Server 2003 loses all network connections

July 15, 2009 at 09:51:06
Specs: Windows Server 2003, P4 2.4 GHz, 512 MB RAM
Hi, hopefully someone will be able to help me
out with the problem I'm having: my Windows
2003 server loses its network connection
intermittently and needs to be restarted, and I
cannot figure out why. It seems to be
completely random - it can go a day or two
without happening, or I might have to restart it
two or three times a day.

My setup is: Server 2003 with Active Directory,
approx 15 client PCs that logon to a domain
on the server, with access to a shared network
drive. DHCP is NOT provided by the server - it
is provided by a router that is connected to our
DSL modem.

More details on the problem: when I notice the
connection has been lost (usually a client PC
will lose internet or the connection to the
networked drive) I check the Event Viewer on
the server and it does not show any problems.
System Tray icon for Local Area Connection
shows that the server is connected, but I
cannot ping any other machines on the
network from the server. No internet either. I
have tried repairing the connection using the
Local Area Connection icon in the System
Tray, but it has no effect. The only way to
regain the connection is to restart the server.

Upon restart, I do see the following errors in
Event Viewer:

1) The server could not bind to the transport
\Device\NwlnkIpx

2) The Security System detected an
authentication error for the server
LDAP/XEROX-COOP-SRV1. The failure code
from authentication protocol Kerberos was
"There are currently no logon servers available
to service the logon request.
(0xc000005e)".

3) Dynamic registration or deregistration of one
or more DNS records failed with the following
error:
No DNS servers configured for local system.

4) The DHCP service has detected that it is
running on a DC and has no credentials
configured for use with Dynamic DNS
registrations initiated by the DHCP service.
This is not a recommended security
configuration. Credentials for Dynamic DNS
registrations may be configured using the
command line "netsh dhcp server set
dnscredentials" or via the DHCP
Administrative tool.

I also occasionally see the following MRxSmb
error in the event log: The master browser has
received a server announcement from the
computer H7RGS91 <this is my pc> that
believes that it is the master browser for the
domain on transport NetBT_Tcpip_{E1323F8C-
CD3C-4ECC-A. The master browser is
stopping or an election is being forced.

If anyone has any idea how to fix this, I'd
appreciate their help.

Thanks guys.


See More: Server 2003 loses all network connections

Report •


#1
July 15, 2009 at 10:18:29
The election notice is normal.

Does the servers tcp/ip properties/dns point to itself or the router? #3 indicates it doesn't point to itself. Bad config.

The "\Device\NwlnkIpx" is due to someone installing the ipx protocol. Uninstall it since you don't need it.

disable the dhcp service if you are not using it on the server. Though from the message it appears it was configured to auto update dns [proper config] yet someone decided to use the router for dns [bad choice]

what exactly do you mean by the server loses all connections? can you ping the server by ip or name? OK after a server reboot?


Report •

#2
July 15, 2009 at 12:10:28
Thanks for your help, wanderer.

I'm not sure why the decision was made to use dhcp on the
router instead of the server - could that be the problem? The
IT person who was here before me isn't with the company
anymore, and I'm pretty new to this stuff - learning as I go.

The server is unable to connect to the internet and/or any
other device on the network - printer, pc, switch, router, etc.
Clients are unable to ping the server by name or IP, and vice
versa. I've tried switching ethernet cables and even using a
different port on our switch, but no dice. The only way to get
the connection back is with a server reboot.

Should I try installing a new network card? The server uses
an onboard NIC right now...


Report •

#3
July 15, 2009 at 12:25:47
don't make any physical changes yet. that will only muddy the waters.

Lets start with the output of an ipconfig /all from both the server and a workstation. Thanks


Report •

Related Solutions

#4
July 15, 2009 at 13:40:56
ok, here's the server's ipconfig:

Windows IP Configuration

Host Name . . . . . . . . . . . . : xerox-coop-srv1

Primary Dns Suffix . . . . . . . : XBS-COOP.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : XBS-COOP.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet

Physical Address. . . . . . . . . : 00-01-80-49-74-E6

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 172.16.12.111

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.12.51

DNS Servers . . . . . . . . . . . : 172.16.12.111

206.47.244.101


Report •

#5
July 15, 2009 at 13:41:44
And here's my workstation's :

Windows IP Configuration

Host Name . . . . . . . . . . . . : H7RGS91

Primary Dns Suffix . . . . . . . : XBS-COOP.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : XBS-COOP.local

XBS-COOP.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : XBS-COOP.local

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit Controller

Physical Address. . . . . . . . . : 00-13-72-C0-94-0E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 172.16.12.158

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.12.51

DHCP Server . . . . . . . . . . . : 172.16.12.111

DNS Servers . . . . . . . . . . . : 172.16.12.111

Lease Obtained. . . . . . . . . . : Wednesday, July 15,
2009 10:08:05 AM

Lease Expires . . . . . . . . . . : Tuesday, July 21, 2009
10:08:05 AM

Ethernet adapter {74FF70A1-50F1-4070-ACE7-
4BAB45B1CDE7}:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Nortel IPSECSHM Adapter
- Packet Scheduler Miniport

Physical Address. . . . . . . . . : 44-45-53-54-42-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :


Report •

#6
July 15, 2009 at 14:02:37
According to these outputs your DC is the dhcp server and it's handing out ip addresses not the router.

you can see this with this entry from the workstation
DHCP Server . . . . . . . . . . . : 172.16.12.111 which is the servers ip address.

You should go into the router and make sure it is not also doing dhcp serving.

Please go into the DNS Server mmc module. Go to the forwarders tab. Are your ISP's dns servers listed here? I am assuming [from the servers tcp/ip properties] 206.47.244.101 is a isp dns server. You should see this address in the forwarders tab [not to be confused with forward lookup zone]

While you are at the server look at the event viewer logs during the time period of the last outage. Any red x's? Post those errors. Thanks

You will also want to follow the directions in #4 concerning dhcp on the server.


Report •

#7
July 16, 2009 at 07:31:17
Yes, the DC is running dhcp, not the router, my mistake. I
checked the router and dhcp is disabled on it.

ISP's DNS server is listed in Forwarders.

There are no red x's during the last outage. The event log
never shows anything when the connection goes down - just
the warnings that I posted earlier, which are logged upon
restarting the server.

I'll follow up on #4 about DNS credentials.

Do you think any of these problems could be responsible for
the connection issue?


Report •

#8
July 16, 2009 at 08:07:56
Now that we have a clear picture of your setup I don't believe the event viewer errors have any thing to do with your outage.

Server protected by antivirus and antispyware checkers?

Next step is to test during an outage.

Ping from the server to the gateway
Ping from the server to a workstation
Ping from a workstation to the server
Ping from the workstation to the gateway.

When pinging server and workstation do it by ip and name. This will test dns access and name resolution.


Report •

#9
July 16, 2009 at 09:08:13
Antivirus and antispyware are up to date, just ran MBAM on it a few days ago and it came up clean too.

Forgot to mention that the gateway (172.16.12.51) is our internet router, FYI.

Will ping as instructed on next outage, and let you know the results.

Thanks again!


Report •

#10
July 21, 2009 at 07:13:08
OK, just had an outage and tried pinging as instructed:

- server to gateway: no ping
- server to workstation: no ping

- workstation to server: no ping
- workstation to gateway: successful ping


Report •

#11
July 21, 2009 at 08:15:24
since the workstation was successful I would suspect the issue is with the servers nic.

If this was a managed switch you could look at the log file for the port the server is connected to to confirm the drop.

Your thought of replacing the nic is a good one. Just remember to disable the onboard nic in the bios so you have those mainboard resources available.


Report •

#12
July 21, 2009 at 08:44:12
Ok, I'll try replacing the NIC... Am I correct in assuming that I can just copy all the settings (TCP/IP, etc) from the current NIC properties to the new one and it will function the same as the current one (minus the dropped connections, hopefully)?

Report •

#13
July 21, 2009 at 09:01:24
Re: the switch port - I checked the log file on our switch and I don't see anything unusual (to me)... no fragments, collisions or errors in the last 48 hrs. I did noticed that "flow control" is not enabled - does that indicate anything?

Report •

#14
July 21, 2009 at 09:48:59
flow control is usually not enabled by default and wouldn't effect what you are experiencing.

Yes write down the tcp/ip setting and then recreate with new nic.


Report •

#15
July 21, 2009 at 10:23:24
OK, just want to make sure I have the steps down correctly:

1) copy down all settings on current NIC

2) restart server, go into BIOS and disable onboard LAN

3) when Windows starts, setup new NIC with settings I copied

4) plug network cable into new NIC

Am I missing anything?


Report •

#16
July 21, 2009 at 11:39:31
1) copy down all settings on current NIC

*) delete msclient and tcp/ip

*) go into device manager and delete the nic

2) restart server, go into BIOS and disable onboard LAN

*) shutdown

*) install new nic card

3) when Windows starts provide the nic drivers

*) setup new NIC with settings I copied

4) plug network cable into new NIC


Report •

#17
July 21, 2009 at 20:16:38
OK, that didn't go as planned... I followed the steps above, restarted the server, and couldn't connect to anything from the server. No internet, no network - couldn't ping anything. Ran an ipconfig and it was exactly the same as the previous one I posted here (except the NIC model). We have a night shift and they need to use the internet, so I had to switch back to the onboard NIC, which is still giving me the same connection problems. Any pointers?

Report •

#18
July 21, 2009 at 21:59:41
You didn't get a message when you went to assign the ip address to the new card that the ip was already in use?

That is a usual occurance since MS stores ip addresses in the registry.

In the step of setup as the settings you copied you did install ms client and file and print sharing?

Could you be pinged from a workstation?
Nslookup the server results?


Report •

#19
July 22, 2009 at 06:56:06
I don't think I got a message that the IP was already in use...

I only installed ms client, as file and printer sharing were already installed (I didn't uninstall them when I uninstalled the old NIC).

I didn't try pinging from a workstation, maybe I will try installing the new NIC again tonight - it's still plugged into a PCI slot, so I just have to go through the uninstall steps and then install the new one through Windows. Can you please list the steps I should take to investigate if I have the same connection issue once I have installed the new NIC - nslookup, pinging, etc?

Getting back to the current connection problem, when I run nslookup, I get the following message:

***Can't find server name for address 172.16.12.111: non-existent domain. Default server: unknown. Address: 172.16.12.111

What does that mean?


Report •

#20
July 22, 2009 at 08:44:49
Post a ipconfig /all please

Report •

#21
July 22, 2009 at 09:10:28
Windows IP Configuration

Host Name . . . . . . . . . . . . : xerox-coop-srv1

Primary Dns Suffix . . . . . . . : XBS-COOP.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : XBS-COOP.local

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-01-80-49-74-E6

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 172.16.12.111

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.12.51

DNS Servers . . . . . . . . . . . : 172.16.12.111

206.47.244.101


Report •

#22
July 22, 2009 at 11:02:21
Are you doing the nslookup at the server or from a workstation?

Do it from both, what are the results?

BTW the settings look perfect

The dhcp server, what is the lease time set to?
In reviewing your posts you say you lose internet from a workstation. Server has nothing to do with this except that is does dhcp leases. Usually the time period is set for days so the server going inop shouldn't effect workstation internet access.
In other words if the night crew needs internet the server has nothing to do with that except for serving out dhcp leases and they should have had those from the day before and not needed new ones.


Report •

#23
July 23, 2009 at 09:37:53
Results of nslookup are the same from workstation and server.

DHCP lease time: looks like it is one week, given that all of the addresses listed in the DHCP screen expire in less than one week. Where would I find the actual setting? Looked for it but I can't find it.

The workstations lose internet when the server connection goes down, except for active internet streams. For example, I listen to Sirius satellite radio through a Yahoo widget, and I can continue to listen to it after I lose my connection to the server, but I cannot open a new link in Firefox, or send/receive email in Outlook. Maybe the Sirius widget is just buffering the audio stream.

So you're saying that the workstations should still have an internet connection even if they lose the connection to the server, because their DHCP lease would still be active?


Report •

#24
July 23, 2009 at 10:21:59
Only thing that won't work if the server is down is name resolution since the workstations only have the server listed as dns server. You should add as secondary dns server 206.47.244.101 like you have on the server.

Given the present config if the users put in the ip of the web page they would go there automatically. Once you get the alternate dns entry they should get there by name like google.com.

Concernign nslookup, have you rebooted the server since the ip changeback?
If you go into the dns log are there errors?
DNS server service started?

I did notice this;

From your last ipconfig
Ethernet adapter Local Area Connection 4:
but from your first post
Ethernet adapter Local Area Connection:

This would indicate multiple attempts to load the network card. Any idea what is going on?

With nslookup failing do folks still have internet name resolution/access?


Report •

#25
July 24, 2009 at 14:38:23
I have EXACTLY the same problem, and looking around the web, we are not alone. I have two NICS (RealTek 3119s on the Mobo).

I have just installed W2003 Server Web edition and set it up the same way we always have with 7 W2K servers for 8 years! Two NICS, one inside (192.168.1.x/24 with GW being dot 1) and one outside with 1 or more static IP addresses with the ISP supplied Gateway. We have custom SW to deliver documents and it has worked well since 2001. But now we want to move to W2003 (or 2008) Web edition on the machines as we upgrade hardware, and one NIC simply dies. It is the outside NIC and can't be pinged. I am not sure if the gateway disappears because I have customers in panic mode for their documents and we need to reset it to get it working. This weekend I will tear into it. But it is the same thing you are seeing! One thing I did see is that each of the Gateways went in with the METRIC set to "AUTOMATIC" and not "1" like I am used to seeing in all of our W2K servers. I have set it to "1" to see if that helps.
I am checking into it and will let you know.

I am UNHAPPY with W2003 Web Ed. and MS... this is a NASTY BUG for sure. No real reason - the outside NIC just dies.
Cheers,
Rich

Report •

#26
July 24, 2009 at 15:09:14
Blibit please post your own thread.

This thread is not dealing with a dual nic issue. Another thread I was responding to was.

BTW its not a bug. If you thing about it bit, ask yourself what defines a gateway, you will understand.

Hopefully that metric change was on the lan nic not the wan nic.


Report •

#27
July 24, 2009 at 17:33:11
Yes, this is the wrong thread - not sure what happened to the one I was reading. Sorry for the intrusion. And yes, the inside was set at 1 and not automatic for what its worth.
Good luck.

Report •

#28
July 25, 2009 at 10:58:38
We're having the exact same problem on our company domain controller. The server is a whitebox PC (actually a PowerSpec desktop that I yanked the drives out of, put new drives in, and installed Windows on--low budget...), Windows Server 2003 R2 Enterprise, domain controller, all the latest and greatest Microsoft patches, almost no other software installed at all, default settings for just about everything. Have 6 XP clients and one other Win2k3 application server (non-DC) on the domain.

In our case the problem seems related to shared folders. If I setup a shared folder on the DC, domain XP client users can copy files to these shared folders, can copy files from these folders fine, but the moment they try to open a file directly from the shared folder, the whole thing freezes up just as described above. No errors in any DC logs, all services appear to be running fine, but it just loses all connectivity to the rest of the network. TCP/IP properties appears fine, no "a network cable is unplugged" errors. Can't ping anything else on the network, can't get to the internet, etc. Rebooting the server causes the same Kerberos error message as described above in the Event Log but works fine otherwise.

This has been going on for months, I ended up setting up an otherwise-unused XP desktop as the file share server rather than the DC. (Ironic?)

The machine has an integrated Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC. Based on what I'm seeing here, I'm wondering if this is a NIC and/or NIC driver issue. Going to hit Best Buy and get a new NIC with proper Win2k3 drivers to see if that's the issue. If not, will follow above steps and advise.

Just wanted to let you know you're not alone!


Report •

#29
August 5, 2009 at 05:11:47
Oh my god this makes me so happy, in some mysterious way :) I've had the exact same problem as you tool. I've got a Win 2003 Std R2 acting DC, DHCP, DNS and router (RRAS). Some months ago it started losing connection without any reason, and without leaving any trace in the event log except the usual mumbo jumbo that's usually there, not even enough to be called problems.

I've tried almost everything I've ever learned, been told, been advised and gone as far as my fantasy takes me. I still have the problem though, and after some 60+ hours troubleshooting (we have lots of other stuff like IP-telephony that makes troubleshooting difficult, especially since the users need everything online 24/7) I've come to the conclusion that it must be a hidden virus/malware or corrupt files within RRAS that makes it lose connection. I think it's actually routing the traffic to the wrong place (i.e nowhere at all) when the problem occurs.

One VERY interesting fact that you could try, as I did by mistake: Do an ipconfig /release /renew and see if you get it too work again. I know, it sounds way out there but we have static ip addresses, but the ipconfig command still makes it work. I promise, I'm not crazy.

I still haven't found out how the ipconfig /release command could possibly affect the RRAS in any way, but my hunch says it does, that it corrects the routing again and tadaa... it can then work for un unspecified amount of time before it comes back again. I even wrote a script that pinged en external address (google) and when ping doesn't reply it automatically makes an ipconfig /release. It works, but users still get interrupted for at the most one minute every now and then and that's simply not enough.

I've tried hardware as well. I've changed network card twice and updated drivers like a hundred times but it does nothing. I've even tried reinstalling the O/S... it took a day to get everything back the way it was, and in the end I think I just copied the problem back when I ran a restore of AD and system state. I'm sure I could solve the problem by reinstalling and build my domain up from scratch again, but with 55+ clients it would take days to rejoin them to the domain so I'd rather not go down that road.

I've googled myself to sleep endless nights trying to find anyone with the same problem at least if not a solution, ending up with nothing until now. Now I can see 2 people with a similar problem, if not even the exact same problem... hence my happiness :)

So, my suggestion is that we join up in trying to find a solution. My next bet is trying to find out exactly what files are used by RRAS and copy them from an existing system. I just so happen to have a few good working systems I could copy from so I'm gonna start there.

Please post if you have any ideas or updates or whatever!


Report •

#30
August 5, 2009 at 05:19:22
Oh and I just wanted to add that our problem started somewhere in the end of May I think... Smells malware... Yet we're running Nod32 antivirus, updated by the book.

Report •

#31
August 5, 2009 at 05:50:39
I just spoke to Microsoft support, and the agent said at least he had not heard about this before. He could log a case for me but I would have to approve the cost of 300+ dollars (2699 swedish) in case it wasn't an issue in their software, then they would charge me. I didn't really feel like it, at least not until I know for sure where the problem lies.

One thing is for sure, they do know how to charge.


Report •

#32
August 5, 2009 at 06:36:50
Hehe I don't want to seem desperate, but I called all of my contacts with technical background, just to hear their opinion. Everyone of them thought more troubleshooting only would be costly and would probably not lead to anything. That it would be better and more cost efficient to call Microsoft and pay the price, or best case scenario get it for free if it shows it's an error with the O/S.

So I did, and I'll hear from them within 4 business hours which probably will be tomorrow morning. I hope and pray I can get this working by monday as all of the 60 teachers and 500 students return from summer vacation.

When I get the solution I will of course post it here. Hopefully it will help you as well!


Report •

#33
August 12, 2009 at 04:06:14
Shortened message.

Report •

#34
August 12, 2009 at 10:01:05
Is this your blog?

Usually on these forums we don't tag on to someone else's thread [you make your own] nor do we add post after post of our own. We use the EDIT button to add to a previous post of ours. This keeps the length down to a readable size. FYI


Report •

#35
August 13, 2009 at 23:17:51
Well FYI I just wanted to contribute, seeing these people had the same issues. But I don't have to, if it's a problem to you.

Report •

#36
August 17, 2009 at 07:51:51
Hi guys, sorry if it seems like I abandoned this post, I just had some major hardware issues (gotta love summer power outages) and then I went on two weeks vacation. I'm getting caught up on stuff right now but I will post back on here in the next day or two with an update.

Phatsta, it does sound like we are having similar problems and I wonder if the problem might be with MS and not something on our end... Let me know if MS comes up with anything helpful (my experience with them has always been more frustrating than helpful, but you never know...)


Report •

#37
August 18, 2009 at 03:05:20
Hi there tool, yeah I've actually got my problem solved and posted the solution here, but wanderer taught me a lesson in posting so I removed it.

I updated driver versions and disabled all power saving features, but what really solved my problem was applying a hotfix from MS, here it is: http://support.microsoft.com/kb/948496
Note to perform the steps manually to be sure the changes are made.

After that, download and install Ping Tester Pro (or similar) and set it to ping www.google.com continually, then look at the log frequently, the statistics will tell you if you had any losses and if so the exact time of the loss. From there you could contact your ISP and see if they can see anything in their log. Gather as much as you can and try getting the full picture from that.

Best of luck!


Report •

#38
August 18, 2009 at 09:27:33
Looks promising... Did you have a Broadcom ethernet adapter in your system too?

Report •

#39
August 19, 2009 at 03:45:35
No I don't, I have 1 ADMtek (realtek 8139c chipset), 1 Intel PRO1000/MT dual port and 1 Intel PRO1000/EB dual port. I use both teaming and VLAN.

Report •


Ask Question