Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Strange network issue - users cannot connect to websites, or they take long to load.

Posted on 2009-05-20
Medium Priority
Last Modified: 2012-05-07
Hello there.  We are having some strange issues regarding connecting to websites from within our network.  And users connecting to our network using Logmein are also having problems, slow loading pages, or disconnects.  

ADSL - 8mb/512
Windows 2000 Server + MS Exchange.
Firewall handles the NAT.
100mb switch

Basically it either takes about x4 times as long to connect to a webpage - eg. the loading bar at the bottom of the page goes very slow.  Or the page times out, or we get disconnected (in the case when we try to use logmein)

Now the reason why I think this is strange, is that it only happens to certain pages - hotmail loads fine, quick.  Google loads fine, browsing seems fine.  I have run speed tests, they are fine.  I have called our ISP, they have done circut check, tested the lines, they seem fine.  I have run malware scans  on all PCs - checked that we have no one downloading or uploading big files.

I'm going to add wireshark to our server today.  The only thing I can think of is to reinstall all NIC;s on affected PCs.

Oh, and another thing - which may or may not be direct at this particular problem.  My boss suddenly cannot connect via Terminal Services from his home PC, nor logmein.  Again, this could be a problem locally to him, but he says everthing else is working fine.  Still, this might be another question.

Another option for me to try is to do a 24 hour line check and other diagnostics.  Are there any other applications that can help me see if its our network connection causing these slow-downs/disconnects, or its the actual sites themselves.   BTW: I have ping'ed, tracert to all listed sites,  all came back fine.    

Anyhoo - got any ideas of this one.  I'm getting calls every minute about people not being able to connect.  

Question by:SpencerKarnovski
  • 5
  • 3
LVL 17

Accepted Solution

ccomley earned 1500 total points
ID: 24429688
Does your ISP run a proxy/cache? If so, can you choose not to use it?

Are *you* running a proxy/cache of any sort? Does the slowness persist if users go direct rather than through the proxy?

I very much doubt you have a problem with all your NICs.

You might have a problem with ONE of them causing excess traffic on teh LAN - try unplugging each w/s in turn and see if the rest suddenly get fast when you unplug a particular one. (Don't forget printers and anything else with a lan connection). Similarly, it may be a dodgy switch or a dodgy switch port.

I'm suspicious that it only affects certain sites, that's very odd. Is it *always* the same sites that are and are not affected?

Can you bring up the router status screen? See if it's dropping/reconnecting at any time it should not? see how much traffic it's passing when you think it should be quiet.


Author Comment

ID: 24429831
Hello ccomley

We are not connected to a proxy through our ISP, and nothing has changed in this regard as far as I'm aware.  However, I do on occasion get a proxy login box appear, but as expressed.  I really do not know where this is coming from.   Something for me to investigate!

This problem has only started over the page 36 hours though, and nothing from our normal setup has changed.  As for a dodgy switch port, could well be.  But, not all users are suffering from the slow connections/disconnects.  

It does seem that most sites that are unreachable are secure sites that have the user logging in.  Like connecting to online bank accounts, logmein etc..

I have been keeping an eye on the router status page, we have not be intermittently disconnecting.

Ok,  so to recap.  Areas for me to investigate are;

Poxy Server
Switch ports

Can you add to this list, thanks.
LVL 17

Expert Comment

ID: 24429866
ah - sites to which you "log in" are genreally "secure" (HTTPS) sites using SSL. The most significant point here is that they run on port 443 instead of port 80.

Could something be intefering with port 443 access?

I have to say, it smells badly of a misconfigured proxy, in this particular case, it's handling port 80 traffic most of the time but going badly wrong when a site "goes secure" and switches you to port 443.

And if you get occsional screens from a proxy server, that's even more suspicion that your traffic is going via a proxy somewhere. If you dont' have a proxy server configured in the browser setup, taht would suggest to me that the ISP has implemented a "transparent proxy" and is catchign and routing your web traffic through it without your knowledge.

If nothing at your end has changed I have to suspect something new at the ISP end...
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 24429930
Hey cc

I'm going to give my ISP a call now,  just to confirm if they are directing us through a proxy.  I just got another call from a user.

She uses a delivery service called interlink express, on this page she has to enter a load of data, then preses print - and then a lable is printed on her portable label printer.  

Now, strange thing is, she enters the data - then presses print.  After that suddenly the page jumps back to an empty data sheet.  This does this about 7/10.  It seems that browsing is ok, its just when my users have to enter some information, then click a button - thats when the browser slows down.

LVL 17

Expert Comment

ID: 24429990
I have to say, these are all classic signs of mis-behaving proxy server.  Works fine on "plain" pages, anything that goes secure, anuthing that has form-fill or returns data to the server, starts to be more difficult for the proxy to do properly...

Author Comment

ID: 24430810
Hi - I have called my ISP, and there are no proxy servers on our broadband line.

However, I just looked into the server logs and got this error.

"The virtual memory needed to run the exchange server is fragmented in such a way that normal operation is beginning to fail - we need to restart the exchange services".

So I then checked the Disk Management tool, and our drives are heavy de fragmented.  I did defrag a while ago, but it must have got cancelled.  Could a heavly fragmented HD cause the slowdowns previsously discussed?

Will be running a defrag tonight..

Another issue stated in the server event viewer.  

"Scope is 100% full with onlyl 0 IP addresses remaining".  

Also, just spoke to my boss and he said at 17:30 (leaving time for most staff) that the problems (connecting via logmein + TC) went away.  So this would indicate network congestion is a possible cause.  however, no workstation is download/uploading anything - i have run scans.

Again, could this be due to the load on a heavily fragmented server?


Author Comment

ID: 24637568
Well, turns out all these issue was caused by a highly defragmented hard drive on the server.  I had been running degrag, but always running this from an RD connection, so when I closed the RD window it stopped the defrag - even though there is a message saying the opposite.

However, I have also deframented the drive locally, and windows did not do a great job.  I installed disk keep pro and it fixed all the above issues.  It also speeded up the server,  and now my boss can connect via TC without getting disconnected.

Author Closing Comment

ID: 31583406
Good information was posted.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question