Solved

Weird Network Issue - Browser fail, Tracert works.

Posted on 2015-01-26
18
128 Views
Last Modified: 2015-02-01
I have a win 2012 server with a sonic wall tz170 router that is then plugged into a comcast modem/router.

There are about 10 machines on the network, and all work fine.  One server, however, has a problem I simply can't solve.

I'll remote-desktop to it and do some work for a while (I use it as a development machine) and suddenly, I won't be able to reach websites.  I can't ping anything or open anything outside my network.  (I can open websites on other local servers.)  I can ping the gateway, but not the next gateway.

Here's the weird part:

While trying to figure it out, I did a tracert to google.  No luck.  HOWEVER, I did a tracert to the google IP and, after about 20 seconds of hesitation, boom.  It worked fine.  Pings worked, I could open the site, etc...  all perfectly fine.

I have absolutely no idea what would cause that.  

What would make tracert bring-back the internet, for an hour or so, and then have it go back to blocked????

It's driving me crazy, because I'll be testing systems on remote file/data systems with a local front end, think it's broken, spend 20 minutes trying to figure out the "bug", and have it turn out to be this #$*&@)(#$ network issue and I've spend all that time messing with perfectly good code!!  

So, any ideas?
0
Comment
Question by:Danielcmorris
18 Comments
 
LVL 6

Expert Comment

by:arroryn
ID: 40571288
What AV have you got on the server? Tried disabling it? I know the Network Threat Protection element of Symantec Endpoint Protection can cause the issue you're seeing.
0
 
LVL 7

Expert Comment

by:TheBDP
ID: 40571296
Is this a static IP or Dynamic? I'm thinking possible IP Conflict. Try changing IP to a static IP not in use.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40571618
It doesn't have any AV on it and the IP is static.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40571894
It is looking at valid DNS servers?  When you are having problems open a command window and try doing nslookup to hosts names outside of your network and see if you get back a successful response.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40571981
It won't resolve anything, can't ping any external DNS, even google's DNS 8.8.8.8  

however... if I tracert 8.8.8.8  and wait about 20 seconds.... THEN I can ping it and all works great ... for about 20 min.  :)
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40572629
I think that the TZ170 can do packet captures. If it can, I would do a packet capture on it to see what it is seeing.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40578651
Alright.... I think I figured it out!

I looked into the router settings and discovered that adding that server as a static ARP entry did it.
 
I haven't got the slightest idea why, but I'm done messing with it.  Thanks for all your help.  I'm going to mark you as the solution giltjr because you got me pointed in the right direction.  :)

Thanks again,

-dan
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40578939
What type of router is it?  It sounds like the router has a limited amount of memory for arp and maybe a 20 minute timeout.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40578963
it's a sonicwall  TZ170.  I think it's set on a 10minute timeout.

Who knows.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 57

Expert Comment

by:giltjr
ID: 40579004
Ah, when you said router, I thought you meant a router not the firewall.

Question, how many computers do you have on your network that need to access the Internet and how many nodes is your TZ170 licensed for?
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40579021
It's a tiny office.  It's a 10 node license.  There are 4 servers NAT-ed right through and a little linksys router that serves 3 workstations, a sip phone and a couple printers.

also....  the static ARP didn't do it.  I got kicked off a few muinutes ago.  I went in and deleted that static ARP and got right back on.  Weird.

I set it to flush the ARP cache every 2 minutes instead of 10.  Maybe that will help.  I dunno.  very weird.  

It was so strange that nothing would work, then I'd tracert to 8.8.8.8 and there'd be a pause... and boom, I'd be back online.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40579031
I'm not sure how the TZ170 enforces its license limit.  I would assume it would be based on unique IP addresses and not ARP entries, since I could be accessing the TZ170 through a router.

So if you have more than 10 nodes, somebody is going to lose.

I don't see the printers needing to access the Internet, so with what you have said, I see a max of 8 devices.  Now if the printers for some reason access the Internet, or anything else where it must go through the TZ170, you could be cutting it close.

I did find this, hopefully it will help.  There is one part the talks about printers and how to exclude them from the license count.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40579047
I've never had any problems with the tz170.  I have another office where we've got 8 servers mapped and about 20 workstations all running through another router that is conencted to the sonicwall.   I've got another one in the upstairs offices with a few machines as well.  Never a problem.  

Honestly, I've had those things for years and I never have trouble with them.

Anyway.  If this keeps up, I'm just going to move the damn box upstairs and see if it has the same problem!
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40579433
It may depend on what the Linksys router really is.  If it is one of those that has a WAN port and or 5 switch ports and you have the WAN port connected to the TZ170, then the WAN port is doing a many to one NAT. So the TZ170 sees everything behind the Linksys as a single IP address and not individual hosts.

If the Linksys is really just a plain switch, or you have one of the switch ports connected to the TZ170, then the TZ170 will see each device behind the Linksys as an individual hosts and each one will count towards the 10 nodes.

And remember, if you have added a WAP and you have say smart phones on the network or other WiFi devices, depending on the setup they will start counting against the 10 node limit.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40582098
that's a good thought, but the linksys is set up as a router.  :)
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40582415
What model Linksys is it?  

Then anything "behind" it, meaning anything it is performing the routing function for, will count against the 10 node limit.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40582679
It's an older model, but it's running the latest version of dd-wrt.  There isn't anytthing Natted through it, it's just there for visitors and phones.  We've had confereences here with 20 people, never a problem.

I have an extra sonicwall.  I think I'll plug it in and see if that does anything.

Still weird as hell that running tracert 8.8.8.8 will get it back online in 15 seconds, but nothing else works.  I feel like the problem has to be somewhere on the machine itself.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40582899
You have had conference with 20 people, but yet your TZ170 is licensed for just 10 nodes?  
Looks like I forgot to paste a link before:

http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htm

You may want to display how many nodes the TZ sees when you are having a problem.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now