-1

I am running a network at a school. The server is running Windows Server 2012 R2. Out of the blue about a week ago, I started experiencing network issues.

Examples:

  • Can't log into roaming profile
  • Desktop background or icons fail to load on login
  • Network drives are inaccessible
  • Can't use the internet (DNS Server Failure? I've tried adding the router ip as the fallback. We will see if that helps)

I was really excited when I found this post: SMB2 traffic crashes network?

As it seems to match my issue exactly. I am seeing the same types of SMB2 "Create Request File" packets to files that are not open on the computer. I am not however using the File Resource Manager. I tried disabling the quota system by adding a registry key anyway, but haven't seen a difference.

One thing that was interesting, I saw a teacher's computer receiving these packets when the network was not working. I unplugged it, and everything worked well for a bit, then saw the same types of packets going to mine.

I'm at a loss of what to try next. Any help would be appreciated.

Thank you!

-Joel

Edit

ipconfig /all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\joelp_000>ipconfig /all
Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix  . : immanuelmission.local
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3160
Physical Address. . . . . . . . . : D0-7E-35-3D-F1-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::af:865f:72e0:78e7%3(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.53.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, March 26, 2016 8:36:12 PM
Lease Expires . . . . . . . . . . : Monday, March 28, 2016 9:06:15 AM
Default Gateway . . . . . . . . . : 10.0.53.1
DHCP Server . . . . . . . . . . . : 10.0.53.7
DHCPv6 IAID . . . . . . . . . . . : 147881525
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-10-7F-04-54-EE-75-39-FD-11
DNS Servers . . . . . . . . . . . : 10.0.53.7
                                    10.0.53.1
NetBIOS over Tcpip. . . . . . . . : Enabled

10.0.53.7 is the server IP which acts as the DNS server. 10.0.53.1 is the router

I haven't had any internet failures after changing the secondary DNS server to the router.

The forwarders on the DNS server are:

8.8.8.8
8.8.4.4
148.78.200.7
148.78.200.8

The IPv4 config on the server:

IP address:           10.0.53.7
Subnet mask:          255.0.0.0
Default gateway:      10.0.53.1
Preferred DNS server: 10.0.53.7

Update 3/28

Still having random network loss, but haven't seen the internet drop. When monitoring the network with Wireshark, I still see a lot of SMB2 traffic right now for instance, it is constantly querying the Microsoft folder in App Data of students using publisher. The teacher trying to log in did not have access immediately, but it did seem to show up after a bit.

I was able to fix the missing background by typing ipconfig /release. It showed up immediately. I then typed in renew.

Community
  • 1
Joel Page
  • 113
  • 1
  • 1
  • 6
  • Is it a Windows domain? If so, what DNS servers are configured for domain controllers and non domain controllers? – Todd Wilcox Mar 27 '16 at 11:52
  • Yes. It is a windows domain. I am using active directory for users on the Windows server which is also the DNS server. I will attach my ipconfig /all for a client computer as well as some DNS info onto my post.. – Joel Page Mar 27 '16 at 15:26
  • I'm not sure if this is part of your problem, but it is **a** problem to have any DNS servers listed for domain clients that are not authoritative name servers for the AD domain, which means you should take the router out of your DNS servers you hand out with DHCP. Windows DNS only uses recursive queries for forwarders which isn't always ok. I recently cleared my forwarders lists on my local DNS servers and things seem to work better, but that's not a documented best practice so it might be worth trying or it might not. – Todd Wilcox Mar 27 '16 at 18:04
  • I read that this is what should be done here: http://firelogic.net/best-practices-for-windows-server-dns-and-how-to-avoid-the-common-pitfalls/ For networks that have a single Windows Server handling DNS: Your primary DNS should be the Windows Server, and the secondary should ideally be the router for that location. Why do we do this? Because if the Windows Server or DNS is down for a time, at least clients can browse the internet and have some of their functionality. We do this very often at business locations so that there is no such thing as being down 100% even if the server is flaking out. – Joel Page Mar 27 '16 at 22:05
  • Ah I see. I conflated using your local router for DNS with using public servers for DNS. So that's probably not the problem. What troubleshooting have you done of the network on a computer that is having the problem? Have you made sure the local DNS is working correctly and you can ping the server? Can you manually connect a network drive or browse the shares on the server when the problem is happening? – Todd Wilcox Mar 27 '16 at 22:50
  • Did you turn off the quota system, if it's been on? – Todd Wilcox Mar 27 '16 at 22:59
  • I have been running Wireshark to look for unusual network behavior. I tried several suggested methods for turning of the quota system, even though I never set it up. The problem is very intermittent, so it is hard to troubleshoot. Some computers will be working, and some won't. I haven't seen the problem all day today on my computers and see no unusual packet activity, but some people have said their internet isn't working. They may not have tried today though. Tomorrow is a school day, so I should be able to see any issues if they pop up. – Joel Page Mar 28 '16 at 00:24

1 Answers1

0

I noticed the SMB2 traffic was mostly coming from teachers that moved to different computers throughout the day. Looking at the users, they had a lot of offline files that the computer would try to sync when they logged in and fail.

My fix was disabling offline files using Group Policy since having offline files confuses the staff. They often resolve conflicts wrong and loose their work. The Microsoft Sync Center seems to have a lot of issues. If someone has tips they would like to give on how to improve it, please comment. Otherwise, I will probably leave it disabled.

Thank you for all the ideas Todd!

Joel Page
  • 113
  • 1
  • 1
  • 6