Windows XP Lost network - Everyday at 12 noon

TeK-FX

TeK-FX

Limp Gawd
Joined
Jul 16, 2005
Messages
503
For the past two days a computer of ours has been going down in terms of network becoming "lost". This is a small business setup. The setup is:

The main system is directly connected to the internet. This computer has another separate network card running to a switch which is in turn hooked to 6 other computers.

The problem I am having is that for the past two days at 12 noon the main computer suddenly disappears from the network. It can see itself but no other computers but other computers can see it AND they other computers can see each other. The weird thing is they can all access the internet still as well through it. What is going on?! The only fix I could do so far, which is temporary, is system restore. to the previous day. I don't want to go back to far because I know the problem happened within 24 hours of the original system restore point I used. Somethings changed but I cannot figure out what and this is a recurring problem. I desperately need to get this figured out. I hope someone can help me. Thank you.
 
dumb question: do the logs tell you anything? either looking back or at noon?
 
Check the event log.
See if there are any scheduled tasks running at 12:00
 
Will do that today as I am heading down there today in a few minutes because Sunday is a very busy day and I don't want this going down on them again. Will post back shortly and let you know what I find. Thank you.
 
Well I am down here right now. Ran an ipconfig to see when the lease on the IP address expires. Here is the information I received.


C:\Documents and Settings\Diner>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : backoffice
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : twcny.rr.com

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Eth
rnet NIC
Physical Address. . . . . . . . . : 00-E0-7D-CD-67-CA
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter Internet:

Connection-specific DNS Suffix . : twcny.rr.com
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1D-7D-95-BD-3B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 67.241.45.39
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 67.241.32.1
DHCP Server . . . . . . . . . . . : 10.102.64.1
DNS Servers . . . . . . . . . . . : 24.92.226.40
24.92.226.41
Lease Obtained. . . . . . . . . . : Sunday, August 10, 2008 12:07:08 AM
Lease Expires . . . . . . . . . . : Monday, August 11, 2008 12:07:08 AM

So its expiring in the morning after midnight and the computers are still up at the moment.

I checked scheduled tasks and there is nothing in there. I checked the event viewer and there are a couple shortly after the manager restarted hoping that would get the system up

I talked to a manager who was here yesterday when it went down and he told me it gave him an IRQL_NOT_LESS_OR_EQUAL error.

Decided to dig a little more and found AVG runs itself at exactly noon. Could this possibly be the culprit?! I disabled the daily scan to see because I want to be around at noon myself to see what is happening. I will keep everyone poasted. Thank you for your input.


Forgot to add the 2 events that were errors:

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 8/9/2008
Time: 12:07:48 PM
User: N/A
Computer: BACKOFFICE
Description:
Error code 1000000a, parameter1 0a130013, parameter2 00000002, parameter3 00000000, parameter4 804e883b.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 61 eters 0a
0030: 31 33 30 30 31 33 2c 20 130013,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 34 65 00, 804e
0050: 38 38 33 62 883b



Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4314
Date: 8/9/2008
Time: 12:06:50 PM
User: N/A
Computer: BACKOFFICE
Description:
Unable to read the driver's bindings to the transport from the registry.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 58 00 ......X.
0008: 00 00 00 00 da 10 00 c0 ....Ú..À
0010: 15 01 00 00 60 01 00 c0 ....`..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........



Looked into the NetBT and got a description from Microsoft

NBT (NetBIOS (network basic input/output system)) over TCP/IP (Transmission Control Protocol/Internet Protocol) connectivity facilitates file and printer sharing.

This I believe is my problem. 4 or the 6 computers hooked up to this network are touch-screen terminals and they require access to the database file located on the back office computer. I just don't know how I would go about fixing this. I have never run into this particular problem before.
 
It is now 12:08 and nothing has happened and the only thing I did was disable AVG from scanning at noon. WTF?!
 
I would suggest going into the router that handles the DHCP and set it to lease the IP addresses for 30 days instead of 24 hours. The NetBT is getting reset with each DHCP release/renew thus causing terminal crashes... you should be able to get away from this except maybe once a month by using 30 day DHCP leases.
I myself keep my home LAN set to 1 week since I use wireless and keep an eye on my router logs...
 
Well it happened again. This time at 3:31 p.m. yesterday. I am really lost here. Same thing though. NetBT had an error according to the event viewer.

As for the lease time I cannot alter it on our switch. We are using a Dlink DSS-16+ switch and there is no log in as far as I know. Is there any way I can change the Windows ICS lease times?



Happened today at 12:07 :mad:
 
look through several of the systems and make sure the Use NetBIOS over DHCP... and if it still happens, try to enable NetBIOS over TCP/IP...
also if they are all the same type of systems, see if there is a driver update for the NIC...
 
Why not put a router in and not have the other PC's connect through the one, plus then the main one isnt directly connected to the net.
 
I had a PC with a similar problem. I had two NIC install with one using a static IP address and the other using DHCP that was connected to a router for the internet. About once a day( sometime twice ) the DHCP connect would get limited or no connectivity. One thing is that it was not using the standard XP firewall, but one that came with the BroadComm drivers for the NIC cards. I tried every to get it to work and nothing helped. I finally switch the firewall over to the XP one and things started to magically work. The BroadComm firewall was setup not to allow XP to call home. I am guessing XP was pouting because it could call home and it disabled the DHCP connection.....

Keith
 
TeK-FX said:
It is now 12:08 and nothing has happened and the only thing I did was disable AVG from scanning at noon. WTF?!
Click to expand...

Regardless of the status of your problem, a disk scan should not be done during working hours. And you should buy the full version of AVG if you are using this in a business setting as it will allow you to schedule virus definition updates on an hourly basis. The free version is crippled to only allow you to do it once a day.
 
TeK-FX said:
Well it happened again. This time at 3:31 p.m. yesterday. I am really lost here. Same thing though. NetBT had an error according to the event viewer.

As for the lease time I cannot alter it on our switch. We are using a Dlink DSS-16+ switch and there is no log in as far as I know. Is there any way I can change the Windows ICS lease times?



Happened today at 12:07 :mad:
Click to expand...

Your switch most likely does not offer DHCP. The lease times would be set on your main server running ICS. If you are running ICS then the DHCP server is probably installed as well.

I agree with the other poster who said to buy a router. There's no reason to have your server hanging out on the Internet if you're not serving machines outside the network. It's a security risk that you don't need to take.
 
I will consider the switch to a router. I found it much easier to limit access of the other computers with this setup. For some reason people cannot resist pr0n or my(waste of)space. Plus, the main system runs an online credit card processing service which ties into the main server copy of the software running the terminals. If I were to try and run it from each system separate I would have to by 4 more licenses of the software costing 395.00 per copy and then setup each terminal to run its own merchant account.

As for the scanning at a different time I could set it later on. This business is open 24/7/365 and I setup the scan time so that in the event something was found I knew a manager would be there. Noon is actually a slow time for this business as it picks up pretty heavy around 1:30 or so after the morning breakfast rush. It stays pretty steady until about 1 - 2 in the morning after bar rush. Breakfast then resumes at 6 a.m.

So what I have done today is completely removed AVG and replaced it with Avast Professional. I also updated the network card drivers which seem to have come out last month so we will just have to see. Thank you for the feedback people. I will keep updating till I have this problem solved. :)



Just to give people an idea of what software is being used to run the business is from a company called Aldelo. We are using Aldelo for Restaurants Pro alongside Aldelo EDC (credit card processing). www.aldelo.com
 
If content control is a problem, first, get management to sign off on a policy prohibiting non-business usage of the Internet. Then, get a router/switch combo with content filtering such as SonicWall. Yes, they cost more than your garden variety consumer routers, but they will do the job that you need.
 
I still run into the problem of still needing to have everything run through the main computer. Especially for the credit card processing.

As for keeping the employees of the net I have pretty much restricted everything with the only exceptions to allow access from computers on the local network and to windows update. I check the logs every couple of days and you can see the log file showing how many times they have tried to exit the software, access the net, play games, etc. I can even tell which employee(s) have been trying. Most of them the overnight crew. Its funny sometimes to see the same user try to exit the software like 5 times in a row a couple of times a week trying to use their access code. They can be persistent. lol

This is a small business. A diner if some of you have not figured it out from the previous posts. Not looking to make big changes. Just to fix the current setup. Its been running for 3 years without a problem.If I can just figure out what is causing the error then I would be ecstatic as well as a little bit wiser. :D
 
Well the problem has been solved. I think it was more the updating of the ethernet driver than AVG but its been running smoothly again for the past couple of days. I think the drivers may have corrupted at some point. Time will tell. Thank you for everyone who provided input and advice. Much appreciated! :D
 
You must log in or register to reply here.
Back
Top