Solved

Strange network issue - users cannot connect to websites, or they take long to load.

Posted on 2009-05-20
8
237 Views
Last Modified: 2012-05-07
Hello there.  We are having some strange issues regarding connecting to websites from within our network.  And users connecting to our network using Logmein are also having problems, slow loading pages, or disconnects.  

ADSL - 8mb/512
Windows 2000 Server + MS Exchange.
Firewall handles the NAT.
100mb switch

Basically it either takes about x4 times as long to connect to a webpage - eg. the loading bar at the bottom of the page goes very slow.  Or the page times out, or we get disconnected (in the case when we try to use logmein)

Now the reason why I think this is strange, is that it only happens to certain pages - hotmail loads fine, quick.  Google loads fine, browsing seems fine.  I have run speed tests, they are fine.  I have called our ISP, they have done circut check, tested the lines, they seem fine.  I have run malware scans  on all PCs - checked that we have no one downloading or uploading big files.

I'm going to add wireshark to our server today.  The only thing I can think of is to reinstall all NIC;s on affected PCs.

Oh, and another thing - which may or may not be direct at this particular problem.  My boss suddenly cannot connect via Terminal Services from his home PC, nor logmein.  Again, this could be a problem locally to him, but he says everthing else is working fine.  Still, this might be another question.

Another option for me to try is to do a 24 hour line check and other diagnostics.  Are there any other applications that can help me see if its our network connection causing these slow-downs/disconnects, or its the actual sites themselves.   BTW: I have ping'ed, tracert to all listed sites,  all came back fine.    

Anyhoo - got any ideas of this one.  I'm getting calls every minute about people not being able to connect.  

Thanks.
0
Comment
Question by:SpencerKarnovski
  • 5
  • 3
8 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 24429688
Does your ISP run a proxy/cache? If so, can you choose not to use it?

Are *you* running a proxy/cache of any sort? Does the slowness persist if users go direct rather than through the proxy?

I very much doubt you have a problem with all your NICs.

You might have a problem with ONE of them causing excess traffic on teh LAN - try unplugging each w/s in turn and see if the rest suddenly get fast when you unplug a particular one. (Don't forget printers and anything else with a lan connection). Similarly, it may be a dodgy switch or a dodgy switch port.

I'm suspicious that it only affects certain sites, that's very odd. Is it *always* the same sites that are and are not affected?

Can you bring up the router status screen? See if it's dropping/reconnecting at any time it should not? see how much traffic it's passing when you think it should be quiet.

0
 

Author Comment

by:SpencerKarnovski
ID: 24429831
Hello ccomley

We are not connected to a proxy through our ISP, and nothing has changed in this regard as far as I'm aware.  However, I do on occasion get a proxy login box appear, but as expressed.  I really do not know where this is coming from.   Something for me to investigate!

This problem has only started over the page 36 hours though, and nothing from our normal setup has changed.  As for a dodgy switch port, could well be.  But, not all users are suffering from the slow connections/disconnects.  

It does seem that most sites that are unreachable are secure sites that have the user logging in.  Like connecting to online bank accounts, logmein etc..

I have been keeping an eye on the router status page, we have not be intermittently disconnecting.

Ok,  so to recap.  Areas for me to investigate are;

Poxy Server
Switch ports

Can you add to this list, thanks.
0
 
LVL 16

Expert Comment

by:ccomley
ID: 24429866
ah - sites to which you "log in" are genreally "secure" (HTTPS) sites using SSL. The most significant point here is that they run on port 443 instead of port 80.

Could something be intefering with port 443 access?

I have to say, it smells badly of a misconfigured proxy, in this particular case, it's handling port 80 traffic most of the time but going badly wrong when a site "goes secure" and switches you to port 443.

And if you get occsional screens from a proxy server, that's even more suspicion that your traffic is going via a proxy somewhere. If you dont' have a proxy server configured in the browser setup, taht would suggest to me that the ISP has implemented a "transparent proxy" and is catchign and routing your web traffic through it without your knowledge.

If nothing at your end has changed I have to suspect something new at the ISP end...
0
 

Author Comment

by:SpencerKarnovski
ID: 24429930
Hey cc

I'm going to give my ISP a call now,  just to confirm if they are directing us through a proxy.  I just got another call from a user.

She uses a delivery service called interlink express, on this page she has to enter a load of data, then preses print - and then a lable is printed on her portable label printer.  

Now, strange thing is, she enters the data - then presses print.  After that suddenly the page jumps back to an empty data sheet.  This does this about 7/10.  It seems that browsing is ok, its just when my users have to enter some information, then click a button - thats when the browser slows down.

Strange..
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:ccomley
ID: 24429990
I have to say, these are all classic signs of mis-behaving proxy server.  Works fine on "plain" pages, anything that goes secure, anuthing that has form-fill or returns data to the server, starts to be more difficult for the proxy to do properly...
0
 

Author Comment

by:SpencerKarnovski
ID: 24430810
Hi - I have called my ISP, and there are no proxy servers on our broadband line.

However, I just looked into the server logs and got this error.

"The virtual memory needed to run the exchange server is fragmented in such a way that normal operation is beginning to fail - we need to restart the exchange services".

So I then checked the Disk Management tool, and our drives are heavy de fragmented.  I did defrag a while ago, but it must have got cancelled.  Could a heavly fragmented HD cause the slowdowns previsously discussed?

Will be running a defrag tonight..

Another issue stated in the server event viewer.  

"Scope 192.168.0.0 is 100% full with onlyl 0 IP addresses remaining".  

Also, just spoke to my boss and he said at 17:30 (leaving time for most staff) that the problems (connecting via logmein + TC) went away.  So this would indicate network congestion is a possible cause.  however, no workstation is download/uploading anything - i have run scans.

Again, could this be due to the load on a heavily fragmented server?

thanks
0
 

Author Comment

by:SpencerKarnovski
ID: 24637568
Well, turns out all these issue was caused by a highly defragmented hard drive on the server.  I had been running degrag, but always running this from an RD connection, so when I closed the RD window it stopped the defrag - even though there is a message saying the opposite.

However, I have also deframented the drive locally, and windows did not do a great job.  I installed disk keep pro and it fixed all the above issues.  It also speeded up the server,  and now my boss can connect via TC without getting disconnected.
0
 

Author Closing Comment

by:SpencerKarnovski
ID: 31583406
Good information was posted.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now