Only 10 internet connections for a domain?

Posted on 2011-10-14
Medium Priority
Last Modified: 2012-08-13
We have a Windows Standard Server 2003 AD domain with 14  client XP Professional computers. Each day we turn on the computers and find the last 4 computers we turn on  (we've tried turning them on in different orders, it doesn't make a difference) take 5 - 10 minutes "Applying computer settings" and then do not have the ability to view web pages. All clients are able to ping the AD & DNS server and are able to successfully ping external domain names via the command line. All 14 clients are able to run client/server applications and view the network. Is it possible that CALs are limiting the connection to the internet on 4 computers? I know we have 10 CALs (per server mode). Any ideas would be greatly appreciated.
Question by:GnDurango
LVL 99

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points
ID: 36971793
It is best to have as many CALs as you do users, and in this case, I would add another 5 (1 pack).

Do you have a firewall type router that limits you to 10 connections. I have seen that before at clients.

.... Thinkpads_User
LVL 10

Expert Comment

ID: 36971794
What firewall/router do you have? I would start looking there.
Are you running a proxy server of any sort? (Licensed for 10 users perhaps?)

Author Comment

ID: 36971828
We do have a Cisco PIX 500 firewall in place. I was assured it does nothing more than create a secure tunnel for specific file transfers from another site. The other site will not allow access to the PIX configuration. I'm attempting to rule out everything else before jumping into that bureaucratic nightmare. I'm afraid that may be the cause however.
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

LVL 97

Expert Comment

by:Lee W, MVP
ID: 36971928
I would suggest you remove the firewall and go straight to the internet with a cheap router FOR TESTING ONLY.   Just to be 100% certain it's not some kind of router/firewall configuration issue because this sounds a LOT like a firewall/router limitation on some older models.
LVL 37

Accepted Solution

ArneLovius earned 1000 total points
ID: 36972567
If its a PIX 501, I would agree with Thorrsson and leew and guess that it is only licensed for 10 hosts.

If you ask the people that manage it to do a "show ver" it will probably look like this

Cisco PIX Firewall Version 6.3(5)145
Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 24-Jul-08 15:27 by root

pixfirewall up 2 days 20 hours

Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0012.80e6.f765, irq 9
1: ethernet1: address is 0012.80e6.f767, irq 10
Licensed Features:
Failover:                    Disabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces:          2
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                10
Throughput:                  Unlimited
IKE peers:                   10

This PIX has a Restricted (R) license.

Serial Number: <redacted>
Running Activation Key: <redacted>
Configuration last modified by enable_15 at 15:13:20.212 BST <redacted>

Open in new window

The key part is the "Inside Hosts:"

Author Closing Comment

ID: 37033149
Thanks everyone. It was definitely the PIX firewall's limitation. Replaced with a new firewall and all is well. Added 5 more CAL's as well, though that was not the issue.
LVL 99

Expert Comment

by:John Hurst
ID: 37033167
Thank you. I was happy to help and thank you for the followup. ... Thinkpads_User

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question