bdhtechnology
asked on
strange network problem
I have a problem with one of my clients using a specific program. He continues to get 'network errors' using a specific program, Lexis Nexis PCLaw. We have spoken to PCLaw's tech support and they are sure it is a network problem, though none of the other 11 computers on the network seem to have any problems.
The problem is PCLaw keeps locking up with an error similar to:
"sysciocod error. S:\ACG\PCLAW32/Data/DynDat a/MattInf Program Line 1427"
Once the error pops up the program freezes and has to be closed with the task manager.
PCLaw’s tech support state that it is a read error on the files (MattInf.idx & MattInf.dat) caused by ‘a disconnect of the network to your new computer system’.
We have replaced the network cable from the PC to the switch to no avail.
The computer is a new Windows 7 Pro 64-bit workstation and the server is running Windows 2008 Small Business Server 64-bit edition. Several other computers are running Windows 7 Pro 64-bit without any issues at all.
Any ideas on what to try next?
The problem is PCLaw keeps locking up with an error similar to:
"sysciocod error. S:\ACG\PCLAW32/Data/DynDat
Once the error pops up the program freezes and has to be closed with the task manager.
PCLaw’s tech support state that it is a read error on the files (MattInf.idx & MattInf.dat) caused by ‘a disconnect of the network to your new computer system’.
We have replaced the network cable from the PC to the switch to no avail.
The computer is a new Windows 7 Pro 64-bit workstation and the server is running Windows 2008 Small Business Server 64-bit edition. Several other computers are running Windows 7 Pro 64-bit without any issues at all.
Any ideas on what to try next?
ASKER
There isn't a Parameters key under HKEY_LOCAL_MACHINE\System\ CurrentCon trolSet\Se rvices\MRX Smb\
Should I created one with a DWORD value 'OplocksDisabled' set to 1 under it?
Should I created one with a DWORD value 'OplocksDisabled' set to 1 under it?
Bad port on the switch? Try moving it to another port.
I have found that tech support for most Law specific programs will blame the network and server until they're blue in face, so take what they say with a grain of salt.
I have found that tech support for most Law specific programs will blame the network and server until they're blue in face, so take what they say with a grain of salt.
This seems to be correct for Vista.....
He added this key:
HKEY_LOCAL_MACHINE\System\ CurrentCon trolSet\Se rvices\MRX Smb\Parame ters\
OplocksDisabled REG_DWORD 0
The following key on the sever (0 Disabled, 1 enabled)
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Lan manServer\ Parameters
EnableOplocks REG_DWORD 1
The keys are described in more detail at http://support.microsoft.com/kb/296264.
I'm not sure about Windows 7. You could try to disable it on the server as a test.
http://blogs.msdn.com/b/openspecification/archive/2009/05/22/client-caching-features-oplock-vs-lease.aspx
He added this key:
HKEY_LOCAL_MACHINE\System\
OplocksDisabled REG_DWORD 0
The following key on the sever (0 Disabled, 1 enabled)
HKEY_LOCAL_MACHINE\SYSTEM\
EnableOplocks REG_DWORD 1
The keys are described in more detail at http://support.microsoft.com/kb/296264.
I'm not sure about Windows 7. You could try to disable it on the server as a test.
http://blogs.msdn.com/b/openspecification/archive/2009/05/22/client-caching-features-oplock-vs-lease.aspx
As washburnma noted I would try a different port. If that fixes the issue you have a bad port on the switch and I would place an empty RJ45 connector in the bad port so you don't use it again.
If that does not work upgrade the drivers for the network card.
Some more information could also be of help.
What type of network card and what type of switch is it? (Make, Model and Revision if present)
Is the switch manageable via an IP address or comm cable?
If the switch is manageable and the driver upgrade does not work I would go to the switch and see if you can monitor the statistics on the port that is giving you trouble.
If that does not work upgrade the drivers for the network card.
Some more information could also be of help.
What type of network card and what type of switch is it? (Make, Model and Revision if present)
Is the switch manageable via an IP address or comm cable?
If the switch is manageable and the driver upgrade does not work I would go to the switch and see if you can monitor the statistics on the port that is giving you trouble.
I am assuming that you have tried the suggestions here:
http://support.lexisnexis.com/pclaw9/record.asp?ArticleID=6199&ALid=pcl9techsupport_error
http://support.lexisnexis.com/pclaw9/record.asp?ArticleID=6199&ALid=pcl9techsupport_error
ASKER
@eli_cook & @washburnma:
We have tried changing the network switch port of both the server and the workstation. We have even replaced the entire network cable running from the switch to the workstation.
The switch is a Linksys 24 port unmanaged switch.
The network card of the workstation is integrated into the motherboard. It is a MSI X58 Pro-E motherboard.
@nlandas:
For now I have disabled the Oplocks on the server by setting:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Lan manServer\ Parameters \
EnableOplocks to 0
The information for disabling it on the workstation seemed somewhat ambiguous so I have not tried that as of yet.
@giltjr:
Yes we have tried running the "Verify Data Integrity" tool many times and it doesn't seem to help.
We have tried changing the network switch port of both the server and the workstation. We have even replaced the entire network cable running from the switch to the workstation.
The switch is a Linksys 24 port unmanaged switch.
The network card of the workstation is integrated into the motherboard. It is a MSI X58 Pro-E motherboard.
@nlandas:
For now I have disabled the Oplocks on the server by setting:
HKEY_LOCAL_MACHINE\SYSTEM\
EnableOplocks to 0
The information for disabling it on the workstation seemed somewhat ambiguous so I have not tried that as of yet.
@giltjr:
Yes we have tried running the "Verify Data Integrity" tool many times and it doesn't seem to help.
Is the problem easily re-creatable?
If so, I would try running a packet capture (I suggest wireshark, http://www.wireshark.org) on the desktop that is having the problems and see what it shows.
If so, I would try running a packet capture (I suggest wireshark, http://www.wireshark.org) on the desktop that is having the problems and see what it shows.
ASKER
It happens quite frequently. The problem is that it works for several hours but if it stays open it will fail at some point, not necessarily while it's being used. The problem is on a data entry screen. The client goes to enter information and will come back to it through the day and add additional information. When he goes to add new information or save is when the error seems to occur.
Forgive me but I am not familiar with wireshark or it's operation. I took a look at earlier but stopped not knowing exactly how to interpret the information it captured.
Forgive me but I am not familiar with wireshark or it's operation. I took a look at earlier but stopped not knowing exactly how to interpret the information it captured.
Ah, you know I just noticed that the file that had the problem is the "S" drive. Which I am going to assume is a mapped share.
Next time it happens you may want to go to a command prompt and issue the command:
net use
I'm wondering if for some reason the share is getting disconnected and not getting re-connected fast enough.
Are there any errors/messages in any of the event logs on the users computer?
Can they ping the server that the share is mounted on?
Now you mention 11 computers. Is the server that the share is on a real Windows Server OS? Or is it a desktop OS?
If a real server, do you have enough licenses?
If a desktop OS, that could be your problem. MS Windows desktop OSs are limited to 10 clients concurrent connected.
Next time it happens you may want to go to a command prompt and issue the command:
net use
I'm wondering if for some reason the share is getting disconnected and not getting re-connected fast enough.
Are there any errors/messages in any of the event logs on the users computer?
Can they ping the server that the share is mounted on?
Now you mention 11 computers. Is the server that the share is on a real Windows Server OS? Or is it a desktop OS?
If a real server, do you have enough licenses?
If a desktop OS, that could be your problem. MS Windows desktop OSs are limited to 10 clients concurrent connected.
I think qiltjr is on to something. It could be the share disconnecting.
Can you give us details on the server - OS version, patch level.
If it's a real server and it is disconnecting then check the autotuning settings on the workstation end.
Open up an elevated command prompt. (Open it as an Administrator by right clicking on the icon)
Start by disabling it and see if that fixes the problem -
netsh interface tcp set global autotuninglevel=disabled
If you find that this doesn’t fix your problem, you can turn it back on.
netsh interface tcp set global autotuninglevel=normal
You can use this command to see the state of the TCP global paremeters.
netsh interface tcp show global
If it does fix the problem and you want to not completely disable autotuning you can set it to
netsh interface tcp set global autotuninglevel=higlyrestr icted
and see if it still works.
Can you give us details on the server - OS version, patch level.
If it's a real server and it is disconnecting then check the autotuning settings on the workstation end.
Open up an elevated command prompt. (Open it as an Administrator by right clicking on the icon)
Start by disabling it and see if that fixes the problem -
netsh interface tcp set global autotuninglevel=disabled
If you find that this doesn’t fix your problem, you can turn it back on.
netsh interface tcp set global autotuninglevel=normal
You can use this command to see the state of the TCP global paremeters.
netsh interface tcp show global
If it does fix the problem and you want to not completely disable autotuning you can set it to
netsh interface tcp set global autotuninglevel=higlyrestr
and see if it still works.
ASKER
It is Windows Small Business Server 2008 so it is a real server OS and the licensing is not the issue.
Ping seems to work ok. I haven't checked the event logs, I'll give that a shot if it continues to happen.
Ping seems to work ok. I haven't checked the event logs, I'll give that a shot if it continues to happen.
A few stabs off the top of my head
Get the latest NIC driver
Set your NIC to not go to sleep under driver properties.
Is this an embedded Realtek NIC? Try an Intel.
Run a ping -t (to the server ip) and monitor it while in use. When the problem occurs are there any dropped pings.
Patch the OS fully.
Disable any workstation virus software(temporarily)
Anything else running on this machine that isn't on the others? Malware apps Adaware, etc. Disable them.
Get the latest NIC driver
Set your NIC to not go to sleep under driver properties.
Is this an embedded Realtek NIC? Try an Intel.
Run a ping -t (to the server ip) and monitor it while in use. When the problem occurs are there any dropped pings.
Patch the OS fully.
Disable any workstation virus software(temporarily)
Anything else running on this machine that isn't on the others? Malware apps Adaware, etc. Disable them.
I also think that _ may be on the right track, after checking the licensing with Small Business Server 2008 it comes with 5 cals and licensing may be the reason the drive is becoming disconnected. The Microsoft link below details the licensing for Small Business Server
http://www.microsoft.com/sbs/en/us/licensing.aspx
You may need to purchase additional cals for your network if licensing is the issue.
http://www.microsoft.com/sbs/en/us/licensing.aspx
You may need to purchase additional cals for your network if licensing is the issue.
ASKER
It comes with 5 CALS however in all version of server 2008 the licensing is not enforced it is only a legal requirement. There is no technical mechanism for CAL tracking or enforcement in SBS 2008.
Okay licensing aside, Did you find anything in the event logs?
ASKER
Sorry for the delay I had to wait for it to happen again and for the client to let me know about it. It happened at 8:23 pm this evening and at 7:43 pm in the event log is the following warning:
Event ID: 4227
Source: tcpip
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
The warning seems to have occurred several times through the day without his program crashing though.
Event ID: 4227
Source: tcpip
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
The warning seems to have occurred several times through the day without his program crashing though.
O.K., There are two registry keys you can change to help prevent this. Neither exist to start with and use a default value and both are under:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Tcp ip\Paramet ers
The first is TcpTimedWaitDelay, this is a DWORD value. The default is decmial 120 seconds and you can set to as low as 30. I would change it to 30.
The second is MaxUserPorts. This is also a DWORD value and the default is 5000, I would increase this to 10,000.
TcpTimedWaitDelay is how long a TCP connection will stay in close way. TCP will wait 2 times this value, so at 120 seconds it will wait for 4 minutes before actually closing a connection. Lowering this value to 30 mean it will wait for 1 minute. If you specify a value lower than 30, it will use 60.
MaxUserPorts is the maxumun number of TCP/UDP ports that will be used for establishing outbound connection. The default is 5000, but port 1-1023 are reserved and so this leaves you with about 4000 ports you can use.
With both of the above set to their defaults if you open/close a lot of TCP connections, you could easily run out of ports in a 4 minute period. By lowering TcpTimeWaitDelay and increasing MaxUserPorts you should prevent this problem.
This needs to be done on the desktop, although setting TcpTimedWaitDelay down to 30 on the server would not be a bad idea either.
HKEY_LOCAL_MACHINE\SYSTEM\
The first is TcpTimedWaitDelay, this is a DWORD value. The default is decmial 120 seconds and you can set to as low as 30. I would change it to 30.
The second is MaxUserPorts. This is also a DWORD value and the default is 5000, I would increase this to 10,000.
TcpTimedWaitDelay is how long a TCP connection will stay in close way. TCP will wait 2 times this value, so at 120 seconds it will wait for 4 minutes before actually closing a connection. Lowering this value to 30 mean it will wait for 1 minute. If you specify a value lower than 30, it will use 60.
MaxUserPorts is the maxumun number of TCP/UDP ports that will be used for establishing outbound connection. The default is 5000, but port 1-1023 are reserved and so this leaves you with about 4000 ports you can use.
With both of the above set to their defaults if you open/close a lot of TCP connections, you could easily run out of ports in a 4 minute period. By lowering TcpTimeWaitDelay and increasing MaxUserPorts you should prevent this problem.
This needs to be done on the desktop, although setting TcpTimedWaitDelay down to 30 on the server would not be a bad idea either.
What do you get if your run a netstat on the machine? It seems strange that you would be running out of ports if the computer is not being used. I would suspect that it may have some spyware or the TCP connections are not getting properly closed.
If you run the following command it will save a file to the root of the C drive so you can view it in a text editor. netstat -b > c:\netstat.txt
If you want a gui you could also try tcpview from the systernals suite.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
I would run this while you have no programs running then run it again once you are running the Lexis Nexus software. If you want you can also post up the files here so they can reviewed. Then compare the files to see what kind of connections are being made and how many. I have never seen a network application like PC Law or Time Matters use all of the available connections (ports) on a computer.
If it is spyware if you change the above registry values it may consume more resources and ports on the computer and network.
If you run the following command it will save a file to the root of the C drive so you can view it in a text editor. netstat -b > c:\netstat.txt
If you want a gui you could also try tcpview from the systernals suite.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
I would run this while you have no programs running then run it again once you are running the Lexis Nexus software. If you want you can also post up the files here so they can reviewed. Then compare the files to see what kind of connections are being made and how many. I have never seen a network application like PC Law or Time Matters use all of the available connections (ports) on a computer.
If it is spyware if you change the above registry values it may consume more resources and ports on the computer and network.
ASKER
I have been waiting to hear back on the last change if he is still having problems or not. I will run netstat on the machine and see what the results are. It would seem odd to me if there were more than 5000 ports being used...
ASKER
Results of netstat -b with normal programs open. It doesn't look like a whole lot...
Active Connections
Proto Local Address Foreign Address State
TCP 10.0.0.156:49181 app01-12:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:49205 XXserverXX:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:49211 www:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:49212 174:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:49214 174:http ESTABLISHED
[Dropbox.exe]
TCP 10.0.0.156:49234 75:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:50014 XXserverXX:42987 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:50017 XXserverXX:42987 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:50018 XXserverXX:42987 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:50021 XXserverXX:1029 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:51503 cdn-208-111-161-254:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:51670 app01-12:https TIME_WAIT
TCP 10.0.0.156:51674 app01-12:https TIME_WAIT
TCP 10.0.0.156:51675 app01-12:https TIME_WAIT
TCP 10.0.0.156:51677 app01-12:https TIME_WAIT
TCP 10.0.0.156:51678 app01-12:https TIME_WAIT
TCP 10.0.0.156:51688 app01-12:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:51692 XXserverXX:1029 TIME_WAIT
TCP 10.0.0.156:51694 65.55.57.251:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:51695 a204-245-162-58:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:51699 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51700 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51701 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51702 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51703 XXserverXX:1780 TIME_WAIT
TCP 127.0.0.1:2002 XXworkstationXX:49210 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:19872 XXworkstationXX:49213 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:49210 XXworkstationXX:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:49213 XXworkstationXX:19872 ESTABLISHED
[Dropbox.exe]
Active Connections
Proto Local Address Foreign Address State
TCP 10.0.0.156:49181 app01-12:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:49205 XXserverXX:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:49211 www:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:49212 174:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:49214 174:http ESTABLISHED
[Dropbox.exe]
TCP 10.0.0.156:49234 75:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:50014 XXserverXX:42987 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:50017 XXserverXX:42987 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:50018 XXserverXX:42987 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:50021 XXserverXX:1029 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:51503 cdn-208-111-161-254:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:51670 app01-12:https TIME_WAIT
TCP 10.0.0.156:51674 app01-12:https TIME_WAIT
TCP 10.0.0.156:51675 app01-12:https TIME_WAIT
TCP 10.0.0.156:51677 app01-12:https TIME_WAIT
TCP 10.0.0.156:51678 app01-12:https TIME_WAIT
TCP 10.0.0.156:51688 app01-12:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:51692 XXserverXX:1029 TIME_WAIT
TCP 10.0.0.156:51694 65.55.57.251:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:51695 a204-245-162-58:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:51699 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51700 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51701 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51702 XXserverXX:1780 TIME_WAIT
TCP 10.0.0.156:51703 XXserverXX:1780 TIME_WAIT
TCP 127.0.0.1:2002 XXworkstationXX:49210 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:19872 XXworkstationXX:49213 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:49210 XXworkstationXX:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:49213 XXworkstationXX:19872 ESTABLISHED
[Dropbox.exe]
It doesn't appear that there are any suspicious connections and you don't have a lot of connections in the TIME_WAIT status. Hopefully the settings that giltjr has recommended resolve the issue with your workstation.
Yep, not a whole lot of connection, not a lot in TIME_WAIT and you have connection with very high PORT numbers, as if MaxUserPorts is already set to a very high number, like 65535.
Were you having the problem when the netstat command from above was done?
Were you having the problem when the netstat command from above was done?
ASKER
It wasn't happening while the issue was occurring. I have instructed him on how to run the command and to do it while the issue is occurring so we will see what happens.
He also is having problems with Word documents taking between 4-10 minutes to open occasionally. I am suspecting that these problems must be related.
He also is having problems with Word documents taking between 4-10 minutes to open occasionally. I am suspecting that these problems must be related.
ASKER
Some additional errors in the event log...
Event ID: 50
Source: mrxsmb
{Delayed Write Failed} Windows was unable to save all the data for the file \ACG\PCLAW32\DATA\DynData\ TTECD5.idx . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
-------------------------- ---------
Event ID: 139
Source: Mup
{Delayed Write Failed} Windows was unable to save all the data for the file \ACG\PCLAW32\DATA\DynData\ TTECD5.idx . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
Event ID: 50
Source: mrxsmb
{Delayed Write Failed} Windows was unable to save all the data for the file \ACG\PCLAW32\DATA\DynData\
--------------------------
Event ID: 139
Source: Mup
{Delayed Write Failed} Windows was unable to save all the data for the file \ACG\PCLAW32\DATA\DynData\
I am assuming that \ACG\PCLAW32\DATA\DynData\ TTECD5.idx is a file that is on a share from some file server.
This indicates that the share has become disconnected and is taking longer that Windows expects to get re-connected.
This indicates that the share has become disconnected and is taking longer that Windows expects to get re-connected.
There may be an incompatibility with your switch and the on-board lan. I had a problem with Intel on-board nics and Cisco built in fast ethernet ports setting the link speed manually corrected the issue. You should be able to set the link speed in the properties of the nic. Open the device manager, find your hardware and open the properties. You should be able to set the link speed and duplex under the advanced tab.
For my system to work I had to set it to half duplex even though the the nic and switch were both full duplex. So you may want to try different speeds or duplex settings.
If you have not yet tried an add-in nic, I would suggest trying one now.
For my system to work I had to set it to half duplex even though the the nic and switch were both full duplex. So you may want to try different speeds or duplex settings.
If you have not yet tried an add-in nic, I would suggest trying one now.
ASKER
Yes exactly the path: \ACG\PCLAW32\DATA\DynData\ TTECD5.idx is a network share.
I upgraded the NIC drivers yesterday but he says he can't reboot until tomorrow (Wed) so we'll see what happens after that.
I upgraded the NIC drivers yesterday but he says he can't reboot until tomorrow (Wed) so we'll see what happens after that.
When he gets the error you may also what to have him issue the command:
net use
This will show what shares he has mapped and what their status is.
Also the registry changes I talked about may need to be made on the server also.
net use
This will show what shares he has mapped and what their status is.
Also the registry changes I talked about may need to be made on the server also.
ASKER
I am still waiting on the results of the net use command. Here are some net use results, what appears strange to me is the 10.0.0.254 address appearing, which is the wireless access point. This computer is hard wired so it shouldn't need to access anything on the wireless access point. Joel-PC is the local computer the command is being run on.
Active Connections
Proto Local Address Foreign Address State
TCP 10.0.0.156:2869 10.0.0.254:1143 TIME_WAIT
TCP 10.0.0.156:51785 174:http ESTABLISHED
[Dropbox.exe]
TCP 10.0.0.156:51792 app01-12:http ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:52203 75:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:61768 cdn-208-111-160-6:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:61845 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61848 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61853 XXserverXX:1029 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61986 65.55.57.251:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:61987 a204-245-162-58:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:62051 channel-30-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:62066 XXserverXX:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:62075 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62076 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62077 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62078 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62079 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62080 www-12-02-snc5:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:62081 a184-84-247-9:http CLOSE_WAIT
[iexplore.exe]
TCP 10.0.0.156:62082 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62083 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62089 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62091 melinda:netbios-ssn TIME_WAIT
TCP 10.0.0.156:62093 angela:netbios-ssn TIME_WAIT
TCP 10.0.0.156:62094 angela:netbios-ssn TIME_WAIT
TCP 10.0.0.156:62095 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62096 10.0.0.254:1780 TIME_WAIT
TCP 127.0.0.1:2002 Joel-PC:49210 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:19872 Joel-PC:49213 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:49210 Joel-PC:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:49213 Joel-PC:19872 ESTABLISHED
[Dropbox.exe]
TCP [fe80::a1b2:c4a7:d3de:3ed% 13]:62086 [fe80::463:dc6d:44f4:8bea% 13]:icslap ESTABLISHED
EventSystem
[svchost.exe]
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
Active Connections
Proto Local Address Foreign Address State
TCP 10.0.0.156:135 XXserverXX:10065 ESTABLISHED
RpcSs
[svchost.exe]
TCP 10.0.0.156:135 XXserverXX:10066 ESTABLISHED
RpcSs
[svchost.exe]
TCP 10.0.0.156:51785 174:http ESTABLISHED
[Dropbox.exe]
TCP 10.0.0.156:51792 app01-12:http ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:52203 75:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:61497 channel-30-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61768 cdn-208-111-160-6:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:61845 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61848 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61853 XXserverXX:1029 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61962 www-10-04-snc4:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61963 a184-84-247-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61964 a184-84-247-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61970 rs6:http TIME_WAIT
TCP 10.0.0.156:61971 melinda:netbios-ssn TIME_WAIT
TCP 10.0.0.156:61972 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61973 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61974 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61975 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61978 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61986 65.55.57.251:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61987 a204-245-162-58:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61989 co107ds:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61990 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61991 207.46.118.181:https ESTABLISHED
[OUTLOOK.EXE]
TCP 127.0.0.1:2002 Joel-PC:49210 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:19872 Joel-PC:49213 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:49210 Joel-PC:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:49213 Joel-PC:19872 ESTABLISHED
[Dropbox.exe]
Active Connections
Proto Local Address Foreign Address State
TCP 10.0.0.156:2869 10.0.0.254:1143 TIME_WAIT
TCP 10.0.0.156:51785 174:http ESTABLISHED
[Dropbox.exe]
TCP 10.0.0.156:51792 app01-12:http ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:52203 75:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:61768 cdn-208-111-160-6:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:61845 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61848 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61853 XXserverXX:1029 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61986 65.55.57.251:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:61987 a204-245-162-58:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:62051 channel-30-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:62066 XXserverXX:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:62075 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62076 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62077 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62078 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62079 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62080 www-12-02-snc5:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:62081 a184-84-247-9:http CLOSE_WAIT
[iexplore.exe]
TCP 10.0.0.156:62082 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62083 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62089 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62091 melinda:netbios-ssn TIME_WAIT
TCP 10.0.0.156:62093 angela:netbios-ssn TIME_WAIT
TCP 10.0.0.156:62094 angela:netbios-ssn TIME_WAIT
TCP 10.0.0.156:62095 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:62096 10.0.0.254:1780 TIME_WAIT
TCP 127.0.0.1:2002 Joel-PC:49210 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:19872 Joel-PC:49213 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:49210 Joel-PC:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:49213 Joel-PC:19872 ESTABLISHED
[Dropbox.exe]
TCP [fe80::a1b2:c4a7:d3de:3ed%
EventSystem
[svchost.exe]
--------------------------
Active Connections
Proto Local Address Foreign Address State
TCP 10.0.0.156:135 XXserverXX:10065 ESTABLISHED
RpcSs
[svchost.exe]
TCP 10.0.0.156:135 XXserverXX:10066 ESTABLISHED
RpcSs
[svchost.exe]
TCP 10.0.0.156:51785 174:http ESTABLISHED
[Dropbox.exe]
TCP 10.0.0.156:51792 app01-12:http ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:52203 75:https CLOSE_WAIT
[Dropbox.exe]
TCP 10.0.0.156:61497 channel-30-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61768 cdn-208-111-160-6:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:61845 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61848 XXserverXX:5228 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61853 XXserverXX:1029 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61962 www-10-04-snc4:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61963 a184-84-247-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61964 a184-84-247-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:61970 rs6:http TIME_WAIT
TCP 10.0.0.156:61971 melinda:netbios-ssn TIME_WAIT
TCP 10.0.0.156:61972 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61973 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61974 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61975 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61978 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61986 65.55.57.251:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61987 a204-245-162-58:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61989 co107ds:http ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:61990 10.0.0.254:1780 TIME_WAIT
TCP 10.0.0.156:61991 207.46.118.181:https ESTABLISHED
[OUTLOOK.EXE]
TCP 127.0.0.1:2002 Joel-PC:49210 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:19872 Joel-PC:49213 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:49210 Joel-PC:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP 127.0.0.1:49213 Joel-PC:19872 ESTABLISHED
[Dropbox.exe]
Can you run and post back the IPCONFIG /ALL command?
Turn off the wireless adapter if possible.
TCP ort 1780 is used for UPNP.
TCP ort 1780 is used for UPNP.
ASKER
I turned off the UPNP in the wireless router, the computer does not have a wireless adapter.
What did you replace the network cable with? A manufactured one or a hand built one. Are the other Windows 7 64-bit systems using the same motherboard w/ onboard NIC? I tried to read all the posts, have you tried an add in NIC?
ASKER
The other Win 7 64-bit systems are using a different motherboard, but they are all made by MSI and have onboard NICs, except for one Dell laptop.
The computer is over 50 ft from the network switch through a concrete floor, so we had a cabling company run the line through the floor. So it is a custom cable-not a stock cable.
We have not tried another NIC yet, I suppose that would be good to try. There is only one PCI slot which is use by the graphics card so I will have to get a PCIx graphics card to try and test as well.
I was wrong about the model number of the motherboard. The workstation is an MSI X58M. The server is the MSI X58 Pro-E.
The computer is over 50 ft from the network switch through a concrete floor, so we had a cabling company run the line through the floor. So it is a custom cable-not a stock cable.
We have not tried another NIC yet, I suppose that would be good to try. There is only one PCI slot which is use by the graphics card so I will have to get a PCIx graphics card to try and test as well.
I was wrong about the model number of the motherboard. The workstation is an MSI X58M. The server is the MSI X58 Pro-E.
Here is a PCI-e card on newegg.com. It's an Intel Gigabit NIC.
http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
I think this is a 1x card.
http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
I think this is a 1x card.
ASKER
It seems as though the problem is occurring on another Windows 7 64-bit machine as well. So the problem must be with the server.
What errors are occurring the server event logs?
ASKER
Every 30 minutes the error below is occuring. It is happening 8 times for each computer. It seems to happen for both computers that are having problems, plus a third one that is not. The third one is running XP Pro however.
There are a few other errors peppered in there when the first error is occurring that may be related.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Event ID: 10009
Source: DistributedCom
DCOM was unable to communicate with the computer COMPNAME.DOMAIN.local using any of the configured protocols.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Event ID: 10006
Source: DistributedCom
DCOM got error "2147944122" from the computer COMPNAME.cdrlaw.local when attempting to activate the server:
{8BC3F05E-D86B-11D0-A075-0 0C04FB6882 0}
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Event ID: 4
Source: Security-Kerberos
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server COMP2$. The target name used was RPCSS/COMP3.DOMAIN.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.LOCAL) is different from the client domain (DOMAIN.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
There are a few other errors peppered in there when the first error is occurring that may be related.
--------------------------
Event ID: 10009
Source: DistributedCom
DCOM was unable to communicate with the computer COMPNAME.DOMAIN.local using any of the configured protocols.
--------------------------
Event ID: 10006
Source: DistributedCom
DCOM got error "2147944122" from the computer COMPNAME.cdrlaw.local when attempting to activate the server:
{8BC3F05E-D86B-11D0-A075-0
--------------------------
Event ID: 4
Source: Security-Kerberos
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server COMP2$. The target name used was RPCSS/COMP3.DOMAIN.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.LOCAL) is different from the client domain (DOMAIN.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
To fix the first two errors you need to allow DCOM traffic through the Windows Firewall. For the third error it appears you may be having some DNS issues, mainly it appears that your DNS records are not being updated or removed when a new DHCP lease is made. You probably need to specify a username and password in the DNS console, you can follow the guide below for this:
http://www.tech-faq.com/integrating-the-dns-server-with-dhcp-and-wins.html
and here is an article detailing which DCOM ports to open, I would add a new GP for this if you don't already have a firewall policy.
http://technet.microsoft.com/en-us/library/bb676126.aspx
While I don't think that this would cause your original issue it will correct the errors in your event logs.
Another item to possibly check is what ports on the computer are needed for PCLaw, maybe there is a port that is closed and it needs to be open?
What type of nic is used in the second computer that is now also having the issue?
Are there any other errors or warnings in the event logs on the server?
http://www.tech-faq.com/integrating-the-dns-server-with-dhcp-and-wins.html
and here is an article detailing which DCOM ports to open, I would add a new GP for this if you don't already have a firewall policy.
http://technet.microsoft.com/en-us/library/bb676126.aspx
While I don't think that this would cause your original issue it will correct the errors in your event logs.
Another item to possibly check is what ports on the computer are needed for PCLaw, maybe there is a port that is closed and it needs to be open?
What type of nic is used in the second computer that is now also having the issue?
Are there any other errors or warnings in the event logs on the server?
Well if you search on the error 2147944122 you will find a few hits, such as:
http://www.networksteve.com/forum/topic.php/DCOM_error_10009_on_Windows_2008_SBS%C2%A0_SP1/?TopicId=3414&Posts=2
http://www.networksteve.com/forum/topic.php/DCOM_error_10009_on_Windows_2008_SBS%C2%A0_SP1/?TopicId=3414&Posts=2
Can you also check the second workstation's event logs to verify that you are receiving the same error(s) as you posted earlier
Event ID: 4227
Source: tcpip
Event ID: 50
Source: mrxsmb
Event ID: 139
Source: Mup
Event ID: 4227
Source: tcpip
Event ID: 50
Source: mrxsmb
Event ID: 139
Source: Mup
ASKER
I see both Event ID 50 (mrxsmb) and Event ID 139 (Mup) but not 4227 (tcpip).
There is no firewall enabled on the server currently, it has been disabled for testing. There is also no firewall enabled on the one of the machines that the DCOM error is referring to.
The second computer is also an MSI motherboard with integrated Realtek NIC.
I am reviewing the other information now as well as looking for additional event log info.
There is no firewall enabled on the server currently, it has been disabled for testing. There is also no firewall enabled on the one of the machines that the DCOM error is referring to.
The second computer is also an MSI motherboard with integrated Realtek NIC.
I am reviewing the other information now as well as looking for additional event log info.
ASKER
One additional Event Log entry:
Source: DCOM
EventID: 10016
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-0 0C04FD919C 1}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Source: DCOM
EventID: 10016
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-0
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
ASKER
So the DCOM error (10009) are all for old computers that were still listed in DNS. I removed the entries there and enabled DNS dynamic updates in DHCP so that should clear it up.
It looks like the Kerberos error (4) may be related to old entries too:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server NEWCOMPNAME$. The target name used was RPCSS/OLDCOMPNAME.DOMAIN.l ocal. This indicates that the...
So it looks like the DCOM errors 10006 and 10016 may be the cause.
It looks like the Kerberos error (4) may be related to old entries too:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server NEWCOMPNAME$. The target name used was RPCSS/OLDCOMPNAME.DOMAIN.l
So it looks like the DCOM errors 10006 and 10016 may be the cause.
Yes the Kerberos error is because of a mis-matched name, which should be cleared up if you corrected the DNS errors.
Did you by chance try an add-in NIC as was previously suggested?
If both machines are Win7 64 - and they both have the similar nic models then trying another brand may help.
I also checked the model of the motherboard from Comp #1 that is having the trouble and there is an up to date driver released 11/24/2010 I tried to find release notes but could not find a revision history to see what was changed and/or fixed.
http://www.msi.com/index.php?func=downloaddetail&type=driver&maincat_no=1&prod_no=1796
Is the motherboard in Comp #2 a MSI X58 as well?
Did you by chance try an add-in NIC as was previously suggested?
If both machines are Win7 64 - and they both have the similar nic models then trying another brand may help.
I also checked the model of the motherboard from Comp #1 that is having the trouble and there is an up to date driver released 11/24/2010 I tried to find release notes but could not find a revision history to see what was changed and/or fixed.
http://www.msi.com/index.php?func=downloaddetail&type=driver&maincat_no=1&prod_no=1796
Is the motherboard in Comp #2 a MSI X58 as well?
ASKER
No Comp #2 is an MSI GF615M-P33 (AMD) but I think it has a Realtek chipset as well.
I have not tried another adapter since the same problem was occurring on another computer.
I have not tried another adapter since the same problem was occurring on another computer.
ASKER
I tried a different network switch and a different NIC in the server (Intel chipset) and still having issues. I had them run: "net use > c:\netuse.txt" on one of the workstations when it was happening and the netuse.txt file was blank.
Here is what it looks like when it works correctly:
New connections will be remembered.
Status Local Remote Network
-------------------------- ---------- ---------- ---------- ---------- ---------- ---
OK S: \\SERVERNAME\shared_files
Microsoft Windows Network
The command completed successfully.
Here is what it looks like when it works correctly:
New connections will be remembered.
Status Local Remote Network
--------------------------
OK S: \\SERVERNAME\shared_files
Microsoft Windows Network
The command completed successfully.
If the file was blank that means that something somewhere did a "net use S: /delete"
Even if there was some type of network glitch you would still see the map it would just say "disconnected" on the end of the line.
No switch, switch port, NIC, or cable is going to do a "net use S: /delete".
Trying to think of a way to look for what is doing this.
Even if there was some type of network glitch you would still see the map it would just say "disconnected" on the end of the line.
No switch, switch port, NIC, or cable is going to do a "net use S: /delete".
Trying to think of a way to look for what is doing this.
On the SERVER try looking at the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvice\lanm anworkstat ion\parame ters
and look for the value KeepConn and see what it is set to.
Then from a command promt on the server issue the command:
net config server /autodisconnect:-1
To give credit where credit is due:
https://www.experts-exchange.com/questions/26651823/Mapped-drives-disappear-on-Terminal-Server-2008.html
and:
http://support.microsoft.com/kb/297684
HKEY_LOCAL_MACHINE\SYSTEM\
and look for the value KeepConn and see what it is set to.
Then from a command promt on the server issue the command:
net config server /autodisconnect:-1
To give credit where credit is due:
https://www.experts-exchange.com/questions/26651823/Mapped-drives-disappear-on-Terminal-Server-2008.html
and:
http://support.microsoft.com/kb/297684
ASKER
I think the blank file may have been the result of typing the wrong command :)
I checked the output of 'net config server' and autodiscconect was set to 15 minutes so I ran:
net config server /autodisconnect:-1
There wasn't a KeepConn value under HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvice\lanm anworkstat ion\parame ters or HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvice\lanm anserver\p arameters
I checked the output of 'net config server' and autodiscconect was set to 15 minutes so I ran:
net config server /autodisconnect:-1
There wasn't a KeepConn value under HKEY_LOCAL_MACHINE\SYSTEM\
ASKER
The issue is still occurring. Any ideas on what to try next?
Have you tried a different nic yet?
ASKER
yes in the server. since the issue occurs on more than one computer i figured that was the safe bet.
Have you verified the status of the network share from the desktop when the problem occurs?
What needs to be done, is as SOON as the user sees the problem they need to:
write down the time their computer has, including seconds.
issue the command "net use" and save the output
issue the command "netview \\servername" where servername is the name of the server the share is on
ping server that the share should be on and save the output
It would be nice to have them also ping and do a netview to another server on the network, if you happen to have another server on the network.
Unless you have a small event log, you need to check the event log for any/all events when the problem occurred.
We need to know what the status of the share(s) is(are) and if this desktop can still access hosts on the network.
What needs to be done, is as SOON as the user sees the problem they need to:
write down the time their computer has, including seconds.
issue the command "net use" and save the output
issue the command "netview \\servername" where servername is the name of the server the share is on
ping server that the share should be on and save the output
It would be nice to have them also ping and do a netview to another server on the network, if you happen to have another server on the network.
Unless you have a small event log, you need to check the event log for any/all events when the problem occurred.
We need to know what the status of the share(s) is(are) and if this desktop can still access hosts on the network.
I would try a new nic in one of the desktops.
I had a linux desktop that was having problems with the network connection dropping it's connection randomly. It would connect right back up and everything would be normal again. Turned out to be an incompatible driver / card combination and replacing the nic (with a compatible one) corrected the issue.
Since this only happens to a few of your workstations to help identify the issue look for common attributes of those workstations experiencing the problem, for example are the affected workstations all Win7 64 bit with MSI motherboards?
I had a linux desktop that was having problems with the network connection dropping it's connection randomly. It would connect right back up and everything would be normal again. Turned out to be an incompatible driver / card combination and replacing the nic (with a compatible one) corrected the issue.
Since this only happens to a few of your workstations to help identify the issue look for common attributes of those workstations experiencing the problem, for example are the affected workstations all Win7 64 bit with MSI motherboards?
ASKER
@giltjr: I will put all of those commands into a batch file they can run when it happens again. There is not another server but I will have it check against a couple of workstations with some shares.
@eli_cook: I haven't tried a new NIC in the desktops because there are some desktops with MSI motherboards running Win7 64 bit that are not having any problems at all. The only main difference I can tell is that the people that are having problems aren't shutting down their computers at night.
@eli_cook: I haven't tried a new NIC in the desktops because there are some desktops with MSI motherboards running Win7 64 bit that are not having any problems at all. The only main difference I can tell is that the people that are having problems aren't shutting down their computers at night.
ASKER
Here are the results. xxSERVERxx is the server, Joel-PC is the main computer with the most problems, Sharon2010 is the other computer with problems and front is a computer with no problems at all. I had the user run a batch file to create the results below:
Tue 12/14/2010 18:27:45.72
============================================================================
net use results:
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK S: \\xxSERVERxx\shared_files
Microsoft Windows Network
The command completed successfully.
============================================================================
net view \\xxSERVERxx results:
Shared resources at \\xxSERVERxx
Share name Type Used as Comment
-------------------------------------------------------------------------------
Address Disk "Access to address objects"
ClientApps Disk
ExchangeOAB Disk OAB Distribution share
HP LaserJet 4200 PCL 5 Print HP LaserJet 4200 PCL 5
MX-5500N Print SHARP MX-5500N PCL6
NETLOGON Disk Logon server share
Public Disk
RedirectedFolders Disk
shared_files Disk S:
SYSVOL Disk Logon server share
TM9Data Disk
TMW9E Disk
UpdateServicesPackages Disk A network share to be used by client systems for collecting all software
UserShares Disk
WsusContent Disk A network share to be used by Local Publishing to place published conten
WSUSTemp Disk A network share used by Local Publishing from a Remote WSUS Console Inst
The command completed successfully.
============================================================================
ping xxSERVERxx results:
Pinging xxSERVERxx.domain.local [10.0.0.1] with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
============================================================================
net view \\sharon2010 results:
There are no entries in the list.
============================================================================
ping sharon2010 results:
Pinging sharon2010.domain.local [10.0.0.21] with 32 bytes of data:
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
============================================================================
net view \\front results:
Shared resources at \\front
Share name Type Used as Comment
-------------------------------------------------------------------------------
CD Disk
The command completed successfully.
============================================================================
ping front results:
Pinging front.domain.local [10.0.0.24] with 32 bytes of data:
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.24:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
============================================================================
netstat results:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 Joel-PC:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 Joel-PC:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:2002 Joel-PC:0 LISTENING
[LogMeIn.exe]
TCP 0.0.0.0:5800 Joel-PC:0 LISTENING
[WinVNC4.exe]
TCP 0.0.0.0:5900 Joel-PC:0 LISTENING
[WinVNC4.exe]
TCP 0.0.0.0:49152 Joel-PC:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 Joel-PC:0 LISTENING
eventlog
[svchost.exe]
TCP 0.0.0.0:49154 Joel-PC:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49181 Joel-PC:0 LISTENING
[services.exe]
TCP 0.0.0.0:49182 Joel-PC:0 LISTENING
[lsass.exe]
TCP 10.0.0.156:139 Joel-PC:0 LISTENING
Can not obtain ownership information
TCP 10.0.0.156:49179 app02:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:49203 xxSERVERxx:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:49219 xxSERVERxx:4035 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:49221 xxSERVERxx:4035 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:49224 xxSERVERxx:1030 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:49900 4.23.40.126:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:49950 a204-245-162-58:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:49982 app02:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:49999 Sharon2010:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:50000 front:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 127.0.0.1:2002 Joel-PC:49205 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:2559 Joel-PC:0 LISTENING
[daemonu.exe]
TCP 127.0.0.1:5354 Joel-PC:0 LISTENING
[mDNSResponder.exe]
TCP 127.0.0.1:27015 Joel-PC:0 LISTENING
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:49205 Joel-PC:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP [::]:135 Joel-PC:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 Joel-PC:0 LISTENING
Can not obtain ownership information
TCP [::]:49152 Joel-PC:0 LISTENING
[wininit.exe]
TCP [::]:49153 Joel-PC:0 LISTENING
eventlog
[svchost.exe]
TCP [::]:49154 Joel-PC:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49181 Joel-PC:0 LISTENING
[services.exe]
TCP [::]:49182 Joel-PC:0 LISTENING
[lsass.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:427 *:*
HPSLPSVC
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 0.0.0.0:48000 *:*
[daemonu.exe]
UDP 0.0.0.0:59665 *:*
[mDNSResponder.exe]
UDP 10.0.0.156:137 *:*
Can not obtain ownership information
UDP 10.0.0.156:138 *:*
Can not obtain ownership information
UDP 10.0.0.156:427 *:*
HPSLPSVC
[svchost.exe]
UDP 10.0.0.156:1900 *:*
SSDPSRV
[svchost.exe]
UDP 10.0.0.156:5353 *:*
[mDNSResponder.exe]
UDP 10.0.0.156:11389 *:*
[LogMeIn.exe]
UDP 10.0.0.156:11390 *:*
[LogMeIn.exe]
UDP 10.0.0.156:62024 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:50826 *:*
[WINWORD.EXE]
UDP 127.0.0.1:56674 *:*
[OUTLOOK.EXE]
UDP 127.0.0.1:59493 *:*
[lsass.exe]
UDP 127.0.0.1:59496 *:*
gpsvc
[svchost.exe]
UDP 127.0.0.1:59663 *:*
[AppleMobileDeviceService.exe]
UDP 127.0.0.1:59664 *:*
[AppleMobileDeviceService.exe]
UDP 127.0.0.1:59667 *:*
NlaSvc
[svchost.exe]
UDP 127.0.0.1:60257 *:*
[AOLAcsd.exe]
UDP 127.0.0.1:60542 *:*
[OUTLOOK.EXE]
UDP 127.0.0.1:62025 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:63787 *:*
[iexplore.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::]:4500 *:*
IKEEXT
[svchost.exe]
UDP [::]:5355 *:*
Dnscache
[svchost.exe]
UDP [::]:59666 *:*
[mDNSResponder.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:5353 *:*
[mDNSResponder.exe]
UDP [::1]:62023 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::a1b2:c4a7:d3de:3ed%13]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::a1b2:c4a7:d3de:3ed%13]:62022 *:*
SSDPSRV
[svchost.exe]
============================================================================
Tue 12/14/2010 18:27:59.41
ASKER
Below is the results when the problem is occurring. It doesn't look like the network drive is disconnecting or pings are slowed down at all.
Thu 12/16/2010 21:39:20.76
============================================================================
net use results:
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK S: \\xxSERVERxx\shared_files
Microsoft Windows Network
The command completed successfully.
============================================================================
net view \\xxSERVERxx results:
Shared resources at \\xxSERVERxx
Share name Type Used as Comment
-------------------------------------------------------------------------------
Address Disk "Access to address objects"
ClientApps Disk
ExchangeOAB Disk OAB Distribution share
HP LaserJet 4200 PCL 5 Print HP LaserJet 4200 PCL 5
MX-5500N Print SHARP MX-5500N PCL6
NETLOGON Disk Logon server share
Public Disk
RedirectedFolders Disk
shared_files Disk S:
SYSVOL Disk Logon server share
TM9Data Disk
TMW9E Disk
UpdateServicesPackages Disk A network share to be used by client systems for collecting all software
UserShares Disk
WsusContent Disk A network share to be used by Local Publishing to place published conten
WSUSTemp Disk A network share used by Local Publishing from a Remote WSUS Console Inst
The command completed successfully.
============================================================================
ping xxSERVERxx results:
Pinging xxSERVERxx.domain.local [10.0.0.1] with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Reply from 10.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
============================================================================
net view \\sharon2010 results:
Shared resources at \\sharon2010
Share name Type Used as Comment
-------------------------------------------------------------------------------
testshare Disk
The command completed successfully.
============================================================================
ping sharon2010 results:
Pinging sharon2010.domain.local [10.0.0.21] with 32 bytes of data:
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Reply from 10.0.0.21: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
============================================================================
net view \\front results:
Shared resources at \\front
Share name Type Used as Comment
-------------------------------------------------------------------------------
CD Disk
The command completed successfully.
============================================================================
ping front results:
Pinging front.domain.local [10.0.0.24] with 32 bytes of data:
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Reply from 10.0.0.24: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.24:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
============================================================================
netstat results:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 Joel-PC:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 Joel-PC:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:2002 Joel-PC:0 LISTENING
[LogMeIn.exe]
TCP 0.0.0.0:5800 Joel-PC:0 LISTENING
[WinVNC4.exe]
TCP 0.0.0.0:5900 Joel-PC:0 LISTENING
[WinVNC4.exe]
TCP 0.0.0.0:49152 Joel-PC:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 Joel-PC:0 LISTENING
eventlog
[svchost.exe]
TCP 0.0.0.0:49154 Joel-PC:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 Joel-PC:0 LISTENING
[services.exe]
TCP 0.0.0.0:49156 Joel-PC:0 LISTENING
[lsass.exe]
TCP 10.0.0.156:139 Joel-PC:0 LISTENING
Can not obtain ownership information
TCP 10.0.0.156:49345 xxSERVERxx:59148 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:49347 xxSERVERxx:59148 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:49350 xxSERVERxx:1030 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.0.0.156:52292 xxSERVERxx:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:52411 64.94.18.153:https ESTABLISHED
[LogMeIn.exe]
TCP 10.0.0.156:53769 channel-30-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53887 204.160.104.126:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:53889 a204-245-162-50:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.0.0.156:53929 www-11-02-snc5:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53930 a72-246-31-58:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53931 a72-246-30-145:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53932 a184-84-247-25:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53933 a184-84-247-25:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53934 a184-84-247-25:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53935 a72-246-31-43:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53936 www-11-02-snc5:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53937 channel-30-35:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53938 www-11-02-snc5:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53939 a72-246-31-16:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53940 a72-246-31-16:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53941 a72-246-31-73:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53942 a184-84-247-27:http ESTABLISHED
[iexplore.exe]
TCP 10.0.0.156:53943 Sharon2010:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 10.0.0.156:53945 front:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 127.0.0.1:2002 Joel-PC:52412 ESTABLISHED
[LogMeIn.exe]
TCP 127.0.0.1:2559 Joel-PC:0 LISTENING
[daemonu.exe]
TCP 127.0.0.1:5354 Joel-PC:0 LISTENING
[mDNSResponder.exe]
TCP 127.0.0.1:27015 Joel-PC:0 LISTENING
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:27015 Joel-PC:49309 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:49309 Joel-PC:27015 ESTABLISHED
[iTunesHelper.exe]
TCP 127.0.0.1:52412 Joel-PC:2002 ESTABLISHED
[LogMeInSystray.exe]
TCP [::]:135 Joel-PC:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 Joel-PC:0 LISTENING
Can not obtain ownership information
TCP [::]:49152 Joel-PC:0 LISTENING
[wininit.exe]
TCP [::]:49153 Joel-PC:0 LISTENING
eventlog
[svchost.exe]
TCP [::]:49154 Joel-PC:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49155 Joel-PC:0 LISTENING
[services.exe]
TCP [::]:49156 Joel-PC:0 LISTENING
[lsass.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:427 *:*
HPSLPSVC
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 0.0.0.0:48000 *:*
[daemonu.exe]
UDP 0.0.0.0:62287 *:*
[mDNSResponder.exe]
UDP 10.0.0.156:137 *:*
Can not obtain ownership information
UDP 10.0.0.156:138 *:*
Can not obtain ownership information
UDP 10.0.0.156:427 *:*
HPSLPSVC
[svchost.exe]
UDP 10.0.0.156:1900 *:*
SSDPSRV
[svchost.exe]
UDP 10.0.0.156:5353 *:*
[mDNSResponder.exe]
UDP 10.0.0.156:53971 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:52032 *:*
[iexplore.exe]
UDP 127.0.0.1:52528 *:*
[iTunesHelper.exe]
UDP 127.0.0.1:52529 *:*
[iTunesHelper.exe]
UDP 127.0.0.1:53778 *:*
gpsvc
[svchost.exe]
UDP 127.0.0.1:53972 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:54145 *:*
[aolsoftware.exe]
UDP 127.0.0.1:54372 *:*
[lsass.exe]
UDP 127.0.0.1:56602 *:*
NlaSvc
[svchost.exe]
UDP 127.0.0.1:58413 *:*
[WINWORD.EXE]
UDP 127.0.0.1:60496 *:*
[OUTLOOK.EXE]
UDP 127.0.0.1:60498 *:*
[OUTLOOK.EXE]
UDP 127.0.0.1:62285 *:*
[AppleMobileDeviceService.exe]
UDP 127.0.0.1:62286 *:*
[AppleMobileDeviceService.exe]
UDP 127.0.0.1:64115 *:*
[iexplore.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::]:4500 *:*
IKEEXT
[svchost.exe]
UDP [::]:5355 *:*
Dnscache
[svchost.exe]
UDP [::]:62288 *:*
[mDNSResponder.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:5353 *:*
[mDNSResponder.exe]
UDP [::1]:53970 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::a1b2:c4a7:d3de:3ed%13]:546 *:*
Dhcp
[svchost.exe]
UDP [fe80::a1b2:c4a7:d3de:3ed%13]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::a1b2:c4a7:d3de:3ed%13]:53969 *:*
SSDPSRV
[svchost.exe]
============================================================================
Thu 12/16/2010 21:39:39.99
O.K., maybe a few basic questions about Lexis Nexis PCLaw are in order.
Is this supposed to be a multi-user system?
Since it appear the user are accessing the files MattInf.idx & MattInf.dat via file shares, I doubt if it is supposed to be a multi-user system. Meaning only one person at a time is supposed to be in it and if multiple people are trying to run it at the same time there could be problems.
At this point in time the only thing I can think of is to run a packet capture on the PC that is having the problem the most often and hope to catch the problem and see what the capture has.
Since the map is still there, it is either a weird flaky network problem or the file server is responding with a file status that the program does not like.
Is this supposed to be a multi-user system?
Since it appear the user are accessing the files MattInf.idx & MattInf.dat via file shares, I doubt if it is supposed to be a multi-user system. Meaning only one person at a time is supposed to be in it and if multiple people are trying to run it at the same time there could be problems.
At this point in time the only thing I can think of is to run a packet capture on the PC that is having the problem the most often and hope to catch the problem and see what the capture has.
Since the map is still there, it is either a weird flaky network problem or the file server is responding with a file status that the program does not like.
ASKER
It is a multi-user program. It installs software on each workstation that connects to the server. The .idx and .dat files are whatever kind of database the system is using.
I am unfamiliar with the packet capture techniques. Would you be able to provide more details on how to do something like that?
I am unfamiliar with the packet capture techniques. Would you be able to provide more details on how to do something like that?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I will run wireshark on both the client and the server to see what is going on. Will keep you posted.
Who knows about their DB design, I think it is a poorly designed program so it wouldn't surprise me if their DB setup was flawed.
Who knows about their DB design, I think it is a poorly designed program so it wouldn't surprise me if their DB setup was flawed.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I have been running wireshark and there are lots of 'errors' [malformed packet] or [TCP segment of a reassembled PDU] but to be honest I don't really know what I am looking for. I looked around the time the last error occurred and there is a TON of stuff going on so it's quite difficult to understand.
ASKER
Lexis Nexis tech support kept saying to rebuild the data when these errors occurred but it didn't really seem to help. I will check with their support people to see if they offer an SQL based product instead of the file based one. Thanks for the idea!
Have you made any progress with this? We are having a similar issue (same error but on a different idx file). An interesting part of this is for us this only happens in the late afternoon (roughly after 4:30pm). Right now we are pursuing the backup software route based on LexisNexis' suggestion but I am thinking this is a dead end.
I am wondering if maybe its a memory leak, which might explain why this only happens later in the day.
I am wondering if maybe its a memory leak, which might explain why this only happens later in the day.
I'm still looking at the packet captures. Unfortuntly I don't see anything that looks like out right errors. However, since this occurs over a couple minute period, I'm looking at few hundered packets.
The most current version of PC Law supports SQL the system requirements below show what is and is not supported.
http://support.lexisnexis.com/iPCLaw/record.asp?ArticleID=9201
I would recommend upgrading to the latest version and migrate to the SQL database.
If that is not possible you may want to check the antivirus software that is on the machines having the trouble. I recently had avast! preventing a network file based database program from properly working. I turned the security off as a test and everything worked as expected, it took me about 1 hour to dial in the settings for the a/v to work with that specific program. The strange thing is the a/v had been installed and everything had been working for about 2 months before it caused any trouble, maybe the antivirus is interfering in your situation as well.
http://support.lexisnexis.com/iPCLaw/record.asp?ArticleID=9201
I would recommend upgrading to the latest version and migrate to the SQL database.
If that is not possible you may want to check the antivirus software that is on the machines having the trouble. I recently had avast! preventing a network file based database program from properly working. I turned the security off as a test and everything worked as expected, it took me about 1 hour to dial in the settings for the a/v to work with that specific program. The strange thing is the a/v had been installed and everything had been working for about 2 months before it caused any trouble, maybe the antivirus is interfering in your situation as well.
ASKER
@eli_cook
I am checking with PCLaw to see if we can switch to the SQL version. We have uninstalled anti-virus on the server and affected workstations in order to rule it out and the same problem is happening.
@AnimateSystems
It does seem to happen in the afternoons or evenings, though not always. Can you provide your server setup (OS, hardware, etc)? I wonder if we might discover a commonality that might help in diagnosing the issue.
@giltjr
Thank you for looking at the capture logs, there is quite a lot of stuff there!
I am checking with PCLaw to see if we can switch to the SQL version. We have uninstalled anti-virus on the server and affected workstations in order to rule it out and the same problem is happening.
@AnimateSystems
It does seem to happen in the afternoons or evenings, though not always. Can you provide your server setup (OS, hardware, etc)? I wonder if we might discover a commonality that might help in diagnosing the issue.
@giltjr
Thank you for looking at the capture logs, there is quite a lot of stuff there!
The server is an HP ProLiant ML350 G6 with 8GB RAM 2x2.27GHz Xeon CPUs. Server is running SBS 2008. This is a small client running only a half dozen PC's or so, but PCLaw seems to crash on all of them (not at the same time though). It always seems to be later in the day, I have set up our monitoring software to email me any time PCLaw32.exe crashes on a workstation and it always seems to be late in the day. It seems to be impossible to reproduce at any given time which makes troubleshooting very difficult as you are aware.
ASKER
My client is also running SBS 2008, with 10 workstations. Perhaps it is a SBS 2008 issue? I switched them to the SQL version yesterday so we will see if it works any better.
I've been a little busy, but I have forgotten this. I can't find any obvious errors, yet.
However, one thing that is confusing me is that in none of the traces do I see anytype of request for MattInf.dat or MattInf.idx.
Are these the real files that the error is occuring on?
However, one thing that is confusing me is that in none of the traces do I see anytype of request for MattInf.dat or MattInf.idx.
Are these the real files that the error is occuring on?
ASKER
They were actual files. It was using a CTREE database before if that helps. We have switched it to SQL based now so those files are no longer there. The switch happened about a week ago and I haven't heard about any more problems yet, knock on wood.
Glad to here switching from c-tree to SQL based DB helped.
Based on what I saw in the trace the files MattInf.idx & MattInf.dat where not be access via SMB (that is a network share or UNC).
My assumption would be that those files were accessed directly on the server and that there was some other network communcation going on between the clients and the server other than SMB
Based on what I saw in the trace the files MattInf.idx & MattInf.dat where not be access via SMB (that is a network share or UNC).
My assumption would be that those files were accessed directly on the server and that there was some other network communcation going on between the clients and the server other than SMB
Just wondering how things went after you switched to the SQL version. Still crash free? We are running a script right now to monitor the PCLAW32.EXE application to see how it consumes memory over the course of the day. We take a snapshot every 15 minutes and it does seem to grow throughout the day. We are trying to find out if there is a 'magic number' at which point it crashes.
ASKER
Switching to the SQL version did seem to help. They were also having problems with Word documents occasionally taking forever to open and that seems to be ok now too. Something with PCLaw's CTREE format and SBS 2008 server must not play nice together.
Thank you to everyone for all the help!
Thank you to everyone for all the help!
It used to be on previous versions.
* HKEY_LOCAL_MACHINE\System\
Double check that on Windows 7.