[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Network routing problem

Posted on 2012-08-29
16
Medium Priority
?
788 Views
Last Modified: 2012-08-30
Hi Experts,

My problem today is, I have a client that keeps getting disconnected from exchange server and their database system. When i ran a trace i got some weird routes. I rebooted the computer and everything started working. So i ran another trace and noticed that I get the normal 1 route to the server.

Anyone have any idea what could cause all computers on the network to start rerouting across the network?

When it is working correctly the routes go from computer to exchange on 1 hop.

but when the computer suddenly reroutes it starts to go through 4 nyc.r.com routers then 1 tbone.rr.com router, then a 6 us.above.net routers, then a mgmt.phx2.gdg router then two timed out and finally a prod.mesa1.secureserver.net router.

Are we being hacked? or is there some other routing problem going on here?

thanks for any help or ideas that you can come up with...
0
Comment
Question by:mildogz
16 Comments
 
LVL 13

Expert Comment

by:xDUCKx
ID: 38346232
Is there a VPN client installed on the machine that was active?
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346255
no, there is not VPN clients installed on any computers. This problem happens on multiple computers on site.
0
 
LVL 15

Expert Comment

by:Robert Sutton Jr
ID: 38346259
Aside from the vpn question, we would need some more information on the running config, devices involved, and how you are capturing route changes as you state above...Please provide more info so that we may assist you further towards a resolution.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 22

Expert Comment

by:CompProbSolv
ID: 38346271
Is the Exchange Server on the same subnet as the workstations?  Your comment about "1 hop" implies that it is.

If so, check the ipconfig /all output on a machine when the mis-routing is occurring.  The output of that and a tracert to the exchange server would tell us a lot.
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346283
C:\Users\cstaas>tracert exchange

Tracing route to exchange over a maximum of 30 hops:

  1    13 ms     8 ms     9 ms  10.33.64.1
  2     7 ms    11 ms    20 ms  gig-0-3-0-5-nycmnyb-rtr02.nyc.rr.com [24.29.157.
186]
  3    15 ms    12 ms    11 ms  bun102.nycmnytg-rtr001.nyc.rr.com [184.152.112.1
09]
  4    20 ms    36 ms    23 ms  bun6-nycmnytg-rtr002.nyc.rr.com [24.29.148.250]

  5    11 ms    15 ms    16 ms  ae-4-0.cr0.nyc30.tbone.rr.com [66.109.6.78]
  6     9 ms     7 ms    10 ms  107.14.17.171
  7     7 ms     7 ms     7 ms  66.109.11.26
  8    21 ms    54 ms    33 ms  xe-5-1-0.cr1.lga5.us.above.net [64.125.30.205]
  9    35 ms    16 ms    14 ms  xe-2-2-0.cr1.dca2.us.above.net [64.125.26.97]
 10    52 ms    93 ms    51 ms  xe-2-2-0.cr1.iah1.us.above.net [64.125.29.37]
 11    61 ms    50 ms    51 ms  xe-0-0-0.cr2.iah1.us.above.net [64.125.30.66]
 12    74 ms    88 ms    76 ms  xe-1-1-0.mpr4.phx2.us.above.net [64.125.30.149]

 13    87 ms    70 ms    74 ms  209.66.64.6.t01121-04.above.net [209.66.64.6]
 14    76 ms    75 ms     *     po30.ibr501-01.edg.mgmt.phx2.gdg [208.109.112.14
1]
 15    79 ms     *       94 ms  po30.ibr501-01.edg.mgmt.phx2.gdg [208.109.112.14
1]
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18    79 ms    81 ms   110 ms  parkwebwin-v02.prod.mesa1.secureserver.net [68.1
78.232.99]

Trace complete. this is the problem routes.


Below is the normal routes after i restart the computers on site.

C:\Users\cstaas>tracert exchange

Tracing route to exchange over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  exchange


let me know if you need any more infor...
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346304
Exchange is on the same subnet... I also checked the IP address and noticed nothing changed when the problem is occuring. only difference is the rerouting. above is the tracert for when the problem occurs and after a restart when it is normal. Thanks.
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346328
I do notice one difference, When i try to ping the exchange server i get a different IP address
a public IP address from go daddy. 68.178.232.99

but when i reboot and get the connections back to normal I can ping the server and get reply's with the correct internal IP address of 10.x.x.x
0
 
LVL 22

Expert Comment

by:CompProbSolv
ID: 38346333
The output of ipconfig /all both with and without the problem would be useful.
0
 
LVL 22

Expert Comment

by:CompProbSolv
ID: 38346343
It appears to be a DNS problem.  Try nslookup exchange in both cases (working and not) and you'll see that there is a difference.

The IPConfig /all output will tell us what you are using for DNS.
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346402
ok guys here is the Normal IPConfig /all

C:\Users\cstaas>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Christian-PC
   Primary Dns Suffix  . . . . . . . : chambers.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : chambers.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : F0-4D-A2-ED-F2-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::eced:9af9:4b61:1255%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Wednesday, August 29, 2012 11:11:51 AM
   Lease Expires . . . . . . . . . . : Thursday, August 30, 2012 11:11:50 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 250629538
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1D-C4-02-F0-4D-A2-ED-F2-1B

   DNS Servers . . . . . . . . . . . : 10.0.0.21
                                       24.29.99.35
                                       24.29.99.36
   Primary WINS Server . . . . . . . : 10.0.0.21
   NetBIOS over Tcpip. . . . . . . . : Enabled


Below is the ipconfig /all when the problem occured.

C:\Users\cstaas>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Christian-PC
   Primary Dns Suffix  . . . . . . . : chambers.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : chambers.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : F0-4D-A2-ED-F2-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::eced:9af9:4b61:1255%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 28, 2012 3:13:25 PM
   Lease Expires . . . . . . . . . . : Thursday, August 30, 2012 3:13:26 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 250629538
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1D-C4-02-F0-4D-A2-ED-F2-1B

   DNS Servers . . . . . . . . . . . : 10.0.0.21
                                       24.29.99.35
                                       24.29.99.36
   Primary WINS Server . . . . . . . : 10.0.0.21
   NetBIOS over Tcpip. . . . . . . . : Enabled

thanks Mil.
0
 
LVL 22

Accepted Solution

by:
CompProbSolv earned 2000 total points
ID: 38346451
I am assuming that 10.0.0.21 is a local server that does DNS.  What is likely happening is that your workstation is asking it to resolve the address, it doesn't respond quickly enough, and the workstation asks 24.29.99.35 to resolve it.  That will give it an internet address and take the long route.

Change the DHCP settings to provide only the 10.0.0.21 address for DNS.  Aside from this particular issue, if you are on an Active Directory network it will resolve other potential problems as well.

If you have any workstations that have static IPs, make sure their DNS only points to the local server.

Lastly, make sure that the local DNS server only uses itself for DNS.
0
 
LVL 22

Expert Comment

by:CompProbSolv
ID: 38346461
Another note.....
You are using 10.0.0.1 as the DHCP server.  I am assuming that it is a standalone router.  If it is a high-end router then that could be a reasonable choice.  My personal preference (others suggest the opposite when using high-end routers) is to do DHCP on the Windows Server.  If your router is flexible enough, then it can be a good choice.
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346603
We using a sonicwall firewall which is setup for DHCP. I am going to try to setup a couple computers with static ips and only use DNS server ip. thanks i will let you know how this works.


Mil.
0
 
LVL 22

Expert Comment

by:CompProbSolv
ID: 38346654
I would put the sonicwall in the "high-end router" category.  Though my personal preference is still to use the Windows Server for DHCP, others here (who are quite competent) will argue for the router.  Either one can work well if configured properly.
0
 
LVL 1

Author Comment

by:mildogz
ID: 38346789
Thanks for the advice... I setup two computers with static ip addy's but only using the dns servers dns leaving out the other two. I will just wait to see if they continue to have any problems. I'll post an update later today or tomorrow. Thanks all.
0
 
LVL 1

Author Closing Comment

by:mildogz
ID: 38351259
Looks like it was a DNS issue, Thanks for pointing me in the right direction Comp.

after assigning a static address and removing the additional 2 dns entries the problem gets resolved. I removed those dns entries from the firewall only leaving the dns server IP as advised by CompProbSolv

Thanks CompProbSolv
 points granted.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month20 days, 14 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question