Windows 7 (64 bit) loses internet connection periodically

Hello,
We have recently added a Windows 7 64 bit machine to our network.  Periodically the machine loses its internet connection as well as any external db connections.  When this happens the machine still says it is connected to the network with "Internet access".  Also, I am still able to RDC to other machines in the network when this happens.  

Any help or suggestions is appreciated.
Thanks.
shepp_itAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
BitsBytesandMoreConnect With a Mentor Commented:
Personally, I feel that both Tribus and I gave him very good advise and stuck with him at every step along the thread to guide him on how to eliminate and test the basics leading toward eliminating most if not all variables.... Tribus suggested check DNS, I suggested analyze the packets, Tribus advised check the modem/routers, I specifically told him remove the McAfee device, later I pointed out he was getting duplicate IP addresses and told him which MAC addresses he needed to identify since these MAC addresses belonged to the devices that were creating the problem.
It seems ungrateful to just close the question and totally ignore all the good troubleshooting advise and support offered toward narrowing down the problem and outright unacceptable to take credit for removing the device which was specifically pointed out as the culprit both by MAC address and by brand name.
In my opinion, all that was needed to finally and cleanly resolve this issue, was not to remove it permanently after it was identified as the troublemaker, but to assign a static IP address out of the range of the DHCP server to the McAfee device (usually the norm and good practice is to assign a static IP to this kind of device in the first place).
After so much effort it is really disappointing to see the asker post  "...I fixed it. Thanks everyone for your help..." and not assign points. Sometimes I wonder if the askers realize that we are not "Staff" who get paid to deal with questions from users and something he is entitled to. We are just helping out of the goodness of our hearts because it's fun, because we get cool T-Shirts and because we get Points...
Bits ...
0
 
TribusCommented:
Sounds like perhaps a DNS issue...

Try manually setting your DNS to the main domain controller or the router on the network.

Just pulling at straws on this one, checking the basics first.
0
 
themrrobertCommented:
Try setting your dns to 4.2.2.2 its an att dns server thats virtually always up
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
TheBDPSr. Sys EngineerCommented:
Anything in the event log?
0
 
BitsBytesandMoreCommented:
Sounds like you need to cleanup your TCP/IP.... it does get corrupt.
From the command prompt (as administrator) type:
netsh winsock reset
It will want to reboot your computer. Allow it. Test.
Let me know if it helped.
Bits ....                        
0
 
shepp_itAuthor Commented:
I don't see anything unusual in the Event Viewer.  I also tried: netsh winsock reset, but the problem still remains...
0
 
shepp_itAuthor Commented:
I should also note that when I lose the connection it comes back on its own after a few minutes.  Also when I connect outside of the network everything works fine.
0
 
BitsBytesandMoreCommented:
My thoughts on this is that you would need to monitor the network traffic to know exactly what is happening when you lose the connection and when it comes back.
Have you heard of WireShark? Take a look at the introduction video and free download. It is considered the top app for this http://www.wireshark.org/
Bits ...
0
 
sfossupportCommented:
Are you running symantec endpoint protection. I had a similar issue and uninstalled symantec endpoint protection resolved the problem. Installed diferent av program and good to go
  Good luck
0
 
shepp_itAuthor Commented:
Not running symantec endpoint protection.
0
 
BitsBytesandMoreCommented:
The fact that you state that the problem is not present when "...when I connect outside of the network everything works fine..." points me to the problem being a traffic issue.
It could be that your DHCP is assigning the same IP address to another computer... a conflict occurs and you lose connectivity temporarily and a few minutes later it regains connectivity with a new IP address... monitor if the IP address changes when the problem happens. If this is the case, restarting the DHCP server (router if this is the case) may solve it.
How many computers are on the network?
Bits ...
 
0
 
shepp_itAuthor Commented:
IP address stays the same.  No other computer has the same IP address.  I have also tried using a static IP but the same thing happens.  There are approx. 30 computers on the network.

Another thing I just discovered.  If I right click on the Local Area Connection, when I have lost my internet connection, and click "Diagnose" the connection is restored even though the message says "Troubleshooting couldn't identify the problem".  And conversely if I click on "Diagnose" when I have a connection, I then lose my connection.
0
 
BitsBytesandMoreCommented:
What kind of Virus/Malware/Firewall software are you using? Did you take a look at Wireshark?
Bits ...
0
 
shepp_itAuthor Commented:
Using Windows FIrewall, and McAfee Viruscan.  No I haven't used Wireshark yet.  Do I just run it on the local machine?
0
 
TribusCommented:
Almost starting to sound like a intermittent problem with the interface card...
0
 
BitsBytesandMoreCommented:
Well ... yes ... but you need to know how to use it and have an idea of what you are looking for. Did you see the tutorial videos on the link I posted above?
A network analyzer is a great tool but it's like flying an airplane...unless you know how to fly it, it's useless.
Try the following:
WindowsKey-R
Type: msconfig
Go to the "Services" tab and hide all Microsoft services and disable all the remaining.
Go to the "Startup" tab and disable all startup items. Reboot.
After the boot a screen will advise you that you disabled...etc... Click on "Don't warn me again" (I don't remember the exact wording but you get the idea.
Test ... If you don't lose the connectivity anymore you know the problem is either one of the services or one of the startup items.
You will then need to re-enable the services by groups: first half of them... reboot and test. If the problem is back then you know it is one of the services you just enabled... if it is not back then you know it might be in the remaining half so you enable half of the remaining half and so forth. The same for the startup items.
Bits ...
0
 
BitsBytesandMoreCommented:
Tribus.... maybe... but he never loses connection to the local network, only to the internet.
Bits ...
0
 
TribusCommented:
Yeah I thought that too at first, but thought it was worth mentioning...
0
 
BitsBytesandMoreCommented:
Also ... it works fine when he connects elsewhere and is not on the office network.
Bits...
0
 
TribusCommented:
I am going to have to say maybe it's the router/switch then inside the company network.  Either DNS is having an issue or something maybe with a switch port....?

Have you tried rebooting the switch/router?  Moved your cable to a different port?  Maybe a bad cable?
0
 
shepp_itAuthor Commented:
Well I have disabled all non-microsoft services as well as all items in the startup tab and still the problem exists.  I am also starting to think the problem might be with the switch.  Maybe try rebooting it after business hours today.
0
 
BitsBytesandMoreCommented:
I was under the impression that you had already done this when I advised you above to do it in my CommentID: 29109274 ? This will most likely help.
Bits ...
0
 
shepp_itAuthor Commented:
One more thing to add, I just set up another Windows 7 machine but this one is 32 bit and so far there are no connection issues.
0
 
TribusCommented:
Try this:

Open up your "Device Manager", Right Click "Computer" and select "Properties".
On the left side you will see "Device Manager" in the column, click it.
Go to "Network Adapters" and click the "+" symbol.
Right Click the Wireless NIC and select "Uninstall", but keep the drivers (Watch for a check box about this).
Go to the top and click the "Action" menu selection near he top of the screen and select "Scan for Hardware Changes".
Your Wireless NIC will then be re-installed.

Connect to the network and test.  Make sure you have rebooted your router and broadband modem if necessary as well.
0
 
shepp_itAuthor Commented:
It is actually a wired connection.  The problem is 90% solved.  I reinstalled windows and removed all the Dell pre-installed software.  Now I only lose connection when I boot the machine or when it goes to sleep then comes back on.
0
 
shepp_itAuthor Commented:
Hi,

I ran wireshark and pinged google and waited for the connection to drop.
Connection got lost and the first warning and error messages I got are as following:

No.     Time        Source                Destination           Protocol Info
   8898 672.615351  D-Link_c4:a4:69       Broadcast             ARP      Who has 172.24.24.121?  Tell 172.24.24.1 (duplicate use of 172.24.24.1 detected!)

Frame 8898 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_c4:a4:69 (00:0d:88:c4:a4:69), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
[Duplicate IP address detected for 172.24.24.1 (00:0d:88:c4:a4:69) - also in use by 00:15:c5:e1:b8:c0 (frame 8891)]
    [Frame showing earlier use of IP address: 8891]
        [Expert Info (Warn/Sequence): Duplicate IP address configured (172.24.24.1)]
            [Message: Duplicate IP address configured (172.24.24.1)]
            [Severity level: Warn]
            [Group: Sequence]
    [Seconds since earlier frame seen: 3]
Address Resolution Protocol (request)

No.     Time        Source                Destination           Protocol Info
   8901 672.636721  172.24.24.121         172.24.24.1           TCP      49955 > rrac [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8

Frame 8901 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Dell_e9:dc:1c (00:21:70:e9:dc:1c), Dst: D-Link_c4:a4:69 (00:0d:88:c4:a4:69)
Internet Protocol, Src: 172.24.24.121 (172.24.24.121), Dst: 172.24.24.1 (172.24.24.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 52
    Identification: 0x5f78 (24440)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x0000 [incorrect, should be 0x12a1]
        [Good: False]
        [Bad : True]
            [Expert Info (Error/Checksum): Bad checksum]
                [Message: Bad checksum]
                [Severity level: Error]
                [Group: Checksum]
    Source: 172.24.24.121 (172.24.24.121)
    Destination: 172.24.24.1 (172.24.24.1)
Transmission Control Protocol, Src Port: 49955 (49955), Dst Port: rrac (5678), Seq: 0, Len: 0


172.24.24.1 is our switch. Can you help me understand what these frames are telling me?
0
 
shepp_itAuthor Commented:
I also noticed there are bunch of errors even before I lose the connection.
They are error from Internet Protocol, where it's showing src (my ip address), dst (one of our server) and "header checksum: 0x0000[incorrect, should be (another location)] "

I ran the wireshark on the other computer but there are no errors.
0
 
shepp_itAuthor Commented:
172.24.24.1 is actually not the switch. it is mcafee scm appliance. maybe mcafee causes issue with windows 7??
0
 
BitsBytesandMoreCommented:
McAfee is always a problem maker... can you take it out of the equation for testing purposes?
Bits ...
0
 
BitsBytesandMoreCommented:
Did you notice that you are getting duplicate IP address errors for 172.24.24.1 ?
0
 
BitsBytesandMoreCommented:
You need to figure which of these machines are using these MAC addresses:
Device/Computer 1:       00:0d:88:c4:a4:69
Device/Computer 2:       00:15:c5:e1:b8:c0  
The problem is with one of them. The above are the ones that are conflicting and getting the same IP address. Are you using static IP's or dynamic (DHCP)?
 
Bits ....
0
 
shepp_itAuthor Commented:
we are using dhcp for clients computers and static for servers.
I tried arp -a 172.24.24.1 and it gives me 00:15:c5:e1:b8:c0. I don't know what has 00:0d:88:c4:a4:69...
0
 
BitsBytesandMoreCommented:
The problem is without any doubt with that last MAC address as per your post above. Maybe a DHCP range misconfigured or a laptop user decided to assign a static IP.. Could even be a network printer or someone stealing your WiFi signal...

I would start by getting McAfee out of the variables.
Bits...
0
 
shepp_itAuthor Commented:
Hi I found something interesting. i did nslookup for 172.24.24.1, and it shows me "pixfirewall". I'm not too sure why, because we do have firewall in different ip address.

Anyway, let's forget about mcafee for one second. We have 4 windows server under the firewall. I ran arp -a 172.24.24.1 on each of them. For three of them, it gave me 00:15:c5:e1:b8:c0. And the other one gave me 00:0d:88:c4:a4:69. I'm wondering if both MAC address is coming from one device that has multiple network adapter and the one that shows 00:15:c5:e1:b8:c0 did not set up properly... That one is the most recently built server (64bit windows 2008) and we may have done it incorrectly, but why it doesn't cause a problem with xp machines we have...?

If you have any idea what is going on please let me know.. thanks for your help
0
 
shepp_itAuthor Commented:
I just wanted to update this thread with our solution.  We were using a McAfee SCM Appliance for SPAM filtering.  When we got rid of this appliance the problem went away.  Thanks everyone for your help.
0
 
BitsBytesandMoreCommented:
I did tell you to get McAfee out of the variables in my CommentID: 30242191...  I'm glad to hear you solved it.
0
 
TribusCommented:
Good post Bits, agreed.
0
 
jazzIIIloveCommented:
it seems mcafee is the cumbersome here, also I suggest releasing arp with arp -d.
0
All Courses

From novice to tech pro — start learning today.