Solved

Strange network issue - users cannot connect to websites, or they take long to load.

Posted on 2009-05-20
8
235 Views
Last Modified: 2012-05-07
Hello there.  We are having some strange issues regarding connecting to websites from within our network.  And users connecting to our network using Logmein are also having problems, slow loading pages, or disconnects.  

ADSL - 8mb/512
Windows 2000 Server + MS Exchange.
Firewall handles the NAT.
100mb switch

Basically it either takes about x4 times as long to connect to a webpage - eg. the loading bar at the bottom of the page goes very slow.  Or the page times out, or we get disconnected (in the case when we try to use logmein)

Now the reason why I think this is strange, is that it only happens to certain pages - hotmail loads fine, quick.  Google loads fine, browsing seems fine.  I have run speed tests, they are fine.  I have called our ISP, they have done circut check, tested the lines, they seem fine.  I have run malware scans  on all PCs - checked that we have no one downloading or uploading big files.

I'm going to add wireshark to our server today.  The only thing I can think of is to reinstall all NIC;s on affected PCs.

Oh, and another thing - which may or may not be direct at this particular problem.  My boss suddenly cannot connect via Terminal Services from his home PC, nor logmein.  Again, this could be a problem locally to him, but he says everthing else is working fine.  Still, this might be another question.

Another option for me to try is to do a 24 hour line check and other diagnostics.  Are there any other applications that can help me see if its our network connection causing these slow-downs/disconnects, or its the actual sites themselves.   BTW: I have ping'ed, tracert to all listed sites,  all came back fine.    

Anyhoo - got any ideas of this one.  I'm getting calls every minute about people not being able to connect.  

Thanks.
0
Comment
Question by:SpencerKarnovski
  • 5
  • 3
8 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
Comment Utility
Does your ISP run a proxy/cache? If so, can you choose not to use it?

Are *you* running a proxy/cache of any sort? Does the slowness persist if users go direct rather than through the proxy?

I very much doubt you have a problem with all your NICs.

You might have a problem with ONE of them causing excess traffic on teh LAN - try unplugging each w/s in turn and see if the rest suddenly get fast when you unplug a particular one. (Don't forget printers and anything else with a lan connection). Similarly, it may be a dodgy switch or a dodgy switch port.

I'm suspicious that it only affects certain sites, that's very odd. Is it *always* the same sites that are and are not affected?

Can you bring up the router status screen? See if it's dropping/reconnecting at any time it should not? see how much traffic it's passing when you think it should be quiet.

0
 

Author Comment

by:SpencerKarnovski
Comment Utility
Hello ccomley

We are not connected to a proxy through our ISP, and nothing has changed in this regard as far as I'm aware.  However, I do on occasion get a proxy login box appear, but as expressed.  I really do not know where this is coming from.   Something for me to investigate!

This problem has only started over the page 36 hours though, and nothing from our normal setup has changed.  As for a dodgy switch port, could well be.  But, not all users are suffering from the slow connections/disconnects.  

It does seem that most sites that are unreachable are secure sites that have the user logging in.  Like connecting to online bank accounts, logmein etc..

I have been keeping an eye on the router status page, we have not be intermittently disconnecting.

Ok,  so to recap.  Areas for me to investigate are;

Poxy Server
Switch ports

Can you add to this list, thanks.
0
 
LVL 16

Expert Comment

by:ccomley
Comment Utility
ah - sites to which you "log in" are genreally "secure" (HTTPS) sites using SSL. The most significant point here is that they run on port 443 instead of port 80.

Could something be intefering with port 443 access?

I have to say, it smells badly of a misconfigured proxy, in this particular case, it's handling port 80 traffic most of the time but going badly wrong when a site "goes secure" and switches you to port 443.

And if you get occsional screens from a proxy server, that's even more suspicion that your traffic is going via a proxy somewhere. If you dont' have a proxy server configured in the browser setup, taht would suggest to me that the ISP has implemented a "transparent proxy" and is catchign and routing your web traffic through it without your knowledge.

If nothing at your end has changed I have to suspect something new at the ISP end...
0
 

Author Comment

by:SpencerKarnovski
Comment Utility
Hey cc

I'm going to give my ISP a call now,  just to confirm if they are directing us through a proxy.  I just got another call from a user.

She uses a delivery service called interlink express, on this page she has to enter a load of data, then preses print - and then a lable is printed on her portable label printer.  

Now, strange thing is, she enters the data - then presses print.  After that suddenly the page jumps back to an empty data sheet.  This does this about 7/10.  It seems that browsing is ok, its just when my users have to enter some information, then click a button - thats when the browser slows down.

Strange..
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 16

Expert Comment

by:ccomley
Comment Utility
I have to say, these are all classic signs of mis-behaving proxy server.  Works fine on "plain" pages, anything that goes secure, anuthing that has form-fill or returns data to the server, starts to be more difficult for the proxy to do properly...
0
 

Author Comment

by:SpencerKarnovski
Comment Utility
Hi - I have called my ISP, and there are no proxy servers on our broadband line.

However, I just looked into the server logs and got this error.

"The virtual memory needed to run the exchange server is fragmented in such a way that normal operation is beginning to fail - we need to restart the exchange services".

So I then checked the Disk Management tool, and our drives are heavy de fragmented.  I did defrag a while ago, but it must have got cancelled.  Could a heavly fragmented HD cause the slowdowns previsously discussed?

Will be running a defrag tonight..

Another issue stated in the server event viewer.  

"Scope 192.168.0.0 is 100% full with onlyl 0 IP addresses remaining".  

Also, just spoke to my boss and he said at 17:30 (leaving time for most staff) that the problems (connecting via logmein + TC) went away.  So this would indicate network congestion is a possible cause.  however, no workstation is download/uploading anything - i have run scans.

Again, could this be due to the load on a heavily fragmented server?

thanks
0
 

Author Comment

by:SpencerKarnovski
Comment Utility
Well, turns out all these issue was caused by a highly defragmented hard drive on the server.  I had been running degrag, but always running this from an RD connection, so when I closed the RD window it stopped the defrag - even though there is a message saying the opposite.

However, I have also deframented the drive locally, and windows did not do a great job.  I installed disk keep pro and it fixed all the above issues.  It also speeded up the server,  and now my boss can connect via TC without getting disconnected.
0
 

Author Closing Comment

by:SpencerKarnovski
Comment Utility
Good information was posted.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Is your computer hacked? learn how to detect and delete malware in your PC
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now