Network connectivity lost / intermittent
Hi
I have had an intermittent problem with the Windows 7 clients on my domain (htlincs.local) which has become a serious issue.
The domain has two domain controllers - Win 2008 Standard (Phobos) with all FSMO roles, DNS and WINS and one Win 2003 R2 SP2 (Titan) with DNS, DHCP and WINS. The Win 2003 used to be the main DC until the Win 2008 was introduced 7 months ago. Domain functional
level is Win 2003.
Clients comprise Win 2000, XP, Vista and 7. All clients get their addresses via DHCP. The servers have static addresses.
Previously, the Windows 7 clients would lose their connection to DFS shares/network/Internet. The loss of connectivity would last for a few minutes before returning or a restart would solve the problem. This would usually only affect one or two clients.
The remaining clients would be fine.
Today, four of our five Windows 7 clients have experienced this problem and it is back with a vengeance. The initial symptoms were loss of Internet followed by being unable to connect to the network. The local area connection icon in the Notification area
has a yellow exclamation mark over it.
Restarting the machines has no effect.
Trying to connect to \\machinename results in an authentication dialog with: "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."
netsh int ip reset followed by ipconfig /flushdns and restarting has no effect
netsh winsock reset has no effect.
Turning off IP v.6 has no effect.
Running Windows Network Diagnostics results in: 'The DNS server isn't responding'
Setting static IP addresses has no effect.
When setting a static IP address I chose to 'validate settings on exit' and after the dialog closed the network diagnostics appeared and then displayed the result: 'The DNS server isn't responding'
If I lock the client then unlock it, it takes 60 seconds for either a) the desktop to appear or b) an 'incorrect password' message to appear. The password has definitely been typed correctly.
I can ping any device on the network by IP address but when I ping by name e.g. 'ping phobos' and 'ping phobos.htlincs.local' it fails.
Remote Desktop to the win 7 clients fails, as does trying to connect via Computer Management or regedit (The network path was not found).
The system log contains the following warning and error events
Netlogon 5719
DNS Client Events 1006
GroupPolicy 1054
Time-Service 129
There is no problem with any of the other clients on the network. DNS and WINS entries are correct for the DC's. I have also tried changing the DNS settings on the DC's so that they use NetBIOS over TCP/IP and restarted them.
If anyone can help me with this I would very much appreciate it.
Thanks.
February 15th, 2011 11:02am
Based on the level of detail on your question you certainly appear fully experienced, so pardon me for asking the following basic question:
A common mistake of network administrators of small networks is to include the ISP's DNS servers as a DNS servers either configured on the server's NIC, or distributed to the clients via DHCP. Can you confirm that the ONLY place the ISP DNS servers
are listed, if any, is as a forwarder within the DNS server properties itself?
Also can you confirm that the TIME on each and every server and client is exactly the same (to the minute)?
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2011 7:48pm
Hi, The Fellenator, thank you for replying.
The clients DNS settings are set to the Win 2008 DNS server first (.10) and the Win 2003 DNS server second (.2). This is the order in which they are listed in the DHCP option. The DC's point to themselves for DNS. The gateway, on both the static (servers)
assigned addresses and in DHCP is set to the local IP address of a router (.95). All machines on the network use this same gateway.
Therefore, all requests not resolvable by the local DNS server i.e. external websites, are routed via the gateway.
IPconfig /all from a Win 7 client (Note this has a static address that I assigned yesterday when troubleshooting this):
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Agnes>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Agnes
Primary Dns Suffix . . . . . . . : htlincs.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : htlincs.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : F0-4D-A2-23-58-47
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.80(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.95
DNS Servers . . . . . . . . . . . : 192.168.0.10
192.168.0.2
Primary WINS Server . . . . . . . : 192.168.0.2
Secondary WINS Server . . . . . . : 192.168.0.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{7DB5B5D6-DC20-4B40-A95D-52C585AD1FCF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Agnes>
IPConfig /all from the Win 2008 DC:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\administrator.HTLINCS>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Phobos
Primary Dns Suffix . . . . . . . : htlincs.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : htlincs.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : A4-BA-DB-40-2F-79
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.95
DNS Servers . . . . . . . . . . . : 192.168.0.10
Primary WINS Server . . . . . . . : 192.168.0.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B5C37581-11FA-4C75-873D-7050746C6
34E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\administrator.HTLINCS>
The time on all the servers, and clients, is exactly the same.
February 16th, 2011 4:41am
For what it's worth, power saving options are disabled on the NIC's.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2011 6:30am
Hi,
Disabling the Windows 7 firewall temporarily.
You may use nslookup to specify the server to resolve a DNS name or NetBIOS name for a test.
For detailed information, Please refer to the following link.
http://technet.microsoft.com/en-us/library/bb490950.aspx
Meanwhile, can you ping the DNS server when the problem occurs?
Enabling DHCP and export ipconfig information when the issue reoccurs.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 18th, 2011 4:26am
Thanks for your reply, Juke Chou.
The connectivity was blocked by our Sophos firewall.
Just in case any other Sophos users come across this:
This was a strange one. The cause was that svchost.exe was being blocked because it's memory had been modified. The blocked svchost processes were all UDP requests for DNS to our DNS servers. All the machines had a full AV scan last night and nothing was detected.
There is an option in the general firewall settings to disable the monitoring of memory for processes, but it is (obviously) not recommended. More
here.
I disabled the monitoring of memory modification and this has allowed me to turn the firewall back on without affecting connectivity.
I have spoken to Sophos about this and they have escalated the case as the tech support person I spoke to felt that more investigation was required.
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2011 12:29pm
Hi,
As you say, I think to contact the tech support of Sophos is a better way.
Waiting for their reply.
Thanks.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 21st, 2011 3:22am