XP Pro workstation intermittently cannot browse the internet


I help out with a small office (5 users, currently connected to a Server 2008 R2 DC).  In the past month, one of the users has begun to intermittently have times when she cannot browse the internet.  The pages 'time out' (her words, I am not at the site during the day).  Rebooting doesn't seem to help-- the problem just resolves itself after a period of time and she is able to begin browsing again.  During these times, there are no entries logged in the event log.  It doesn't appear to be a network connectivity issue, at least from the workstation's point of view.  There are also no associated errors logged into the server during these times.

She is using IE 8.0 on an XP Pro SP3 machine, connected to a Server 2008 R2 domain.  There is a Cisco ASA 5505 Firewall (licensed for 10 users) acting as the firewall and gateway for the office.  DNS is supplied by the DC.  I have the workstation set to static networking.

We have been making some changes in the past two months, and the timing of the changes to the beginning of her browsing problems makes me suspicious, but I can't find any concrete evidence anywhere.

6 months ago - network was on an SBS2003 server, using the ISA firewall packaged with SBS.  We uninstalled ISA from the server and installed a hardware firewall as the new gateway for the domain.  I removed the ISA clients from the workstations, reset their proxy information on each client's browser, and pointed the client gateway's to the new ASA 5505.  The ASA has a 10 user license, and we have 6 pc's, 1 server, and two printers which have gateways configured, for a total of 9 nodes.  Everything seemed fine at this point.

2 months ago - installed an additional server on the network to begin the transition from SBS 2003 to a Server 2008 DC.  Now have a total of 10 nodes on the network.  No issues reported.

1 month ago - transitioned to the Server 2008 DC.  Migrated files to new server, performed the transition according to MS guides.  Server 2008 is now acting DC, and SBS 2003 is decommissioned.  Client workstations are now pointed to the Server 2008 for their DNS information (and DHCP where appropriate).  It was somewhere in this time period that this one workstation began to intermittently have problems.

An important note is the fact that it is only this one workstation that is experiencing browsing problems.  The others are unaffected.

Because there are no network connectivity errors being logged into the client's event viewer, my initial thought is that I had some sort of 'rogue' device trying to access the internet from time to time, and we were exceeding our license count on the ASA.  I uninstalled the gateway information from the two printers to be safe, which gets me down to 8 nodes on the network... but she is still having issues.

Even though there are no DNS errors being logged in the DC, I thought that we were possibly having some sort if intermittent DNS resolution issue on the workstation, so my next step was to remove the dynamic addressing from the client and statically set the IP, gateway, and DNS information.  Still intermittently having issues.

The last thing I have tried was adding an external DNS server to the client DNS list.  The preferred DNS server is the DC, the secondary is the external DNS server from ATT.  Still having issues.

At this point, I am stumped.  Does anyone have any thoughts on how I would go about resolving the issue?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Start at the Physical layer and try the following to see if the problem goes away

1. Change the port the user is connected to (Maybe a bad port on the switch)
2. Change the cable both in the server closet and on the computer
3. Replace the network card or upgrade the driver
meelnahAuthor Commented:
good tip... since I wasn't seeing any connectivity issues at the worksation event log, I disregarded the obvious stuff.  I do get guilty of overthinking things now and again!

I will post back when I see some sort of result.  May be a couple days because of the inconsistency of the problem.
Is it at the same time every day?  

When this happens, can the station ping the DC? (if so, that would indicate that the station is fine for network connection and it's getting sidetracked somewhere else)

When this happens, can you get an ipconfig /all for that interface?  That would verify that the settings are as you've set them (you said you put it to all static, so there should be no reason it would change now... but it's a good check nonetheless just to confirm)

While it's happening, try pinging one of the sites she's trying to browse to and see what IP address comes back (if it can get there).  Try nslookup to make sure that the station can see the dns server and that the dns server is able to look up that address.

I guess a good first step would be to see exactly what "times out" means, too.  Is there a specific error code being returned that would help to direct the troubleshooting...
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

You could monitor her connection using wireshark and see what is happening with the traffic when she is unable to connect. I think thatwould give you the best shot at finding the issue
meelnahAuthor Commented:
update... thought we were in the clear, but the user is again having issues.  Unfortunately, she was 'too busy' to troubleshoot with me, so it's on the back burner for the time being.

I will update when I have more info... thanks!
meelnahAuthor Commented:
Sorry for the delay, but she had been working fine for the past few days (really intermittent problem!).  It happened again today, and I was able to verify that all internal traffic is ok, but pings to anything external fail.

At this point I logged in to the firewall (Cisco ASA 5505) and had her attempt to ping an outside IP and was able to capture a message stating 'Deny traffic for protocol 1 src inside: dst outside:, licensed host limit of 10 exceeded'.

So the ASA is saying I have too many active nodes inside, and is blocking traffic per our user license.

The odd thing here is that I have only 7 computers (5 workstations, a server, and a Mac security) on the network.  There are also two printers which are networked, which brings me to a total of 9 total nodes.

I went to the Mac and the two printers and removed the gateways from their network configurations, so they shouldn't be capable of accessing the internet.  However, I am still being blocked, always at this workstation.  I am thinking I must have some rogue devices accessing the wireless... unless the cisco is blocking additional access based on the number of lan-side hosts, regardless of whether they are accessing the internet or not.

Any ideas how can resolve the situation?
nsonbatyManager IT Service DeskCommented:
when the problem happend run show local-host command, and send the output

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nsonbatyManager IT Service DeskCommented:
and show activation-key too
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.