Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 439
  • Last Modified:

Strange network issue

Hi

I have a very strange network issue which isn't making a lot of sense.

Basically there are two sites, site A and site B connected by a VPN - 30mbps connection at each site.

Site B has a VMware infrastructure with iSCSI connectivity.

Site A has several physical servers and a VMware infrastructure with SAS connectivity.

I can ping the servers at each site, RDP to servers, login to the vSphere clients, access OWA on the Exchange server in the alternate site.

However, I cannot connect to the vCentre server on site B through vSphere, which in turn means the Veeam replication jobs cannot connect either.  
Also the Exchange 2010 servers stop communicating so the DAG between the sites stops communicating and causes all sorts of issues.

I have repaired several times by either replacing the virtual network cards on the VM's or resetting the Winsock.

It will work for a while and then stop, its very sensitive to any changes and it just stops working.

I have taken a Wireshark of the traffic and I can see the connection errors and is reset

I can see the same when I try to resynch the Exchange DAG...

The VPN allows all services both ways and nothing is logging on the firewalls to say that traffic is being blocked....

Any suggestions....
0
DLeaver
Asked:
DLeaver
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
Craig BeckCommented:
Try adjusting the MSS value on the LAN interface of each router to something like 1200 and see if that works.
0
 
Rich RumbleSecurity SamuraiCommented:
It could be an MTU issue, not sure where the MSS is adjusted, but at least make sure they match on the routers, typical it affects VPN connectivity if it's MTU. MTU=1500 is a typical setting.
-rich
0
 
DLeaverAuthor Commented:
A few more symptoms

The issue exists only between the server running veeam at site A and the Vcentre server in site B and the Exchange server in site A and the Exchange server in site B.

Testing communications the only thing that fails between the each server is navigating by UNC to the alternate server, it begins to load then fails.  Other servers can communicate with them - looking at the Wireshark the packets get shredded during communication, which would indicate a firewall issue.....but the Windows ones are off and the hardware ones are open.

I have considered the MTU but would this only effect a handful of servers?  All other servers between the sites connect without issue....
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
Craig BeckCommented:
It could affect all, none or some.  It won't hurt to try.

Also check the ACLs for the VPN at each end.
0
 
Rich RumbleSecurity SamuraiCommented:
Might disable Chimney offload, that's what we found when UNC's were not working or were intermitant, disabled it on both sides: http://technet.microsoft.com/en-us/library/gg162682%28v=ws.10%29.aspx (rss too)
http://msmvps.com/blogs/acefekay/archive/2009/08/20/tcp-chimney-and-rss-features-may-cause-slow-file-transfers-or-cause-connectivity-problems.aspx
-rich
0
 
pgm554Commented:
iSCSI?
You aren't by any chance using jumbo frames?
0
 
DLeaverAuthor Commented:
I don't manage site B, although this has come to mind since considering MTU's so I will check.

I would like to thing that they were using separate switches or at least VLAN's for the iSCSI, but you never know!

Changing the MTU's for each server having an issue has worked and everything is now working fine which is great - not an ideal scenario though having to set this custom setting

Will assign points shortly - thanks for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now