Default gateway inaccessible after SBS Win2K3 login?

Discussion in 'Windows Networking' started by fingerstofists, Jan 3, 2006.

  1. This is a new one on me.

    Small business network, with an SBS Win2K3 server. Single subnet,
    cable modem, pretty basic. All client computers are fed DHCP/DNS from
    the SBS server, and non-local DNS queries are forwarded on to ISP's DNS

    This network has been running about 18 months on the exact same
    configuration. No new hardware or software has been installed in the
    two months prior to this problem appearing - aside from Microsoft
    Security patches.

    At some point over this past weekend, all clients on the network (and
    also the server) are unable to access the default gateway _after_ a
    login to the SBS. Any administrator login we've tried does it.
    _Prior_ to login (reboot the server and let it sit at the login screen)
    everything on the network operates just fine.

    Cable modem->router_points_to_internal_SBS_IP

    After a login, within a few seconds, pings from inside the LAN to the
    default gateway (all machines are 192.168.1.x with gateway
    which is the router) time out, and pings from outside the network to
    the public IP address time out, whereas before login pings to both are
    fine. The DNS server shuts down within a minute or two, and of course
    takes the client machines with it.

    Adding to my confusion, if I establish a remote desktop connection to
    the server using either Remote Desktop or a remote access program
    called Remote Administrator _before_ I login, the connection continues
    to run for about half an hour after the pings die and the DNS server
    dies and everything loses connectivity. The remote session eventually
    dies, too, but much, much later.

    The ISP says nothing is wrong on their end. I've rebooted everything
    on the network that can be rebooted, I've replaced cabling, swapped
    ports on the hub, and even replaced the network card. I've removed
    everything from the startup group, and the only things starting up
    shown in msconfig aside from services are the raid monitor and a few
    SBS pieces. I've run antivirus check, adware and malware checks.

    The server runs Exchange, shares files, hosts Symantec System Center,
    and runs an online backup. There is nothing else installed on it.

    Finally, if I log off of the account on the server connectivity to the
    gateway is not restored. However, if I shut down the server, at some
    point in the shutdown process external and internal pings to the
    gateway do begin responding before the server shuts down entirely.

    So, in short, whatever is happening happens only after someone logs in
    to the server, and it affects client machines as well as the server

    The only error in any of the event logs is an event id 113 citing 1168
    when the DNS server cannot update, which is thrown just prior to the
    DNS server shutting down. I'm unable so far to find anything
    discussing this event that sounds like my issue.

    Anyone have any ideas at all?
    fingerstofists, Jan 3, 2006
    1. Advertisements

  2. In
    Are you using ICS with RRAS installed?

    That is not a good thing. Since this is a server, do not use ICS (very
    limited functionality and conflicts with the DHCP and DNS service).
    Configure RRAS for NAT and use that only.

    THen assuming the above, and since you have a cable modem with a router
    (that performs NAT), why do you have multiple NICs on the server performing
    ICS (assuming so based on the ICS thing above)?


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    If you are having difficulty in reading or finding responses to your post,
    instead of the website you are using, if I may suggest to use OEx (Outlook
    Express or any other newsreader of your choosing), and configure a newsgroup
    account, pointing to This is a direct link into the
    Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
    account with your ISP. With OEx, you can easily find your post, track
    threads, cross-post, and sort by date, poster's name, watched threads or

    Not sure how? It's easy:
    How to Configure OEx for Internet News

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Windows Server Directory Services
    Microsoft Certified Trainer
    Assimilation Imminent. Resistance is Futile.
    Infinite Diversities in Infinite Combinations.
    Ace Fekay [MVP], Jan 4, 2006
    1. Advertisements

  3. No, no ICS. I've found a few cryptic references from others in Google
    who have had a similar mystifying reference to 'NAT' and also not had
    anything corresponding running on their server, but no resolution.
    And, again, aside from hotfixes (the last of which was applied some
    time before this issue arose), nothing whatsoever has changed on the
    server. It sits in a small business that was closed from December 28th
    through January 3rd, and the system was working normally at last check
    by me on December 30th. No one else has or can log into this server,
    no one was in the building during this time, no users were on the
    network remotely or locally, and the only services running were GFI
    MailSecurity, Exchange and Symantec central antivirus. (All of which
    I've gone as far as to disable to see if I could stop the problem, and
    I've gone through the GFI and Symantec web sites as best I can looking
    for a similar issue.) This is really a very plain-Jane server running
    here, with no changes, that has just up and popped on me out of the

    Even stripping everything from startup via msconfig has not resolved
    the issue. I'm lost as to what services or other processes may be
    firing up after login, but not running before. Given that everything
    tacked-on (Symantec, GFI) has been disabled, does anyone have any ideas
    what else could be firing up? I have a difficult time believing it's
    simply a DNS issue, as while the DNS server itself runs it (before a
    login) everyone resolves everything just fine.

    Server boots:
    DNS runs
    Gateway can be pinged

    User logs in to server (any user):
    Gateway is lost after several seconds
    DNS shuts down after a few minutes
    Any remote session into the server continues to run for about half an
    hour before being disconnected

    Server is shut down:
    As services and processes are terminated, the gateway becomes available
    again, sometime between the issuance of the shutdown command and the
    time the server actually turns off.

    Something that launches at login and which can be terminated is causing
    the problem, but I'll be darned if I can figure out what or why.
    FingersToFists, Jan 4, 2006
  4. In
    That is interesting, where the gateway becomes available during shutdown. If
    none of the services you mentioned being shutoff doesn't cause it, I would
    start killing other services (or executables in task manager) one by one
    until I see a resolve. I would probably also look at DLL Show and
    ProcessView to see exactly what is running that may not be showing up in
    task manager.

    Otherwise, this is guesswork. :)

    Ace Fekay [MVP], Jan 5, 2006
  5. fingerstofists

    randy benson Guest

    Is the SBS server sync'd to an external time source, and are all client
    computers' clocks synch'd to the SBS since 12/31/2005?

    randy benson, Jan 5, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.