• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

SBS 2003: timeouts and problems with internet

T

tripex

Gawd
Joined
Jun 8, 2002
Messages
854
Hey guys,

I'm having trouble with one of my SBS 2003 Premium server.

The internet itself is fast. But it seems to fail a lot. I'm not sure its the server's fault.
Web surfing is always timing out specially on Yahoo.com and other sites.

People on the network are getting that brownish page with the timeout message:

Network Access Message: The page cannot be displayed
Explanation: The request timed out before the page could be retrieved.

Try the following:

* Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
* Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
* Contact website: You may want to contact the website administrator to make sure the Web page still exists. You can do this by using the e-mail address or phone number listed on the website home page.

If you are still not able to view the requested page, try contacting your administrator or Helpdesk.

Technical Information (for support personnel)

* Error Code 10060: Connection timeout
* Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
* Date: 05-03-2009 15:01:08
* Server: myserver.mydomain.local
* Source: Firewall
Click to expand...
Even when i sit at the server (logged on as admin), i get the same brownish pages (not everytime, but happens a lot).


Also, when i go home and try Remote Desktop (via RWW) it keeps failing too.
I get this message "an internal error has ocurred" and the connection is lost.

sbs2003rwwerror.png




So i would like some help on how to look at this problem. Where can i start looking. I would think ISA, but i've been checking the logs, and there's so much stuff going on there, i'm not sure what to do.
 
I just want to say the most weird thing...

I connect via Remote Desktop and everything is dandy.
There i am, on the server, i can open firefox and browse websites.

The moment i go to www.yahoo.com - bang.. server disconnects with the Error message i posted above (internal error has occurred).

There seems to be a disturbance with Yahoo.

In fact, Yahoo is super difficult to open. Either slow or timeout.
 
Too bazaar, does nslookup return the correct information for yahoo.com?

Hijack, possibly?
 
DaveEhm said:
Too bazaar, does nslookup return the correct information for yahoo.com?

Hijack, possibly?
Click to expand...

Well, to be honest, it just happened again, and this time it wasnt Yahoo, it was just a page from microsoft.com (something from the kb).

I'm thinking more in terms of somehow, when i start surfing websites, it "explodes" the bandwidth and then everything disconnects.

Could this be possible? I mean, not on normal conditions, but could there be a problem that have these symptoms?
 
So I'm assuming the Internet is going through your SBS?

If so my suggestion would be disconnecting it, since it appears you can routeinly experience this issue and can determine rather quickly if it's resolved or not, just going into a laptop or something.
Do during the weekend or evening or something. Whatever works for you.

See if you get the same issue on the laptop.

That should narrow it down considerbly.

If it does still fail, then you move on to troubleshoot DNS, the router, the connection, etc.
 
Is the server multi-homed (2x NICs)

Using ISA?

Have you re-run the CEICW?

Is the server using itself..and ONLY itself..as its DNS in TCP properties?
What are your DNS forwarders set to?

Clients MUST use the IP of your SBS as their DNS server, period.

DHCP should be run from your SBS box too, not from your router. So, if you're to troubleshoot following the advice above of "disconnect it" ....you'll have to manually configure a client with a static IP..including alternate DNS such as your ISPs or OpenDNS ..since there will be no DHCP or DNS available on the network. And then flip the client back to "Obtain Auto" when you plug the server back in.

Event logs?

Do you have the proper exclusions in your servers antivirus real time protection?
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137
 
Hello, i'm still having these problems.
Happens a lot. Specially on Yahoo.com, Gmail, for some reason.


I'm posting a portion of my isa's log:
http://www.2shared.com/file/5038502/1301e178/tripex_isa_Server_log.html

Logging filters were:

Action: Notequal Connection Status
Destination: Equal External
Actions: One of Denied Connection, Failed Connection Attempt, Failed VPN Connection Attempt, Qurantine Timeout
Source: Equals Internal
 
This SBS server has 2 nics:
  • 1 connected directly to the cable modem. there is no router in between.
  • 1 connected to the switch.

The server has worked well since September. At that time i ran the CEICW.
A couple of days ago i ran the CEICW again (to try to fix this).


In the Server, in both network connections (internet and lan), the SBS server is the only DNS server.


All clients use DHCP and DNS from the SBS server.


I'm using Mcafee Enterprise 8i and the exclusions were already done (in fact it was your suggestion in a different thread, not related to this).





YeOldeStonecat said:
Is the server multi-homed (2x NICs)

Using ISA?

Have you re-run the CEICW?

Is the server using itself..and ONLY itself..as its DNS in TCP properties?
What are your DNS forwarders set to?

Clients MUST use the IP of your SBS as their DNS server, period.

DHCP should be run from your SBS box too, not from your router. So, if you're to troubleshoot following the advice above of "disconnect it" ....you'll have to manually configure a client with a static IP..including alternate DNS such as your ISPs or OpenDNS ..since there will be no DHCP or DNS available on the network. And then flip the client back to "Obtain Auto" when you plug the server back in.

Event logs?

Do you have the proper exclusions in your servers antivirus real time protection?
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137
Click to expand...
 
If i was to suspect of virus or worm or any outstanding outbound internet connections, what would be the best way of finding this?
 
Is ISA fully updated, service packed, etc? I'm a bit dated in my ISA troubleshooting....really don't use it anymore.

Is there a primary reason you're using ISA?
 
It does have the service pack. But it does not have all the updates.

Reason i'm using ISA is that we payed for it (i mean, it comes on SBS 2003).

I thought it would be a good idea to have it as a firewall and control the internet access and stuff.

I still have lots of configuration to do on it i believe, as i would like to see computernames and usernames from my (small) AD. The way it has been working, it just shows "anonymous" and ip's.
 
Latest update

I 'm at the server, doing tests.
So i go to the SBS Localhost Access Rule and go to HTTP Protocol and disable the Web Proxy Filter.

Voilá!???

Yahoo is a blaze! Hardforum loads fast..
Stuff seems to work again?

Is it safe to disable the Web Proxy Filter for everyone else?
 
Actually, it seems like it already disabled for everyone (i mean, i disabled the Web Proxy Filtering on Protocol HTTP 80 so all other rules that use that protocol take the same setting).
 
This is one of the common ones related to Yahoo.
non-SYN blablabla...

Does anyone know what i should do with this?
If connections are getting denied, i assume the page wont be fully loaded.
Is this Good.. or Bad?


Denied Connection EUROSERVER 09-03-2009 20:16:58

Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.
Rule:
Source: Internal ( 192.168.16.72:2638)
Destination: External (httpcs114.msg.ac4.yahoo.com 98.136.113.167:80)
Protocol: HTTP
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 192.168.16.72
Client agent:
 
Does this problem appear to go away for a while after rebooting the server? (not that rebooting is an issue..just trying to grasp here).

May try to move this thread to the networking forum...more system admins (that may have more experience with ISA) over there.
 
There are two DNS forwarders. These were set up on the CIEIWIEUEI (aka The Wizard) and i can check them on the DNS mmc.

They are:
  • my ISP's dns.
  • 208.67.222.222 (opendns.org)


YeOldeStonecat said:
Is the server using itself..and ONLY itself..as its DNS in TCP properties?
What are your DNS forwarders set to?
Click to expand...
 
That should be a decent balance. Maybe flip the order...query OpenDNS first...ISP second. Restart DNS service when making a change.
 
You must log in or register to reply here.
Back
Top