[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1245
  • Last Modified:

XP Pro client machines cannot access internet

Hi,
I have a network of about 50 xp pro client domain computers, and 1 win 2003 sbs server acting as Active Directory, DHCP, DNS, and WSUS server.

Here is the issue. Out of the 50 client machines, I have 10 or so that randomly stop accessing the internet. At first it started with not being able to access secure sites, now its no internet at all.
The client machine was able to do nslookup to various websites, but not ping. I have also tried intalling FireFox and same issue.

THE ONLY WAY that i have been able to solve this is to:
1. take note of current ip address and delete it out of the DHCP pool on sbs server and exclude that ip from being able to be handed out.
2. On the client machine i do a release and renew IP address and EVERYTHING IS BACK TO NORMAL for about a week or so.

After a while, the client starts having the same issue all over again.
Internet explorer has the proper encrytion level (128 bit) and i have tried reseting the IE to defaults, with no luck.
Also, I have tried reregistering the system dll's by running regsvr command.

The sbs server is up to date on all of its updates, and so are the client machines.
I also attached pics of dhcp and dns settings.
I have been trying to solve this issue for a few weeks now. Please Help!
Thanks.
dhcp1.JPG
dhcp2.JPG
dns.JPG
0
Vitalizm
Asked:
Vitalizm
  • 15
  • 7
  • 6
  • +2
1 Solution
 
nappy_dCommented:
Can you resolve sites from the command line?  as an example, if you did nslookup www.hotmail.com, do you get a response showing an IP address?

Can you connect to a website via its IP rather than its FQDN?
0
 
VitalizmAuthor Commented:
No, the machine cannot access a website via the IP either. It times out.
0
 
nappy_dCommented:
Is this ANY website?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
VitalizmAuthor Commented:
Correct. Cannot browse to ANY website via IP or FQDN. It just times out.
0
 
kkohlCommented:
Hi there,

Though I don't see the answer just yet, here are some things I notice and some things you should check.

I see your IP Address range is from 1 to 254.  You say you only have about 50 computers, so it's interesting they all seem to have 100+ IP addresses.
Even assuming a few printers and other devices, it seems odd your machines are already pushing close to the mid 100s for leased IPs.  It's almost as if there are some machines that erroneously lease IP addresses and consume the range.

Is it always the same 10 clients?  Check MAC addresses and perhaps give them each a reservation in DHCP to resolve any conflicts with other systems or IP address leases.

Check your lease duration in DHCP options and ensure it's at a value that makes sense i.e. 8hr workday, 24hr day, etc...

Check that a client that loses internet also loses local network access?
Also, when it loses internet access what are the results of IPCONFIG /ALL?
Is the gateway listed properly?  DNS?  IP?

And, of course, are there any errors or warnings in the event log of the internet-less client?

 
0
 
VitalizmAuthor Commented:
kkohl,

The reason that the clients already are in the 100's range is because i have excluded the first 100 ips from being distributed.
Yes, it 'seems' to be the same 10 machines that are having this issue, but then again yesterday, a new machine had this issue.

When the machine loses internet access, it still has local connection to server, network printers, shares, remote desktop to server, etc. Just no communication to the outside world. (btw, this includes Outlook 2003 connection via POP and smtp).

The dhcp lease time is set to default (8 days). I dont think this should cause an issue though.
And yes, the ip configuration is setup correctly. It works one day, then stops, until i HAVE to give it a NEW ip from DHCP then everything is fine. the only thing different between the old leased info and the new is the acutal IP address.
image001.jpg
0
 
nappy_dCommented:
Please try this from the command line of one of the affected computers

  1. type nslookup and press enter
  2. type server and press enter
  3. type 4.2.2.1
  4. type www.hotmail.com
Does it return you results?

I want to see if you can resolve Internet names.
0
 
kkohlCommented:
With local access still available when you lose internet, it seems to be an issue between the client and the gateway.

The results to nappy_d's request above will tell alot in that vein.

On another topic, do all the affected clients share the same switch/hub?
If so, can you flush the arp cache on the switch?  If you can't flush the arp cache on the switch, can you try a different switch for the clients?
I'm asking about the switch because I have seen a switch go bad and fail to update its own routing tables when ip's change... causes all sorts of weird issues.

If they do not share the same switch hardware, does flushing the dns cache on the affected client help?
0
 
VitalizmAuthor Commented:
Before I had more time to troubleshoot, I had to get the user up and running asap.
I did not have time to run the 4 step nslookup command.
Right now the machines are running fine (because I updated their IP's to different ones)

Until the issue arises, I guess I cant do anything else at this time. (Im sure tommarow ill get some issue)
This is the hardware that im running starting from the ISP gateway.

1. Netgear FVG318 Router
2. Barracuda Web Filter (this is not causing the issue, I have tried removing from network and did not help)
3. TrendNet 16 port gigabit switch
4. (3) TrendNet TE100-S24 24-Port 10/100Mbps Fast Ethernet Switches

Now that you mentioned it, Im wondering if the cheapo trendnet switches are causing the issues w/ ip address.
I know it shouldn't be the server because I re-installed it from scratch last week.
0
 
VitalizmAuthor Commented:
BTW, none of the computer issues seem to be tracing back to the same switch.
0
 
kkohlCommented:
Going back to restate the symptoms...
Approximately 50 XP client machines get assigned IP addresses via the DHCP server.
All is fine for a set period of time and then at the end of this time period there are about 10 clients that lose internect connectivity, yet still maintain local intranet access.

No errors in the event logs on the clients.
No errors in the event logs on the server.

Forcefully leasing a new address to the client from the DHCP server clears the issue.

I'd try different switches and I'd also try setting a DHCP Reservation for the offending clients.

We'll see what happens when they do it again.

regards
0
 
VitalizmAuthor Commented:
kkohl,

You are correct.

I have included more screenshots for an offending machine that just came up.
The arp screen is after I ran the: netsh interface ip delete arpcache.

In the broswer i tried http://server (name of the server) and the default site came up just fine.
I also tried the ipconfig /flushdns w/ no help.

arp.JPG
internal-site.JPG
netsh.JPG
regular-site.JPG
0
 
kkohlCommented:
hmm, "Action canceled"
This is a different error than I was assuming/expecting.  I am vaguely remembering some things to clear up an Action Canceled error...
I think it involved deleting ALL your temp/history/cookies/offline files from IE.
Are you using a proxy?
Are you using the firewall client that comes with ISA Server?
(depending on your SBS version, you may have the ISA with the firewall client)

I definitely think I have something in regards to this error, it may be bit before I can find it though.

0
 
VitalizmAuthor Commented:
Sorry about the "action canceled". I pressed stop on the browser before the actual error page came up. The actual error page that comes up is the standard "The page cannot be displayed".

I just wanted you to see "opening page http:.... " at the bottom.
0
 
VitalizmAuthor Commented:
I have deleted ALL cookies, temp files, etc, . I have reset IE to defaults and same issue. I have even tried FireFox.

No, we are not running anything via proxy. And windows firewalls have been disabled. The only firewall that there is is the Netgear Router hardware firewall. And there are no restrictions setup.
0
 
kkohlCommented:
Can we confirm a timeline or tie the failure to an action...

Did the client lose internet access after a DHCP renewal?
Was it after logging in... perhaps after a group policy being applied?
0
 
VitalizmAuthor Commented:
I dont think I can tie it to an action.... but I do know that the issue happened a few days into the lease of the IP, and the IP had a few days until it was set to expire. So we can rule that out.

And as far as group policy changes, there has not been any. The user can log in and out just fine.

Can it be a switch issue, and how do I check if its is other than swapping the switch?  
0
 
kkohlCommented:
Vita, I'm about to go for the day so this will be my last post until tomorrow.

for checking the switch, I'd check the manual for it.  I'm not familiar with that model but for managed 3Coms you can telnet to them and flush the arp cache.  that should clear up any routing errors.

Here are some other things to try....
in a command shell register actxprxy.dll and shdocvw.dll
>regsvr32 actxprxy.dll shdocvw.dll
reboot

If it still persists, then reregister the following:
regsvr32 mshtml.dll
regsvr32 urlmon.dll
regsvr32 msjava.dll
regsvr32 shdocvw.dll
regsvr32 browseui.dll
regsvr32 actxprxy.dll
regsvr32 oleaut32.dll
regsvr32 shell32.dll

reboot

also look at the good ol' MS support page for troubleshooting this.  I think the Winsock part may be related to your problem, but check the whole thing out to be sure.
http://support.microsoft.com/kb/326155
(the advanced area)

regards





0
 
VitalizmAuthor Commented:
Unfortunatley, the switches that I have are not managed. They are just hardware switches. And they aren't old either (bought them about 3 months ago).

As for re-registering the dll's i'll give that a shot again.
Thanks for your help today.
0
 
JBlondCommented:
When the issue occurs next, please check the routing table ("route print" on the command line).

Especially the first route (0.0.0.0) is interesting. There should be only one route for this target! Does the route, after the issue has occured, still point to the correct gateway and the current IP address of the client?
0
 
VitalizmAuthor Commented:
Ok, here are the results for the route print. The first pic is at the time of the problem, and the second is after machine is assigned a NEW ip and all is working.

By the way, this particular machine had the same issue about 3 days ago.
route-print.JPG
route-print-2.JPG
0
 
venom96737Commented:
OK so from what your saying setup an IP address randomly doesnt work after an odd ammount of time on certain computers.  Well the odd thing is it can't be DHCP from the server or the work station because it does infact still work when the problem comes up just doesnt work externally only internally. I would say your problem lies in your DNS server check for DNS events when this happens.  Also from one of the affected computers try to browse and check the dns logs see if you can see the request and what happened with it.  
0
 
VitalizmAuthor Commented:
That's the problem, there are no errors or anything of that sort in the logs. It's very odd that the error occurs a few days into the lease of the ip. If there were config issues in the DNS service, wouldn't the machine be affected right away?
0
 
venom96737Commented:
Well usually yes I would think so but the ip is still able to route locally if it was DHCP the computer wouldnt be able to get an IP at all.  Is there any special software on these 10 computers not on the others?  Have you tried a tracert from one of the offending computers see how far it gets?
0
 
VitalizmAuthor Commented:
No special software, just Office 2003. And about the tracert, during the time of the issue, the machine cant tracert anything it just times out. And as far as dns settings on the server. What should I be looking for?? (see attached picture of dns server settings)
dns.JPG
0
 
venom96737Commented:
Ok try using pathping to see where it stops then pathping yahoo.com should yeild some results what this does is displays all the routers it goes through before making it to the destination.  Have you tried pinging both name and IP to see if you can hit it with either one yahoo.com is 68.180.206.184 see if that makes a difference.  I'm just trying to get a feel of where to go next in the dns or maybe see if the router is the issue.  What side of the network is the router placed on the internal or the external?
0
 
venom96737Commented:
Just another thought when the problem occurs try pinging the server and then try pinging the router see if you can get a response from either one I would bet you can get a response from the server but not from the router but thats just a hunch.
0
 
VitalizmAuthor Commented:
You are correct on your hunch. At the time of issue, I CAN ping the server (192.168.1.4) but CANNOT ping the gateway (192.168.1.1) and was not succesfull in doing the pathping.
AFTER i assigned it a new ip, everything was working as it should (see pics).

the gateway router is a Netgear FVG318

WHAT THE HECK IS GOING ON???  :)
pathping.JPG
pathping-works.JPG
0
 
venom96737Commented:
Its the router causing the issue replace it and it should clear up it just stops responding and routing to that address it looks like crazy stuff happens inside the routers.
0
 
venom96737Commented:
OR you could also try resetting the router to default and resetting it up with the config see if that clears it up if you dont want to jump right into replacing it just another avenue you might want to explore.
0
 
VitalizmAuthor Commented:
I HAVE FIGURED IT OUT!
The problem lies within the Netgear fvg318 router. I can have multiple computers w/ the no internet issue and once I reboot the router, the client machines resume full internet access!

Now im off to Netgear to find the solution...

Thanks Venom and all others for your help on this.
0
 
venom96737Commented:
Yeah thats what I thought it was at first thats why I kept asking what side of the network it was on but I wanted some evidence to back my hunch up :)  Glad I could point you in the right direction hope you get it cleared up soon.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 15
  • 7
  • 6
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now