Failure to communicate error question

Anybody experince the following?

At work we have a T1-Fiber optic network with a gigabit switch (sweet, but no gigabit computers yet). Running Microsoft's newest server software (windows 2003). The problem is this. When attempting to go to a website we get frequent errors and just a grey message box stating the site could not be found. A refresh or another ping on the hotlink usually will go to the site, maybe two to three attempts at most. The person who installed the system can't find the reason for the error. My suspect is Symantec's server wide antivirus clogging up the works and not finding anything (I switched back to AVG after getting hit with seven viruses and 134 spywares).

The only two sites that have not crashed for me are our own companies site (www.schaefer-technologies.com shameless plug) and a Fender Guitar forum that is more of a text only bulletin board (and is fast even on dialup). My first suspicion was that sites like my companies were easy to jump to because of minimal traffic and that high traffic sites (like this one) get confused by our system.

I am fishing for hints/tips on this site and others. Thanks in advance.

{My pref would be to dump Windows completely but that ain't gonna happen after we just dumped all that cash on this system (We inherited it when buying another company)}

Like most maid services, I don't do windows /ubbthreads/images/graemlins/tongue.gif ....so I can't even venture a guess if the problem is on the window's side of the equation or not, but have you tested whether or not it's DNS related ? Once you've verified that your company's DNS servers are working fine, I would think that the next step would be to see if the switch is playing nice with your DNS servers themselves ( ie - do you notice any difference trying to access websites via IP rather than host names ) ?

You might even want to google the error and include the name of your GB switch in the search to see if problems passing DNS are a known bug with the switch hardware.

Ditto what Mednanu said... collect the IP addresses of some websites by pinging them and writing down their IPs, then try surfing directly to the IPs, eliminating the DNS transaction.

Your ISP may be slow and could be timing out.

Go to start, run, type in cmd and type ping www.candlepowerforums.com (or some other sites) Then ping the sites you can go to. If the numbers are really different, you may have a slow Internet connection. Look for time outs.

Also, XP, which I assume you are using, is sensitive to DNS. You should have the workstation dns set to the internal server and the dns zones on the server should forward requests to an external dns server - most likely, the ISP's server. A lot of people set up DNS zones incorrectly on servers.

I've worked with Unix, Linux and Windows. You can have this problem with any of them.

note, i dont know nothing about T1 lines, here we got cable that has a up that is 1/4 T1, and a down that is 2x T1, completly different.

here my INTRAnet computers have the DNS specified primary and secondary, in the network options for that connection to reduce that problem,, if it is that problem

do a discover of the DNS being utalized on the direct linked computer with IPCONFIG /ALL (do the same on the other to see what it uses)
then use them servers as the DNS in your other connections, then the computers down the way, will try and more directally connect to the dns server, through the net connected one, without trying to get it FROM the net connected one. its much faster

the only other thing i could thik of, under the Fishing expedition would be the Sensing on the nic, in the advanced net adjustments, you can set 1/2 duplex . SOME switching junk is NOT full duplex, even if its fast stuff, while that doesnt usually kill things, it can sometimes make them much slower when it just thrashes stuff going in and out, instead of giving each path the one way street.

oh shoot, there is one more, packet head choping. packet sizes for standard connections are 1500, and a switch can add 8 (or use 8) for redirection back to the computer.

so if your MTU thing is set normally at 1500, it can actually get toasted in various routing and switching stuff.
i reduced mine to like 1480 and now it flies through the switch, without it being a 18' semi through a 15' tunnel.

MTU is a thing that speed freaks change all the time, because sometimes peoples MTU is set for dialup, which makes the speed terrible. so they always recommend 1500. but there are situations where less is more.

testing links
psudo browser multi site test
http://www.numion.com/YourSpeed/
other speed and settings tests
http://www.broadbandreports.com/tweaks
http://speedtest.cogeco.net/
http://www.speedguide.net/analyzer.php

Try this on one of the XP machines:

https://hdc.tamu.edu/reference/documentation/?section_id=579

Use 4.2.2.2 for the dns setting and see if it solves your web problems. I again caution though that you eventually should use the ip address of the server in your office for the dns.

The settings in VidPro's post should not need to be tweaked. XP does those automatically, as does Windows 2000.

Our server supplies the addresses to the workstations at logon. Many are using Windows XP Pro. I am using 98SE so the Symantec antivirus doesn't try to auto insert on my machine. That and I am writing some "legacy" programs that won't run well in the newer environments. We all are getting the "could not find www.whatever".

I did find out that when I go to the ip address for Fender.com I go almost immediately and normally there is a slight lag when going to www.fender.com which I understand is the decoding of the name into an IP. Sometimes (1 out of 5 attempts), the www.fender.com doesn't load up so it is related to the DNS searching.

Pinging IP's was very fast (about 19) and sometimes pinging names like fender.com would not find a reply or would come back quickly (40).

When it is working, the fiber optic T1 smokes especially when I am the only one in the shop and the 15 phone lines give up their bandwith to the internet connection as well. A 12 meg download can take a few seconds.

I am wondering if there is somekind of bottleneck at the fiber optic conversion point that gets fritzed? I am kind of lost as our last system was ADSL and Novel so I am still learning the new system.

There is a freeware ping program that will automatically ping and log results over time so that you can see if certain sites are taking longer at some times. This usually allows you to see if the ISP is at fault.

I have the link at work and will post it tomorrow.

Here:

http://www.pingplotter.com/

I'd check the network card for your servers, especially the DNS servers. It sounds like packets are being dropped. DNS uses UDP, which has no error correction. If the server's network card's duplex setting is different than the switch's duplex you can end up with errors.

As others suggested, try going to the same site via IP address and site name.

For instance, http://www.tanj.com and http://66.127.255.155 should give you the same web page. If you consistantly get a good result from the IP address the DNS is at fault. If the error rate is the same either way, there's a network interface racking up errors.

Good luck.

Daniel

I tried the site name vs IP and got a 1 in 5 failure to find error with the site name. The IP went every time. The guy who installed the system changed something on the DNS but it DNW (did not work /ubbthreads/images/graemlins/smile.gif ). I did notice that the pings using ping plotter seemed to work fine everytime until we passed from our T1 provider's IP addresses out into the cold harsh world. I could see the path from my desktop to our sytem to our router to Time Warner Telecom's 4 IP addresses. Then there could be chaos. There were a handful of sites that popped up with either long pings or lost packets prior to the end IP I wanted to get to. Sprintlink.net was a common offender. Equinix.net and Cenic.net were two others whom IP addresses were identifiable.

since it is erratic and not repeatable it is a PITA to fix. I will pass this new info on to our installer.

It's just DNS requests that are getting lost? If thats the case then you can't really blame anything upstream except the actual DNS server you're connecting to. But I believe that if you've got the windows server doling out IP addresses then it should also be setup to forward dns requests itself, as the default for a DHCP connection is to handle DNS and gateway routing on the same machine. So unless someone has changed that.

I will take a quick opportunity to just mention that all places that I've worked that used windows as a caching/gateway machine have always exhibited the exact same problem /ubbthreads/images/graemlins/wink.gif Seems that some people can make it work, but out of the box windows is potentially broken for this. You may have to get someone in with the actual credentials saying they have the experience to make it work right. There goes the budget /ubbthreads/images/graemlins/wink.gif

But enough windows bashing /ubbthreads/images/graemlins/grin.gif (or is it possible to bash windows enough?) Another potential issue could be coming from having 2 layers of non-routable addresses, and you're getting the DHCP from the upstream one. This is especially possible where you're merging systems or networks from 2 different companies like you've mentioned. Basically, upstream of this windows box might be another DHCP router? in some other office? (or do you connect directly to the internet from there?) and so the windows server is getting it's upstream address via DHCP from the other server, and then it's sharing that single address to everyone in your office, so now you have 2 layers of non-routable networks. This plays havoc with DNS packets if the addresses are actually being given by the upstream server and yet ending up on the downstream network. Sounds like a mess, and it is /ubbthreads/images/graemlins/wink.gif

I actually have this exact situation in my house at the moment, I have a dsl modem that creates a private network behind it, but the only thing on that network is my house server, which serves as a gateway for the rest of the house. But it doesn't use DHCP, I have that turned off, but the DSL modem does. So if you turn on a machine that wants a DHCP address, that request gets routed up to the DSL modem and it ends up on the wrong subnet. Even so, some dns requests work, but some fail. You can't tracerout to anything, even though you can ping things. Lots of strange things happen. Just a possibility /ubbthreads/images/graemlins/wink.gif

i think the problem with windows, is its designed to just Work, no mater what you do.

set it up Manually if you can and it works faster and without failing. BUT if you dont know what your changing, or what to do when you change things, then best to work with it the way it is.

why would we really want a bunch of net signals passing around that ONLY try and configure the net? its a waste of the TINY bit of bandwidth it uses.

IF the system is going to be LOCKED down, locking it IN, and turning off DHCP for a local net reduces stuff going around for no reason.

setting it up manually can be a hacker deterrant also, a hacker ALWAYS know exactally how your system is set up as long as you use the standard MS method for setup.
Even the DHCP automation can be altered to change the addresses to at Least slow down a hacker from already knowing all your internal addresses . (because they are the same as every other windows users)

And on MY computers it works great to tell EXACTALLY what is going on with the nic, the net, and the intranet, because i have LEDs (of course) on the front that show the activity on the nic card. by doing that you can visually see every activity that is occuring.
with DHCP trash running around, it lights the light, and its not REAL activity.
i like to know any activity, that way i can go beyond knowing that the firewall is working, no light no hack, no activity, and of that i can be POSITIVE, the other stuff you can never be sure of.

Our Installer switched our DNS server but It looked like the same bunch of IP addresses from my desktop through the last Time Warner IP address. I am not that thrilled with him to date. We have been banging around this issue with him for a couple of months now. At first it was attributed to a virus in the system he couldn't find. When I suggested he remove Symantec Antivirus and install (purchase) AVG for the network he tells me SAV has always gotten high marks from him and his customers. But then I asked why can't he find the virus? Every week the logs find Netsky as the only ancient virus, nothing newer. Then he and I both thought it was external as I get the same on rare occasion at home on a Dialup account. I thought that the speed of the T1 line was causing us to bounce into a logjam several times in sucession when a dialup account has a built in lag that would put the second hit in when the end target had freed up some access.

I'm pretty sure it is between our switch and router as I have gotten on to the router and out to the internet from my laptop without having access nor logging on to the server part. I have done that both in windows XP and Linux. I have gotten the error to pop up in Linux as well.

It could also be our firewall. Since I am not supposed to be able to check my outlook exchange server mail account via webmail from inside the building. I can't from a windows IE browser but I can via spoofing the exchange server to think Firefox is IE when running in Linux. I've not found the setup to let windows based Firefox tell the world it is IE yet so like now (I'm in a hotel) when my wireless connection won't work with Linux yet I have to revert to windows and IE for one email account. /ubbthreads/images/graemlins/mad.gif

And to think before I inherited this setup I was looking forward to the day I did not have windows and Novel on the same system interfering with each others operations. I thought for a second that a all in one system would work better. /ubbthreads/images/graemlins/banghead.gif

Your description of FQDN vs. IP Address ping results indicates a DNS problem. Find a reliable DNS server (MAYBE your default gateway) and put this the desktop configuration maually to test. Some organizations use DCHP to assign DNS servers and some use Windows DNS servers. I have seen a variety of issues with Windows DNS and DDNS. If this is the case in your organization you may be stuck until someone squares away and Windows DNS server problems.

As far as what you're seeing with Ping Plotter, just know that a lot of sites refuse response to ICMP (ping) for security reasons so making assumptions based just on what seems to be respnding to ping and what does not is problematic.

With these sites however the pings come and go over a period of time. I can see them go from fast to slow and back again. I don't do it for very long, about ten times every fifteen seconds. I should be back in the shop tomorrow and call the dude who installed the system and give him these suggestions.