Win7 laptop losing connectivity to Server 2003
I'm not sure which forum to put this in because it involves different systems.
My problem is that I have a 2008 R2 DC and a 2003 TS. Those servers share a simple Gb switch that then connects to a "smart" 100Mbps switch on another floor. All connections go out through a firewall/gateway.
All PCs in the domain are XP except a new laptop that has Win7 64bit. For some reason, the laptop and the 2003 server lose connectivity. There is a shared folder on the 2003 server that the user has a mapped drive (and a shortcut) to. Sometimes the user
can connect and open a document, but after about 5 minutes, the connection drops. If I begin a ping from the laptop to the 2003, I can see it simply stop responding after a while.
On the 2003 server, I see the same thing. The ping just drops after a while. Today, I pinged the laptop from the server, and the first ping succeeded and the rest failed. ???
The laptop can talk to the 2008 server with no problems. There are other shared folders on that server and the laptop never drops the connection. The laptop always keeps full connectivity to the Internet and other resources. Other XP PCs have no
problems staying connected to the 2003 Server. Only this laptop is having issues. So something is wrong in the relationship between only the laptop and the server.
Other weird issue: The 2008 server and the 2003 server also lose connectivity to each other in a similar way as the Win7 laptop. I solved this issue by creating a constant ping from the 2008 server to the 2003 server. As long as they are pinging, they
keep the connection alive. However, this doesn't work with the laptop. Also, I did an arp -a on the laptop, and noticed once that the MAC for the 2003 server was wrong. It was actually reported as the firewall/gateway. The 2003 does have a public IP, but obviously
this isn't used internally. The failing pings and mapped drives were done using the private IP.
I've tried many things based on research including changing the Network authentication policy on the laptop. Nothing seems to help. I can sometimes restore the connection by restarting the network services on the laptop or restarting it. But the connection
only lasts for maybe 5-10 minutes before it drops again. Also, as far as I know, there are no IP conflicts for the 2003 server, and if there were, I believe other XP PCs would be experiencing the same disconnects. I've never seen anything like this before.
Help?
February 2nd, 2011 11:00am
Hello,
if ping commands result in some replies it is often the physical layer on the network, NICs, switches, cabling and NIC drivers. So start here first to make sure all is fine.
If this is not a problem let's go on with DNS, please post an unedited ipconfig /all from the DC/DNS server, the TS and the Windows 7 machine so we can verify some settings.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 1:13pm
Here is the ipconfig /all for the DC/DNS:
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER-DC1
Primary Dns Suffix . . . . . . . : stone.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stone.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 1C-C1-DE-6E-6D-A5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.250(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.250
192.168.0.254
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 1C-C1-DE-6E-6D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B14CEF4B-6D96-4572-8D19-8E67DE479C7A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{31C09652-DD3D-4109-B2A9-1685FC0F4125}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Here is the ipconfig /all for the TS:
Windows IP Configuration
Host Name . . . . . . . . . . . . : appserver
Primary Dns Suffix . . . . . . . : stone.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stone.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-3D-32-58
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.249
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.250
192.168.0.254
8.8.8.8
These servers were taken off of the intermediate switch and plugged directly into wall jacks, and the problem still occurrs. The connection drops randomly between these servers.
February 21st, 2011 11:56am
have you tried upgrading the NIC drivers on the servers ?http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 12:16pm
Hello,
remove the public DNS servers 8.8.8.8 and 8.8.4.4 from the NIC of the domain machines. Configure them as Forwarders on the DNS server properties in the DNS management console instead.
After the change run ipconfig /flushdns and ipconfig /registerdns and restart the netlong service on DCs and reboot TS/workstations.
What is 192.168.0.254 for a machine, domain DNS server? It is not the DC nor another machine you menitoned here.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
February 21st, 2011 12:21pm
I haven't updated the NIC drivers. I suppose I can do this on both servers, though the TS seems to be the troublemaker.
Meinolf,
I can make that DNS change. Is there any harm in having 8.8.8.8 in the DNS servers list? I understand it is probably not necessary.
The server 192.168.0.254 is the other DC/DNS server across the WAN. I haven't had any problems with it, but it doesn't host files/apps that are needed by appserver (TS).
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 12:58pm
Hello,
the "harm" having public DNS servers on the NIC of domain machines is your result with the existing problems of losing connectivity. REMOVE them and use FOrwarders oinstead as mentioned.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
February 21st, 2011 1:39pm
Hi JayIT8
Meinolf is correct.
you should create forwarders on your internal DNS server or servers and all member servers and clients should point to your internal DNS server.Normally for many organisations it should be DC with DNS on it. if you are pointing to external DNS it will
create problems.
I was wondering where is Ipconfig/all for Win 7 x64 bit client? as this is the only client which got a problem!!!
I will also suggest you to compare DNS settings of 2003 and 2008 server with other servers in your organisation..
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 4:56pm
All,
rahulnz, I left that off because the person is offsite with their laptop. But the issue is exactly the same between the servers, so I figured if I solved one side, I would solve both.
I made the changes in DNS and updated the NIC driver on the 2003 TS. I ran flush/register on the DCs and restarted netlogon service. I also stopped the constant ping between SERVER-DC1 and APPSERVER. For some reason the problem does not occur
as often as long as a ping is started on server-dc1 and continues to ping appserver. Then I restarted the TS (appserver).
When the server came back, APPSERVER was not able to ping server-dc1. This is the problem I am facing. I had to connect to server-dc2 and then remote to server-dc1 from there.
When I ran arp -a from server-dc1, this is what I got:
Interface: 192.168.1.250 --- 0xb
Internet Address Physical Address Type
192.168.1.1 00-0b-be-d3-7c-4e dynamic
192.168.1.90 00-13-72-0e-c3-fd dynamic
192.168.1.91 00-13-72-27-0f-e8 dynamic
192.168.1.92 00-1e-c9-3a-13-49 dynamic
192.168.1.93 00-16-76-cc-c5-e9 dynamic
192.168.1.94 00-1a-a0-2c-a0-28 dynamic
192.168.1.95 00-1e-c9-3a-1d-6a dynamic
192.168.1.96 00-1e-c9-39-db-fe dynamic
192.168.1.98 00-1e-c9-39-dc-aa dynamic
192.168.1.99 00-0b-4f-26-62-61 dynamic
192.168.1.100 00-16-76-ad-d9-fc dynamic
192.168.1.101 00-13-72-0f-c0-3f dynamic
192.168.1.102 00-1e-c9-39-fb-a6 dynamic
192.168.1.103 00-13-72-0e-c1-32 dynamic
192.168.1.104 00-25-86-cb-36-87 dynamic
192.168.1.106 00-1b-24-bf-64-5d dynamic
192.168.1.107 54-42-49-f2-80-a8 dynamic
192.168.1.109 00-1b-24-bf-64-5d dynamic
192.168.1.110 00-1e-c9-39-dc-e0 dynamic
192.168.1.111 00-16-32-96-48-8d dynamic
192.168.1.112 00-1b-24-bf-64-5d dynamic
192.168.1.113 00-1b-24-bf-64-5d dynamic
192.168.1.114 00-1a-a0-5e-a3-ce dynamic
192.168.1.115 00-1e-c9-3a-13-a4 dynamic
192.168.1.117 00-1b-24-bf-64-5d dynamic
192.168.1.118 54-42-49-f2-80-a8 dynamic
192.168.1.119 00-1b-24-bf-64-5d dynamic
192.168.1.120 54-42-49-f2-80-a8 dynamic
192.168.1.121 00-1b-24-bf-64-5d dynamic
192.168.1.123 54-42-49-f2-80-a8 dynamic
192.168.1.126 00-1e-c9-39-dc-5c dynamic
192.168.1.244 00-00-74-b4-f5-7d dynamic
192.168.1.249 00-0b-be-d3-7c-4e dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
Notice what I put in bold. The MAC address for APPSERVER is incorrect if you check the ipconfig /all from above, you'll see the MAC should be 00-18-8B-3D-32-58 ...
Also notice that this is the same MAC as the Gateway (192.168.1.1) which is the first IP in the list. Now why would this be happening? If I run arp -d * and clear the list, 192.168.1.249 is re-added with the same MAC.
February 21st, 2011 6:03pm
I should also mention that to fix this problem, sometimes a person at that location pulls the CAT5s out of the intermediate NetGear switch, counts to 5, and plugs them back in.
Sometimes a reboot helps too. But not always.
This time a started a ping from SERVER-DC1 and rebooted APPSERVER again. As soon as it came up, the ping succeeded and the arp -a now shows the correct MAC.
If I run arp -d * and clear the table on SERVER-DC1 I immediately lose connection. So it appears that whenever the arp entry times out, the connection drops. Another arp -a shows the MAC has changed back to the same as the Gateway. Now if I run arp -d *
on APPSERVER, the connection is again restored to SERVER-DC1.
If I haven't mentioned this yet, APPSERVER was moved from across the WAN on a 192.168.0.0 network to the 192.168.1.0 network. Maybe server-dc1 still thinks it is on the other network?
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 6:24pm
Hello,
make sure all DNS forward/reverse lookup zone entries form the old ip address are cleaned.
Please post again an unedited ipconfig /all from the servers here.
Additional run up to date AV software on the machines as an arp -a should not provide 2 ip addresses for one MAC as it is shown in yours. Here are just 2 of moreexamples:
192.168.1.112 00-1b-24-bf-64-5d dynamic
192.168.1.113 00-1b-24-bf-64-5d dynamicBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
February 21st, 2011 7:57pm
Sorry for intruding here, but about 2 days ago one of our clients started to have similar problems, which seem to have started since our 2003 DC was restarted after installing updates. We have one Win7 and 2 2008R2 machines that loose connectivity to that
DC about twice a day. A arp -d <IP of Win7/2008R2 machine> solves the problem for the next few hours. On the DC we see a similar picture, although our problem rather consists of 2 MAC addresses being cached with the same IP-address.
Before delving into details here, I wanted to know, how AV software could be capable of confusing arp as seen above? I haven't found anything yet, but are you aware of a recent update for Server 2003 that might have provoked such behaviour?
Thanks for any clues about what might be happening here...
Thomas
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2011 3:54am