Solved

Strange issue with remote offices IP address.

Posted on 2013-06-06
8
1,044 Views
Last Modified: 2013-06-12
I have a strange issue.  Client with 2 remote offices.  Changed PC out for accounting which included ADP time clock function.  Access to remote time clocks stopped after I upgraded PC.  Checked IP from other PCs and the remote time clock IPs still don't respond.  No response from remote time clocks on the main network (100.x)

No changes at all to the ASA5520 routers that manage T1 and cable modem inputs.  No changes to routers that support T1s.  ADP was remoted in to the new PC and the tech couldn't understand VPN and the fact that main office is 100.x and remote offices were 101.x and 102.x   i am suspecting that he did something to the time clocks that has caused issue.

So all links are up...everything else is connected and pings fine.  When I ping remote time clock from main office its a no go.  When I ping from an onsite computer at the remote site, I get a response.

I am reasonably good with understanding branch office VPN but am really stumped on this.  What might have happened at the main network to have those IPs blocked?  (we rebooted routers)  or...what might have been programmed by ADP tech on their ATS240 time clocks in the IP config to have them not respond to the main office IP range?

Not only will you get points for answering this but you will have my undying gratitude.
0
Comment
Question by:Jon Conant
  • 4
  • 2
  • 2
8 Comments
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
ID: 39227530
Simple question on my part:  Did you change the time zone on the new PC (for accounting) to be your current time zone?  New computers always have the wrong time zone for me.

.... Thinkpads_User
0
 
LVL 4

Assisted Solution

by:MrC63
MrC63 earned 100 total points
ID: 39227574
Is it possible that the computer you took out had been assigned a static IP address?  If this particular system was responsible for the ADP time clock function, then the other systems would find it either directly by IP address, or else by name (via DNS).

I think it would be safe to say that the name of the computer is different than the one that was removed, and I also suspect that the IP address it is using is also different.  It's impossible to say which one of the two is causing the problem, however I am reasonably confident that if both the computer name and/or the IP address were the same as the previous computer, then everything would begin working again.
0
 
LVL 1

Assisted Solution

by:Jon Conant
Jon Conant earned 0 total points
ID: 39228442
Good thoughts from both responses.  I did make sure the time zone was -5 dst.  Also the IP address/computer name change should have affected all 3 time clocks.  The local one works in terms of accessing it for employee times and for web access for admin.  The local is also ping-able from any computer whereas the remotes cannot be pinged or accessed via web interface https.

What I don't get is that the remotes are accessible locally and I can http into them.  It's almost as if those addresses are blocked by routers or by firewalls at the main (100.x) location.  The problem I have is all other access from main (100.x) to remote servers, printers and PCs (101.x and 102.x).  Why are these IPs blocked?  I didn't touch the Ciscos as part of the install.  The client even asked what happened when installing a new PC that then caused the remote time clock IPs to become unavailable.

I still think the answer is somewhere in what the ADP tech did.  He kept telling me i need to port map and didn't understand how the IPs could be accessed when they were 101.x and 102.x.  That was alien to him.  That tells me he doesn't understand VPNs and routing.

Anyone other thoughts?   Today I am going to push ADP to escalate to a higher level tech
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 39228630
It does appear that ADP did something when they accessed the new machine.

Since the accounting machine is new, it will have a different machine name to the system than the old machine. That is normal and usually transparent, but that might have affected something.

... Thinkpads_User
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 4

Expert Comment

by:MrC63
ID: 39229414
It would be good to be certain that the Windows firewall isn't part of the problem.  If the new system uses Windows 7 (or 8), the firewall operates a little different than the firewall in XP.  This firewall can be configured to allow access for systems on the local network, but deny access for systems on external networks.

Even though you're using a VPN, the remote sites are still using different networks (based on their IP range), which may mean the firewall is falsely detecting that the other sites are "external" networks, and therefore blocking access.

The fact that you can ping from "local" computers, but not from remote computers leads me to think the firewall may be a part of your problem.

The best way to be certain it is, or is not causing the problem is to stop the Firewall service completely.  

Control Panel -> Administrative Tools -> Services -> Windows Firewall.

This will tell you in a matter of seconds if the Windows firewall is causing the problem.  If it is the problem, you can either leave the firewall service off (disable it), or you can modify the firewall settings to allow access to the required ports.
0
 
LVL 1

Author Comment

by:Jon Conant
ID: 39229465
Thank you.  I didn't put all the troubleshooting into the notes but we did turn the firewall off(and Trendmicro AV).  Also we pinged from w2003 and wXP machines.  All were no go.  and if we pinged from the new machine to printers and servers on the remote site we did get responses.  

An associate gave me a simple step to do that will verify that it's not the network.  We are unplugging the time clock and giving a PC that is there a static IP of the time clock and we will ping that.
0
 
LVL 1

Accepted Solution

by:
Jon Conant earned 0 total points
ID: 39231274
Ok, we got ADP to escalate to a tech that knew what was going on.  They wiped the time clocks and reprogrammed them.  They are up now.  I tried to get the settings from them that didn't work but wasn't made aware.  I am giving points for the assist but no solution can be attributed to this case.
0
 
LVL 1

Author Closing Comment

by:Jon Conant
ID: 39240460
No true solution.  helped me get ADP to fix issue.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Firewall to block per user access to the internet and allow user change request 4 47
shadow copies 7 69
Connecting two servers 30 75
BGP routing on Windows 2016 7 40
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now