• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

Need help diagnosing intranet and internet connectivity issues on SBS2003 Server

Dear Experts,

I recently inherited responsibility for a SBS2003 machine and over the past few weeks I've witnessed a bunch of difficult-to-diagnose connectivity issues, both internet and intranet related. I don't know where to start to try to diagnose the issues. I wonder if all the issues are related to the same problem. Here are the specific problems I've witnessed:

1. Intranet clients can't reliably use apps which require access to databases on the Server. (Quickbooks gives "Connection lost" errors)
2. Backing up of large files (40-60MB) to Jungledisk fails and gives errors such as this:  
"HTTP send disconnected: SSL_write() error: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac "
Jungledisk support says this is a "general connection failure".
3. Windows Remote Desktop sessions over the intranet disconnect within a minute, especially when something happens with a lot of screen movement (traffic).
4. Logmein Remote sessions over the internet disconnect within a few seconds. Sometimes sessions will last as long as 30 seconds but no longer.

Some info on the server and network:
A. There is no software antivirus/firewall affecting local traffic to my knowledge.
B. The server has two NICs. Both are connected to a TP-LINK Dual-wan router. A pair of T1s are bonded to the first NIC, DSL the second NIC. The second NIC has been disabled in Windows.
C. There is a cisco 1700 series which connects the dual T1s to the TP-LINK.
D. The intranet clients do not have connectivity problems to each other -- all issues are specific to this server.

I can't help but wonder if all of these connectivity problems are related to each other. Any suggestions as to where I should start in troubleshooting this? Thank you.
  • 8
  • 4
  • 3
  • +1
2 Solutions
I am not familar with TP-Link's but is there anything in the interface that will let you monitor the volume of traffic?  Usually they will show how much memory or CPU is being used or something along those lines.  Also have you tried pinging from server to client or vice versa during trouble times?  I'm curious to see what kind of time you get back on your pings.
Rob WilliamsCommented:
Could you post   ipconfig  /all     from the SBS?
Are you aware of the TOE/SNP issues in SBS?  They especially affect, but are not limited to, Broadcom NICs.


http://msmvps.com/blogs/thenakedmvp/archive/2007/01/06/how-broadcom-and-dell-wasted-three-days-of-my-time.aspx (valuable information further down the page)

Points B and C you made in relation to the network topology are not very clear, could you explain those again?
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

ezekiel2517Author Commented:
Thanks for the posts so far, I'll have a chance to run through those suggestions later today.

Beechy, me try to clarify the network a bit:

There are two internet connections to the location -- DSL and dual T1. The "Cisco 1700" I mentioned appears to be consolidating the dual T1s, and from there goes into the WAN on the TP-Link  R480T+ router. The DSL goes straight from the DSL modem to the 2nd WAN on the TP-Link.

There are 3 LAN ports total on the TP-Link router. Two LAN ports go to the server (one bonded to the T1, the other to  DSL), and the 3rd lan port (bonded to dsl) goes to a switch for all client workstations. The Server has 2 NICs to receive the T1 and the DSL from the router. The NIC which is connected to the DSL port on the Router has been "disabled" in Windows. So the only active internet connection which reaches the server is T1.

Now I understand the topology much better.

I'm not familiar with the router in question either, but the setup sounds overly complicated.

As a first step I would plug the server into the switch with the clients.  At this point it will be worth running through the SBS 'Configure Email and Internet Connection Wizard' - leave all settings at their current values except the LAN and gateway steps - make sure the settings on those pages match your setup.  If this solves your problems the next thing to do would be to configure the TPLink to load balance both internet connections through the one LAN port connected to the switch, which it looks capable of doing according to my brief research.
ezekiel2517Author Commented:
I'm onsite now and am trying these suggestions.

Here's the ipconfig results. I don't see anything too out of the ordinary:

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix  . . . . . . . : smallbusiness.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : smallbusiness.local

Ethernet adapter Office:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BCM5701 Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-02-A5-E7-67-FC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :

C:\Documents and Settings\Administrator>
ezekiel2517Author Commented:
Hi Beechy,

I implemented the TOE/SNP Registry fixes in the last link you posted. Going to try the next steps you advised on now.
ezekiel2517Author Commented:
Some more info that might help:

When I'm  onsite and try a Remote Desktop Session over the Intranet, the exact error I get is
"Because of an error in data encryption, the session will end. Please try connecting to the remote computer again."

I just got this error when running a SpeedTest (which maxxed out the Internet connection and maybe stressed the intranet as well).

ezekiel2517Author Commented:

I moved the server onto the Switch (where the stable workstations are) and ran the SBS Internet & Email Wizard, but I'm still getting the connectivity errors.
Some interesting things to note:
 1. Running Jungledisk backups on any of the client computers goes without a hitch - no SSL errors.
 2. Disabling "Encrypt with SSL" in Jungledisk on the server will allow the backups to complete.
 So it's starting the look  like the issue isn't with the network, but rather with the server. I don't know enough about SSL errors to know where to go next.
 Here's some other things I've tried on the server:
 1. Disabled "TCP Large Send" on the NIC
 2. Disabling other non-essential programs (the pbx, vnc, etc.)

I just noticed a NIC Diagnostic program in the system tray. There is a "full diagnostic" option, which I ran on the active NIC. It fails the test with the error "On Chip CPU - TX test failure". I think I'm going to swap nics and see if that makes a difference. Any other suggestions, please chime in

Are the two NICs in the server identical or different hardware models?  If they are different you could just try using the other one - disable the frst, enable the other, configure it with the correct IP settings then rerun the CEICW.  If they are identical then go ahead and try a new NIC, whichever route you take just ensure you rerun the CEICW afterward.

There are other settings in the NIC properties apart from Large Send that should be disabled, can you post a screenshot of the options available? - May be worth trying this before purchasing a new NIC.

Either way I would suggest you leave the server plugged into the switch along with the clients and router in the long run.
Rob WilliamsCommented:
Th IP configuration is totally wrong. I assume this is the SBS IPConfig,. Even if a workstation it is wrong as well.

On any Windows domain controller the NIC must point ONLY to itself for DNS. The router or ISP CANNOT be used even as an alternate. The ISP is then added as a forwarder in the DNS management console. With SBS change the NIC to point only to itself and then run the CEICW (Server management | Internet and E-mail | Connect to the Internet)

The SBS should also be the DHCP server. The server allows for assignment of scope options the router does not have and proper DNS registration of client.

The clients need to point ONLY to the SBS for DNS, whether assigned statically or dynamically.

Without DNS configured correctly you will have slow logons, name resolution issues, and all sorts of bizarre problems as a result.
ezekiel2517Author Commented:
Beechy and Robwill, thanks for the suggestions and info.

This is a production server so I can't take it offline during the week to try these changes -- my next opportunity will be Saturday. Will report back then.

ezekiel2517Author Commented:
Beechy, here is a screenshot of NIC #1's advanced properties. Any advice on what options should be on/off would be appreciated:

Rob WilliamsCommented:
I see Beechy has not had a chance to reply, so in their absense....
I suspect they are referring to disabling the RSS support and  TaskOffloading  as per:

This tends to have more impact on performance though it can affect some services. I would first recommend changing your DNS configuration as a Windows Domain will not function without DNS being properly configured as I suggested earlier.

Below is a check list for Windows 2003 servers, however if you are running Windows Small Business Server, though the rules still apply, the method for configuring is slightly different. The server NIC/s must point only to the server itself for DNS. If you have additional internal DC’s/DNS servers, you can add those. Any others such as the ISP’s must be removed from all NIC’s. Then run the CEICW (Configure E-mail and Internet Connection Wizard) which is located by going to Server Management | Internet and E-mail | Connect to the Internet. Within the wizard you will be prompted for the ISP’s DNS servers which will automatically be added to the forwarders list. This also verifies DNS is properly configured, and assists with the configuration of your network related services. The wizard can be run as often as you like. If running it through a remote desktop session you may be disconnected for 5 to 30 seconds as it completes.

Clients MUST also point ONLY to your internal DNS servers. (likely just the SBS). Make sure whether assigned static addressing or DHCP addressing (preferred) they do not receive the ISP’s DNS, even as an alternate.

As mentioned below, and especially with SBS, the server should be the DHCP server. If it is not have a look at the following document explaining how to move the DHCP service from the router to the SBS.
Set up DHCP on existing SBS
See "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.

The following link explains in detail configuring networking with an SBS:
“How to configure Internet access in Windows Small Business Server 2003”
ezekiel2517Author Commented:
RobWill  and Beechy,

After implementing your fixes, my network issues seem to be fixed -- now RDP works without random disconnects and Jungledisk works without SSL errors. Thanks for all your detailed help.

Rob WilliamsCommented:
Good to hear you are up and running. Thanks ezekiel2517.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 8
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now