Link to home
Start Free TrialLog in
Avatar of LockDown32
LockDown32Flag for United States of America

asked on

Slow Network

This one has been a killer. About 3 weeks ago Comcast replaced their router which caused me to resubnet this network. I didn't think it would be hard. One Server, Twent workstation (DHCP) and three static IP printers.

Something still isn't right. At 6pm something happens that causes a network disconnect on a couple of different workstatons. Something similar to pulling the network cable. Apps are hung and nothing responds. It started out being a IPV6 issue when Comcast left their IPV6 DHCP running and that wreaked havoc. Finally got it shut off but still have weird things happening.

I have a little workstation inventory program that times out trying to connect to the workstations. So... I tried a tracert to the workstations and it times out! No matter what workstation I try a tracert to it goest through 30 steps and times out. dcdiag says everything is fine but it isn't. ANyone have any ideas?

Is it safe to un-install and re-install the DNS role from the server?
Avatar of John
John
Flag of Canada image

I would try a packet sniffer and since you are advising clients, I recommend you get Comm View (Tamosoft), set it up and trace packets from the Comcast modem to the server or a workstation.

Where is DCHP?  Comcast or the Server?
Avatar of Dirk Mare
Please provide us with one of your client workstation ipconfig /all (from command prompt) before and after network failure occurs also post your trace trace route results..

What I'm thinking is something is wrong with your dhcp lease, especially if it happens every day at the same time..

DirkMare
ASKER CERTIFIED SOLUTION
Avatar of Mick Finley
Mick Finley
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No matter what workstation I try a tracert to it goest through 30 steps and times out.
30 steps????
30 steps are default maximum.
So, that sounds like routing loop (check your routes).
Avatar of LockDown32

ASKER

Attached is the ipconfig /all. I even went as far as turning off the Windows FIrewall on the server and workstations and can still not ping or tracert from the server to any workstations.

When I re-subnetted obviously I reworked the DHCP Server but maybe I didn't to it properly? Is there a way to completely delete the DHCP servers? It tried deleting it and when I re-added it the first thing it did was show me two previous DHCP servers at the old 192.168.0.0 subnet. Then when I selected "This Server all it did was bring back the existing server.....
Capture.PNG
Still playing. I tried a gpupdate on one workstation. Came back with the error "user policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed because of lack of network connectivity to a domain controller.
I am not sure how to fix DHCP after re-working it. Here is a guide for configuring DHCP

https://technet.microsoft.com/en-us/library/hh831538(v=ws.11).aspx
In playing further.... when I un-check IPV6 gpupdate works flawlessly. When I check it I get the error about not finding the DC. I can check and un-check a million times and it will follow that pattern.

This was the same problem when Comcast initially left their IPV6 server running. The IPV6 was incorrect but since it took priority over IPV4 nothing was able to communicate with the DC. I just assumed that the lease on the IPV6 would expire thus removing it from the workstations. Didn't happen.

I found an article on how to disable IPV6 via GPO but it doesn't seem to work. Can you disable IPV6 via GPO?
IPv6 is normally bland and trouble-free. I do not know a way to disable by GPO but someone might. Something else continues to be wrong somewhere if removing IPv6 fixes things.
My guess, after playing a little further, is that even though I thought I shut off the Comcast IPV6 Server I didn't. Either that or there is yet another IPV6 server somewhere. I know how to trace back a IPV4 address but haven't played a lot with IPV6. Has anyone looked at the ipconfig /all I posted? Can you tell if something is passing out IPV6 addresses and if so, what?
I do not see (in your ipconfig output) any other DHCP server. so it is hard to say where it might come from .
It did have an IPV6 address. That is what seems to be messing it up. Where did it get that IPV6 address?
Yes, I can see it has one, but there is no evidence of where it came from.  I see such IPv6 address here on my own system. But there is not IPv6 server I know of. That is what I cannot know or figure out here.
Yes. This just keeps getting weirder.  I just now noticed that some of the network connections were described as "Work" even though these workstations are part of a domain. As soon as I un-check IPV6 on the adapter and reboot they revert to "Domain Network". So at this point it is painfully obvious that something is still passing out IPV6 addresses and it is wreaking havoc with the workstations. I am running W10 here and my workstations have those same IPV6 entries in the ipconfig /all but like you I am not running IPV6 anywhere on the network.

So the million dollar question..... how can you tell (via ipconfig or any other method) if you are getting a IPV6 address from somewhere and how can you determine from where?
Go here:   http://www.pcauthority.com.au/News/303978,see-if-you-have-an-ipv4-or-ipv6-connection.aspx

I switched to my HUAWEI card to see if any differences and it says I am on IPv4 only.

IPCONFIG shows both. I am still working on this.
Here is a really neat local way to conclusively see how you are connected

User generated image
A couple of things here:

1. Using Comm View, and a Wi-Fi connection here at my cottage this week, I see several IPv6 address on this network, but mostly IPv4. NIC Status says IPv4 ONLY. This is not a big enough place for IPv6 in general. I am thinking the IPv6 packets are from the resort router but I have no access to that.

2. On any IPCONFIG, I see local IPv6 addresses, but I am not using IPv6 as shown in NIC status.

3. I would be VERY surprised if you are using IPv6 in your network here. You describe as smaller rather than larger.

4. Run tracert -4 (and your other commands to force tracert to use only IPv4. Are you still getting 30 hops?
Clients will assign them self ipv6 address and it not necessarily linked to DHCP think of it as APIPA for ipv6..

the FE80 "link local address" confirms this.

https://4sysops.com/archives/ipv6-tutorial-part-6-site-local-addresses-and-link-local-addresses/
and
https://www.techopedia.com/definition/12720/automatic-private-ip-addressing-apipa

Seeing that you already disabled the IPv6 protocol on your client and the issue was resolved. On your server please confirm the following.

Go to network adapters connections
press alt
click on advanced
and then advanced settings
in connections make sure Ethernet is selected and make sure the bindings orders are correct.
seeing that you are using ipv4 it should be listed first.
User generated image
I am not 100% sure if the server would require a reboot but I would recommend it for the clients..
If this doesn't resolve the issue we would need to disable ipv6 from DNS manager to insure your DNS Server doesn't respond to request over ipv6.

DirkMare
The binding order is correct on the server with the exception that IPV6 is not bound. I disabled it on the server.

Are you saying that this binding order take precedence over the statement "Windows will act on IPV6 first"?

Right now DNS Manager is only listening in the IPV4 because IPV6 is disabled. But it was like this yesterday when I started the ping, tracert and gpupdate from the workstations. With IPV6 enabled the workstations wouldn't ping, tracert or gpupdate. With IPV6 disabled it would.

So.... why would accidentally leaving a IPV6 DHCP running create such havoc? Right now about all I can do to resole the issue is go back through all twenty workstations and disable IPV6. Aweful big mess for something as simple as resubnetting.
why would accidentally leaving a IPV6 DHCP running create such havoc?

It should not and never has on any on my machines. Never.

Did you look at NIC Status?  What did it say (for any machine) about IPv6?
on your server if ipv6 is listed first it will respond with ipv6 the same can be said about ipv4..

What I don't understand is..
At 6pm something happens that causes a network disconnect on a couple of different workstatons

I am not sure that IPv6 would cause this..

As per my first comment please post trace route and ipconfig before and at timeof  failure.. could it be that the DHCP on your router is not disabled completely?

DirkMare
Yes this one is a killer. This morning I can put IPV6 on a workstation and Tracert, Ping and Gpupdate work. The same workstation that it didn't work on all yesterday afternoon. I don't understand this 6pm thing either other then I have seen it and it is just like pulling the network cable out of the computer while all the applications are running. Programs aren't responding, you can't easily kill them and you really have no choice but to turn the power off.

The real oddity is that it only seems to happen if their main program is up and running at 6. According to their support workstation don't do anything on a schedule. Don't know what it is or what's causing it but it is right at 6 with this certain program open. I wouldn't think IPV6 would all of a sudden freak out but that is where is started. By the Comcast router passing out IPV6. From what I can tell it is off but back to the question above... how can you tell if there is a IPV6 DHCP server on the line?
From your ipconfig I see you have temporary IPv6 address assigned to your client network adapter..
Have you released and renewed the client network adapter?
Also this ipv6 address does it belong to one of your servers..
2001:558:feed::1
2001:558:feed::2

run ipconfig /all on your server and it should list the ipv6 address if it is not your server I would suggest contacting your ISP and ask them to confirm that DHCP for ipv4 and 6 is disabled..

DirkMare
Also, please respond to "Check the NIC Status) and let us know if IPv6 is even active on workstations.
ipconfig /all on the server (just one 2012 Server) does not reference any IPV6 data. I unchecked IPV6 on the server NIC long ago when this whole mess started.

Here is the only thing consistent: I went around to all 20 workstations this morning. Any workstation that had IPV6 enabled showed up as either a Work network or a Public network. As soon as I un-checked IPV6 it reverted to a domain network. Everything seems to be working now. Very, very strange. It appears the IPV6 is the problem but they really aren't using IPV6. So how can you tell if there is a IPV6 DHCP Server somewhere?

At this point IPV6 is un-checked on all the workstations. The "Work" or "Public" network when IPV6 is enabled would point to them using IPV6 and incorrectly so wouldn't it?
So how can you tell if there is a IPV6 DHCP Server somewhere?

So far as I know, the same way as IPv4:  IPCONFIG /ALL will show the IPv6 DHCP server IP address.
Well... I gues we are back to the million dollar question. If what you say is correct then there is not IPV6 DHCP Server. So why, all of a sudden, is everything using IPV6?
try unchecking IPV4 and you will notice that the pc will self assign a 169.x.x.x address, same is happening with IPv6, there is no server doing it, it's Windows on the local box doing it
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You need to use a packet sniffer as I suggested earlier to see if IPv6 packets are flowing.

Just because IPCONFIG says there is an IPv6 local address does not mean it is using IPv6.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I turned on Comm View last night here and saw only one single machine running IPv6 - it really is uncommon (where I am and at this point in time).
I kind of agree. This one computer that started the 6pm disconnect ... the internet would not work unless IPV8 was enabled. It is a suspect. So now that IPV6 is disabled on both the server and all workstations what do I want to enable on what and where should I run what packet capture utility?
You can install a packet capture program on a good working computer assuming everything is on one subnet.
Stupid question but if I install it on a workstation the only packets I will see are ones coming in to and going out of that workstation no? So if it isn't the problem workstation it won't help will it?

Don't people usually do port mirroring on the switch and use the server?
I'm thinking the IPv6 packets in this case will be broadcasts, in which case wireshark might be able to be ran anywhere on the network.  If they are not broadcast, you'll need either a mirror port on your switch or a hub in line with the uplink port of the switch
I see stuff from all workstations here using Comm View.
At this point, you have put so much into this, that it strikes me as indeed very reasonable to suggest you back up the Server, format it and reinstall Server 2012 R2. By all means engage a consultant to do this if this is not your native skill set.

Reset the Comcast modem, set up the server, make sure DHCP is properly set up only using the Server, then set up just one workstation and test before going too far.
That is not an option. It was a clean migration not more then three months ago. If disabling IPV6 on the server and workstations do the trick then so be it. It would, however, be nice to find out what, if anything, is spewing IPV6.

So... how about a quick lesson in Wireshark. I found out how to filter for IPV6 only but can't figure out what I am missing to start the capture....
I use Comm View, not Wireshark so I cannot give you lessons in Wireshark. However it should show you (just like Comm View) packets and where they are from and where they are going to.

Quote from Wireshark  "The following methods can be used to start capturing packets with Wireshark:
1.You can double-click on an interface in the main window.
2.You can get an overview of the available interfaces using the “Capture Interfaces” dialog box (Capture → Options…).
In the wireshark application, click <Capture>, select <interfaces>, Select the interface you want to use to capture, then click <Start>
Well..... this could be a learning cure in and of itself. There are IPV6 packets flowing. The source and destination seem relativity constant. Since all workstations and server have IPV6 disabled where could these packets be originating from? The Comcast Router? Attached is some data.....
Capture.PNG
Under the "Info" column:   Router Advertisement from xx:xx:xx:xx:xx(mac-address), find this mac-address in either the dhcp table or from arp on the switch
the mac-address will point you to the ip address, which will point to the pc in question...looking at that output, I'm betting it's one of your servers.
I agree - the MAC address is there and the MAC address lines are all the same MAC. Look at your router.
The mac address is that of the Comcast router. So it is broadcasting? I attached two screen shots. The first is the summary. It lists a DHCPV6 Lease lease time but nowhere does it say if the DHCPV6 is enabled or disabled. At least with V4 it plainly states disables.

The second screenshot is where I thought I disabled IPV6. What did I miss?
Capture.PNG
Capture1.PNG
uncheck Stateless(Auto-Config)
The MAC address confirms what I thought from the packet capture.

I would got back to Comcast (it is there modem - right?) and get them to disable IPv6 again. It does not look you disabled it but there is no setting shown.
I can't say enough bad about Comcast. The whole thing started because they couldn't set the LAN IP of their router to 192.168.0.2. It was fixed at 10.1.10.1. That caused me to re-subnet around 10.1.10.1

Can't uncheck Stateless(Autoconfig). Not an option.....
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Another tool I have (and I should have mentioned this) is Advanced IP Scanner. You can get this free from Famatech.

Download it, install it, and run it. Scan your local network and see what devices come up.