Single Domain Computer Loses Internet Connection Everyday

Question

A single domain computer loses internet connection everyday at 2:00pm. I've checked the logs and resolved group policy errors as the issue was highly correlated to when group policy errors occurred. I've since resolved Group Policy update errors. I still think group policy may be to blame here, but I'm not entirely sure.

Fixes RAN

UAC for admins would be set to never notify through group policy. This was not applying successfully. I set this to the default level of "notify me only when apps try to make changes to my computer". Group policy then applied successfully
Ensured that Windows network adapters were not turning off the wireless adapters
ensured hibernation was disabled on the workstation
checked server logs, no errors related to the workstation

Errors

InstanceId: 1006

EntryType          : Error
InstanceId         : 1006
Message            : The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in
                     the details tab for error code and description.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {1, 6154, 0, 375...}
Source             : Microsoft-Windows-GroupPolicy
TimeGenerated      : 2/7/2019 1:56:34 PM
TimeWritten        : 2/7/2019 1:56:34 PM
UserName           : REMOVED

InstanceId: 36882

Index              : 9883
EntryType          : Error
InstanceId         : 36882
Message            : The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be
                     validated. The TLS connection request has failed. The attached data contains the server certificate.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {}
Source             : Schannel
TimeGenerated      : 2/28/2019 2:00:03 PM
TimeWritten        : 2/28/2019 2:00:03 PM
UserName           : NT AUTHORITY\SYSTEM

New Warning 3/4/2019

Index              : 10483
EntryType          : Warning
InstanceId         : 40961
Message            : The Security System could not establish a secured connection with the server
                     ldap/SERVER.domain.local/domain.local@domain.local. No authentication protocol was available.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {ldap/SERVER.domain.local/domain.local@domain.local}
Source             : LsaSrv
TimeGenerated      : 3/4/2019 1:29:38 PM
TimeWritten        : 3/4/2019 1:29:38 PM
UserName           : NT AUTHORITY\SYSTEM

What kind of firewall is being used between the computer and the internet? What is the computer used for - is it just a normal user's workstation? Could you just re-build/re-image it to make sure the problem is gone? — Todd Wilcox, Feb 28 '19 at 20:40
There is a SOPHOS firewall, however this issue only occurs with a single machine so it didn't seem like a firewall issue. I'm a remote resource so I'm limited on the rebuild/re-image basis. — confoundr, Feb 28 '19 at 20:50
Seems far more likely that the network problem caused the group policy problem than the other way around. Are we talking a wireless connection here or wired? How long is it out for? Does anything need to be done to fix it, or does it just come back on its own after a while? Does it literally only affect access to the internet (i.e., the outside world) or is all network connectivity lost? — Harry Johnston, Feb 28 '19 at 20:56
1.) Wireless 2.) 5 minutes (this ultimately breaks a connection between an app and an SQL server, so the users loses their progress as well) 3.) The connection normally comes back up on its own 4.) I'm not able to fully verify; it impacts the user's access to the internet, and the user loses access to an SQL server at another site. — confoundr, Feb 28 '19 at 21:08
There's a limit to how much IT can be done remotely. Is there actually nobody on-site who can get a better perspective? — Todd Wilcox, Feb 28 '19 at 21:12
And you have ruled out things like someone starting a a vacuum or microwave or something other physical device near the computer causing some kind of power surge or something? Can you have this person move their computer to somewhere else temporarily, and see if it is location based? — Zoredache, Mar 01 '19 at 03:47
It's a longshot, but I've encountered two cases where unexplained behavior was strongly associated with the time of day because it happened when the sun came through the window just right. One was a paper-presence sensor in a printer. The sun hitting it at just the right angle blinded it so it didn't detect paper. The other was the optical wheel sensor in a mouse. When the sun hit it directly, one of the two wheel sensors was overwhelmed, so the mouse would only register movement along one axis. So check to see that there isn't some environmental condition happening at 2:00 every day. — Doug Deden, Mar 01 '19 at 15:31
@Zoredache Thank you, yes, I've ruled out Microwave. At first I thought someone was taking a break at 2:00 everyday-- but it just happens in the 2:00 time frame without fail — confoundr, Mar 01 '19 at 17:23
I've recreated the user profile. I'll check back in if it works. — confoundr, Mar 01 '19 at 17:24
Any chance you could temporarily relocate the workstation, perhaps to a different room, to see whether the problem still occurs? Over a weekend, maybe, assuming the problem happens on weekends. (?) — Harry Johnston, Mar 01 '19 at 22:39
They have their old computer that they work off of in this room. They're able to work fine without issues during the same points of the day with this other computer. — confoundr, Mar 04 '19 at 20:10
Out of curiosity, is there a way to use a network cable instead of wireless? Is the "old computer" also wireless? Do you see the same error messages at 2pm on non-work days? Could there be other wireless networks that may be interfering such as a guest network that somebody accidentally clicked on, and just coincidentally the computer hops onto it? Your 36882 should have certificate data in it that might help guide you. — Jon Angliss, Mar 11 '19 at 17:50

score 0 · Accepted Answer · answered Mar 08 '19 at 22:27

Sadly there was no result to this. I was able to connect the user to a terminal server that had the same app on it-- so if connection was lost, the app on the terminal server stayed up and allowed the user to resume work after outages.

This served as a work around rather than an actual fix to the underlying issues