1

For the past two years, at random for different users, the connection to our SBS server breaks - the user sees an icon in the system tray saying that the server is unavailable. But it is fine for everyone else at that time and all other network connections are fine. If he immediately pings the server, it responds - so the network connection is fine.
To get the connection back, he needs to "Synchronise" with the server, and it always succeeds.
All PCs are set to synchronise files on logout - not on a timed basis.
I replaced the switches (now they are 3COM mostly Gb) and set up VLANs to try and segment the traffic, but it had no effect. During the two years, I also changed the firewall (Sonicwall -> Watchguard), the antivirus (McAfee -> Sonicwall) and the wireless LAN (US Robotics -> ZyXel).
It happens to about 10% of my users (5), 2 have laptops, 3 have desktops.
Any ideas?

By "disconnect" I mean that in Windows Explorer you can no longer see the network drives (because the previous system was Netware 5, the users see shares on the network as drive letters)

We don't use ISA server.

Nothing appears in the server logs, I never thought of checking the client logs, I'll do that next time the problem occurs.

The clients are running Windows XP SP3 with automatic updates turned on. The server is also up to date on updates. The problem happens with both wired and wireless, I think we have seen less of the problem since I moved to 3Com 4200G gigabit switches, but it is hard to be sure - most people have stopped complaining, but it happened to me three times today

There are loads of items in the event log I don't understand, but none at the time of the disconnection. Except in the security log, where there are three or four items every second. Most along the lines of:

Logon attempt by:   MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account: Administrator
 Source Workstation:    SBSSRV
 Error Code:    0x0

and 

User Logoff:
    User Name:  SBSSRV$
    Domain:     CYLON
    Logon ID:       (0x0,0x7D431B)
    Logon Type: 3

the switch claims there are no errors on the port my PC is connected to. How do I measure ICMP loss?

Eamon
  • 63
  • 8

3 Answers3

1

I believe you're saying that the client computer's "Offline Files" feature reports that the server computer is "Offline" randomly.

What operating system are the client computers running? Are you current on updates there? Are you current on updates on the server computer?

The affected users are using wired or wireless Ethernet? (Or have you seen the problem with both?)

I doubt you're going to see anything in the client computer event logs, if it's just "Offline Files" deciding that the server computer is "offline". Still, it's worth a shot. I'd be looking for NIC related messages (cable "disconnects", etc) and possible browser election related messages.

How clean is the event log on the server computer? Can you account for everything that you're seeing on a day-to-day basis?

Assuming you're seeing the problem on wired connections, is the cable plant known-good (i.e. certified)? Do the switches report any per-port errors (FCS errors, etc)?

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
0

By "disconnect" do you mean the Firewall client (ISA Server)? Did you check the eventlogs on both client and server?

This Microsoft Support article could help, but it's just a guess:

How to disable the IP Spoof Detection feature in ISA Server 2004, ISA Server 2006, Microsoft Forefront Threat Management Gateway Medium Business Edition or Windows Essential Business Server 2008

splattne
  • 28,508
  • 20
  • 98
  • 148
0

You're not running your ethernet cable through or near the power conduit are you?

How's your ICMP loss in a % / thousand packets?

Matt Simmons
  • 20,396
  • 10
  • 68
  • 116