plainsschools
asked on
Network connectivity/DNS
Hello Experts-
I am having some network issues starting a few days ago. Initially I thought it was a DNS issue as the webpages would fail to load then immediately load once refreshed. I noticed a few DNS log errors in the even viewer as well. Upon checking the DNS server and NIC it seems to be ok. An nslookup will sometimes point to the correct server and address sometimes and others it will time out. Next I started looking at connectivity from the servers and the weird thing is we still have internet connectivity, albeit not perfect but it will load the pages 90% of the time but ping results to the DHCP and DNS (separate servers) are intermittent with a 50% - 75% loss rate, other times they will ping perfectly. Pings to the gateway seem to always go through. I am a little befuddled on what is going on. I am leaning towards the switch that everything is connected to is having an issue but that'd be odd since its less than 6 months old... not impossible though. Both servers are Windows 2008, the majority of the clients are Win7 and Win10. Any thoughts would be appreciated. Thanks!
I am having some network issues starting a few days ago. Initially I thought it was a DNS issue as the webpages would fail to load then immediately load once refreshed. I noticed a few DNS log errors in the even viewer as well. Upon checking the DNS server and NIC it seems to be ok. An nslookup will sometimes point to the correct server and address sometimes and others it will time out. Next I started looking at connectivity from the servers and the weird thing is we still have internet connectivity, albeit not perfect but it will load the pages 90% of the time but ping results to the DHCP and DNS (separate servers) are intermittent with a 50% - 75% loss rate, other times they will ping perfectly. Pings to the gateway seem to always go through. I am a little befuddled on what is going on. I am leaning towards the switch that everything is connected to is having an issue but that'd be odd since its less than 6 months old... not impossible though. Both servers are Windows 2008, the majority of the clients are Win7 and Win10. Any thoughts would be appreciated. Thanks!
ASKER
Joseph-
Our DHCP scope is 192.168.2.1-192.168.3.255 I know superscoping isnt ideal but it has worked well for us for the last 3 years.
The DNS errors are always ID 1014 on the clients. Name resolution for the name ...... timed out after none of the configured DNS servers responded.
The DNS servers are configured for reverse and forward, yes
The firewall we are using is a sonicwall TZ210
Our DHCP scope is 192.168.2.1-192.168.3.255 I know superscoping isnt ideal but it has worked well for us for the last 3 years.
The DNS errors are always ID 1014 on the clients. Name resolution for the name ...... timed out after none of the configured DNS servers responded.
The DNS servers are configured for reverse and forward, yes
The firewall we are using is a sonicwall TZ210
ASKER
Also ARP seems to resolve MAC address of any ip I try immediately without fail so far.
What are the DNS servers configured on the workstations? Just your internal DNS that you mentioned, or is there a secondary as well?
ASKER
The DNS servers as handed out by our DHCP server are first the internal DNS server, 2nd our ISP primary DNS and 3rd our ISP secondary DNS server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I will remove them but why would that start within the last couple days when its been like that for literally years? Just curious, but thanks for the suggestion I will give it a try.
The problem becomes that sometimes the system will start looking outside for internal hosts. (Basically it will use servers in the wrong order) Why out of the blue is a good question.
You also may want to unbind IPv6 from the NIC of the server. That causes DNS issues at times also.
You also may want to unbind IPv6 from the NIC of the server. That causes DNS issues at times also.
Also check if someone else has the same IP address (Address Conflict) as your DNS Server and maybe your DHCP Server.
ASKER
Thanks everyone for the suggestions. I removed the external DNS servers yesterday before leaving and rebooted the servers and a few clients and checked to make sure the clients were only getting the internal DNS, they are but the problem persists. IPv6 has been unbound since I built the server several years ago. I wondered about an ip address conflict as well but I cannot find any signs of one. The server addresses are statically assigned and that block is removed from the DHCP scope. The issue seems worse this morning for whatever reason as far as loading pages inconsistently. Thanks for the help let me know if you have any other ideas.
Alright we have tried a number of things other than the switch. Have you tried connecting the server to a different port? And do things improve for a while if you reboot the switch? What brand and model is it anyway?
ASKER
Well I have now replaced the main switch that all of the servers and clients in question are connected to without change. Same problem. Just wanted to leave an update.
ASKER
The switch is a Netgear Prosafe 50G-POE
Do you have a known working switch you could test with? (I will admit my bias against Netgear products, but I have also had enough issues with them.)
ASKER
I just replaced it with a brand new out of the box one. Everyone has particular bias against particular brands its alright. They have been solid in our environment for several years now as long as we stay in the Prosafe line.
ASKER
It is really odd, I have a ping utility on my phone that will continue pinging until you stop it and it will drop maybe 10 in a row then get some responses then drop a bunch more. It just seems like there is no rhyme or reason for it.
I missed the comment where you mentioned the switch replacement originally. That is odd. Maybe switch the NIC your server is using? I am assuming it has 2. Another possibility is some device having issues and spitting out bad traffic.
ASKER
I switched the NIC's yesterday, there is two yes. Didn't seem to make any difference. So in our environment we have 5 servers that perform different tasks, file server, student information, DHCP, DNS&Active Directory so on so forth. When pinging from a client connected to the same switch as the servers (the switch that I have now replaced) it will intermittently drop pings to every server, its not just one, its entirely random it seems. I wondered about the bad traffic as well, I am not sure how to track that down I guess with no warning signs as im not getting errors logged on the servers or anything. I remember about 15 years ago there was still one hub in the environment and it was registering collisions and took the whole network down but I haven't seen anything like that since updating all of the equipment years ago.
How many devices are on the network other than servers? You could try software like Wireshark, NetCrunch, or PRTG.
ASKER
roughly 300 clients, many of which are wireless. half dozen or so switches. several copiers and printers. right now many of which are down or disconnected as its summer time and the custodial staff is going through and cleaning rooms
Did try to isolate the servers from the clients and ping again from DHCP to DNS for example or the opposite direction ?
ASKER
That is exactly what I am waiting to do, I have a couple kids that have connectivity for summer school and they leave in a few minutes. I am going to pare down the network to the servers and one client and do all of the pings to test connectivity. Ill report back. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
could be wiring, change the heads on the network cable and see if that helps---I'm assuming you know how.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- plainsschools (https:#a42198460)
-- masnrock (https:#a42196861)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- plainsschools (https:#a42198460)
-- masnrock (https:#a42196861)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
Can you post a couple of things?
1. What's your DHCP scope config? What DNS server(s) are being given to clients?
2. What DNS log errors were there?
3. Are your DNS servers configured with both reverse and forward lookup zones?
4. What firewalls are you using?
Thanks!