Server Loses Internet connectivity

I have a Windows Server 2K3 SP1 machine with DC, DNS, DHCP, WINS, RRAS, and
IIS installed - Yes I know that the IIS would be better on a different
server, but this is not a business enviroment.

This server is behind a Linksys VPN router connected to an ADSL modem.

Problem: About every 24 hours, the server and all clients lose internet
connectivity. The clients are connected through WAP's to the Router but get
their DNS through DHCP on the server. I suspect that DNS is the culprit
because I can ping the router and the clients are losing connectivity. The
server has a statically assigned IP address and has it's own IP address for
DNS server with forwarders to ISP's DNS. Nothing in the event logs that I
can tell related to the problem. I don't think this was happening before I
installed SP1 about 2 weeks ago.

I forgot to mention that restarting the server restores connectivity to
server and all clients. Thanks in advance.

"Eric the IT Idiot" wrote:

> I have a Windows Server 2K3 SP1 machine with DC, DNS, DHCP, WINS, RRAS, and
> IIS installed - Yes I know that the IIS would be better on a different
> server, but this is not a business enviroment.
>
> This server is behind a Linksys VPN router connected to an ADSL modem.
>
> Problem: About every 24 hours, the server and all clients lose internet
> connectivity. The clients are connected through WAP's to the Router but get
> their DNS through DHCP on the server. I suspect that DNS is the culprit
> because I can ping the router and the clients are losing connectivity. The
> server has a statically assigned IP address and has it's own IP address for
> DNS server with forwarders to ISP's DNS. Nothing in the event logs that I
> can tell related to the problem. I don't think this was happening before I
> installed SP1 about 2 weeks ago.

could the vpn mess up the system? or this case study may give some tips. quoted from http://www.howtonetworking.com/casestudy.htm
The Internet downs every 30 minutes

Situation: One of clients called and told us that their Internet access kept down every 30 minutes. They have two subnets, one is main office LAN 10.0.0.0/16 and another is 192.168.5.0/24 for the DMZ doing web sites and FTP. There are two Cisco PIX 515 Firewalls connecting a Cisco router for the Internet access. One firewall connects to the LAN. Another and another firewall connects to the DMZ.

When the Internet downs, they could ping any public IPs from the LAN firewall while no user could ping a public IP from workstation. Also, web server in the DMZ could access the Internet without any problems.

Clear xlate didn’t fix the problem. If they reset the LAN firewall, it worked for 30 minutes to 1 hour. Then they needed to reset it again.

What we did.

1.. What did they change recently? – Answer None (this is not true and they did add one device).
2.. When ping the LAN firewall, 10.0.0.2. We receive the reply.
3.. When ping the Cisco router, we received time out.
4.. After reset the firewall, used ARP command to check the firewall MAC. It displayed 00-12-80-cb-da-56. Aftre the Internet down, ARP displayed a different MAC 00-01-55-10-14-ed (see below).
After reset the firewall:

C:\Documents and Settings\blin>

arp -a 10.0.0.2

Interface: 10.0.0.25 --- 0x10004

Internet Address Physical Address Type

10.0.0.2 00-12-80-cb-da-56 dynamic

After the internet down:

C:\Documents and Settings\blin>arp -a 10.0.0.2

Interface: 10.0.0.25 --- 0x10004

Internet Address Physical Address Type

10.0.0.2 00-01-55-10-14-ed dynamic

Problem: after searching for the device, 00-01-55-10-14-ed. We found that the client just added a Promise storage server that was using the same IP of the firewall, 10.0.0.2. In other words, the Promise storage server took over the firewall IP.

Related Topics

No ARP Entries Found

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

"Eric the IT Idiot" <(E-Mail Removed)> wrote in message news:B0D9F555-FB50-4DD8-9F72-(E-Mail Removed)...
I have a Windows Server 2K3 SP1 machine with DC, DNS, DHCP, WINS, RRAS, and
IIS installed - Yes I know that the IIS would be better on a different
server, but this is not a business enviroment.

This server is behind a Linksys VPN router connected to an ADSL modem.

Problem: About every 24 hours, the server and all clients lose internet
connectivity. The clients are connected through WAP's to the Router but get
their DNS through DHCP on the server. I suspect that DNS is the culprit
because I can ping the router and the clients are losing connectivity. The
server has a statically assigned IP address and has it's own IP address for
DNS server with forwarders to ISP's DNS. Nothing in the event logs that I
can tell related to the problem. I don't think this was happening before I
installed SP1 about 2 weeks ago.

Thanks for your reply, Robert.

The server IP is assigned an internal static IP address of 192.168.1.5. The
router is 192.168.1.1, and the DHCP scope on the Win 2K3 server for all
clients is 192.168.1.10 to 192.168.1.100. The DSL modem is operating in
bridged mode and passes my static IP address to the router. The router is
setup as a DHCP server as well with scope of 192.168.1.110 to 192.168.1.150
as a backup. DNS setup for router is the Win 2K3 server and ISP DNS server
addresses.

The clients IP addresses are 192.168.1.10, 192.168.1,15, and
192.168.1.20...so currently they are getting their DNS information from the
Win 2K3 server.

The VPN portion of the router is not set up. Port forwarding for ports 80,
3389, and 21 are currently set up on the router as I have published a web
page through IIS 6.0 for family and friends.

1) Recent Change - SP 1
2) Ping Router - Yes
3) Ping public IP address when internet down - NO.
4) Ping public IP address when internet working - Yes, by IP and host name.

I'm kind of at a loss, currently, but haven't been able to dedicate much
time to the solution as of late.

"Robert L [MS-MVP]" wrote:

> could the vpn mess up the system? or this case study may give some tips. quoted from http://www.howtonetworking.com/casestudy.htm
> The Internet downs every 30 minutes
>
> Situation: One of clients called and told us that their Internet access kept down every 30 minutes. They have two subnets, one is main office LAN 10.0.0.0/16 and another is 192.168.5.0/24 for the DMZ doing web sites and FTP. There are two Cisco PIX 515 Firewalls connecting a Cisco router for the Internet access. One firewall connects to the LAN. Another and another firewall connects to the DMZ.
>
> When the Internet downs, they could ping any public IPs from the LAN firewall while no user could ping a public IP from workstation. Also, web server in the DMZ could access the Internet without any problems.
>
> Clear xlate didn’t fix the problem. If they reset the LAN firewall, it worked for 30 minutes to 1 hour. Then they needed to reset it again.
>
> What we did.
>
> 1.. What did they change recently? – Answer None (this is not true and they did add one device).
> 2.. When ping the LAN firewall, 10.0.0.2. We receive the reply.
> 3.. When ping the Cisco router, we received time out.
> 4.. After reset the firewall, used ARP command to check the firewall MAC. It displayed 00-12-80-cb-da-56. Aftre the Internet down, ARP displayed a different MAC 00-01-55-10-14-ed (see below).
> After reset the firewall:
>
> C:\Documents and Settings\blin>
>
> arp -a 10.0.0.2
>
> Interface: 10.0.0.25 --- 0x10004
>
> Internet Address Physical Address Type
>
> 10.0.0.2 00-12-80-cb-da-56 dynamic
>
> After the internet down:
>
> C:\Documents and Settings\blin>arp -a 10.0.0.2
>
> Interface: 10.0.0.25 --- 0x10004
>
> Internet Address Physical Address Type
>
> 10.0.0.2 00-01-55-10-14-ed dynamic
>
> Problem: after searching for the device, 00-01-55-10-14-ed. We found that the client just added a Promise storage server that was using the same IP of the firewall, 10.0.0.2. In other words, the Promise storage server took over the firewall IP.
>
> Related Topics
>
> No ARP Entries Found
>
> Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
> I recommend Brinkster for web hosting!
>
> "Eric the IT Idiot" <(E-Mail Removed)> wrote in message news:B0D9F555-FB50-4DD8-9F72-(E-Mail Removed)...
> I have a Windows Server 2K3 SP1 machine with DC, DNS, DHCP, WINS, RRAS, and
> IIS installed - Yes I know that the IIS would be better on a different
> server, but this is not a business enviroment.
>
> This server is behind a Linksys VPN router connected to an ADSL modem.
>
> Problem: About every 24 hours, the server and all clients lose internet
> connectivity. The clients are connected through WAP's to the Router but get
> their DNS through DHCP on the server. I suspect that DNS is the culprit
> because I can ping the router and the clients are losing connectivity. The
> server has a statically assigned IP address and has it's own IP address for
> DNS server with forwarders to ISP's DNS. Nothing in the event logs that I
> can tell related to the problem. I don't think this was happening before I
> installed SP1 about 2 weeks ago

Question: Is the server dual-homed (2 NICs)?