Server 2003, XP Worksta’s - network slow after ISP change

Server 2003, XP Worksta’s - network slow after ISP change
Following in the footsteps of others with issues in network speed I too have been suffering from degradation in speed after switching ISP’s.
Server 2003 SP3, uses AD, 6 SCSI disks RAID2 split into 3 drive letters- Disks are about ¾ full and are defragged and cleaned weekly. AV is Symantec on the server, running different AV on Workstas.
Level3 ISP, Altatel Metro Switch @ 100Mbs Full Dup, Fortinet Firewall stateful packet inspection, followed by Cisco SG200-26 port switch using default ip on network (scheme 192.168.x.x)
XP Pro Sp3 (HP EliteWB 8730W) patches applied, NIC set for 100Mbs FD, all hard wired to network via Cat5e cable installed by certified installer.
Over the last few years we used Verizon as ISP, but after several problems with their billing we got fed-up and decided to go with a different provider. During this time we only had a T1 connection, with very few issues in network speed (we used Verizon DNS settings on the firewall in DHCP), however, after changing to Level 3 (buying a 10Mbs circuit) we have had dramatic changes in speed in file transfers Large files 1gig take almost an hour to move from worksta to Server share). I verified the switch settings with the L3 engineers, then had the Fortinet engineers assist in changing setting in the firewall, then since the old switch was a Netgear dumb hub (10/100) I installed the Cisco 10/100/1000 switch. Verifying that the speed at the switch was correct, I connected a laptop to the Alcatel tested the speed (10mbs up and dwn) then moved to put the firewall in the loop (speed dropped a little on the up load to 6mbs, 8mbs on the dwn), then inserted the switch testing again (speed drops to about 1mbs upld/8mbs dwn).
I doubled checked DNS (no WINS servers), the NIC speed, added a DNS for L3 of, as secondary, primary is, and still files of over 1gig take close to an hour.

I would be happy to treat someone to a steak dinner if you can help with this (as determined after the fix)
Who is Participating?
smckeown777Connect With a Mentor Commented:
Hi, confused by this line - added a DNS for L3 of, as secondary, primary is

You shouldn't have external DNS servers listed on any internal DNS scopes for a LAN - is this how you always had this setup?

Also changing ISP's should have no affect on internal LAN speeds at all I wouldn't think, unless somehow the traffic from a workstation to the server is passing through the router(which again shouldn't be the case since you have a switch on the inside)

This is a domain yes?
DNS is pointing to the ISP correct or is it attempting to resolve at your old ISP?
Thomas GrassiSystems AdministratorCommented:
Do you run DNS on the windows 2003 Server?

Can you post some ipconfig /all from the server and a few computers?

Also try nslookup on an external source

Also try tracert from the computer to an external source

Post results of all the above

I like my steak med rare LOL
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tech_GeorgeAuthor Commented:
1. The L3 is the ISP thier public DNS numbers are, and 4.

2. I have always used the external DNS numbers even in the previous configuration which worked well. Only after changing ISPs did this slowdown begin.

3. Here is  some Ip info from a wkrsta
Physical Address. . . . . . . . . : 1XXXXXX
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

and info from a server
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BCM5703 Gigabit Ethernet
   Physical Address. . . . . . . . . : XXXXXX
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :

tracrt to google example

Tracing route to []
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms
  2    18 ms    24 ms    18 ms []
  3    28 ms    19 ms    18 ms []
  4    18 ms    18 ms    40 ms []
  5    19 ms    19 ms    19 ms []
  6    23 ms    36 ms    19 ms []

  7    19 ms    19 ms    19 ms []

  8    19 ms    24 ms    19 ms []
  9    20 ms    20 ms    20 ms
 10    20 ms    20 ms    20 ms
 11    53 ms    37 ms    55 ms
 12    41 ms    41 ms    41 ms
 13    40 ms    40 ms    55 ms
 14     *        *        *     Request timed out.
 15    40 ms    40 ms    56 ms []

Trace complete.

and you can have a steak any ol way you want it - once this is resolved - ill get your info and you get a gift card to your favorite steak house  :)
The workstation and server are showing the same IP info - is this a copy/paste mistake?

Also including an external DNS entry on internal clients is not recommended - leads to DNS issues etc which in turn can lead to slowdown issues...which is what you are experiencing...

Anyways how is this network configured? I mean are the workstations and server all connected to the same switch - which in turn is then connected to the firewall/router?
Ah I see you fixed that!!

I can't see how your domain is functioning since the server has external DNS entries - I'd be suprised if you weren't having issues with active directory running at all in this setup...

The server (if it is the DC) should be pointing to itself as a primary DNS and no secondary - is this a DC or have you multiple servers?
Tech_GeorgeAuthor Commented:
Yes i edited it right after I posted, sorry flying fast fingers.

The server and all workstas are connected to the cisco (which is doing nothing but passing traffic to the firewall) the firewall does some DHCP, but most workstas are hard coded to an IP address. We point the DNS to the external server at Level 3 communications (which has always been the case, in the previous config with Verizon).
Tony GiangrecoCommented:
I would check DNS on all servers and workstations and firewall, Have them flush and register dns and verify no workstation has the old ISP's dns hard coded.
Thomas GrassiSystems AdministratorCommented:
run these

Ipconfig /flushdns
Ipconfig /registerdns
ip's (server and workstation) are the same, please supply the correct ip data

if the server and workstation are on the same subnet, could you try removing te gateway ip on the workstation for testing purposes and copying the file afterwards?
dns option, try changing dns ip setting on server from to
second, how are you copying (dns name or ip) ?
Quick test to see if this is DNS related...

From the workstation map a drive to the server using \\\share instead of \\server\share

Then copy the same large file you've been using to the mapped drive
If this goes normal speed(i.e. doesn't talk an hour) then you have a DNS issue

With external DNS entries on your server, resolution on the LAN can't take place(since external DNS servers will not know anything about your internal network)
That's why on a LAN you are only supposed to use an internal DNS server address...

The server you are using - is this a member server or a DC?
vivigattConnect With a Mentor Commented:
I think DNS is out of the game. It can slow name resolution, but when the name is resolved, then the hosts use IP addresses and no DNS request are emitted anymore. The transfer of a 1GB file is a very good test as far as I can tell

Things I would do:
- Enable full flow-control (Rx and Tx Pause) on the complete path (host-switch-routers-switch-host): if the slowest node which speed is 10Mbps can't tell the sending host to stop sending packets at 1000Mbps while the slowest host processes the received packets, what would happen ? Ther would be retries, resending etc and this can cause very bad interactions.
- Upgrade firmwares (switch, routers) and drivers (hosts)
- Study logs and diags on the swicthes and routers, pay a particular attention to dropped packets, errors, collisions
- Try to transfer the files using another protocol (ftp, http, scp...) and see it this is any better. If so, there is a lead for some tuning on the slower protocols.
Tech_GeorgeAuthor Commented:
Ok, I have tried the drive mapping 192.168.x.x.\folderxxx  to see if a file copy would take the same time. It still took 198 minutes to copy a 1 gig file all on the same network segment.
I did run the flush on the DNS before I tried this

Ok thanks for the update

Vivigatt might be on a better path possibly
Try FTP instead, avoid Windows-specific protocols if you can.
My other leads should also be studied.
Gerald ConnollyCommented:
Since you changed the switch have you checked things like jumbo packets etc?
Tech_GeorgeAuthor Commented:
Sorry I have been out with the flu-
I was test the net work today- tried to use cute ftp to connect to other computers. I could not get the other computer to accept the connection even using the DOS command set.
However, I did try this- I removed the static IP address in one of the computers, then flushed DNS, then connected to the server (has a static IP) and was able to move a 1 gig file in less than 4 min.  I then tried to browse to another computer using explorer, but could not see other computers that I setup to receive DHCP.

Somehow this issue is related to DHCP and DNS I think. The firewall is set to do DHCP for the network, I checked to make sure that the main server was not issuing DHCP addresses as well.  

Any ideas
To determine where a computer is getting its IP from just run ipconfig/all

In the output it will show the address of the DHCP server it received its address from - so if that address isn't your firewall then you have another DHCP somewhere in the network...
I don't think DNS or DHCP can slow down a file transfer once the DNS names have been resolved in IP addresses.
However, the routes that packet takes can be involved.

Moving a 1GB file in approx 3 minutes is the kind of result you would expect from a 100mbps LAN. But if the packets are routed incorrectly and cross over the routers when they should not, this could very well explain your problems.

I suggest you use traceroute command (tracert.exe in Windows world) to determine which path your packets take from your XP computer to your server.
Compare tracert outputs from Wksta to Server and from Server to Wksta in the situation where the results are not correct (too slow) and in the situation where the results are correct.
Copy and paste the outputs here, we will try to see if there is something we can understand from them.

PS: Have you set/configured yourself your ftp server before using an ftp client? If so, what
ftp server did you use? I still think that you should make some tests with another protocol. If I understood correctly, you are trying to copy a file from a Windows share to a local folder, using SMB/CIFS protocol (the "file system network protocol" in use with Windows). Knowing if another protocol makes any difference would be a very valuable information for understanding your issue.
Tech_GeorgeAuthor Commented:
Ok here is a tracert from the computer that is using DHCP


Tracing route to over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms

Trace complete.

Now here is the same computer but using the \\computer\  format
C:\>tracert \\THING1\F$
Unable to resolve target system name \\THING1\F$.

I tried to then go to the target computer and tracert back to the .66 computer- it seems to time out without ever reporting back the route.
Still I do not see/or can access the computer using explorer.

Name resolution issue (but this does not explain the slowness when using IP addresses).

I don't thing you have routing issues, otherwise, the first tracert would not work.
Concerning the fact that the "tracert back" does not work, I would suspect that your firewall prevents ICMP echo (pings/traceroute) on the .66 computer.

Name resolution under Windows is a mess.
Normally, it should fail-back to broadcast resolution by default, but it sometimes does not.

Make sure that your your clients are set to be hybrid nodes (check and  . If you use DHCP, set the node type, DHCP option 046, to 0x8 = H-Node, which means hybrid)

Using a WINS server might help

DNS resolution should work too if you have a local dns properly configured. If you are using Active Directory, you have a DNS (PDCs are DNS too for instance).

What you may be missing is the domain name to add to DNS search.
Check these articles:

And if you have a DHCP assigning IP configuration, using the option 015 for adding the connection specific suffix is a good idea

option 119 allows a list of suffixes to be set, but not all Windows support that.
Also note that when manually configured, the DNS suffixes that are manually configured are used and the DHCP provided ones are ignored.

You can also use Policies to set the DNS suffix, but that's more complex.

One thing that can really cause a mess with DNS name resolution is if you have a public domain with public DNS entries ( and your Active Directory domain is also ! Then name resolving between public and local entries will be a mess. But I guess this is not your case.
I'll come back to my original point...from your tracert/ping tests you can see that name resolution is failing - I still say this is due to the fact that you are using PUBLIC dns server ip's on your internal scope - this is not good design no matter what else is wrong...

To fix this you need to do a few simple things...

1) What server is your DC? That server is running DNS by default
2) Point your client machines(and server's) Primary DNS entry to that DC
3) Remove any Secondary DNS entries from client machines(unless you happen to have multiple DC's in your environment)
4) On your DC in the DNS Management console, right click the server name, select properties, look for the Forwarders tab - in there you add(if nothing is listed) your EXTERNAL PUBLIC DNS server IP's - i.e. the ones you are currently assigning to your client's

Now DNS will start to function like it should...and name resolution will kick in fairly quickly

Having said that(and hopefully fixed your resolution issues) I'm not saying that will fix ALL the issues, but without proper resolution on your LAN you will still have issues...

As for the times its taking to transfer these 1GB files - what type of switches do  you have? Managed? Unmanaged?

I'll guess they are unmanaged, in which case we've no stats to help with diags(managed switches you can obviously log into and observe port statistics/thruput/errors/etc)

Next question - the client machine you are transferring the 1GB file from and the server you are transferring to? Are these machines on the SAME switch? Or across 2 different switches?

If they are on the same switch(the Cisco I assume?) then its 1000MB switch, server NIC is Gigabit I see, what speed is the workstation you are working from?
100% agree with smckeown777
I overlooked the point that  your "server" was using your ISP DNS.
It should use your LOCAL DNS (that knows your local computers on your LAN).
And in your LAN, the DNS servers themselves must use themselves ( as their DNS server.

One more comment:
There should be gateway that connects your LAN to your ISP (cable "modem", DSL "box etc), it would usually perform NAT (Network Address Translation) so that only 1 IP address is public (the one on the WAN side).
And usually, this box canwill also be used as a local in your LAN DNS.
Your Local DNS forwarders could point on this LOCAL IP address. Then, if your ISP changes its DNS addresses  (they very rarely do, but who knows) and the box gets its new config automatically, you wouldn't need to change anything.
Tech_GeorgeAuthor Commented:
Ok, just getting back to this issue (flu got me).
Have 2 laptops that are on the same network as the server. 1 is an HP NC6120, the other is a HP8730w, both are free of antivirus software ( I use them to test the network). After adding in a DNS service on the main server I did a test to see if it made any real difference (this was with no other users using the network at the time). The 1st HP can copy a 1.5 gig file in about 4 minutes, however the 2nd HP machine copys the same file in about 158 minutes. However it will not get the same speed on trying to send the file back (copying) to the server. I looked through the network settings for both machines:
HPnc6120 – Broadcom NetXtreme Gigabit Ethernet
Settings       8021p QOS                  Disable
            Checksum Offload      Tx/RX TCIP Checksum
            Flow Control             Auto
            Large Send Offload      Enable
            Locally Administered Address            blank
            Speed & Duplex            100MB Full
            Wakeup Capabilites      Both
            WOL Speed                  Auto
The connection uses :
Client for Microsoft Networks
Flke and Printer Sharing for Microsoft Networks
QOS Packet Scheduler
Internet Protocol (TCPIP)
The 2nd HP machine is an HP EliteBook 8730w – Intel 82567LM Gigabit Network Conncetion
Settings:       Adaptive Interframe Spacing            Disabled
            Enable PME                              Disabled
            Flow Control                         Off
            Gigabit Master Slave Mode            Auto Detect
            Interrupt Moderation Rate            Adaptive
            Jumbo Frames                        Disabled
            Link Speed & Duplex                  100Mbps/Full Duplex
            Link Speed Battery Saver            Disabled
            Locally Administered Address            blank
            Log Link State Event                  Enabled
            Offload Receive IP Checksum            On
            Offload Receive TCP Checksum      On
            Offload Transmit IP Checksum      On
            Offload Transmit TCP Checksum      On
            QOS Packet Tagging                  Disabled
            Receive Descriptors                  256
            Transmit Descriptors                  512
            Wait for Link                        AutoDetect
            Wait on Link Settings                  Disabled
            Wake on Settings                        Wake on magic & detected
The connection uses :
Client for Microsoft Networks
Flke and Printer Sharing for Microsoft Networks
QOS Packet Scheduler
Internet Protocol (TCPIP)

So the question remains as to why one machine can copy a file faster than the other?
Have you swapped the cables, the ports (connect one machine to the other machine port on the switch)?
If the issue remains then, please post tracert results (from machines to server and vice-versa)

Have you checked if the ports (on the switch) that the machines are connected to are configured a special way? Maybe one of them is not using Flow control, or is set to 10Mbps...
I notice that the NIC speed for your laptops is 100Mbps Full Duplex. Why did you force that? It should be "auto"... Both machines are capable of using Gigabit Ethernet, so if you have a Gigabit Ethernet switch, it should be even faster (Cat6 would be better than Cat5e but on short distance it should work OK).

Check also that WiFi is disabled on the machines, just to make sure that the packets don't take the wireless route.

And also, make sure you updated the NIC drivers on all machines involved, as well as teh switch/routers firmware.
Gerald ConnollyCommented:
2nd M/c

Flow Control    Off  ??
Jumbo frames   Disabled  ??
Link Speed 100Mb

1st M/c

1.5GB in 4 minutes is only 6.25MB/s so thats not good either
Tech_GeorgeConnect With a Mentor Author Commented:
Hello all-
Well I think I have this mostly resolved now. I added the DNS Server in the Main files server, then pointed all computers to use that DNS service. I rechecked all computers to ensure that NIC settings enabled the flow control, jumbo frames, and link speed (set to auto negotiate). I tested a file transfer of a 1.5 gig file between several machines and it now only takes about 3-4 min. This is far better than the previous transfer speed.

If vivgantt , and smckeown777 will send me thier contact info to, I woould like to thank them for thier help

Again I want to thank anyone who contributed to this thread.

Good to know you got it sorted then, probably a mix of the solutions provided helped overall so thanks for the update...
Tech_GeorgeAuthor Commented:
I didnt rate my answer, I was trying to rate the other2 people who contributed ideas.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.