YellowbusTeam
asked on
Issues with Internet Connection with PC on DHCP
Hi,
We have a DHCP environment where the PCs are loosing internet connection randomly, and the only way to resolve the issue is to give them a static IP.
I have tried different scenarios but the static is only one that works.
Re-installed the NIC driver both intel and Broadcoms
Reserved the IP to the Machine in DHCP
Reduced the Lease time on the IP
Tried the advanced setting on certain NICs eg green energy settings etc.
All have failed to resolve the issue, so if you can help with this please let me know.
Cheers
We have a DHCP environment where the PCs are loosing internet connection randomly, and the only way to resolve the issue is to give them a static IP.
I have tried different scenarios but the static is only one that works.
Re-installed the NIC driver both intel and Broadcoms
Reserved the IP to the Machine in DHCP
Reduced the Lease time on the IP
Tried the advanced setting on certain NICs eg green energy settings etc.
All have failed to resolve the issue, so if you can help with this please let me know.
Cheers
RantCan
Is it possible you have a rouge DHCP server on your network?
Besides a rogue DHCP server ...
When the PC looses Internet connection, does it still have an IP-address? Does it help if you do an IPconfig /renew at that time?
When the PC looses Internet connection, does it still have an IP-address? Does it help if you do an IPconfig /renew at that time?
What type of environment do you have? Server? Active Directory? Are the proper DNS servers and gateways setup in the DHCP server?
ASKER
Rogue DHCP highly unlikely, how can test for one?
The environment is a DC with AD DNS and DHCP on the same box.
When the internet connection drops we still have an IP and its registered on the DHCP, i cant ping the gateway etc but can still talk to internal shares and other devices.
Cheers
The environment is a DC with AD DNS and DHCP on the same box.
When the internet connection drops we still have an IP and its registered on the DHCP, i cant ping the gateway etc but can still talk to internal shares and other devices.
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the comment, there are passive switches in this environment that are patched in into a patch panel.
The DHCP lease was set for 1 day i have now changed this to 7 days.
There is also a next generation firewall that controls internet connections via login which is synced to AD.
Cheers
The DHCP lease was set for 1 day i have now changed this to 7 days.
There is also a next generation firewall that controls internet connections via login which is synced to AD.
Cheers
Low DHCP leases are only interesting if you have a lot of "moving" clients, like people coming in one day and leave the next ... If you have more stationary devices you are better with a long lease... 7 days is fine.
At the time a client looses the Internet connection, can you still resolve DNS names like Google.com or something similar?
If you renew the ip with "ipconfig /renew" is the problem solved? Or disconnect the network interface and reconnect for example?
It is happening random yes? It's not all (or a lot of) clients together, it's always 1 client?
At the time a client looses the Internet connection, can you still resolve DNS names like Google.com or something similar?
If you renew the ip with "ipconfig /renew" is the problem solved? Or disconnect the network interface and reconnect for example?
It is happening random yes? It's not all (or a lot of) clients together, it's always 1 client?
ASKER
Hi,
We cant resolve anything outside of the LAN nor can we ping external websites.
If i renew the IP i get the exact same IP back when i /release then /renew and this doesn't resolve the problem.
Sometimes it will work if i go to device manager and uninstall the driver then scan for hardware changes which reload the driver.
Some days it happens to 1Random client other day maybe 2 or 3 times during the day, some say that the internet connection is intermittent goes off for 15-20 minutes then comes back.
We cant resolve anything outside of the LAN nor can we ping external websites.
If i renew the IP i get the exact same IP back when i /release then /renew and this doesn't resolve the problem.
Sometimes it will work if i go to device manager and uninstall the driver then scan for hardware changes which reload the driver.
Some days it happens to 1Random client other day maybe 2 or 3 times during the day, some say that the internet connection is intermittent goes off for 15-20 minutes then comes back.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Interesting question from LB1234... Might be something to check.
Regarding the next gen firewall, it syncs with AD... Did you check the logs at the time the client looses the connection by any chance? Was there something to see? Does the firewall perhaps block the ip-address of the client and it only works again after the client receives a new one? Or if you give the client the same ip-address as a fixed address would it work... probably not.
Regarding the next gen firewall, it syncs with AD... Did you check the logs at the time the client looses the connection by any chance? Was there something to see? Does the firewall perhaps block the ip-address of the client and it only works again after the client receives a new one? Or if you give the client the same ip-address as a fixed address would it work... probably not.
Is the DHCP server handing out addresses in the right subnet? You will have to do a packet trace on the gateway to see if the packets are at least getting there from the DHCP assigned clients.
ASKER
Hi LB123,
The router in question is a Cyberoam CR35iNG as far as i am aware its not licensed per user just licensed for the definitions for spam etc.
With regards to the firewall i will have to get support from the vendor.
The Subnet is the standard 255.255.255.0
To do a packet trace do i use tracert(gateway IP)?
Thanks for the comments people!
Cheers
The router in question is a Cyberoam CR35iNG as far as i am aware its not licensed per user just licensed for the definitions for spam etc.
With regards to the firewall i will have to get support from the vendor.
The Subnet is the standard 255.255.255.0
To do a packet trace do i use tracert(gateway IP)?
Thanks for the comments people!
Cheers
A packet trace would involve something like "sniffing" the traffic, usually some software solution is used for this, a well known example is Wireshark.
Now you need to place the tracer/sniffer in between the firewall/router and the client, usually this is a switch. But it's not just plugging it in a port, the port should be configured as a monitor port so you can see all the traffic coming over it, or configure it to monitor just one port.
This would be a good way to see what happens with the tcp/ip traffic on the network, but you'll need to know what to look for, or at least know that what you see is ok or not... So it might be a little over the top at this moment, depending on how comfortable you feel with it.
Maybe there's an IDS module on the firewall that gets triggered now and then and shuts the client of from going outside, albeit being it temporarely... That's why it would be interesting to see if there's something in the logging of the firewall.
Now you need to place the tracer/sniffer in between the firewall/router and the client, usually this is a switch. But it's not just plugging it in a port, the port should be configured as a monitor port so you can see all the traffic coming over it, or configure it to monitor just one port.
This would be a good way to see what happens with the tcp/ip traffic on the network, but you'll need to know what to look for, or at least know that what you see is ok or not... So it might be a little over the top at this moment, depending on how comfortable you feel with it.
Maybe there's an IDS module on the firewall that gets triggered now and then and shuts the client of from going outside, albeit being it temporarely... That's why it would be interesting to see if there's something in the logging of the firewall.
If the router has a switch port, you might want to try directly connecting one of the problem DHCP clients to it. If no switchport, then afterhours, disconnect the LAN interface from whatever's plugged into it, and plug in the problem DHCP client (you'll need a crossover cable), ping the WAN interface, ping public IP, then ping URL DNS name.
This is curious. The gateway router absolutely should not care how the clients are getting the IP address, so to me isn't a logical addressing issue. When you provide the static IP, are you giving the host the same IP address that was previously assigned with DHCP or a new one?
ASKER
The host gets a new IP outside of the DHCP range, interesting thing i have notice on the gateway is that these machines IPs are getting flagged up as DOS Attacks, so have spoken to the vendor and they said this would cause the gateway to drop the connection. Now we have RMM software on all machines which i suspect is the culprit.
For now i would say we have the cause i just need to find a resolution.
But i will share out the points as you guys have been really helpful :)
For now i would say we have the cause i just need to find a resolution.
But i will share out the points as you guys have been really helpful :)
Glad it's heading in the right direction! Definitely recommend you get familiar with WireShark and play around with it. It's essential. In this case, you could've used a packet tracer on the gateway itself if it had that functionality, but in either case, you'd have known whether or not the packets from the problem DHCP clients were even reaching the gateway at all, or whether they were being dropped once they arrived. If the latter, then of course, it leads you to start looking at the router's config. Good luck!
Lastly, in terms of your router config, you might want to turn off packet inspection for outbound traffic altogether.