Sporadic Time Outs While Pinging

This is a puzzling issue I am hoping someone can help with in terms of what to look at for a resolution.

In the last few months, there have been a couple of connectivity issues regarding some of our computers on our office network.
The first incident involved a Dell e6400 laptop running Vista Enterprise that started loosing connectivity with network resources. The IP Address was dynamically assigned through our own DHCP server. Ping -t showed sporadic time outs while communicating with internal network resources and external IP addresses. The issue occurred regardless of ping by name or number.
I can't recall any changes made to the computer that would have caused the issue, but as soon as I assigned it a static IP address outside of our pool range, the problem cleared up and hasn't re-occurred since then.

The second incident just started occurring with a new server 2008 R2 box that had an IP address statically assigned. I have had the box up and running for several weeks without any apparent issues until a few days ago, when the same thing began to occur.
I first noticed an issue when attempting to Remote Desktop to the server while using a VPN connection to the office, and couldn't connect to the box. I was able to connect to an identical server that was configured and set up at the same time as the problem server. I used RD on that server to log into the problem server.
Performing the ping test, the same sporadic time outs would occur, but this time, only when attempting to communicate with the router/gateway address and anything external to the network. There were no time outs when pinging internal machines.
Upon returning to the office on Monday, I continued testing and has no issues with internal connections to the server, but the sporadic times outs continued to the gateway and externally. The identical server still showed no issues, and the response times matched for both servers reaching the same external resource.
Like the laptop, the problem went away as soon as I assigned a different IP address to the server. However, when I assigned the old IP address to the server that didn't have an issue, the problem began occuring on that server as well.
I checked our DNS records, and there are no mis-matched nor duplicate records for either the problem IP address nor for the server name.

Any clues on why this kind of issue is occurring would be greatly appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DNS isn't the place to look... if it found the destination, it found it. DNS is out of the equation at that point.

Now that you know the symptom, it's time to look for the cause. PING fails just means something is wrong. You need to liik under the hood.

You need to use some sort of a sniffer/protocol analyzer. You can use anything from Wireshark to netcap.exe. If you use netcap, you'll still need something to read the cap file, so it's preference/experience with product you'll use to find the tool to use.

If you have never learned to read a trace, this isn't where to try to teach yourself. Find someone who can read them.

Tou're looking for retransmits, ot other errors that may indicate the problem, and you will want to confine the trace, or at least the display filter to one macine being tested and the target.

Test on the same segment. Don't try to trace through a switch.

Do the normal stuff - check net card settings (duplex, speed, flow, etc), and make sure they are correct and the same as on a working machine.

The answer will likely be in the trace.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
That looks like a rogue dhcp server is in the house.
To validate it is or not, you may stop the scope on the authorized server and try to renew the lease from a PC. If you get an address, there is a rogue and we need to find it.

I think that worth a try.
Easily tested if ipconfig has an out of whack IP address at the time the pings stop working.

However, machines aren't likely to all ask for a new IP address at the same time, and DHCP rules is that the machine will go to the original server that handed them the address at 50% of lease time and ask to retain the current address.

He also said, "However, when I assigned the old IP address to the server that didn't have an issue, the problem began occuring on that server as well.", and a static IP address won't be affected by DHCP, rogue or otherwise.

Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Just for the sake of discussion :

A static ip may be affected if the rogue dhcp is assigning that same address to a pc asking for one...
I have seen that with a user bring his home wireless router at work.

It was just an idea...
True, but one or both would sayt "duplicate IP address on the network". Not impossible, but in either case, a trace would show it.
jamesbergjrAuthor Commented:
Thanks for the suggestions thus far. I will look into the packet tracing to see what may be going on with the transmission.

For an update on the issue at this point. On 4/26, I assigned the .13 IP address to a virtual machine to do further investigation, and that machine had no issues with communication internally nor externally. I then re-assigned the address to the original server, and thus far have not yet encountered the problem on that machine either.

We are not using one of the private IP blocks internally, so if it was a rougue DHCP, it would have to be configured to be handing out our specific IP address block. I have no indication of such an issue at this point, but if that information provides any extra insight, let me know.
jamesbergjrAuthor Commented:
So far, no further incident since my last posting. We are working with WireShark to see if there are other issues that could have lead to the problem, and to be able to gather more information should it occur in the future.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.