Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Network unreachable multiple processes in SBS 2011 why?

Posted on 2014-03-05
21
Medium Priority
?
420 Views
Last Modified: 2014-04-06
Configuration is SBS 2011 on HP Proliant ML330.

Issue is after a few hours I loose LAN connectivity. Server NIC shows little yellow warning triangle. Have to reboot server to recover LAN (and WAN/Internet).

Ran BPA on DNS and that's fine. Ran Fix my Network and get message about no static IPv6 but not using IPv6 (although it is enabled Out of the Box).

Looked at running processes and I seem to get duplicates (see picture e.g. conhost.exe and fdhost.exe and fdlauncher.exe and csrss.exe).

Need to stop LAN NIC from dropping connectivity and multiple daily reboots. Need to understand the reason for duplicate processes.

Running Symantec SBS AV. Still had infection from Wajam and Dealply. Cleaned from system but not fixed problem. Ran full AV scan. No issues or problems.
SBS2011-Duplicate-Processes.png
0
Comment
Question by:MarcusN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 5
  • 3
  • +2
21 Comments
 
LVL 14

Expert Comment

by:Andy M
ID: 39906218
When you say you're not using IPv6 have you disabled it on the NIC or just left it as-is?
0
 

Author Comment

by:MarcusN
ID: 39906296
The NIC has IPv6 enabled and the IP address, subnet, gateway and DNS are automatically allocated.

IPv6 is enabled in SBS DHCP management console. It has a scope which is:
2002:c0a8:101::0.0.0.1 to 2002:c0a8:101::0.0.0.1::ffff:ffff:ffff:ffff

Oddly, however, when I type ipconfig /all into a cmd.exe it reports

IPv6 Address......................: 2002:5221:416d:0:35f4:69de:276f:7cca(Preferred)
IPv6 Address......................: 2005:123:456:789::2(Preferred)
Link-local IPv6 Address.....: fe80::35f4:69de:276f:7cca%11(preferred)

In the DNS Management Console under Forward Lookup Zones -> Domain there are AAAA records for both these IPv6 Addresses (see attachment).

I have no idea about IPv6 nor whether these are right nor (to be frank) how they were set!
SBS2011-DNS-Records.png
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39906476
Do you have managed switches?  Do their logs show anything?

Does any of the Windows Event logs show anything?

Have you tried just to disable and enable the NIC instead of rebooting?

Multiple copies of the same process running can be normal.

Multuiple conhost.exe is "normal".   These are typically what people call "dos command windows", but it can be any task that needs a "command" window.

fdhost seems to be a SQL "command" session, I don't run MSSQL server, but I would assume this is normal.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:MarcusN
ID: 39906508
Configuration is as follows.

Internet - ISP DSL Router - Unmanaged Switch - SBS 2011
                                                                                 - LAN

So no switch logs.

Have disabled NIC and enabled it. Stays offline.

Server has no cmd.exe command windows up yet there are more than 6 conhost.exe processes. Only windows are Server Manager and Windows Firewall with Advanced Security.

Happy to look in Event Logs. Where would be a good place to start, please?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39906757
conhost is more than just cmd.exe window. there are other process that use it "under the covers."  Example:  I run Cygwin and X-Windows.  The root x-window runs under a conhost process, each shell window runs under a conhost process. So with one root, and 3 shells I have 4 conhost process.

Based on the description of the fdhost process in your screen shot, my guess is each one of those runs under a conhost process.

I would start in System event log.

Also, if you don't need IPv6, I would disable it.  There are some things that have problems when IPv6 is enabled.   Example: With IPv6 enabled using RPC over HTTP with Outlook 2003 breaks certain tasks dealing with directory/contact information.  E-mail works, but directory stuff does not.  You disable IPv6 and directory works without any issues.
0
 

Author Comment

by:MarcusN
ID: 39906813
Disabling IPv6 is definitely not recommended for SBS 2011. At least, according to Microsoft.

I get the error:
Unable to add the interface {855B4C44-6B13-4CB1-B00D-AE4878C786B4} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.

Source RemoteAccess
EventID 20106

Same again with interface {3BD9F7B3-16B0-472C-B873-BFD8674323B2}

Also

The dynamic registration of the DNS record 'ForestDnsZones.<domain>.local. 600 IN A 192.168.x.y' failed on the following DNS server

Source NETLOGON
EventID 5774
0
 

Author Comment

by:MarcusN
ID: 39906840
By the way I have run the following command

dcdiag.exe /test:DNS

and it comes back with

TEST: Basic (Basc)
Warning: The AAAA record from this DC was not found

TEST: Records Registration (RReg)
Network Adapter [000000010] adapter type
Warning: Missing AAAA record at DNS server 192.168.x.y

Warning: Record Registrations not found in some network adapters
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39906915
IPv4 DNS uses "A" records for host to IP address resolution.  IPv6 uses "AAAA" for the same thing.

If SBS says not to disable IPv6, then I would have to say don't do it.  However, you should setup the required "AAAA" records then.

However, I doubt very much that IPv6 DNS issues is causing a NIC to be disabled, however it could be something weird within SBS.
0
 
LVL 22

Accepted Solution

by:
Olaf De Ceuster earned 2000 total points
ID: 39906982
1: Run the HP diagnostics at startup to see if you have any issues with the NICS.
2: If this was a migration please do the following:(delete all ghost adapters)
Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
At a command prompt, type the following command , and then press ENTER:
set devmgr_show_nonpresent_devices=1
 
Type the following command a command prompt, and then press ENTER:
start devmgmt.msc
Show hidden devices in Meu.
See if there are any greyed out network cards and if so delete them please.
3: Remove  your second nic in the Bios. Start machine. Rerun the coneect to the internet wizard in the console. It will create your IPV6 address too.
4: In an admin command run the following commands:
netsh int ip set global taskoffload=disabled
netsh int tcp set global congestion=none
netsh int tcp set global autotuning=disabled
netsh int tcp set global rss=disabled
5: Uninstall Symantec to see if it fixes the issue. Its a dog of a program.
Good luck and hope that helps,
Olaf
0
 

Author Comment

by:MarcusN
ID: 39907018
OK, but is it OK to do the following?
a) in DNS management console delete the IPv6 scope (i.e. have no IPv6 scope), then
b) in DNS management console delete all the AAAA records in the Forward Lookup Zones
c) make sure that the NIC IPv6 settings are set to automatic (should get nothing)
d) net stop dns
e) ipconfig /flushdns
e) net start dns
f) ipconfig /registerdns

Is there a way to delete and regenerate all the AAAA records from DNS management console?
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39907450
Just need to run in an admin command prompt:
e and f.
Olaf
0
 

Author Comment

by:MarcusN
ID: 39907601
OK I'll try this when I get back to the office in the morning. Thanks.
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39909243
If you want to see things break, disable IPv6. SBS needs it for service to service communications among its many integrated packages.

Was this a fresh install or a migration?

How did the server get viruses? Were they in redirected user files or was the server itself infected?
0
 

Author Comment

by:MarcusN
ID: 39912617
I've no intention of disabling IPv6 - I have read that SBS needs this so it will stay enabled. I haven't given it a scope though....

The SBS was a fresh install on new hardware. Worked fine for months until just recently.

I had problems with Symantec SBS AV and although Symantec tried to fix it they never did. There was a brief period between when I completely wiped Symantec off the server and then reinstalled it when there was no AV installed.

I had to download the latest version of Symantec AV from their website and when IE was fired up it presents a stack of questions about whether this and that are OK. I guess I just clicked OK to some things that were not. However, the Wajam and Dealply were successfully cleaned off. Apparently they are not viruses but I had no wish for them to get onto the server so they are nasty regardless.

Question from me is; should I create an IPv6 scope and, if so, how to I find out what that is for an ip range of 192.168.54.1 to ...54.255 ?
0
 

Author Comment

by:MarcusN
ID: 39912802
By the way, I have a static IPv6 address on the NIC. I have not created and enabled an IPv6 scope in DHCP, although IPv6 is enabled.

When I type ipconfig /all I get;

3 x IPv6 addresses all marked as (preferred) one of which is the static NIC address the other two are from nothing I have done. I also have 1x link-local IPv6 address which is sort of similar to one of the IPv6 addresses but not the static NIC one.

I am convinced that my loss of LAN / WAN connectivity is related to some DNS or IPv6 issue....
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39913224
-->  I have not created and  enabled an IPv6 scope in DHCP, although IPv6 is enabled.

--> Question from me is; should I create an IPv6 scope and, if so, how to I find out what that is for an ip range of 192.168.54.1 to ...54.255 ?

First You only need to do this if you plan to hand out IPv6 addresses via DHCP.  If you don't plan on using DHCP for IPv6 addresses, you don't need to create a scope.

Second there is no relationship between IPv6 and IPv4 addresses.  So even if you were to create a DHCP IPv6 scope, what you are using for IPv4 does not matter.  If you mean what is a "private" DHCP IPv6 subnet, that is fc00::/7.

I don't think DNS has to do with this.  DNS does not disable a NIC.

Did you check to see if anything was in any of the event logs?
0
 

Author Comment

by:MarcusN
ID: 39919104
Thanks for clarifying the IPv6 matter. Over the weekend I installed a new (Adaptec) NIC adapter and disabled the old (Broadcom) one. Since then I haven't yet had a WAN connectivity issue. I'll wait another week to see if the original problem returns. I'll post an update on Saturday.
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39919892
1: Run the HP diagnostics at startup to see if you have any issues with the NICS.
Didn't diagnostics pick up the issue?
Olaf
0
 

Author Comment

by:MarcusN
ID: 39932422
The HP diagnostics complains that there is more than one NIC adapter.

The problem with the Broadcom (on-board) NIC was that it was in "power saving mode" and it powered down and could not be revived without a reboot. This appears to be a problem with the latest driver. I have rolled back the driver to the previous one and the problem has gone away.

However, since installing the Adaptec NIC adapter, with more options for network traffic control, I have gone on to disable the Broadcom NIC completely.

So far I have several days of continuous connectivity. When a week is up I will report whether the original problem has been resolved.

Thank you for continuing to take an interest in this matter.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39932630
That is one heck of a bug.  I'm surprised there isn't a new version of the drive to solve that problem.  I would have assumed one would have come out REAL quick.
0
 

Author Comment

by:MarcusN
ID: 39981243
OK, the end result is that the Broadcom driver caused the problems. The server network connectivity is fine now. I'm using an Adaptec NIC and that seems to be doing fine.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question