Solved

ONLY Window 7 disconnecting from Network

Posted on 2011-09-15
42
512 Views
Last Modified: 2012-10-31
1 internet connection DSL/Cable
1 domain1 Server with Windows server 2003 Standard
10 computers – 5 has XP professional and 5 Windows 7
Symantec Anti-virus 11.06

PROBLEM
On any given day on a random time all the Window 7 PC’s losses network connection while the XP’s have no problems.  Ipconfig shows they still have their IP Address but cannot ping neighbor PC's or server but can ping themselves and the router when the problem starts.  They can ping others when problem is not present.

Steps already taken
1.  Window updates on Window 7 computers, seems to have helped at that moment but a week or so later same problem.
2.  Switched locations with Windows 7 PC’s and XP PC’s.  didn’t help.
3.  Thinking there may be a babbler NIC card/PC on the network, all Window7 pc were turned off 1 at a time to see which PC is babbling (but even with that why only window7 pc’s get affected?)

QUESTION
Why is it that ONLY Windows7 PC’s are affected?
0
Comment
Question by:Robert3rd
  • 16
  • 5
  • 4
  • +9
42 Comments
 
LVL 1

Expert Comment

by:JavaGuy78
ID: 36545391
My first thought would be to reinstall the driver for the network controller. If the computers are using the microsoft drivers, installing the drivers from the manufacturer may resolve the issue. In my experience, the microsoft drivers only provide super basic functionality which may not be adequate for the actual hardware.
0
 
LVL 30

Expert Comment

by:ded9
ID: 36545466
In device manager check nic properties...check the power management tab for NIC ..uncheck all the options and check.



Ded9
0
 

Author Comment

by:Robert3rd
ID: 36561969
any other ideas?
0
 
LVL 30

Expert Comment

by:ded9
ID: 36561992
Do you see any error in event viewer


Ded9
0
 

Author Comment

by:Robert3rd
ID: 36562058
I have not checked.  i am not onsite much with this client
0
 

Author Comment

by:Robert3rd
ID: 36719160
no errors in the event viewer, Driver provider is the manufacturer of the network card and not microsoft.  I had them turn off the option to turn the adapter off in the power management tab.  I am setting up 1 of the 5 windows 7 pc to have static IP address (just to check if it will also have problems when the other 5 disconnects)  currently all 5 pc's are working able to see domain resources and able to browse the internet.  sooner or later all windows 7 computers will disconnect again at any given moment for a random amount of time from 5 minutes to 2-3 hours.  and when 1 goes all 5 goes.  
0
 
LVL 30

Expert Comment

by:ded9
ID: 36813165
Monitor the computer in safe mode with networking for some time...check for any disconnection.



Ded9
0
 
LVL 30

Expert Comment

by:ded9
ID: 36813181
Start wired autoconfig service and check.

You must be logged on as an administrator to perform these steps.

To complete this procedure, you must first enable the Wired AutoConfig service, which is turned off by default.

    Click the Start button Picture of the Start button, and then, in the Search box, type services.msc, and then press ENTER. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    In the Services dialog box, click the Standard tab, right-click Wired AutoConfig, and then click Start.

    Open Network Connections by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then clicking Manage network connections.

    Right-click the connection that you want to enable 802.1X authentication for, and then click Properties. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Click the Authentication tab, and then select the Enable IEEE 802.1X authentication check box.

    In the Choose a network authentication method list, click the method you want to use.

    To configure additional settings, click Settings.





Ref
http://windows.microsoft.com/en-IN/windows-vista/Enable-802-1X-authentication



Ded9


0
 

Author Comment

by:Robert3rd
ID: 36816240
just asking, the procedure above would help NOT disconnect to the network?  How?  I setup Static IP address on one of the PC's.  When the problem came back all window 7 pc's again went off line, including the one with static IP address.  but if you reboot the PC it recovers.  before you reboot it, you can ping the router but not the server (DNS) even with its ip address.  If you type IPCONFIG /flushdns it will also fix the problem.  
0
 
LVL 30

Expert Comment

by:ded9
ID: 36816358
If possible monitor one computer in safe mode with networking.



Ded9
0
 

Author Comment

by:Robert3rd
ID: 36931384
I am only assuming to say that safe mode will disconnect as well.  I looked at the server and it is configured to team the 2 built in NIC on the HP ML330 G6 server.  after staring at the properties i saw NIC1 getting an X because it was periodically disconnecting from the network.  NIC2 was fine but NIC1 cuts on and off.  Thinking i had figured it out although in the back of my mind i still ask WHY ONLY WINDOWS 7 is affected.  i thought maybe its just more sensitive to the fact.  I then dissolved the team actually unplugged NIC1, but this morning, same thing.  All windows 7 lost connection to the network and the XP's didnt.  We also flashed the firmware of the switch.  I have been in contact with HP and they told me to flash the firmware of the Server's NIC.  I will do that tonight.  but even after i have done that the question still remains WHY ONLY WINDOWS 7.  Lets say i booted up a PC with windows 7 in safe mode with networking, whether it stays connected or it doesnt what will that really tell us?  (not trying to challenge your way of troubleshooting but just wondering what will it tell us) keep in mind the 5 XP pc's stay connected and 5 Windows 7 pc's disconnects all at the same time.  sometimes rebooting the win7 reconnect sometimes it doesnt.  
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 37065015
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:Robert3rd
ID: 37065013
I dont have a definitive answer yet.  None of the suggestion is working.  another problem is the situation is intermittent.  There was an external USB drive attached.  we removed it Wed Oct 23rd.  since it has not disconnected the win7's.  but why would a USB external drive (does backups) disconnect only win7 PC's
0
 

Author Comment

by:Robert3rd
ID: 37065016
please dont close yet
0
 
LVL 3

Expert Comment

by:mightyquinn889
ID: 37079120
I have alot of mapped drive issues with Win7 PC's in a Server 2003 domain.

One thing to try is go to Control Panel- Find and Fix problems- change settings- Computer Maintenance- turn off

when turned on it will disconnect the mapped drives after a while of inactivity
0
 
LVL 21

Expert Comment

by:mcsween
ID: 37079154
Do you have any IPS systems on the network?  It could be seeing something the Windows 7 computers are doing as a threat and dropping them from the network.  This would explain why you can ping the gateway and nothing else.
0
 
LVL 15

Expert Comment

by:markdmac
ID: 37079155
Make sure the NIC is set specifically to GB Full speed or to 100 MBps Full Speed.  If set to Auto and your switch is also set to auto they can fight each other.

Have you checked when a machine loses connection if it still has an IP address?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37079280
GB has no other setting, it's 1000/FD and cannot be changed (that is part of the spec, it's either 1Gb/FD or it's 100/something or 10/something). Nonetheless. I'm curious if they all go out at the same time and for the same duration... if so, perhaps a network sniffing software can be installed on a system that has a lot of free space. If you can look at the time stamps of when the issue happened and the timestamps in the packet captures, perhaps you can find something "piniging" them to death or sending some crafted packet that knocks them off.
I assume you've tried a new NIC? perhaps you got a batch of bad ones in a hardware run from dell, assuming they are all the same kind of pc's. Can a windows7 "problem" pc have it's HD removed for a day and the user have an XP image used? It doesn't sound like wiring, but it may be best to replace the cable from the PC to the wall/switch. Has the switch been looked at for errors in it's logs or on the interfaces in question?
-rich
0
 

Author Comment

by:Robert3rd
ID: 37079506
IPS as in intrusion prevention systems?  None installed.  let me check what the speed is configured for the NIC.  1g or 100m or 10M.  

0
 
LVL 30

Expert Comment

by:pgm554
ID: 37080014
Sounds like a switch.
You got any spares laying around?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 15

Expert Comment

by:markdmac
ID: 37080073
I would disagree that the switch is the problem if this is affecting multiple Windows 7 machines.  More than likely it is related to Auto-Negotiate.  Explicitly setting the value on the workstation will prevent the negotiation hailstorm.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 37080264
You should not have to manually set duplex on any modern switch or NIC these days.

If you have to,I would drop that vendor in a heartbeat.

I haven't had to touch a duplex setting in 7 years and that was because a software bug in an HP Jet Direct would default from auto to 100 mb FD and cause dropped packets after it cam out of sleep.

Easy way to test is to reboot the switch if this happens again.
If the issues go away,it's the switch.

Setting duplex manually is asking for trouble and should be avoided.
0
 
LVL 69

Expert Comment

by:Merete
ID: 37080408
recapping>another problem is the situation is intermittent.  
>> we removed it Wed Oct 23rd.  since it has not disconnected the win7's.
>> but why would a USB external drive (does backups) disconnect only win7 PC's <<
Make sure the power settings in Windows is not set to power down the drive
Open the network sharing centre from taskbar icon then on the left > change adapter settings
then open local area connection, left click it then> click on properties>then configure> then power settings
If the power settings are set to turn off adapter may disconnect the network
may or may not related.
adapter-power-management-2.jpg
0
 

Author Comment

by:Robert3rd
ID: 37083021
pgm554 - we actually switched the switch.  we also updated the original switches firmware cause i read somewhere it may have issues with win7.  and even if it was a switch issue shouldnt ALL pc's connected to that switch have issues?  it was only disconnecting Win7 so that is what's killin me.  all possible fixes i think about is being ruined by the question "why only win7".  

Markdmac - i tried to see what is the NIC settings as far as connection spped or if its set for Auto.  But i cannot seem to find that configuration screen which tells me it is unconfigurable.  I have played with that config before but a few years ago, I dont think that menu is now available.  

Merete - Yes I have done that already.  

ALL windows 7 machine randomly disconnects from the network ALL at the same time.    
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37083121
You've tried "new" NIC's (PCI or PCI-e) instead of the motherboard NIC? If they are disconnecting at the same time, then you should be able to sniff out the problem with wireshark, if not, I'd have no idea where to look. It's curious they are doing it at the same time, I wonder if some scheduled task like an AV update, M$ update is causing it... but I'd install wireshark on a machine and see if you can see what packets it's seeing at the time of these incidents. You can set them up to record to multiple files and limit their size so you don't fill up the entire HD, but the typical machine won't use that much bw during the day so you should be able easily log all packets.
Attached is a image of some wireshark settings that will log to 10Mb files, 2000 times (20Gb of data max) which is going to be more than enough me thinks. Files would be named "phantom-timestamp-here.pcap" with different timestamps for each file name.
-rich
phantom-pcap.PNG
0
 
LVL 15

Expert Comment

by:markdmac
ID: 37083239
Robert3rd, right click a NIC and choose properties.  Click the Configure button, Click the Advanced Tab.   Select Speed & Duplex.   Select 1000MB Full Duplex as shown in my screen shot.

In my experience Dell systems with the Broadcom NICs have problems with Auto Negotiate.  We typically upgrade all Dell servers with Intel cards to avoid NIC problems.  Are your Windows 7 desktops Dell?
NICspeed.PNG
0
 

Author Comment

by:Robert3rd
ID: 37083276
rich rumble - no i didnt try new nic for there are 6 different windows 7 pc that all are disconnecting at the same time.  3 laptops and 3 desktops.  so i am looking at the big picture here rather than individual PC's.  

WHY ONLY WIN7, why all at the same time?  Why the XP machines stay connected.  When all WIN7 disconnects they all still have their ip address cause you can ping itself and the router only, cant ping the server or any other pc in the network.  
0
 

Author Comment

by:Robert3rd
ID: 37083303
markdmac - yes i believe they are all dell, including the XP's. (i am not onsite) and AH yes of course i missed that one.  let me try to see if that helps, Now the switch port is probably also set for auto right?  will i have to mess with that?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 37083524
That's why I wanted you to sniff, to see if you can find something going on the network that is affecting only the win7's. Since your using diverse hardware, laptops and desktops, I'd rule out the NIC's being bad then, seems far less likely now. There are things that affect one os and not the other, so that is the other reason to begin sniffing, looking for a flood of RST packet's or some call to a malicious IP or rouge subnet that windows is turning the firewall on for. I'm getting more curious, is it really windows 7, or is it just your build? Can you locate a win7 machine (perhaps personal) that comes from different media/sources... It's just a thought.
-rich
0
 

Author Comment

by:Robert3rd
ID: 37083603
they were not bought all at the same time or the same place so its unlikely to have the same build although not impossible either.  We normally do win updates or even auto updates.  one of the problems i have is i am not always onsite too, and looking at it from either remote access or thru someone elses eyes.  

Wireshark is that a freeware?  only i would know how to read the results of it.    
0
 
LVL 4

Expert Comment

by:ZephyrTC
ID: 37083676
Too much to read here, so I apologize if this has been said yet.

I have personally seen this issue in a domain with windows 2003 server and windows 7 workstations.  The solution was to simply disable Internet Protocol Version 6 (IPV6) in the network card on the windows 7 machines.

This can be done by going for the properties for the adapter and unchecking "Internet Protocol Version (TCP/IPv6)".
0
 
LVL 15

Expert Comment

by:markdmac
ID: 37083685
Robert3rd, yes WireShark is free.  The problem that I have been describing is an issue with those Dell Broadcom NICs where they fight when both sides are set to Auto.  Your switch is probably set to Auto and that is OK as long as the PC side is set to the maximum speed that the switch supports.
0
 

Author Comment

by:Robert3rd
ID: 37083846
ZephyrTC - yes already done that

Markdmac - yes i googled it and lot of hits to download all free.  I havent heard from my customer in about 5 days now since they pulled out the USB HD backup device on the server.  Dont know if that has anything to do with it.  (doubt it but at this point anything is possible)  Which is not doing anything during the day when win7 does disconnect.  I will check out the NIC speed and set it appropriately in relation to the highest speed the switch can accomodate.  Dont know if i can get into the switch to change the port settings but as you said it should be ok on auto.  I wont do this till it goes down again.  But i like our chances.  i will download the wireshark also if it goes down again.  I dont want to touch anything yet while its working.    
0
 
LVL 30

Expert Comment

by:pgm554
ID: 37084046
>Symantec Anti-virus 11.06


That's not the Endpoint product is it?

If it is,that's your problem.


http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_27194334.html
0
 

Author Comment

by:Robert3rd
ID: 37084155
yes it is symantec endpoint protection 11.06.  your example thou is XP disconnecting to 2008 servers.  mine is window 7 disconnecting to 2003 server and XP stays on.  All XP stays connected while ALL window 7 disconnect all at the same time.  I have also built the same enviroment on my other clients that has no problems.  I have been working with Symantec for quite some time now and besides maybe being a resource hog (MAYBE) i have not had any issues with it that i couldnt resolve.  But i can certainly put your input to the test and uninstall on one of the computers IF it goes back down again.    
0
 
LVL 30

Expert Comment

by:pgm554
ID: 37084348
I have a few other examples in my answer history with Sym,but the prevailing thread is it's not a very good product.
I just recently spent about 4 hours on a Trojan that it missed at a customers site..

I ran the free M$ Security Essentials and it found and cleaned up the mess that Symantec left.

If you want a decent free one,try the M$ freebie.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37084392
It's free (MSE) to a point, 10 computers max, then you must license it. Also restrictions on "Enterprise" versions of Windows http://windows.microsoft.com/en-US/windows/products/security-essentials/eula

Nonetheless, it could be Symantec, or something else, like i mentioned, if it's happening at the same time, there is something like an Update check that is scheduled at the same time and triggering it.
-rich
0
 

Author Comment

by:Robert3rd
ID: 37084637
PGM554 - actually my home computer caught something SEP 11.06 cant seem to remove.  and i did uninstall and install essentials.  ran a scan and appeared to have found a few things that i asked it to remove.  never had a pop up warning again.  I'll give essentials that.  Some anti-virus works better than others on certain virus, to me they are pretty much equal.  its all a price thing from there.  the top 5 or 10 anti-virus i would say is not far apart from each other.  i like essentials too but i always worry about the free stuff

at this point i am not ruling anything out.  maybe its a combo of things.  I just got an email from my client and says its been a week we havent had a win7 disconnection since we pulled the USB ext drive out the server.    
0
 

Author Closing Comment

by:Robert3rd
ID: 37215733
thanks much everyone
0
 

Expert Comment

by:jjetc1
ID: 38554352
We had  this exact same problem in our network the dhcp was being provided by the Router/firewall device.  It was an ZyXel security appliance. After changing it out for a different device the problems went away.  The ZyXel needed an update which was not available at this time.  We installed an older Symantec SG 320 and everything works fine.  Seems to be a compatibility issue with windows 7 and the Zyxel Router/Security Device in our case.  Zyzel support could not resolve the issue either.  I believe the router that gave us the issue was a ZyWall 200 but do not have access to get the exact model number since it has been removed from the premises now.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now