Connectivity Problems

Sorry about the length of this post, but I have no idea what I'm talking 
about, let alone explain it!

We have two sites (Head Office and Remote) with a Netgear FVS338 VPN 
firewall at each end.  The remote site connects via a Terminal Server and 
runs a couple of EPOS systems.
Our setup in the Head Office is thus:

Workstation -> SBS 2003 R2 Standard -> FVS338 VPN Firewall -> Internet 
Router

Recently, the VPN keeps dropping and if I set up a permanent ping I can see 
that several times a day we get 7 or 8 pings timing out.  This is enough to 
kill the EPOS connections.

Making a very, very long story short, I've set up various permanent pings 
and discovered this.....
If connect a workstation directly to the Internet Router there's no problem.
If I connect a workstation directly to the FVS338 there's no problem.
If I connect the workstation to the network via the SBS box I get the pings 
dropping.

I've changed the router and firewall with no success and Netgear tech and 
the ISP are convinced the problem isn't with them (after several days of 
diagnostics).

As luck would have it, I'm setting up a SBS 2008 box to replace the SBS 2003 
and this is now sitting on a different ip address using a different FVS338 
connected to the same Internet Router.  This is pinging away quite happily 
without any drop outs.

I'm now beginning to suspect that problem is sitting on our SBS 2003 box but 
I have absoloutly no idea where to look.
Has anyone come across this before and, if so, throw me a few pointers?

Many thanks. 

0
Waggers
11/19/2009 9:06:32 AM
windows.server.sbs 1975 articles. 0 followers. Follow

7 Replies
767 Views

Similar Articles

[PageSpeed] 32

"Waggers" <Waggers@newsgroup.nospam> wrote in message 
news:eZzSYePaKHA.5472@TK2MSFTNGP02.phx.gbl...
> Sorry about the length of this post, but I have no idea what I'm talking 
> about, let alone explain it!
>
> We have two sites (Head Office and Remote) with a Netgear FVS338 VPN 
> firewall at each end.  The remote site connects via a Terminal Server and 
> runs a couple of EPOS systems.
> Our setup in the Head Office is thus:
>
> Workstation -> SBS 2003 R2 Standard -> FVS338 VPN Firewall -> Internet 
> Router
>
> Recently, the VPN keeps dropping and if I set up a permanent ping I can 
> see that several times a day we get 7 or 8 pings timing out.  This is 
> enough to kill the EPOS connections.
>
> Making a very, very long story short, I've set up various permanent pings 
> and discovered this.....
> If connect a workstation directly to the Internet Router there's no 
> problem.
> If I connect a workstation directly to the FVS338 there's no problem.
> If I connect the workstation to the network via the SBS box I get the 
> pings dropping.
>
> I've changed the router and firewall with no success and Netgear tech and 
> the ISP are convinced the problem isn't with them (after several days of 
> diagnostics).
>
> As luck would have it, I'm setting up a SBS 2008 box to replace the SBS 
> 2003 and this is now sitting on a different ip address using a different 
> FVS338 connected to the same Internet Router.  This is pinging away quite 
> happily without any drop outs.
>
> I'm now beginning to suspect that problem is sitting on our SBS 2003 box 
> but I have absoloutly no idea where to look.
> Has anyone come across this before and, if so, throw me a few pointers?
>
> Many thanks.


If you swap the two Netgear FVS338  routers, does it still happily ping? If 
not, I suspect an issue with the router.

For example, we had an issue with an ASA5505 that would not keep the 
unlimited time-out setting I set on VPN tunnels. It wound up being a known 
issue on the IOS, which I upgraded to the latest version and now works fine.

-- 
Ace

This posting is provided "AS-IS" with no warranties or guarantees and 
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among 
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check 
http://support.microsoft.com for regional support phone numbers.




0
Ace
11/19/2009 2:17:09 PM
Thanks for the response.

Yep, we've tried swapping over the firewall and the internet router - we've 
even tried new ones.  No success.

I've booked a call with Microsoft Support now and it seems that they are 
struggling!




"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
news:OJVk8LSaKHA.5472@TK2MSFTNGP02.phx.gbl...
> "Waggers" <Waggers@newsgroup.nospam> wrote in message 
> news:eZzSYePaKHA.5472@TK2MSFTNGP02.phx.gbl...
>> Sorry about the length of this post, but I have no idea what I'm talking 
>> about, let alone explain it!
>>
>> We have two sites (Head Office and Remote) with a Netgear FVS338 VPN 
>> firewall at each end.  The remote site connects via a Terminal Server and 
>> runs a couple of EPOS systems.
>> Our setup in the Head Office is thus:
>>
>> Workstation -> SBS 2003 R2 Standard -> FVS338 VPN Firewall -> Internet 
>> Router
>>
>> Recently, the VPN keeps dropping and if I set up a permanent ping I can 
>> see that several times a day we get 7 or 8 pings timing out.  This is 
>> enough to kill the EPOS connections.
>>
>> Making a very, very long story short, I've set up various permanent pings 
>> and discovered this.....
>> If connect a workstation directly to the Internet Router there's no 
>> problem.
>> If I connect a workstation directly to the FVS338 there's no problem.
>> If I connect the workstation to the network via the SBS box I get the 
>> pings dropping.
>>
>> I've changed the router and firewall with no success and Netgear tech and 
>> the ISP are convinced the problem isn't with them (after several days of 
>> diagnostics).
>>
>> As luck would have it, I'm setting up a SBS 2008 box to replace the SBS 
>> 2003 and this is now sitting on a different ip address using a different 
>> FVS338 connected to the same Internet Router.  This is pinging away quite 
>> happily without any drop outs.
>>
>> I'm now beginning to suspect that problem is sitting on our SBS 2003 box 
>> but I have absoloutly no idea where to look.
>> Has anyone come across this before and, if so, throw me a few pointers?
>>
>> Many thanks.
>
>
> If you swap the two Netgear FVS338  routers, does it still happily ping? 
> If not, I suspect an issue with the router.
>
> For example, we had an issue with an ASA5505 that would not keep the 
> unlimited time-out setting I set on VPN tunnels. It wound up being a known 
> issue on the IOS, which I upgraded to the latest version and now works 
> fine.
>
> -- 
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and 
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit 
> among responding engineers, and to help others benefit from your 
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check 
> http://support.microsoft.com for regional support phone numbers.
>
>
>
> 
0
Waggers
11/19/2009 4:00:25 PM
This *really* doesn't sound like SBS to me.  SBS isn't routing your traffic 
if I read your topology correctly, so I don't know why you are suspecting 
it.

....but there is another piece of equipment you are skipping and you haven't 
mentioned exactly when you introduce *it* into the mix....but it seems like 
a logical place to look.

Connect workstation to router?  Works.
Connect workstation to firewall?  Works.
Connect workstation to "the network?"  Failure.  HOW are you connecting the 
computer to "the network."  I assume....a *switch!*  Switches, like any 
piece of hardware, are prone to failure.  A small ASIC on the switch 
overheats, drops a few packets.....

-Cliff


"Waggers" <Waggers@newsgroup.nospam> wrote in message 
news:OK4$pFTaKHA.1652@TK2MSFTNGP05.phx.gbl...
> Thanks for the response.
>
> Yep, we've tried swapping over the firewall and the internet router - 
> we've even tried new ones.  No success.
>
> I've booked a call with Microsoft Support now and it seems that they are 
> struggling!
>
>
>
>
> "Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
> news:OJVk8LSaKHA.5472@TK2MSFTNGP02.phx.gbl...
>> "Waggers" <Waggers@newsgroup.nospam> wrote in message 
>> news:eZzSYePaKHA.5472@TK2MSFTNGP02.phx.gbl...
>>> Sorry about the length of this post, but I have no idea what I'm talking 
>>> about, let alone explain it!
>>>
>>> We have two sites (Head Office and Remote) with a Netgear FVS338 VPN 
>>> firewall at each end.  The remote site connects via a Terminal Server 
>>> and runs a couple of EPOS systems.
>>> Our setup in the Head Office is thus:
>>>
>>> Workstation -> SBS 2003 R2 Standard -> FVS338 VPN Firewall -> Internet 
>>> Router
>>>
>>> Recently, the VPN keeps dropping and if I set up a permanent ping I can 
>>> see that several times a day we get 7 or 8 pings timing out.  This is 
>>> enough to kill the EPOS connections.
>>>
>>> Making a very, very long story short, I've set up various permanent 
>>> pings and discovered this.....
>>> If connect a workstation directly to the Internet Router there's no 
>>> problem.
>>> If I connect a workstation directly to the FVS338 there's no problem.
>>> If I connect the workstation to the network via the SBS box I get the 
>>> pings dropping.
>>>
>>> I've changed the router and firewall with no success and Netgear tech 
>>> and the ISP are convinced the problem isn't with them (after several 
>>> days of diagnostics).
>>>
>>> As luck would have it, I'm setting up a SBS 2008 box to replace the SBS 
>>> 2003 and this is now sitting on a different ip address using a different 
>>> FVS338 connected to the same Internet Router.  This is pinging away 
>>> quite happily without any drop outs.
>>>
>>> I'm now beginning to suspect that problem is sitting on our SBS 2003 box 
>>> but I have absoloutly no idea where to look.
>>> Has anyone come across this before and, if so, throw me a few pointers?
>>>
>>> Many thanks.
>>
>>
>> If you swap the two Netgear FVS338  routers, does it still happily ping? 
>> If not, I suspect an issue with the router.
>>
>> For example, we had an issue with an ASA5505 that would not keep the 
>> unlimited time-out setting I set on VPN tunnels. It wound up being a 
>> known issue on the IOS, which I upgraded to the latest version and now 
>> works fine.
>>
>> -- 
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and 
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum for collaboration benefit 
>> among responding engineers, and to help others benefit from your 
>> resolution.
>>
>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 
>> 2003/2000, MCSA Messaging 2003
>> Microsoft Certified Trainer
>>
>> For urgent issues, please contact Microsoft PSS directly. Please check 
>> http://support.microsoft.com for regional support phone numbers.
>>
>>
>>
>> 
0
Cliff
11/19/2009 6:39:14 PM
"Waggers" <Waggers@newsgroup.nospam> wrote in message 
news:OK4$pFTaKHA.1652@TK2MSFTNGP05.phx.gbl...
> Thanks for the response.
>
> Yep, we've tried swapping over the firewall and the internet router - 
> we've even tried new ones.  No success.
>
> I've booked a call with Microsoft Support now and it seems that they are 
> struggling!
>


I would look into Cliff's suggestion.

Also, please do post the solution, if you or Microsoft finds it.

Ace 


0
Ace
11/19/2009 11:33:30 PM
Waggers wrote:

>Sorry about the length of this post, but I have no idea what I'm talking 
>about, let alone explain it!
>
>We have two sites (Head Office and Remote) with a Netgear FVS338 VPN 
>firewall at each end.  The remote site connects via a Terminal Server and 
>runs a couple of EPOS systems.
>Our setup in the Head Office is thus:
>
>Workstation -> SBS 2003 R2 Standard -> FVS338 VPN Firewall -> Internet 
>Router
>
>Recently, the VPN keeps dropping and if I set up a permanent ping I can 
>see that several times a day we get 7 or 8 pings timing out.  This is 
>enough to kill the EPOS connections.
>
>Making a very, very long story short, I've set up various permanent pings 
>and discovered this.....
>If connect a workstation directly to the Internet Router there's no 
>problem.
>If I connect a workstation directly to the FVS338 there's no problem.
>If I connect the workstation to the network via the SBS box I get the 
>pings dropping.
>
>I've changed the router and firewall with no success and Netgear tech and 
>the ISP are convinced the problem isn't with them (after several days of 
>diagnostics).
>
>As luck would have it, I'm setting up a SBS 2008 box to replace the SBS 
>2003 and this is now sitting on a different ip address using a different 
>FVS338 connected to the same Internet Router.  This is pinging away quite 
>happily without any drop outs.
>
>I'm now beginning to suspect that problem is sitting on our SBS 2003 box 
>but I have absoloutly no idea where to look.
>Has anyone come across this before and, if so, throw me a few pointers?

I'd suggest switching the SBS2003 to a single NIC configuration (and rerun 
the CEICW). There's little value in the two-NIC setup with your 
arrangements. That takes the SBS2003 out of the picture for this scenario, 
and your problem will likely disappear.

Note that getting SBS2003 to "play nice" in single NIC mode is 
occasionally a PITA (it is supposed to JFDI!).

-- 
Steve Foster
------------
Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
0
Steve
11/20/2009 3:11:31 PM
I agree, it doesn't seem like a SBS problem to me either.

However, I've now retired the SBS2003 box (with a single LAN BTW) and 
replaced it with the SBS 2008 box.

I haven't touched anything on the firewall or router and all is now working 
as it should!

Many thanks to all who responded.

Waggers




"Cliff Galiher" <cgaliher@gmail.com> wrote in message 
news:#pw4deUaKHA.5472@TK2MSFTNGP02.phx.gbl...
> This *really* doesn't sound like SBS to me.  SBS isn't routing your 
> traffic if I read your topology correctly, so I don't know why you are 
> suspecting it.
>
> ...but there is another piece of equipment you are skipping and you 
> haven't mentioned exactly when you introduce *it* into the mix....but it 
> seems like a logical place to look.
>
> Connect workstation to router?  Works.
> Connect workstation to firewall?  Works.
> Connect workstation to "the network?"  Failure.  HOW are you connecting 
> the computer to "the network."  I assume....a *switch!*  Switches, like 
> any piece of hardware, are prone to failure.  A small ASIC on the switch 
> overheats, drops a few packets.....
>
> -Cliff
>
>
> "Waggers" <Waggers@newsgroup.nospam> wrote in message 
> news:OK4$pFTaKHA.1652@TK2MSFTNGP05.phx.gbl...
>> Thanks for the response.
>>
>> Yep, we've tried swapping over the firewall and the internet router - 
>> we've even tried new ones.  No success.
>>
>> I've booked a call with Microsoft Support now and it seems that they are 
>> struggling!
>>
>>
>>
>>
>> "Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message 
>> news:OJVk8LSaKHA.5472@TK2MSFTNGP02.phx.gbl...
>>> "Waggers" <Waggers@newsgroup.nospam> wrote in message 
>>> news:eZzSYePaKHA.5472@TK2MSFTNGP02.phx.gbl...
>>>> Sorry about the length of this post, but I have no idea what I'm 
>>>> talking about, let alone explain it!
>>>>
>>>> We have two sites (Head Office and Remote) with a Netgear FVS338 VPN 
>>>> firewall at each end.  The remote site connects via a Terminal Server 
>>>> and runs a couple of EPOS systems.
>>>> Our setup in the Head Office is thus:
>>>>
>>>> Workstation -> SBS 2003 R2 Standard -> FVS338 VPN Firewall -> Internet 
>>>> Router
>>>>
>>>> Recently, the VPN keeps dropping and if I set up a permanent ping I can 
>>>> see that several times a day we get 7 or 8 pings timing out.  This is 
>>>> enough to kill the EPOS connections.
>>>>
>>>> Making a very, very long story short, I've set up various permanent 
>>>> pings and discovered this.....
>>>> If connect a workstation directly to the Internet Router there's no 
>>>> problem.
>>>> If I connect a workstation directly to the FVS338 there's no problem.
>>>> If I connect the workstation to the network via the SBS box I get the 
>>>> pings dropping.
>>>>
>>>> I've changed the router and firewall with no success and Netgear tech 
>>>> and the ISP are convinced the problem isn't with them (after several 
>>>> days of diagnostics).
>>>>
>>>> As luck would have it, I'm setting up a SBS 2008 box to replace the SBS 
>>>> 2003 and this is now sitting on a different ip address using a 
>>>> different FVS338 connected to the same Internet Router.  This is 
>>>> pinging away quite happily without any drop outs.
>>>>
>>>> I'm now beginning to suspect that problem is sitting on our SBS 2003 
>>>> box but I have absoloutly no idea where to look.
>>>> Has anyone come across this before and, if so, throw me a few pointers?
>>>>
>>>> Many thanks.
>>>
>>>
>>> If you swap the two Netgear FVS338  routers, does it still happily ping? 
>>> If not, I suspect an issue with the router.
>>>
>>> For example, we had an issue with an ASA5505 that would not keep the 
>>> unlimited time-out setting I set on VPN tunnels. It wound up being a 
>>> known issue on the IOS, which I upgraded to the latest version and now 
>>> works fine.
>>>
>>> -- 
>>> Ace
>>>
>>> This posting is provided "AS-IS" with no warranties or guarantees and 
>>> confers no rights.
>>>
>>> Please reply back to the newsgroup or forum for collaboration benefit 
>>> among responding engineers, and to help others benefit from your 
>>> resolution.
>>>
>>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 
>>> 2003/2000, MCSA Messaging 2003
>>> Microsoft Certified Trainer
>>>
>>> For urgent issues, please contact Microsoft PSS directly. Please check 
>>> http://support.microsoft.com for regional support phone numbers.
>>>
>>>
>>>
>>> 
0
Waggers
11/21/2009 9:51:02 PM
"Waggers" <Waggers@newsgroup.nospam> wrote in message 
news:eE%23K8SvaKHA.1596@TK2MSFTNGP06.phx.gbl...
>I agree, it doesn't seem like a SBS problem to me either.
>
> However, I've now retired the SBS2003 box (with a single LAN BTW) and 
> replaced it with the SBS 2008 box.
>
> I haven't touched anything on the firewall or router and all is now 
> working as it should!
>
> Many thanks to all who responded.
>
> Waggers

Good to hear it's been resolved. Thanks for posting back, too!

Ace



0
Ace
11/22/2009 4:13:24 PM
Reply:

Similar Artilces: