network goes down everyday at same time

Hi Everyone,

Im hoping someone can help me out here, im not very good at networking
stuff. So for about the last month some users have been reporting that
starting around 1 pm the cant get to certain websites ( cnn.com, dell.ca,
microsoft.com) this will go on for about 2 hours and then resume back to
normal. Yesterday was the first time i actually expeinced it myself and
today it is happening again. Not all sites are down however and they will
load normally. So i have started to do some investigating. if i plug a
laptop into the switch on the outside of the firewalls and assign a static ip
i can reach all sites fine. However once on this side of the firewalls no go.
Anyone have an idea where to start?

Thanks ahead of time,

jennyjen <(E-Mail Removed)> wrote:
> Hi Everyone,
>
> Im hoping someone can help me out here, im not very good at networking
> stuff. So for about the last month some users have been reporting
> that starting around 1 pm the cant get to certain websites ( cnn.com,
> dell.ca, microsoft.com) this will go on for about 2 hours and then
> resume back to normal. Yesterday was the first time i actually
> expeinced it myself and today it is happening again. Not all sites
> are down however and they will load normally. So i have started to do
> some investigating. if i plug a laptop into the switch on the
> outside of the firewalls and assign a static ip i can reach all sites
> fine. However once on this side of the firewalls no go. Anyone have
> an idea where to start?
>
> Thanks ahead of time,

You've already started with the most important bit of isolation testing by
checking to see what happens when you go outside your firewall. :-)

So, next, I'd be looking at your firewall - logs, etc. It might help if you
mentioned the brand/model & firmware you're using. And I presume you're not
using ISA or any other kind of proxy server - if you are, that's important
to mention.

When the problem occurs, you should also do testing inside the LAN - see if
you can ping anything by IP address through the firewall (your ISP's DNS
server) and also by name (e.g., www.google.com). This will let you know if
it's a name resolution issue or not.

In news:%(E-Mail Removed),
Lanwench [MVP - Exchange]
<(E-Mail Removed) hoo.com> typed:

>
> You've already started with the most important bit of isolation
> testing by checking to see what happens when you go outside your
> firewall. :-)
> So, next, I'd be looking at your firewall - logs, etc. It might help
> if you mentioned the brand/model & firmware you're using. And I
> presume you're not using ISA or any other kind of proxy server - if
> you are, that's important to mention.
>
> When the problem occurs, you should also do testing inside the LAN -
> see if you can ping anything by IP address through the firewall (your
> ISP's DNS server) and also by name (e.g., www.google.com). This will
> let you know if it's a name resolution issue or not.


In addition to your suggestions and questions, is JennyJen only using the
internal DNS or do your machines have a mix of internal DNS and ISP's DNS?
Does it have forwarding configured?

JennyJen, please post an ipconfig /all of your domain controller and one of
a sample workstation. The config info will help us take a look at your
configuration.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations

Thanks for the help so far everyone..below are the answers to your questions:
we have two firewalls (client side and server side)
client: Watchguard x700 ver 7.21.B1596
server: Watchguard x700 ver 7.21.B1596
and no we do not use any sort of proxy server. At every other point in the
day everything works fine. It just seems to go down for those few hours in
the afternoon with out fail.

Since the problem is occuring right now. I have tested by pinging
www.google.com, www.yahoo.com for you and i am able to get a reply. As for
DNS all outgoing requests we use our ISPs DNS and all incomming requests we
host our own DNS.

This problem hasnt always occured either. Just started to happen a few
months ago i believe.

Here is the ipconfig info from a client computer:

Windows IP Configuration

Host Name . . . . . . . . . . . . : computer017
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
Ethernet
Controller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-06-5B-9E-C6-F3
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.188
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.2
DHCP Server . . . . . . . . . . . : 192.168.0.20
DNS Servers . . . . . . . . . . . : 192.168.0.20
192.168.50.22
Primary WINS Server . . . . . . . : 192.168.0.22
Secondary WINS Server . . . . . . : 192.168.0.20
Lease Obtained. . . . . . . . . . : Monday, March 10, 2008 12:53:12 PM
Lease Expires . . . . . . . . . . : Monday, March 10, 2008 4:53:12 PM

Ipconfig /all from my domain controller:

Windows IP Configuration

Host Name . . . . . . . . . . . . : domain controller
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-7C-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.0.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.20
192.168.0.22
Primary WINS Server . . . . . . . : 192.168.0.20

let me know what you come up with..

Thanks so much

"Ace Fekay [MVP]" wrote:

> In news:%(E-Mail Removed),
> Lanwench [MVP - Exchange]
> <(E-Mail Removed) hoo.com> typed:
>
> >
> > You've already started with the most important bit of isolation
> > testing by checking to see what happens when you go outside your
> > firewall. :-)
> > So, next, I'd be looking at your firewall - logs, etc. It might help
> > if you mentioned the brand/model & firmware you're using. And I
> > presume you're not using ISA or any other kind of proxy server - if
> > you are, that's important to mention.
> >
> > When the problem occurs, you should also do testing inside the LAN -
> > see if you can ping anything by IP address through the firewall (your
> > ISP's DNS server) and also by name (e.g., www.google.com). This will
> > let you know if it's a name resolution issue or not.
>
>
> In addition to your suggestions and questions, is JennyJen only using the
> internal DNS or do your machines have a mix of internal DNS and ISP's DNS?
> Does it have forwarding configured?
>
> JennyJen, please post an ipconfig /all of your domain controller and one of
> a sample workstation. The config info will help us take a look at your
> configuration.
>
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Infinite Diversities in Infinite Combinations
>
>
>

Thanks for the help so far everyone..below are the answers to your questions:
we have two firewalls (client side and server side)
client: Watchguard x700 ver 7.21.B1596
server: Watchguard x700 ver 7.21.B1596
and no we do not use any sort of proxy server. At every other point in the
day everything works fine. It just seems to go down for those few hours in
the afternoon with out fail.

Since the problem is occuring right now. I have tested by pinging
www.google.com, www.yahoo.com for you and i am able to get a reply. As for
DNS all outgoing requests we use our ISPs DNS and all incomming requests we
host our own DNS.

This problem hasnt always occured either. Just started to happen a few
months ago i believe.

Here is the ipconfig info from a client computer:

Windows IP Configuration

Host Name . . . . . . . . . . . . : computer017
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
Ethernet
Controller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-06-5B-9E-C6-F3
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.188
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.2
DHCP Server . . . . . . . . . . . : 192.168.0.20
DNS Servers . . . . . . . . . . . : 192.168.0.20
192.168.50.22
Primary WINS Server . . . . . . . : 192.168.0.22
Secondary WINS Server . . . . . . : 192.168.0.20
Lease Obtained. . . . . . . . . . : Monday, March 10, 2008 12:53:12 PM
Lease Expires . . . . . . . . . . : Monday, March 10, 2008 4:53:12 PM

Ipconfig /all from my domain controller:

Windows IP Configuration

Host Name . . . . . . . . . . . . : domain controller
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-7C-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.0.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.20
192.168.0.22
Primary WINS Server . . . . . . . : 192.168.0.20

let me know what you come up with..

Thanks so much

"Ace Fekay [MVP]" wrote:

> In news:%(E-Mail Removed),
> Lanwench [MVP - Exchange]
> <(E-Mail Removed) hoo.com> typed:
>
> >
> > You've already started with the most important bit of isolation
> > testing by checking to see what happens when you go outside your
> > firewall. :-)
> > So, next, I'd be looking at your firewall - logs, etc. It might help
> > if you mentioned the brand/model & firmware you're using. And I
> > presume you're not using ISA or any other kind of proxy server - if
> > you are, that's important to mention.
> >
> > When the problem occurs, you should also do testing inside the LAN -
> > see if you can ping anything by IP address through the firewall (your
> > ISP's DNS server) and also by name (e.g., www.google.com). This will
> > let you know if it's a name resolution issue or not.
>
>
> In addition to your suggestions and questions, is JennyJen only using the
> internal DNS or do your machines have a mix of internal DNS and ISP's DNS?
> Does it have forwarding configured?
>
> JennyJen, please post an ipconfig /all of your domain controller and one of
> a sample workstation. The config info will help us take a look at your
> configuration.
>
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Infinite Diversities in Infinite Combinations
>
>
>

"jennyjen" <(E-Mail Removed)> wrote in message
news:C60C9986-0833-4360-9A06-(E-Mail Removed)...
> Thanks for the help so far everyone..below are the answers to your
> questions:
> we have two firewalls (client side and server side)

What does that mean? Firewalls have nothing to do with "client side" and
"server side". Firewalls have to do with physical Topology,..."client side"
and "server side" are simply Software Application Perspectives.

> www.google.com, www.yahoo.com for you and i am able to get a reply. As
> for
> DNS all outgoing requests we use our ISPs DNS and all incomming requests
> we
> host our own DNS.

You can't do that. You have to use *only* your AD/DNS.
The ISP's DNS IP# is only to be listed in the Forwarders List on the
AD/DC/DNS machines. The ISP's DNS IP# should *never* be listed anywhere
else.

You can optionally forget about listing the ISP's DNS as a Forwarder and
your AD/DNS will default to using Root Hints.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

We have two firewalls: One controls rules for our desktops and has .2 gateway
and the other controls rules for our servers and has a .1 gateway. So
physically we have two different firewalls that are the same in brand but
different in config.

as for the DNS stuff you mentioned im not sure i know what you mean. What i
was trying to say is that all our internet requests go out through our ISP.
We have internal DNS to direct all incoming traffic for our hosted websites
and what not....

"Phillip Windell" wrote:

> "jennyjen" <(E-Mail Removed)> wrote in message
> news:C60C9986-0833-4360-9A06-(E-Mail Removed)...
> > Thanks for the help so far everyone..below are the answers to your
> > questions:
> > we have two firewalls (client side and server side)
>
> What does that mean? Firewalls have nothing to do with "client side" and
> "server side". Firewalls have to do with physical Topology,..."client side"
> and "server side" are simply Software Application Perspectives.
>
> > www.google.com, www.yahoo.com for you and i am able to get a reply. As
> > for
> > DNS all outgoing requests we use our ISPs DNS and all incomming requests
> > we
> > host our own DNS.
>
> You can't do that. You have to use *only* your AD/DNS.
> The ISP's DNS IP# is only to be listed in the Forwarders List on the
> AD/DC/DNS machines. The ISP's DNS IP# should *never* be listed anywhere
> else.
>
> You can optionally forget about listing the ISP's DNS as a Forwarder and
> your AD/DNS will default to using Root Hints.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

jennyjen <(E-Mail Removed)> wrote:
> We have two firewalls: One controls rules for our desktops and has .2
> gateway and the other controls rules for our servers and has a .1
> gateway. So physically we have two different firewalls that are the
> same in brand but different in config.

This still makes no sense. Can you post a link to a JPG of your network
topology? Maybe a visio diagram? Don't post an attachment in here..... if
you can't do a link, at least try to draw it out in text form.

>
> as for the DNS stuff you mentioned im not sure i know what you mean.
> What i was trying to say is that all our internet requests go out
> through our ISP. We have internal DNS to direct all incoming traffic
> for our hosted websites and what not....

You're hosting public websites on your LAN? This is unwise.

I'm really confused as to your setup, so it would help greatly if you could
describe the network more fully. I can't picture this.
>
> "Phillip Windell" wrote:
>
>> "jennyjen" <(E-Mail Removed)> wrote in message
>> news:C60C9986-0833-4360-9A06-(E-Mail Removed)...
>>> Thanks for the help so far everyone..below are the answers to your
>>> questions:
>>> we have two firewalls (client side and server side)
>>
>> What does that mean? Firewalls have nothing to do with "client
>> side" and "server side". Firewalls have to do with physical
>> Topology,..."client side" and "server side" are simply Software
>> Application Perspectives.
>>
>>> www.google.com, www.yahoo.com for you and i am able to get a reply.
>>> As for
>>> DNS all outgoing requests we use our ISPs DNS and all incomming
>>> requests we
>>> host our own DNS.
>>
>> You can't do that. You have to use *only* your AD/DNS.
>> The ISP's DNS IP# is only to be listed in the Forwarders List on the
>> AD/DC/DNS machines. The ISP's DNS IP# should *never* be listed
>> anywhere else.
>>
>> You can optionally forget about listing the ISP's DNS as a Forwarder
>> and your AD/DNS will default to using Root Hints.
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft, or anyone else associated with me, including my cats.
>> -----------------------------------------------------

"jennyjen" <(E-Mail Removed)> wrote in message
news:86C190A2-C799-4B78-B061-(E-Mail Removed)...
> We have two firewalls: One controls rules for our desktops and has .2
> gateway
> and the other controls rules for our servers and has a .1 gateway. So
> physically we have two different firewalls that are the same in brand but
> different in config.

Ok, I see. So you just have gthe ability to choose between two Gateways
that a machine can use.

> as for the DNS stuff you mentioned im not sure i know what you mean. What
> i
> was trying to say is that all our internet requests go out through our
> ISP.
> We have internal DNS to direct all incoming traffic for our hosted
> websites
> and what not....

Guests that are not using machines that are domain members don't matter
really,...they can use whatever DNS gets the job done. But all your machine
need to use only the AD/DNS and ntohing else,...then the ISP's DNS IP# gets
added to the Forwarders list on the AD/DNS machine.

Anyway, it is likely not the root of the problem, but I address issues that
I see and the DNS ws the first potential problem that I saw.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------