS resolution to your server and be going to an outside server for DNS resolution. Outside servers will not know how to provide resolution to your server and you will see intermittent comms with your server. You will probably be able to ping your server, but not contact it via the servername.  An alternative to DNS is to configure your host record on the server for all computers within the network. But, the DNS service was specifically designed for such a setup.


    Author Comment

    Okay, I'm going to try to be as specific as I can, however due to the nature of our business (background screening), certain things will have to remain generalized for security and legal reasons.

    We run a custom made in-house system for our business (by system I mean a collective of applications).
    This particular server's sole purpose is to be the handshake or middle man between our clients and us. What it does is run a specific module of our custom system that controls the login/authentication/service request aspects (service request being the processing of the background screening reports). It accomplishes this by a client logging in via a PHP script on our website that interacts with this module via the SSL protocol, using one of the assigned IP addresses set in the WAN connection.

    So there wouldn't be a purpose to make this machine in to a domain. The other computers in the office do not connect to the Internet through it, but through the switch & router in which it too is connected.

    This is basically how the computer is configured network-wise (again for security reasons, this is just an example and not the actual configuration):
    LAN --

    WAN --

    Where that PHP script is configured to send all requests to ssl:// on port 17775 which is always open.

    (Again to reiterate, these settings are only similar examples and not the exact configuration, which I cannot disclose for security reasons. If somehow this information matches someone else' configuration it is strictly coincidental and unintentional).
    LVL 38

    Expert Comment

    Understand security reasons:

    Funny thing: I just had this up to help someone else:

    You have two default gateways and you are also using outside DNS servers as each preferred DNS server. Internal DNS queries will be negated.

    I don't know what kind of connection you wish to contact the server with, whether it be a DNS connection. But, neither of these issues (default gateway or external DNS servers) could make your task any easier.

    Furthermore, since you are all in a workgroup and are using the computername to contact the other nodes within the workgroup, you are probably using Netbios to contact various nodes on the local LAN.

    >>Intermittent to NO  DNS can be caused by using outside servers for the preferred DNS server of the LAN.
    >>Intermittent Netbios communications is usually a problem with multihomed computers and a multihomed master browser. If you look in event logs you might see issues with the browser service. If so, network shares and other services that require the domain master browser will be intermittent.
    >>Two default gateways will confuse the clients and servers that access the LAN or need to use that servers as a "middle man."

    WOW, I don't even know where to begin with a package I am not familiar with. I can show you a configureation of how some folks ROUTE over the server and how some use a VPN connection for the server. Multihoming the server is pretty tricky. In your case it will be exceptionally tricky because you are not in a really traditional configuration.

    DHCP, netbios, DNS and default gateway

    You might consider an internal DNS server that all of your clients and servers point to internally and the DNS server then points to the outside network for outside DNS resolution. Right now all of your internal LAN computers are looking to the outside world for DNS resolution. An alternative option is to configure your entire LANs computer's Host record.

    This is a little article I wrote on how a DNS query works and why internal DNS will not work for your LAN well. You may have to click on the link twice to go to the article:

    Accepted Solution

    No correct answer was given; and, since the time of this ticket, we have removed the WAN connection and moved the server behind our firewall with a direct NAT set up. This discussion is now obsolete.

    Best Regards.
    LVL 4

    Expert Comment

    I am having this exact same issue...with the dmz connection on a dual nic configuration.   It has been really strange because at first it was only happening on one server, very intermitently (months in between occurences sometimes) and now it is happening much more frequently and NOW it's happening on a second server that has been humming along for years without a problem, with dozens of users connecting over the internet every day.    I appreciated the well documented problem description and proposed has me pointed in some direction.  (dual nics:  bad.  NAT + single nic: good)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now