Solved

SBS 2003 DNS Slow Client Internet Browsing

Posted on 2009-04-08
27
3,511 Views
Last Modified: 2012-08-14
Recently internet browsing from any clients connected to the internal lan of my SBS server has gotten painfully slow.  In the past couple days it has gotten to the point where websites will timeout while "waiting for ..." whatever site is requested.  I have isolated the problem to the SBS as when I connect a PC directly to my router the internet works fine (hence this post).  I've searched through sevearl PAQ's however it appears that I'm already set the way they are requesting or the suggestions didnt solve the problem.  I've included all the pertinent info I can think of.  Please let me know if there is any more relevant information I can provide.

- SBS 2003 Standard, 2 NIC setup, internal LAN 192.168.16.x, external 10.0.0.x
- SBS provides all DHCP and DNS.  All workstations and SBS NIC's point to 192.168.16.2 for DNS
- Forwarders are setup on DNS server pointing to ISP DNS servers
- Router has same DNS servers specified for when cliets connect to 10.0.0.x network which works correctly.

ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : psc01
   Primary Dns Suffix  . . . . . . . : mydomain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : mydomain.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7771 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-18-FE-83-B8-5A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter
   Physical Address. . . . . . . . . : 00-1C-C4-11-DB-DA
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.2
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.47
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
0
Comment
Question by:WatrSkii
  • 13
  • 8
  • 3
  • +3
27 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 24100405
can you clarify when 2 NICs are needed?
0
 

Author Comment

by:WatrSkii
ID: 24100437
Ive always got 2 NICs in use.  As far as why, when I setup the network I felt more comfortable from a security standpoint having an additional layer of protection with all traffic having to go through the SBS server.  Not sure if that answers the question.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24100440
There are a few things.

1. make sure you have all root dns servers listed in yoru DNS Server Properties.
2. As long as you have those you do not need to put forwarders.
3. Your external DNS setting is set to an internal Address. Set that to your ISP DNS.
4. all clients DNS should point to the 192.168.16.2

try those.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24100443
You are running ISA correct?
0
 

Author Comment

by:WatrSkii
ID: 24100556
mickeyfan:
1. there are 13 entries on the root hints tab (a.root-servers.net through m.root-servers.net). All with various IPs.  Is this what youre referring to?
2. I removed the forwarders previously with no improvement.  Just to make sure I did it again.  
3. Did not correct problem. And if I'm not mistaken this would only correct the matter for browsing from the server, right?  Once a client is connected w/ the DNS server it doesnt matter what the dns server settings on the server machine are set to, or so I understood.
4. Yes they do.

No I'm not running ISA.  Just SBS 2003 Std.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24100604
Yes that is correct.

Your SBS Server shoudl be doing all resolution for the server and the clients.

So browsing from the server and client have not changed?
0
 

Author Comment

by:WatrSkii
ID: 24100637
They have not.  Currently about 1 in 10 tries results in a successful load for any pages.  The rest just timeout.  Even yahoo.com takes about 30 seconds to load.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24100681
What happens when you point one of your clients to your isp's DNS Server?
0
 

Author Comment

by:WatrSkii
ID: 24100714
hmmm. Same problem. What else could be causing this if its not DNS?

0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24100732
bandwidth issues is one big prob.

try this: www.speakeasy.net/speedtest/
0
 

Author Comment

by:WatrSkii
ID: 24100779
Client works perfectly fine if plugged into the router (bypassing the SBS server).  Both when set to full DHCP and with the DNS servers set to ISP.

Plugged directly into the router I get 18Mb down/1.3Mb up
Going through the SBS server I cant get the page to load unfortunately.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24100813
Take out the DNS Setting on the External NIC and on the internal NIC put 127.0.0.1
0
 

Author Comment

by:WatrSkii
ID: 24100873
No change. The internet is still working through the SBS b/c it has since figured out the IP for experts exchange.   Its just getting to new sites which poses the problem.  I'm posting this with the settings you just listed, however still cant load any new pages (ie speakeasy).
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 2

Expert Comment

by:tech_tonic
ID: 24103071
Hi Guys, just thourght id put my two bob in here.

i have had a smillar problem in the past.

to fix this issue i had to do the following.
1. rerun CEICW - follow this : http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm
n.b. use forwarders not the ip address of your ISP

2. open DNS - check your forward and reverse lookup zones, check to see if there are any double up entries for your server.
scavenge stale records and clear your chache, then restart dns.
run a simple and recursive dns test. both should pass if no you have a dns problem.
most likley you ahve the wrong nic set to the primary ( check this in network connections -- advanced settings -- see that your internal nic is at the top of the adaptors and bindings list.

3. go into your DHCP config, make sure you have set the DNS to be your server and NOTHING ELSE.
also check to make sure you have setup the zone correctly, right ip addreses, maybe install wins for extra lookup ability and specifiy in both dns and dhcp.

hope this helps
0
 

Author Comment

by:WatrSkii
ID: 24106779
tech tonic thanks for the tips. Just a quick response:
1. That was the first thing I tried.
2. Both tests passed after running the ceicw.  I stumbled upon them when poking around in the dns settings.
3. I did verify this the DHCP server had the correct IPs.

Well it seems as though a server restart has aleviated the problem.  I am skeptical that it is solved as this stands as partial reasoning as to the intermitent nature of this problem.  I'm going to leave the question open for a couple of days to see if the problem resurfaces.   If you have any suggestions to check for problems that might be solved w/ a restart I am eager to hear.  At this point however its going to be difficult to test as things are working properly.  
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24107201
Restarting would clear the DNS Cache. I have seen SBS 2003 have issues with it's DNS Cache and every so often having to clear this Cache would help. Just a thought.
0
 

Author Comment

by:WatrSkii
ID: 24107341
Hmm. During my troubleshooting yesterday I performed multiple ipconfig /flush dns and ipconfig /register dns on both the server and clients.  I also restarted the DNS and DHCP server and client services on both server and clients.  I would think that would have had the same effect, but I've been wrong before. I will keep an eye out.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24107429
Those do not clear the DNS cache on the DNS server itself. that clear the local resolver cache not the DNS Server cache.

To clear the DNS Server cache there are 2 ways:

1. At a command prompt use c:\dns /clearcache
or
2. right click the DNS Server within the DNS Server snapin and select clear cache.
0
 

Author Comment

by:WatrSkii
ID: 24108060
Got it. That is good to know. I will try that first thing next time the problem arises.
0
 

Author Comment

by:WatrSkii
ID: 24118717
Alrighty, Problem has returned and here are the updated highlights.  Please anyone who has any suggestions I am all ears:

- Clearing DNS cache did not solve the problem
- DNS server has been intermittently failing the recursive query test.  Simple always passes. What should I be checking for this?
- When browsing from client, changing local dns settings to ISPs servers does not allow browsing when connected to server. However, connecting directly to the router (bypassing SBS server) aleviates problem completely.  This is sort of leading me to wonder if its something else non DNS related on the server.  Any thoughts?
- I turned on packet logging and noticed a bunch of weatherbug /weather.com entries in a row.  Any idea if this is abnormal if one user is running weatherbug?  Is it possible for a DNS server to get "flooded" and cause these problems?

Thats all I got right now.  Im only around for another hour or so, after that it will be monday before I respond.  Thanks in advance for any further help!
0
 
LVL 2

Expert Comment

by:tech_tonic
ID: 24136946
Hi WatrSkii,

have you checked in your event viewer to see if there are any other services failing or wierd error messages?

to me it sounds like you have a failing DNS forwarder/DNS root hint.

when this route is unreachable it is causing your error.

at this stage, i'd try a diffrent forwarder or maybe checking your internet connection.
it maybe that the connection is "timing out" and you intermittingly lose connection.

this would not effect your router, but could effect your DNS server.
0
 

Author Comment

by:WatrSkii
ID: 24137557
Havent had any unusual errors/warnings.  I did see the following in the DNS Server events, but it is listed as information, so I initially wrote it off. Dont know what it means honestly.

Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      113
Date:            4/10/2009
Time:            2:36:54 PM
User:            N/A
Computer:      PSC01
Description:
The DNS server could not signal the service "NAT". The error was 1168. There  may be interoperability problems between the DNS service and this service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Also the time doesnt really match the problems.  Since I last posted the problems have been very intermitent.  It seems as though they always start to surface right around lunchtime and into the afteroon.  Everything is fine in the mornings and begins to correct again in the evening.  Is it possible that network traffic is affecting the DNS server?

As far as internet connection goes it has been a bit flakey.  Comcast has been doing some repairs in the area and our connection has been getting dropped for 20-30 min about every 3 to 4 days.  This sounds like it might be along the lines you are talking about.  However the internet connection has been functional the last couple times ive troubleshot the problem.  It would have to be a failing conneciton causing the problem and then not getting resolved once the connection is restored.

I guess the question becomes what is the proper action to take when something does get messed up or when the problems do arise again?  You spoke of using different forwarders, where would I get these if not from my ISP?
0
 
LVL 2

Accepted Solution

by:
tech_tonic earned 500 total points
ID: 24143739
Hi Watrskii,

an intermittent internet connection could be PART of the problem.
if you can not contact the WWW when you are looking for site or internet addresses. it can cause your DNS to "remember" these failures.

the restart would clear this and fix the problem.

i guess the next thing to do is start looking at your ISP and at your ability to ping or resolve address when these little bumps occur.
SBS requries a very stable and concurrent coenction. if that connection is flakey it will cause many of these problems.
the fact that it gets a little slow at lunch time, the busiest part of the day, then is ok in the afternoon tends to also point to an ISP problem.

i guess all you can do is contact your ISP and see if the repairs are nearly fixed.
and if not how long it will take.

in AUS, we get these problems a lot with older wiring and people not on SLA ( service level agreements) with their ISP's.
0
 

Author Comment

by:WatrSkii
ID: 24147628
That all sounds very reasonable. I guess the only question I have left is how I can go about resolving the problem when it ocurs.  Unfortunately restarting the server at lunchtime every coupe days is not really an option.   It seems as though the problem is a residual one that gets fixed by something getting cleared during a restart.  Any ideas as to how I can perform this "clearing" without a restart?

As far as looking at the ISP during the problem times what would be suggested?  The past couple times I have tried using nslookup with to no avail.  I believe this points to dns problems as well.  When you say ping and resovle addresses are you talking about pinging domain names, not IPs?  Would comparing behavior between the two be of any benefit?

I'm just trying to have a plan ready for the next time the problem pops up, as my chances to troubleshoot are a bit limiited.  

Thanks for all the help so far!
0
 

Expert Comment

by:Mad_Lenny
ID: 24194960
Hi WatrSkii,

Had the same problem on my SBS network, IE browsing just seemed to get slower and slower over a period of months. I gave OpenDNS a go and had an instant improvement (best of all its 'free'!): https://www.opendns.com/start/device/windows-server-2003

maybe worth a go,

best,

Lenny
0
 

Author Comment

by:WatrSkii
ID: 24273523
Well my internet connection has been stable for awhile now and the problem has not arisen so I am goign to go ahead and close out here.  I think tech_tonic was right about my sloppy connection goofing with sbs.  Or at least thats the best I can figure.  Thanks for all your help guys!
0
 

Expert Comment

by:marknabors
ID: 32841942
First off...thanks for sharing all your experience and ideas.

I had the same problem on my SBS network.  I removed all the forwarders and entered the DNS servers for my ISP (see WatrSkii's last entry for OpenDNS link with instructions) then I cleared the DNS cache.  It is smoking now.  

Just wanted to all my expeience.  Thanks again!  
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now