Solved

Strange network issue

Posted on 2013-05-31
7
431 Views
Last Modified: 2013-06-10
Hi

I have a very strange network issue which isn't making a lot of sense.

Basically there are two sites, site A and site B connected by a VPN - 30mbps connection at each site.

Site B has a VMware infrastructure with iSCSI connectivity.

Site A has several physical servers and a VMware infrastructure with SAS connectivity.

I can ping the servers at each site, RDP to servers, login to the vSphere clients, access OWA on the Exchange server in the alternate site.

However, I cannot connect to the vCentre server on site B through vSphere, which in turn means the Veeam replication jobs cannot connect either.  
Also the Exchange 2010 servers stop communicating so the DAG between the sites stops communicating and causes all sorts of issues.

I have repaired several times by either replacing the virtual network cards on the VM's or resetting the Winsock.

It will work for a while and then stop, its very sensitive to any changes and it just stops working.

I have taken a Wireshark of the traffic and I can see the connection errors and is reset

I can see the same when I try to resynch the Exchange DAG...

The VPN allows all services both ways and nothing is logging on the firewalls to say that traffic is being blocked....

Any suggestions....
0
Comment
Question by:DLeaver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39211491
Try adjusting the MSS value on the LAN interface of each router to something like 1200 and see if that works.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 39212206
It could be an MTU issue, not sure where the MSS is adjusted, but at least make sure they match on the routers, typical it affects VPN connectivity if it's MTU. MTU=1500 is a typical setting.
-rich
0
 
LVL 12

Author Comment

by:DLeaver
ID: 39212456
A few more symptoms

The issue exists only between the server running veeam at site A and the Vcentre server in site B and the Exchange server in site A and the Exchange server in site B.

Testing communications the only thing that fails between the each server is navigating by UNC to the alternate server, it begins to load then fails.  Other servers can communicate with them - looking at the Wireshark the packets get shredded during communication, which would indicate a firewall issue.....but the Windows ones are off and the hardware ones are open.

I have considered the MTU but would this only effect a handful of servers?  All other servers between the sites connect without issue....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 46

Expert Comment

by:Craig Beck
ID: 39212630
It could affect all, none or some.  It won't hurt to try.

Also check the ACLs for the VPN at each end.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39212846
Might disable Chimney offload, that's what we found when UNC's were not working or were intermitant, disabled it on both sides: http://technet.microsoft.com/en-us/library/gg162682%28v=ws.10%29.aspx (rss too)
http://msmvps.com/blogs/acefekay/archive/2009/08/20/tcp-chimney-and-rss-features-may-cause-slow-file-transfers-or-cause-connectivity-problems.aspx
-rich
0
 
LVL 30

Expert Comment

by:pgm554
ID: 39212950
iSCSI?
You aren't by any chance using jumbo frames?
0
 
LVL 12

Author Comment

by:DLeaver
ID: 39213182
I don't manage site B, although this has come to mind since considering MTU's so I will check.

I would like to thing that they were using separate switches or at least VLAN's for the iSCSI, but you never know!

Changing the MTU's for each server having an issue has worked and everything is now working fine which is great - not an ideal scenario though having to set this custom setting

Will assign points shortly - thanks for your help!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question