[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need help diagnosing intranet and internet connectivity issues on SBS2003 Server

Posted on 2010-01-06
16
Medium Priority
?
539 Views
Last Modified: 2012-05-08
Dear Experts,

I recently inherited responsibility for a SBS2003 machine and over the past few weeks I've witnessed a bunch of difficult-to-diagnose connectivity issues, both internet and intranet related. I don't know where to start to try to diagnose the issues. I wonder if all the issues are related to the same problem. Here are the specific problems I've witnessed:

1. Intranet clients can't reliably use apps which require access to databases on the Server. (Quickbooks gives "Connection lost" errors)
2. Backing up of large files (40-60MB) to Jungledisk fails and gives errors such as this:  
"HTTP send disconnected: SSL_write() error: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac "
Jungledisk support says this is a "general connection failure".
3. Windows Remote Desktop sessions over the intranet disconnect within a minute, especially when something happens with a lot of screen movement (traffic).
4. Logmein Remote sessions over the internet disconnect within a few seconds. Sometimes sessions will last as long as 30 seconds but no longer.

Some info on the server and network:
A. There is no software antivirus/firewall affecting local traffic to my knowledge.
B. The server has two NICs. Both are connected to a TP-LINK Dual-wan router. A pair of T1s are bonded to the first NIC, DSL the second NIC. The second NIC has been disabled in Windows.
C. There is a cisco 1700 series which connects the dual T1s to the TP-LINK.
D. The intranet clients do not have connectivity problems to each other -- all issues are specific to this server.

I can't help but wonder if all of these connectivity problems are related to each other. Any suggestions as to where I should start in troubleshooting this? Thank you.
0
Comment
Question by:ezekiel2517
  • 8
  • 4
  • 3
  • +1
16 Comments
 
LVL 6

Expert Comment

by:chilids
ID: 26196020
I am not familar with TP-Link's but is there anything in the interface that will let you monitor the volume of traffic?  Usually they will show how much memory or CPU is being used or something along those lines.  Also have you tried pinging from server to client or vice versa during trouble times?  I'm curious to see what kind of time you get back on your pings.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26197080
Could you post   ipconfig  /all     from the SBS?
0
 
LVL 8

Expert Comment

by:beechy_
ID: 26199157
Are you aware of the TOE/SNP issues in SBS?  They especially affect, but are not limited to, Broadcom NICs.

See:

http://support.microsoft.com/kb/948496
http://msmvps.com/blogs/thenakedmvp/archive/2007/01/06/how-broadcom-and-dell-wasted-three-days-of-my-time.aspx (valuable information further down the page)
http://www.petestilgoe.com/2008/01/sbs-2003-sp2-broadcom-nics-slow-network/

Points B and C you made in relation to the network topology are not very clear, could you explain those again?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:ezekiel2517
ID: 26203074
Thanks for the posts so far, I'll have a chance to run through those suggestions later today.

Beechy, me try to clarify the network a bit:

There are two internet connections to the location -- DSL and dual T1. The "Cisco 1700" I mentioned appears to be consolidating the dual T1s, and from there goes into the WAN on the TP-Link  R480T+ router. The DSL goes straight from the DSL modem to the 2nd WAN on the TP-Link.

There are 3 LAN ports total on the TP-Link router. Two LAN ports go to the server (one bonded to the T1, the other to  DSL), and the 3rd lan port (bonded to dsl) goes to a switch for all client workstations. The Server has 2 NICs to receive the T1 and the DSL from the router. The NIC which is connected to the DSL port on the Router has been "disabled" in Windows. So the only active internet connection which reaches the server is T1.

0
 
LVL 8

Expert Comment

by:beechy_
ID: 26208017
Now I understand the topology much better.

I'm not familiar with the router in question either, but the setup sounds overly complicated.

As a first step I would plug the server into the switch with the clients.  At this point it will be worth running through the SBS 'Configure Email and Internet Connection Wizard' - leave all settings at their current values except the LAN and gateway steps - make sure the settings on those pages match your setup.  If this solves your problems the next thing to do would be to configure the TPLink to load balance both internet connections through the one LAN port connected to the switch, which it looks capable of doing according to my brief research.
0
 

Author Comment

by:ezekiel2517
ID: 26275813
I'm onsite now and am trying these suggestions.

Here's the ipconfig results. I don't see anything too out of the ordinary:

===
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix  . . . . . . . : smallbusiness.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : smallbusiness.local

Ethernet adapter Office:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BCM5701 Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-02-A5-E7-67-FC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.2.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.2.1
                                       4.2.2.3

C:\Documents and Settings\Administrator>
===
0
 

Author Comment

by:ezekiel2517
ID: 26275866
Hi Beechy,

I implemented the TOE/SNP Registry fixes in the last link you posted. Going to try the next steps you advised on now.
0
 

Author Comment

by:ezekiel2517
ID: 26275870
Some more info that might help:

When I'm  onsite and try a Remote Desktop Session over the Intranet, the exact error I get is
"Because of an error in data encryption, the session will end. Please try connecting to the remote computer again."

I just got this error when running a SpeedTest (which maxxed out the Internet connection and maybe stressed the intranet as well).







0
 

Author Comment

by:ezekiel2517
ID: 26276225
Beechy,

I moved the server onto the Switch (where the stable workstations are) and ran the SBS Internet & Email Wizard, but I'm still getting the connectivity errors.
 
Some interesting things to note:
 1. Running Jungledisk backups on any of the client computers goes without a hitch - no SSL errors.
 2. Disabling "Encrypt with SSL" in Jungledisk on the server will allow the backups to complete.
 
 So it's starting the look  like the issue isn't with the network, but rather with the server. I don't know enough about SSL errors to know where to go next.
 
 Here's some other things I've tried on the server:
 1. Disabled "TCP Large Send" on the NIC
 2. Disabling other non-essential programs (the pbx, vnc, etc.)

I just noticed a NIC Diagnostic program in the system tray. There is a "full diagnostic" option, which I ran on the active NIC. It fails the test with the error "On Chip CPU - TX test failure". I think I'm going to swap nics and see if that makes a difference. Any other suggestions, please chime in

 
0
 
LVL 8

Accepted Solution

by:
beechy_ earned 1000 total points
ID: 26276902
Are the two NICs in the server identical or different hardware models?  If they are different you could just try using the other one - disable the frst, enable the other, configure it with the correct IP settings then rerun the CEICW.  If they are identical then go ahead and try a new NIC, whichever route you take just ensure you rerun the CEICW afterward.

There are other settings in the NIC properties apart from Large Send that should be disabled, can you post a screenshot of the options available? - May be worth trying this before purchasing a new NIC.

Either way I would suggest you leave the server plugged into the switch along with the clients and router in the long run.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26277310
Th IP configuration is totally wrong. I assume this is the SBS IPConfig,. Even if a workstation it is wrong as well.

On any Windows domain controller the NIC must point ONLY to itself for DNS. The router or ISP CANNOT be used even as an alternate. The ISP is then added as a forwarder in the DNS management console. With SBS change the NIC to point only to itself and then run the CEICW (Server management | Internet and E-mail | Connect to the Internet)

The SBS should also be the DHCP server. The server allows for assignment of scope options the router does not have and proper DNS registration of client.

The clients need to point ONLY to the SBS for DNS, whether assigned statically or dynamically.

Without DNS configured correctly you will have slow logons, name resolution issues, and all sorts of bizarre problems as a result.
0
 

Author Comment

by:ezekiel2517
ID: 26309067
Beechy and Robwill, thanks for the suggestions and info.

This is a production server so I can't take it offline during the week to try these changes -- my next opportunity will be Saturday. Will report back then.

0
 

Author Comment

by:ezekiel2517
ID: 26337753
Beechy, here is a screenshot of NIC #1's advanced properties. Any advice on what options should be on/off would be appreciated:





HPNC7770-gigabitserver.bmp
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1000 total points
ID: 26342409
I see Beechy has not had a chance to reply, so in their absense....
I suspect they are referring to disabling the RSS support and  TaskOffloading  as per:
http://blogs.technet.com/sbs/archive/2007/03/19/vpn-securenat-nat-and-outlook-clients-not-working-after-installing-windows-service-pack-2-in-sbs-2003-premium.aspx

This tends to have more impact on performance though it can affect some services. I would first recommend changing your DNS configuration as a Windows Domain will not function without DNS being properly configured as I suggested earlier.

Below is a check list for Windows 2003 servers, however if you are running Windows Small Business Server, though the rules still apply, the method for configuring is slightly different. The server NIC/s must point only to the server itself for DNS. If you have additional internal DC’s/DNS servers, you can add those. Any others such as the ISP’s must be removed from all NIC’s. Then run the CEICW (Configure E-mail and Internet Connection Wizard) which is located by going to Server Management | Internet and E-mail | Connect to the Internet. Within the wizard you will be prompted for the ISP’s DNS servers which will automatically be added to the forwarders list. This also verifies DNS is properly configured, and assists with the configuration of your network related services. The wizard can be run as often as you like. If running it through a remote desktop session you may be disconnected for 5 to 30 seconds as it completes.

Clients MUST also point ONLY to your internal DNS servers. (likely just the SBS). Make sure whether assigned static addressing or DHCP addressing (preferred) they do not receive the ISP’s DNS, even as an alternate.

As mentioned below, and especially with SBS, the server should be the DHCP server. If it is not have a look at the following document explaining how to move the DHCP service from the router to the SBS.
Set up DHCP on existing SBS
See "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.
http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx

The following link explains in detail configuring networking with an SBS:
“How to configure Internet access in Windows Small Business Server 2003”
http://support.microsoft.com/kb/825763
0
 

Author Closing Comment

by:ezekiel2517
ID: 31673799
RobWill  and Beechy,

After implementing your fixes, my network issues seem to be fixed -- now RDP works without random disconnects and Jungledisk works without SSL errors. Thanks for all your detailed help.



0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 26345532
Good to hear you are up and running. Thanks ezekiel2517.
Cheers!
--Rob
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Learn about cloud computing and its benefits for small business owners.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question