• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 550
  • Last Modified:

Vista Business can't communicate with one Windows 2003 server on domain

I have a standard Windows 2003 domain with 3 domain controllers and one member server - all Windows 2003 and all updated to the same SP and update via WSUS.  Recently I started putting VIsta workstations on the network and noticed that they cannot communicate with the member server - can't ping it by IP, Netbios name, or FQDN.  The FQDN does resolve to an IP - but there's no response from server.  On the server I can ping the workstations but can't open the default shares on the workstation.  

The Vista workstations all have Vista Business Ed - updated to the same level.  All are dells but different models.  Have either Intel or Broadcom 64 bit NICS.  Windows firewall is disabled.  All have Norton Internet Security 2009 installed - disabling that firewall causes the workstations to lose port 80 access and the server to no longer be able to ping them.  

I've gotten it to the point where the workstation can intermittently connect to the server - but its like every hour for 1 minute and then nothing.  

So any thoughts, comments, suggestions?
0
danlhotka369
Asked:
danlhotka369
  • 12
  • 7
  • 6
  • +1
2 Solutions
 
blue-screenCommented:
- Are all of these PCs on the same subnet?
- Any chance of a duplicate IP address somewhere?  If it pings sometimes, the connection is OK.

The intermittency leads me to think that some other device may be responding to ARP requests, you you have have two parallel routers from the Vista stations to the member server - one that goes to the right place, and one that is a black hole.

I also don't understand why disabling NIS would cause a loss of web connection?
0
 
Darius GhassemCommented:
On the Vista machines make sure you disable IPv6 then run a ipconfig /flushdns and ipconfig /registerdns. Also, make sure all clients and servers only point to internal DNS servers and don't have any external DNS server's listed in their TCP\IP properties.
0
 
Blizz127Commented:
Check your nic card could be as simple as that.
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
danlhotka369Author Commented:
Blizz127 - what do you suggest I check on the NIC cards?  I've updated the drivers and made sure that TOE is disabled.
0
 
Darius GhassemCommented:
Has any other solutions work?
0
 
danlhotka369Author Commented:
None of the other solutions have worked.  I updated the NIC drivers on the server and for a brief time was able to ping the VIsta machines and open their default shares (ie: \\computer) - however that has since stopped working.

The workstations get the following results when pinging the server:

Reply from 192.168.111.9
Request Timed Out
Request Timed Out
Request Timed Out

So I don't get why it can reply once and then never again.  Ping from the server times out all 4 pings.

But IPv6 is disabled on all workstations - all are pointing to internal DNS only.  All are on the same subnet - same switch as a matter of fact.
0
 
blue-screenCommented:
If only the first ping replies, it sounds like some other device is absorbing the replies after the first ping.  Duplicate IP address?  Duplicate MAC address?  

What is the network path between the two sites?  Maybe you have two parallel paths to the destination network, one to the right location, one to the black hole.

Also, check the subnet mask of all of the machines and make sure the subnet masks are correct and consistent with each other.  Do the same for all the routers in the path.

Finally, look at the ARP table of the two machines.  If they are on different subnets, make sure the address of the destination pC is NOT in the ARP table.  If it is, someone has a bad subnet mask and a misplaced proxy ARP.

Need more information.  IP addreses, masks, network paths.  if more than one hop, a tracert would be useful.

Can the server ping ANY machines (does the server have a firewall on?)
0
 
danlhotka369Author Commented:
Here's the results from the server:  
C:\Documents and Settings\administrator.FCSVA>ping admin20

Pinging admin20.fcsva.local [192.168.111.130] with 32 bytes of data:

Reply from 192.168.111.130: bytes=32 time<1ms TTL=128
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.111.130:
    Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\administrator.FCSVA>tracert admin20

Tracing route to admin20.fcsva.local [192.168.111.130]
over a maximum of 30 hops:

  1    <1 ms    <1 ms     *     192.168.111.130
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *     ^C

The server can ping any other server and any non Vista workstation in the network - it cannot ping only the Vista workstations.  The firewall on the server is off and disabled.  It does have Endpoint client installed.  
0
 
danlhotka369Author Commented:
Here is the Ipconfig /all data from the server:

C:\Documents and Settings\administrator.FCSVA>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : fcssrv02
   Primary Dns Suffix  . . . . . . . : fcsva.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fcsva.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
 VBD Client)
   Physical Address. . . . . . . . . : 00-1C-23-BE-36-05
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.111.9
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.111.1
   DNS Servers . . . . . . . . . . . : 192.168.111.8
0
 
danlhotka369Author Commented:
Here is the tracert info from one of the Vista workstations:
C:\Users\tblanchard>tracert fcssrv02

Tracing route to fcssrv02.fcsva.local [192.168.111.9]
over a maximum of 30 hops:

  1    <1 ms     *        *     fcssrv02.fcsva.local [192.168.111.9]
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8  ^C

Here is the ipconfig /all data for the workstation:

C:\Users\tblanchard>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Admin20
   Primary Dns Suffix  . . . . . . . : fcsva.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fcsva.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DM Gigabit Network Connec
on
   Physical Address. . . . . . . . . : 00-21-70-10-EF-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.111.130(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, April 24, 2009 12:41:23 PM
   Lease Expires . . . . . . . . . . : Friday, April 24, 2009 1:41:23 PM
   Default Gateway . . . . . . . . . : 192.168.111.1
   DHCP Server . . . . . . . . . . . : 192.168.111.1
   DNS Servers . . . . . . . . . . . : 192.168.111.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Like the server - the Vista workstations can ping any other server and workstation except FCSSRV02.
0
 
danlhotka369Author Commented:
ARP Cache from workstation:

C:\Users\tblanchard>arp -a

Interface: 192.168.111.130 --- 0xa
  Internet Address      Physical Address      Type
  192.168.111.1         00-1f-9e-2e-ee-d0     dynamic
  192.168.111.8         00-1c-23-bc-4d-40     dynamic
  192.168.111.9         00-1f-9e-2e-ee-d0     dynamic
  192.168.111.27        00-21-5a-7d-53-33     dynamic
  192.168.111.105       00-1c-23-59-3f-8b     dynamic
  192.168.111.129       00-1c-bf-1d-24-db     dynamic
  192.168.111.132       00-1c-23-59-3f-7a     dynamic
  192.168.111.168       00-21-70-10-ee-f3     dynamic
  192.168.111.255       ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.252           01-00-5e-00-00-fc     static
  239.255.255.250       01-00-5e-7f-ff-fa     static
  255.255.255.255       ff-ff-ff-ff-ff-ff     static
0
 
danlhotka369Author Commented:
ARP Cache from server:

C:\Documents and Settings\administrator.FCSVA>arp -a

Interface: 192.168.111.9 --- 0x10003
  Internet Address      Physical Address      Type
  192.168.111.1         00-1f-9e-2e-ee-d0     dynamic
  192.168.111.3         00-16-17-f1-2a-ca     dynamic
  192.168.111.8         00-1c-23-bc-4d-40     dynamic
  192.168.111.27        00-21-5a-7d-53-33     dynamic
  192.168.111.40        00-1c-23-04-d3-27     dynamic
  192.168.111.105       00-1c-23-59-3f-8b     dynamic
  192.168.111.106       00-1f-3c-7d-50-27     dynamic
  192.168.111.194       00-19-7d-a8-1c-49     dynamic
0
 
Darius GhassemCommented:
Remove SEP from the servers and Vista clients, There are known issues with SEP that stop network communication issues even when the client is disabled. You must use the cleanwipe tool to fully remove SEP from the system what I see going on is just like the issue we had with SEP.
0
 
danlhotka369Author Commented:
The server involved has both SEP and the SEP management console installed.  The Vista workstation did not have SEP installed - they had Norton Internet Security 2009 installed.  I removed it and installed Avast instead.  

Could the two SEP products on that server be the problem?   Because SEP is installed on the other servers and they can communicate with the Vista workstations no problem.
0
 
Darius GhassemCommented:
Yes, SEP can cause issues on certain servers and others work fine. If you called MS for a issue they will ask you to remove SEP from the system before they start.
0
 
danlhotka369Author Commented:
Awesome - yeah I checked the SEP Management console and there was a firewall policy in place.  I removed it and withdrew it from all the clients.  It seems to be working.  Of course this could be the intermittent connectivity at work as well.
0
 
blue-screenCommented:
Yes, network level is fine and simple, not troubles at all - I think dariusg nailed it; I was barking up the wrong tree.  One more reason to dislike Symantec products!
0
 
Darius GhassemCommented:
How is it going so far?
0
 
danlhotka369Author Commented:
I removed SEP and SEPM using the CleanWIpe tool and the Vista workstations still cannot communicate with that server consistently - they can very briefly upon reboot but then it drops and we are back to request timed out on ping.
0
 
Darius GhassemCommented:
Have you replaced the NIC card yet? Let's recap real quick. Vista Machines can ping the server and the server can't ping the Vista clients, right? You removed SEP from server and clients?
0
 
blue-screenCommented:
Looks like a duplicate IP address for that server?

ipconfig on the server (192.168.111.9) shows the MAC as 00-1C-23-BE-36-05

But the ARP table shows

  192.168.111.9         00-1f-9e-2e-ee-d0     dynamic

No match!

Seems like a second ARP reply is coming in after the server from some MAC address   00-1f-9e-2e-ee-d0  which seems to be the router at 192.168.111.1   (note the same mac addresses in the ARP table)

My guess is that it is sending and inappropriate proxy arp reply.

Make sure the mask is set correctly on the router.  If that fails, try turning proxy-arp off.

What can you tell me about the router, or whatever device is at 192.168.111.1?

Also, make sure that only ONE interface of the router is touching the 192.168.111.x network.
0
 
danlhotka369Author Commented:
Dariusq:  other way.  The server can ping the Vista machines intermittently.  The Vista machines cannot ping the server.  The firewall service on all machines is off and disabled.  The server has no AV of any kind.  The Vista machines are using AVAST.
0
 
blue-screenCommented:
The problem is clearly the device at MAC address 00-1f-9e-2e-ee-d0, which is a Cisco device.  There is some misconfiguration or miswiring in that device where is us answering ARPs on behalf of the server.  
0
 
danlhotka369Author Commented:
So it turns out the embedded NICs on the server are bad.  We are replacing the MB and all should be right with the world.  The mention of the MAC inconsistency got me thinking about the NICs - we swapped NICs and the server bluescreened.  Then we changed the IP of the first NIC and everything started working correctly.  Changed it back to its original IP and still good.  

So time for a new motherboard.
0
 
Darius GhassemCommented:
That is why I asked if you replaced the NIC?
0
 
blue-screenCommented:
That doesn't really make sense, but OK.  I can't see how it explains the MAC address of the router appearing associated with the IP address of the server.  I think you may be chasing the wrong solution, unless something about the NIC failure caused odd behavior on the router.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 12
  • 7
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now