Network issues - potentially DNS?
Trying to do some trouble shooting here.... Office with two servers running SBS2003 - one the main server is primary DC, DNS server etc.... the other runs Exchange 2003.
Internet provided by Telco (Cisco modem); Firewall is Fortinet 80C.
Approximately 60 users in the office
For the last four or five days users have been experiencing what looks like a loss of internet connectivity - in particularly the connection to the Exchange server has been dropping or very slow. Browsers seem to have slow connections or can't "connect" to some sights.
At first since both preferred and alternate DNS where our ISPs I assumed potentially a problem with their DNS servers and set our alternate DNS to a public Google DNS server.
Nothing in the event logs is raising flags with me but pinging our gateway from either server yields mixed results (main server is better - with three out of four or four out of four connections most of the time).
Trying to ping our main server from the Exchange server however is showing mostly 1 or 2 out 4 ping transactions completing successfully most of the time.
Any ideas? Am I looking at a DNS issue (and where do I start digging?) or could it be something as simple as a failing NIC or faulty ethernet cable on one of the boxes?
I'm open for suggestions.....!
Internet provided by Telco (Cisco modem); Firewall is Fortinet 80C.
Approximately 60 users in the office
For the last four or five days users have been experiencing what looks like a loss of internet connectivity - in particularly the connection to the Exchange server has been dropping or very slow. Browsers seem to have slow connections or can't "connect" to some sights.
At first since both preferred and alternate DNS where our ISPs I assumed potentially a problem with their DNS servers and set our alternate DNS to a public Google DNS server.
Nothing in the event logs is raising flags with me but pinging our gateway from either server yields mixed results (main server is better - with three out of four or four out of four connections most of the time).
Trying to ping our main server from the Exchange server however is showing mostly 1 or 2 out 4 ping transactions completing successfully most of the time.
Any ideas? Am I looking at a DNS issue (and where do I start digging?) or could it be something as simple as a failing NIC or faulty ethernet cable on one of the boxes?
I'm open for suggestions.....!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ISPs DNS servers are specified on the firewall; all servers. internal PCs point to main server as DNS server.
Yes both servers are on the same domain - the main one is the domain controller - the second is our mail server (Exchange 2003).
Mislead you (getting confused between locations) - running Server 2003 - not SBS 2003 (sorry).
Yes both servers are on the same domain - the main one is the domain controller - the second is our mail server (Exchange 2003).
Mislead you (getting confused between locations) - running Server 2003 - not SBS 2003 (sorry).
I am not sure what you mean by "ISP's DNS servers are specified on the firewall"
ISP's DNS addresses should be placed in the DNS management console under forwarders (not forward lookup zones).
ISP's DNS addresses should be placed in the DNS management console under forwarders (not forward lookup zones).
ASKER
System tab / Network / Options / DNS Settings on Fortigate 80C - primary DNS is set to our ISP; alternate to Google.
Trying to log into server now to check forwarders
Trying to log into server now to check forwarders
ASKER
Having trouble connecting to server remotely - may have to verify on site in the morning
The client PC's point to your server for DNS, which is correct, so they will never check the router, which again is correct. This is why the ISP's DNS server's IP's need to be added as forwarders. When the server cannot resolve the name, it will forward the request to the next 'higher up' DNS server which is the ISP.
Let us know how you make out when you gain access.
--Rob
Let us know how you make out when you gain access.
--Rob
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fortigate is running 4-MR2. Will change DNS settings.
I'm going to grab some new cables, nics and a spare switch from another office and head in for further diagnostics - will keep you all posted - thanks for the help!
I'm going to grab some new cables, nics and a spare switch from another office and head in for further diagnostics - will keep you all posted - thanks for the help!
olafdc if the clients and servers point to the server for DNS will the Fortigate DNS settings even matter? Agreed though they should point to the server.
ASKER
Alright - forwarders on the 2003 Server
Forwarders look good - first one on the list is our gateway; then our ISP's DNS server - I've just added one for Google's DNS.
Proceeding to Firewall to change DNS settings there and then I'll monitor.
Forwarders look good - first one on the list is our gateway; then our ISP's DNS server - I've just added one for Google's DNS.
Proceeding to Firewall to change DNS settings there and then I'll monitor.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok - going to make that change now...
Firewall DNS settings are now pointing back to server .
Firewall DNS settings are now pointing back to server .
ASKER
OK - removed gateway as forwarder.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Since problems have been intermittent I'll watch for awhile to be sure. Ping commands between servers and between servers and gateway are no showing no lost packets.
nslookup queries are returning good results.
I'm going to do the rounds now since I'm on site to see the users who have had the most difficulty 9at least those who have complained most loudly and run the ipconfig /flushdns.
I'm feeling optimistic!!!
nslookup queries are returning good results.
I'm going to do the rounds now since I'm on site to see the users who have had the most difficulty 9at least those who have complained most loudly and run the ipconfig /flushdns.
I'm feeling optimistic!!!
Sounds good so far.
ASKER
Just lost internet again at our main reception desk.... the problem now seems isolated to the front of the office - proceeding to check hardware connections....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hope you don't mind sharing the points - wish I could assign more. You collectlively led me through to the solution.
RobWill - thanks for sticking with me right through the process - your last comment in particular isn;t something I would have thought of trying and is a handy diagnostic step.
Thank you all!
RobWill - thanks for sticking with me right through the process - your last comment in particular isn;t something I would have thought of trying and is a handy diagnostic step.
Thank you all!
You are very welcome, glad to assist and no problem at all with point allocation. I hope all is "resolved" :-)
Cheers!
--Rob
Cheers!
--Rob
Hi Rob,
Fortigate has a little function on its wan interface saying: "override Internal DNS". If that's set wrongly (And it is out of the box) you can have all sorts of strange behaviour. In short yes it does matter.
Glad you're OK LIsaa and thanks,
Olaf
Fortigate has a little function on its wan interface saying: "override Internal DNS". If that's set wrongly (And it is out of the box) you can have all sorts of strange behaviour. In short yes it does matter.
Glad you're OK LIsaa and thanks,
Olaf
Sorry I didn't realize that, very good information to have. How does it work? If the client and server are using the Server for DNS, does it block the outgoing DNS requests to the forwarder?
Yep and all internet traffic becomes intermittent.
Ipconfig/renew on workstations actually fixes it for a while and Windows 7 seems to be most affected.
Mind you, haven't seen the issue since Firmware 4-Mr2
Olaf
Ipconfig/renew on workstations actually fixes it for a while and Windows 7 seems to be most affected.
Mind you, haven't seen the issue since Firmware 4-Mr2
Olaf
Thanks olafdc. That is good information to have should I have to deal with one of these routers.
--Rob
--Rob
ASKER
Thanks Olafdc - I'm going to have another look at those firewall settings. We haven't been dropping connections in the last two days but I'm getting lots of complaints about the "internet seeming slow" - maybe there is a bit more tweaking I can do!
Is your modem in bridge mode? I should be.
Slow internet is usually Modem related.
Power Cycle modem?
Olaf
Slow internet is usually Modem related.
Power Cycle modem?
Olaf
Are these using the same domain name? You cannot do this and generally because of DHCP you cannot have 2 SBS servers on the same network with different domain names.
As for DNS all internal servers and PC's should point to your internal DNS server ONLY. You should not add anything else such as an ISP or even a router as an alternate. This addresses internal DNS name resolution. For external DNS you need to add your ISP or public DNS server to the SBS as a forwarder which should be done by running the CEICW (Connect to the Internet wizard.