Default gateway inaccessible after SBS Win2K3 login?

This is a new one on me.

Small business network, with an SBS Win2K3 server. Single subnet,
cable modem, pretty basic. All client computers are fed DHCP/DNS from
the SBS server, and non-local DNS queries are forwarded on to ISP's DNS
servers.

This network has been running about 18 months on the exact same
configuration. No new hardware or software has been installed in the
two months prior to this problem appearing - aside from Microsoft
Security patches.

At some point over this past weekend, all clients on the network (and
also the server) are unable to access the default gateway _after_ a
login to the SBS. Any administrator login we've tried does it.
_Prior_ to login (reboot the server and let it sit at the login screen)
everything on the network operates just fine.

Cable modem->router_points_to_internal_SBS_IP

After a login, within a few seconds, pings from inside the LAN to the
default gateway (all machines are 192.168.1.x with gateway 192.168.1.1
which is the router) time out, and pings from outside the network to
the public IP address time out, whereas before login pings to both are
fine. The DNS server shuts down within a minute or two, and of course
takes the client machines with it.

Adding to my confusion, if I establish a remote desktop connection to
the server using either Remote Desktop or a remote access program
called Remote Administrator _before_ I login, the connection continues
to run for about half an hour after the pings die and the DNS server
dies and everything loses connectivity. The remote session eventually
dies, too, but much, much later.

The ISP says nothing is wrong on their end. I've rebooted everything
on the network that can be rebooted, I've replaced cabling, swapped
ports on the hub, and even replaced the network card. I've removed
everything from the startup group, and the only things starting up
shown in msconfig aside from services are the raid monitor and a few
SBS pieces. I've run antivirus check, adware and malware checks.

The server runs Exchange, shares files, hosts Symantec System Center,
and runs an online backup. There is nothing else installed on it.

Finally, if I log off of the account on the server connectivity to the
gateway is not restored. However, if I shut down the server, at some
point in the shutdown process external and internal pings to the
gateway do begin responding before the server shuts down entirely.

So, in short, whatever is happening happens only after someone logs in
to the server, and it affects client machines as well as the server
itself.

The only error in any of the event logs is an event id 113 citing 1168
when the DNS server cannot update, which is thrown just prior to the
DNS server shutting down. I'm unable so far to find anything
discussing this event that sounds like my issue.

Anyone have any ideas at all?

 

In

Are you using ICS with RRAS installed?
http://www.eventid.net/display.asp?eventid=113&eventno=3869&source=DNS&phase=1

That is not a good thing. Since this is a server, do not use ICS (very
limited functionality and conflicts with the DHCP and DNS service).
Configure RRAS for NAT and use that only.

THen assuming the above, and since you have a cable modem with a router
(that performs NAT), why do you have multiple NICs on the server performing
ICS (assuming so based on the ICS thing above)?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If you are having difficulty in reading or finding responses to your post,
instead of the website you are using, if I may suggest to use OEx (Outlook
Express or any other newsreader of your choosing), and configure a newsgroup
account, pointing to news.microsoft.com. This is a direct link into the
Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
account with your ISP. With OEx, you can easily find your post, track
threads, cross-post, and sort by date, poster's name, watched threads or
subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.
=================================

 

No, no ICS. I've found a few cryptic references from others in Google
who have had a similar mystifying reference to 'NAT' and also not had
anything corresponding running on their server, but no resolution.
And, again, aside from hotfixes (the last of which was applied some
time before this issue arose), nothing whatsoever has changed on the
server. It sits in a small business that was closed from December 28th
through January 3rd, and the system was working normally at last check
by me on December 30th. No one else has or can log into this server,
no one was in the building during this time, no users were on the
network remotely or locally, and the only services running were GFI
MailSecurity, Exchange and Symantec central antivirus. (All of which
I've gone as far as to disable to see if I could stop the problem, and
I've gone through the GFI and Symantec web sites as best I can looking
for a similar issue.) This is really a very plain-Jane server running
here, with no changes, that has just up and popped on me out of the
blue.

Even stripping everything from startup via msconfig has not resolved
the issue. I'm lost as to what services or other processes may be
firing up after login, but not running before. Given that everything
tacked-on (Symantec, GFI) has been disabled, does anyone have any ideas
what else could be firing up? I have a difficult time believing it's
simply a DNS issue, as while the DNS server itself runs it (before a
login) everyone resolves everything just fine.

Server boots:
DNS runs
Gateway can be pinged

User logs in to server (any user):
Gateway is lost after several seconds
DNS shuts down after a few minutes
Any remote session into the server continues to run for about half an
hour before being disconnected

Server is shut down:
As services and processes are terminated, the gateway becomes available
again, sometime between the issuance of the shutdown command and the
time the server actually turns off.

Something that launches at login and which can be terminated is causing
the problem, but I'll be darned if I can figure out what or why.

 

In

That is interesting, where the gateway becomes available during shutdown. If
none of the services you mentioned being shutoff doesn't cause it, I would
start killing other services (or executables in task manager) one by one
until I see a resolve. I would probably also look at DLL Show and
ProcessView to see exactly what is running that may not be showing up in
task manager.

Otherwise, this is guesswork.

Ace

 

Is the SBS server sync'd to an external time source, and are all client
computers' clocks synch'd to the SBS since 12/31/2005?

<clip>