Solved

Internet connection speed intermitent.

Posted on 2010-09-22
22
853 Views
Last Modified: 2012-05-10
Greetings,

I browse from a LAN made up of 80 workstations and have a very capable internet connection but from some days ago, I am experiencing enormous delays to download/upload files for some reason.

My connection config is as follows:

ISA Server (web proxy, gfi webmonitor),edge firewall model (two NIC's, whereas one is LAN and the other the INTERNET);

In a separate computer, I have my LAN server which is the PDC as well as DNS and DHCP "patron";
No client makes a direct connection to 'outside'.

I have connected directly to my router to see whether the problem was from my ISP but the connection speed seemed normal and could even download big files without delays. For e.g. a 65Mb file, connecting directly was downloaded at 250Kb/s, while repeating the procedure passing through the normal configs. it could not go higher than 4Kb/s!!!

I have included snapshots of my ISA firewall policies in case I have my orders wrong.

Best regards.








 First Image Second Image
0
Comment
Question by:kemitHamite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 5
  • 3
  • +1
22 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 33736825
How many hosts have this problem?  All of them?  Just some of them?

Have you rebooted all the switches and routers?  I would do that.

Then, if it still persists:

What happens if you insert a switch at the internet server LAN side and plug in a laptop there?  

I suspect a speed conflict or a physical problem or a device that has "lost its mind" needing reboot.
0
 

Expert Comment

by:nickciu10
ID: 33737503
Depending on what type of switches you own you may also be able to use a NetFlow Analyzer. This will help pinpoint the bandwidth  issue.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33739018
i use cnet switches. Will try the reboot procedure in its entirety(i only rebooted the server actually).i already  did try connecting to a switch which is directly connected to the internet LAN. i assume there is nothing wrong with the isa rules right???
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Comment

by:kemitHamite
ID: 33739088
i use cnet switches. Will try the reboot procedure in its entirety(i only rebooted the server actually).i already  did try connecting to a switch which is directly connected to the internet LAN. i assume there is nothing wrong with the isa rules right???
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33741543
I tried rebooting every single switch, the router as well as my servers, the issue pervails. It is a strange situation.
I will break it down to make things easier to analyse. The way the browser behaves to download attempts is as if it was negotiating the download attempt by having to go through a validation period (it can sometimes take up to 5 min before it starts downloading!!!). Normal browsing seems normal although with just a little bit of lagg too.

Please bear in mind the fact that I am also using GFI Webmonitor (ISA Server 2006 module).

Rgs
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33741660
Just some additional info, I did a speedtest from my ISA Server, a 1MB file was downloaded at 17Mbps, the same file from a workstation was downloaded at 43Kbps!!!!!!
0
 
LVL 7

Expert Comment

by:JJ2
ID: 33741974
The client PCs might be infected with malicious programs or services causing a congestion to the ISA server.

In the ISA server, try monitoring the Destination IPs below and observe if it's getting a hit:

204.152.184.92
204.152.184.139

If yes, those Client PCs registry should be modified by removing the malicious services entries. Must run a good antivirus product.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33742253
@JJ2,

I simulated a connection to both addresses you provided, the connections went through though It could not resolve both IP's. Tried pinging them either and there were positive responses from both.

What are the services that should be removed from the registry? Any Idea of what malware it could be?

Rgs
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 33744815
"already  did try connecting to a switch which is directly connected to the internet LAN. "

I'm being picky here and you may have done exactly this .. but there's a purpose.  
The intended suggestion was to do this:
Introduce a new, simple switch between the *internet server* and its LAN connection.  
[i.e. not just to any switch on the LAN - which is how one might read your response].
Then, connect a computer to this new switch.
The idea is to bypass all intervening switches and cables on the LAN and get a test as close to the server/gateway as possible to eliminate the possibility of bad hardware on the LAN.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33745132
Hi fmarshall,

I get your point, besides connecting to a 'normal' switch, I also did connect directly to the gateway, without even passing through the server (just replicated the settings to the NIC on the 'test' computer). The browsing seemed normal.

Rgs
0
 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 50 total points
ID: 33745459
But the Server is a key in your questioning isn't it?  So, I would definitely connect a computer right up to it (thus the switch) on the LAN side and see if the performance running more or less directly through the server is different than the poor performance you're generally seeing on the LAN otherwise.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33746001
Okay,

I get your point. Will try it right away and get back to you.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33754970
@fmarshall,

I tried your suggestion, the problem prevails even though I used a separate switch where only my laptop and the DC were connected to.

Any ideas?

Rgs
0
 
LVL 7

Assisted Solution

by:JJ2
JJ2 earned 50 total points
ID: 33759310
While monitoring, did the logs shows that several client PCs are connecting continuously to the destinaion IP Addresses ( 204.152.184.92, 204.152.184.139)?
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 50 total points
ID: 33761069
Problem solving is often a matter of elimination.  So now it appears you've eliminated a number of cables and switches as possible sources of trouble.  And, one hopes, suggestions that target those elements.  The focus can now be on other things.

Here's another experiment:
Temporarily replace the DC with a simple router with NAT.  Does the behavior persist?
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33764373
@fmarshall,

I completely agree with the 'rule of elimination', will try the last suggestion and come back with news tomorrow.

@JJ2,

I ran a simulation through ISA's 'troubleshoot' plugin, and did it by using a single IP to both IP's you provided. How would I do it in a way that could show me how many hosts are attempting a connection to such IP's?

Rgs
0
 
LVL 7

Assisted Solution

by:JJ2
JJ2 earned 50 total points
ID: 33767093
In the ISA server:

Monitoring
Logging
Edit Filter
Filter by>Destination IP
Condition>Equals
Value> 204.152.184.139
Start Query

If there's a hit, it will show the details and you will see the infected clients in the Client IP Tab.
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33768895
@JJ2

I ran the log on the IP's you provided, there was no hit from neither of the IPs. I can ping them though.
0
 
LVL 1

Assisted Solution

by:kemitHamite
kemitHamite earned 0 total points
ID: 33805148
After a thorough analysis, I reached the conclusion that the 'abnormalities' I reported were caused by the GFI Webmonitor (ISA Server Edition) I have configured on my firewall. As soon as I added the various content types to the list of allowed mime types, everything seemed normal.

I thank everyone who took their time in order to help me find a solution.

Best regards
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 33808835
It seems to me that the process of elimination worked!
0
 
LVL 1

Author Comment

by:kemitHamite
ID: 33810245
Agreed, though, as I pointed out, it served as a guideline but did not exactly say what the problem was. In the line of, for eg. the sum of two numbers adds up to 80, find the solution... A pretty simple analogy but hopefully you get my point. The fact that I looked for help from here can also be considered as a process of elimination, doesn't it?

Rgs
"Aut Caesar, Aut Nihill"
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question