Solved

Weird Network Issue - Browser fail, Tracert works.

Posted on 2015-01-26
18
138 Views
Last Modified: 2015-02-01
I have a win 2012 server with a sonic wall tz170 router that is then plugged into a comcast modem/router.

There are about 10 machines on the network, and all work fine.  One server, however, has a problem I simply can't solve.

I'll remote-desktop to it and do some work for a while (I use it as a development machine) and suddenly, I won't be able to reach websites.  I can't ping anything or open anything outside my network.  (I can open websites on other local servers.)  I can ping the gateway, but not the next gateway.

Here's the weird part:

While trying to figure it out, I did a tracert to google.  No luck.  HOWEVER, I did a tracert to the google IP and, after about 20 seconds of hesitation, boom.  It worked fine.  Pings worked, I could open the site, etc...  all perfectly fine.

I have absolutely no idea what would cause that.  

What would make tracert bring-back the internet, for an hour or so, and then have it go back to blocked????

It's driving me crazy, because I'll be testing systems on remote file/data systems with a local front end, think it's broken, spend 20 minutes trying to figure out the "bug", and have it turn out to be this #$*&@)(#$ network issue and I've spend all that time messing with perfectly good code!!  

So, any ideas?
0
Comment
Question by:Danielcmorris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
18 Comments
 
LVL 6

Expert Comment

by:arroryn
ID: 40571288
What AV have you got on the server? Tried disabling it? I know the Network Threat Protection element of Symantec Endpoint Protection can cause the issue you're seeing.
0
 
LVL 7

Expert Comment

by:TheBDP
ID: 40571296
Is this a static IP or Dynamic? I'm thinking possible IP Conflict. Try changing IP to a static IP not in use.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40571618
It doesn't have any AV on it and the IP is static.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 57

Expert Comment

by:giltjr
ID: 40571894
It is looking at valid DNS servers?  When you are having problems open a command window and try doing nslookup to hosts names outside of your network and see if you get back a successful response.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40571981
It won't resolve anything, can't ping any external DNS, even google's DNS 8.8.8.8  

however... if I tracert 8.8.8.8  and wait about 20 seconds.... THEN I can ping it and all works great ... for about 20 min.  :)
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40572629
I think that the TZ170 can do packet captures. If it can, I would do a packet capture on it to see what it is seeing.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40578651
Alright.... I think I figured it out!

I looked into the router settings and discovered that adding that server as a static ARP entry did it.
 
I haven't got the slightest idea why, but I'm done messing with it.  Thanks for all your help.  I'm going to mark you as the solution giltjr because you got me pointed in the right direction.  :)

Thanks again,

-dan
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40578939
What type of router is it?  It sounds like the router has a limited amount of memory for arp and maybe a 20 minute timeout.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40578963
it's a sonicwall  TZ170.  I think it's set on a 10minute timeout.

Who knows.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40579004
Ah, when you said router, I thought you meant a router not the firewall.

Question, how many computers do you have on your network that need to access the Internet and how many nodes is your TZ170 licensed for?
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40579021
It's a tiny office.  It's a 10 node license.  There are 4 servers NAT-ed right through and a little linksys router that serves 3 workstations, a sip phone and a couple printers.

also....  the static ARP didn't do it.  I got kicked off a few muinutes ago.  I went in and deleted that static ARP and got right back on.  Weird.

I set it to flush the ARP cache every 2 minutes instead of 10.  Maybe that will help.  I dunno.  very weird.  

It was so strange that nothing would work, then I'd tracert to 8.8.8.8 and there'd be a pause... and boom, I'd be back online.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40579031
I'm not sure how the TZ170 enforces its license limit.  I would assume it would be based on unique IP addresses and not ARP entries, since I could be accessing the TZ170 through a router.

So if you have more than 10 nodes, somebody is going to lose.

I don't see the printers needing to access the Internet, so with what you have said, I see a max of 8 devices.  Now if the printers for some reason access the Internet, or anything else where it must go through the TZ170, you could be cutting it close.

I did find this, hopefully it will help.  There is one part the talks about printers and how to exclude them from the license count.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40579047
I've never had any problems with the tz170.  I have another office where we've got 8 servers mapped and about 20 workstations all running through another router that is conencted to the sonicwall.   I've got another one in the upstairs offices with a few machines as well.  Never a problem.  

Honestly, I've had those things for years and I never have trouble with them.

Anyway.  If this keeps up, I'm just going to move the damn box upstairs and see if it has the same problem!
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40579433
It may depend on what the Linksys router really is.  If it is one of those that has a WAN port and or 5 switch ports and you have the WAN port connected to the TZ170, then the WAN port is doing a many to one NAT. So the TZ170 sees everything behind the Linksys as a single IP address and not individual hosts.

If the Linksys is really just a plain switch, or you have one of the switch ports connected to the TZ170, then the TZ170 will see each device behind the Linksys as an individual hosts and each one will count towards the 10 nodes.

And remember, if you have added a WAP and you have say smart phones on the network or other WiFi devices, depending on the setup they will start counting against the 10 node limit.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40582098
that's a good thought, but the linksys is set up as a router.  :)
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40582415
What model Linksys is it?  

Then anything "behind" it, meaning anything it is performing the routing function for, will count against the 10 node limit.
0
 
LVL 4

Author Comment

by:Danielcmorris
ID: 40582679
It's an older model, but it's running the latest version of dd-wrt.  There isn't anytthing Natted through it, it's just there for visitors and phones.  We've had confereences here with 20 people, never a problem.

I have an extra sonicwall.  I think I'll plug it in and see if that does anything.

Still weird as hell that running tracert 8.8.8.8 will get it back online in 15 seconds, but nothing else works.  I feel like the problem has to be somewhere on the machine itself.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40582899
You have had conference with 20 people, but yet your TZ170 is licensed for just 10 nodes?  
Looks like I forgot to paste a link before:

http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htm

You may want to display how many nodes the TZ sees when you are having a problem.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question