server 2003 stops responding to WAN requests several times per day

davids355 used Ask the Experts™
We are running sbs 2003 acting as exchange server, DC, and file server.
It is a brand new install (which I have done many times).
On our BT bussiness hub we have ports 25 and 80 open for incoming traffic to the server.
We also have logmein installed.
Im almost certain everything is setup correctly - dns is installed on the server, dhcp is also installed and client machines have the server ip as their dns address.
Every couple of hours though, the server becomes un-contactable from outside the LAN - if I try to access OWA, it times out, if I run an online port checker it reports that no ports are responding, and if I try and access the server with logmein, it also times out.

I can however access another computer within the network via logmein, and I can then get onto the server with remote desktop.

So by process of ilimination, I gather it is not the broadband connection or the router (unless the router has an issue specific to the server).

After ten minutes or so, it all starts working again.

The only thing that stands out to me, is that we have 10 client licenses and we are hitting this limit, I wonder if the server would stop responding to WAN requests once this limit is reached? Or is there any other troubleshooting steps I can take?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Anything in the event viewer?


No, I have checked the event viewer, there are warnings in there about a printer that its trying to connect to, but nothing else. its really puzzling - we have also had a few DNS issues with the client machines - every so often they would stop connecting to the internet, so I added the router ip as secondary dns on clients and it sorted out their problem - now Im thinking it was all the same issue - when the server stopped responding, it wasnt servicing dns requests from the client machines....
I've seen the client DNS issue before a number of times. It is generally resolved by uninstalling DNS on the server and reinstalling it. It doesn't explain your WAN connection issue.

Sounds like it coudl be a process leaking memory and restarting.
Try tracking it using the Task Manager - right click on the Task Bar and left click on Task Manager. Click on View, Select Columns and tick Paged Pool, Non-pages Pool and Handle Count. Click OK and click on the column headers to sort in ascending of the three fields from time to time. Go with the Handles first and you should see the count rising... this may be enough to identify the process causing the problem.

How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

It is also possible that is could be the licensing but it will generally leave nasty little messages in the event viewer.
First thing first is to stop that server from being accessible over the Internet.  

Can you log on to the console of the server while it is not accessible over the LAN?  


I will try checking the processes. As far as DNS, how do you actually uninstall DNS? And what impact would this have on the system - baring in mind we are running AD, Exchange etc?

No, when it happens, I cannot access the server over the internet with remote desktop - basically ALL ports stop responding from the WAN side


what am i actually looking for, and what exactly does this info mean? I have uploaded an image of what task manager shows currently...
You're watching the Handles to see if they continue to rise and peak just beford a cut-off. There are other ways of checking this too, but the Task Manager is the most straightforward. Nothing out of control in your screenshot anyways.

By the way, have you been through all the categories in the Event Viewer?


So what do the handles represent exactly? and why is it bade that they rise, and what is this indicating exactly?

Event log:
application - lots of these:
License usage for product Windows Server is nearing the maximum number of per server licenses purchased. Consult Licensing from the Administrative Tools folder for more information.
(Type: warning)

in system:
Driver DYMO LabelWriter 400 required for printer DYMO LabelWriter 400 is unknown. Contact the administrator to install the driver before you log in again.

for various printers, not sure why these appear? Because no printers are connected directly to the server... but they are listed in the directory...?
(Type: error)

Lots of these:
Application popup: License Warning : Warning:  License usage for a product licensed in per server mode is nearing the maximum number of licenses purchased. Consult the Application event log or Licensing from the Administrative Tools folder for more information.
(Type: information)

Nothing else other than information in any other of the logs.
The License usage messages are confirming that you are running out of licenses. Looks like this could be the problem.  Can you confirm from the event viewer if these messages are appearing around the time you are losing the connection?


yes they do seem to be! <--this does seem the obvious cause doesnt it??!! We have a 5 cal license, so I am going to load that on shortly, and see if that sorts the problem!!


Can you explain the handles thing? Just out of interest??
Yep, based on those events appearing, that is the problem.

No prob on the handles. Processes allocate memory and they use handles to keep track of that memory. Sometimes, if a process loses the run of itself for whatever reason, it will continually allocate memory until it is not possible to allocate any more and then it will react in a particular way when it runs out. Some will restart and others will just sit there waiting for something that will never happen. We see that happening as a continual rise in the Handles count for that process until whatever is going to go wrong goes wrong... for example, a connection issue or server lock up or whatever.

Normally, we use a utility called poolmon to monitor the handles but Task Manager is also a convenient way of doing it but not with anything like as much detail.


oh thanks, thats interseting to know for the future.

I have now added an additional 5 licenses. I will see how things go over the next few hours and then close this off (hopefully:)) thankd for help
Hopefully, you'll never need the handles stuff but still handy to keep in mind for those rainy days (%

I had a customers server a short while ago that was spontaneously disconnecting every 70-80 minutes. Turned out that the SNMP process had gone renegade and was creating handles by the new time. Removed it and haven't looked back. It's the time lag that causes the confusion with the handle allocations because you can't be entirely sure how quickly a process is actually allocating memory. Watching the handles count has a calming effect and it sure can help (c:


hmm not so good. problem is still occuring - even after I have added these new licenses....
SMS licensing is pretty strict where 2003 standard is not. It will enforce the CAL count.

Anything in the event viewer for the last disconnect?


as soon as it will let me back on I will check! (working remotely)


only 6 connections to server (we have now 10 licenses).
application log:
User GANDG\Administrator from IP address 81.157.xx.xx ended a Remote Control session.
User GANDG\Administrator has logged out from IP address 81.157.xx.xx.
security nothing.
system nothing
directory service nothing
dns nothing
file rep service nothing
internet explorer nothing

Im wondering if its the router rather than the server?? Seems strange that when this happens, it appears to be still accessible from clients - when its offline, I can logmein to a client PC and then get onto the server via remote desktop...
Your license count is fine now anyways and no licensing issues. Not convinced that it's the router as you can still get to the client PC.

What software is installed on the server and is it only ports 25 and 80 that you are allowing connections to?


allowing con to ports 25,80,3389

I have had some time to troubleshoot tonight:
when the problem happened, I logged in to client pc with logmein (successful).

Then I ran "telnet servername 25" from cmd (Client PC) and also ran it remotely (but using the FQDN -

I could successfully telnet in locally, but not from remotely - this suggests to me that its either some sort of internet service failing on the server, or the router is not communicating with the server (bare in mind we have a patch panel which would explain why we still have local connectivity to the server).

I have also tried to access the internet from the server (while the problem is occuring - going through client PC then RD to server) and it cannot access internet!! I also tryed nslookup - changed the server to the router address, then tried looking up an internet address - and it was timing out, so the router is not responding to the server!

Only other thing this makes me think of that struck me as a possible cause is that the BT routers are strange in that when a PC (IE the server) has a static IP, bt routers dont always pick them up in their LAN Client list - Im wondering if the issue could revolve around that in some way?

Anyway, unless you have any ideas, I think I will have to swap the router, and see if that helps...???


sorry left this open for so long, forgot about it.  I changed the BT router to a tp link one and it sorted out the problem! Thanks for all the help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial