# Sudden loss of connectivity in our SBS 2011 domain



## techshan (Feb 17, 2008)

Hi



In our company we are having one windows sbs 2011 domain controller and around 50 pcs with windows xp professional sp3 and some laptops with windows 7 professional sp2; Antivirus is symantec endpoint protection loaded in separate pc made server and all are configured ;working perfectly until today afternoon.



All of a sudden lot of calls started coming to IT ROOM complaining about the lost of connection between dc and the clients.We checked the pc's in our IT ROOM for myself and colleague starting to troubleshoot from our pc's since we also lost the connectivity.

* ping not working from any pc to dc

* ping not working with default gateway from the pc's lost connection

*layer 2 connectivity is ensured OK by connecting my pc through live bootcd and ping works with dc,gateway ;I opted for live boot cd since I rebooted my pc and the dc couple of times ;no effect

*default gateway which is our ADSL ROUTER LAN IP is pinging from the DC and internet is working

*DC'S antivirus symantec endpoint protection is stand alone not in sync with the symantec server... and also a client pc which is loaded with kaspersky antivirus also having the same problem....so symantec endpoint protection server possibility can be isolated.

* Restarted the DC and chose last known good configuration also ; same symptom

* found one windows server 2003 loaded as a member server in the domain still working; pinging with the dc;able to access the folders in DC ; afraid to restart and check since on windows xp pc after restarting ; lost the connectivity

N.B: all the clients are getting IP from dhcp in DC

When pinging request timed out is the result and the gpresult of the client pc's give generic failure



AND RIGHT NOW THE ISSUE IS TEMPORARILY SOLVED and the link is at 

Sudden loss of connectivity in our SBS 2011 domain in our company!!!

Since this forum is pertaining to GROUP POLICIES, please help me to solve this issue permanenly

Thanks & Regards

S.Swaminathan


----------



## Rockn (Jul 29, 2001)

Nothing in the event logs pertaining to this issue from the client or server logs?


----------



## Rockn (Jul 29, 2001)

Are there multiple network switches on the network? Perhaps the computers that cannot access the DC are on a different switch than the ones that can.


----------



## techshan (Feb 17, 2008)

Hi

You can get the full details where the long discussion is going on at this link : http://social.technet.microsoft.com...r/thread/c2f80047-cc73-43ae-9b4d-a7e3d9354ac5

Thanks & Regards

S.Swaminathan


----------



## techshan (Feb 17, 2008)

Waiting for the solution gentlemen!


----------



## Rockn (Jul 29, 2001)

Is it really a connectivity issue or an Active directory issue with computer accounts not authenticating? SBS group policy is also very restrictive if you have not tried disabling the default GPO objects. Any reason in particular you are using a PC as a server? No log entries that are pointing to a DNS or AD issue?


----------



## techshan (Feb 17, 2008)

Hi

All client pc's connecting to the dc ( sbs 2011) getting logged in ;getting ip through its DHCP server component in it; authenticating with dc no problem at all; but no ping with any hosts in the network ;not able to access the shares in the server; no printing ; no internet.. no connectivity.

After doing the ip & winsock catalog reset , all the clients are having no problem in browsing the network shares and other activities

Now after disabling the policies I mentioned in the earlier portion of this post

http://social.technet.microsoft.com...r/thread/c2f80047-cc73-43ae-9b4d-a7e3d9354ac5 , all pc's are connecting .

I dont know where the problem starts from. But one thing I am sure that when something has been pushed from the server to the domain and all the network came to stop.

I cannot come to the conclusion from either the MS or symantec caused this problem

How to troubleshoot since it is one week over the network is running with the policies mentioned before in the disabled state.

Thanks

S.Swaminathan


----------



## Rockn (Jul 29, 2001)

If you have disabled the policies and all computers are connecting after that then you know it is group policy unless they have the issue again the next time they log in. I am not sure what the issue is here. Looking at the image in the link you also have about 6 other policies at a higher level that are also being applied unless you have set them not to filter to lower level policies. Run RSOP against one of your computers when they are having connectivity issues and see which policy is causing the issue.


----------



## techshan (Feb 17, 2008)

Hi

To be exact about the disabled policies, those are SBS CLIENT POLICY-Windows 7 & Vista, SBS CLIENT POLICY-windows xp; SBS CLIENT POLICY only have been disabled.

Thanks

S.Swaminathan


----------



## Rockn (Jul 29, 2001)

And have you ever run RSOP against a computer and user account that is having the issue? I realize by looking at the images which policies you have disabled and see that 6 of them are still being applied which was why I am asking. Perhaps some settings are lingering on the client PC, look up tattooing.


----------



## techshan (Feb 17, 2008)

Hi

After running RSOP , I did not get any errors.Computer configuration & User configuration red colour X marks are present in both of the categories

I maximum reset all the clients for ip & winsock as I stated before; in this situation our network is running for the past 2 weeks 

Yesterday one of our laptop domain user who is not in station in the office came yesterday & when he tried to connect to the domain as usual , the same symptom of his laptop startup beame very slow during the running startup scripts of his login in domain; once he logged in the same symptom of Request timed out occurred when I tried to ping any host in the network.

Since I had the doubt with Symantec Endpoint Protection, I used cleanwipe utility by symantec for removing it.During the removal process of it, many stages go in sequence.Out of that in the duration where teefer2.sys is removed, suddenly I noticed the connectivity came between the laptop and the dc, which gave me some hints about the cause.

Then it started working without Antivirus, when I tried to install again the connectivity lost; I did the reset of ip & winsock it turned on

Any idea?

N.B: When the network xp and windows 7 pcs' got affected in this problem, we have two member servers of windows sbs 2003 & windows server 2003 enterprise server both not affected.In sbs 2003 , when I checked the event viewer, I found this error when this problem started in our network exactly at 4.06 pm as below

Event ID 1054: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group Policy processing aborted.... But the sbs 2003 was able to ping the dc )

Thanks & Regards

S.Swaminathan


----------



## Rockn (Jul 29, 2001)

You are having DNS issues and accessing the sysvol on the domain controller. Run all of your Active Directory and DNS diagnostics


----------



## techshan (Feb 17, 2008)

Hi

Then how the network is working right now after doing the remedy of reset ip, winsock & disabling the policies.........

If there is an issue in DNS & AD.

How to check those components?

Please give an advice!

Thanks & Regards

S.Swaminathan


----------

