Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet stops randomly


  • Please log in to reply
16 replies to this topic

#1 wing987

wing987

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 31 May 2017 - 11:54 AM

First off I should inform you that this may not be a Windows 7 problem, but it might be. I am not sure where exactly to place this.

 

Configuration: Firewall in use on an enterprise network using a Class A network, with end users on a Windows 7 machine.

 

Problem (simplified):

A single user in an enterprise environment loses access to external network resources periodically for 5 - 20 minutes. This problem occurs randomly.

 

Verified facts:

Problem occurs only for this one user, others on other workstations function fine

Problem occurs across multiple computers, but always this one user

This user does NOT use a roaming profile

Problem occurs on IE

Problem occurs on Chrome

Problem Occurs on Firefox

Resetting all default settings in the browsers does not resolve the problem

Adjusting the TLS and SSL settings does not resolve the problem

The Cat5 from her computer to the floor jack was replaced (moot point since it follows her on different systems)

The Cat5 cable from the patch panel to the switch was replaced (same as above)

Users profile was completely removed and rebuilt on system without success

Deleting the users bookmarks in IE solved the problem for one week, but it returned (may not be related)

PING traffic to the Intranet services on the corporate network function and replies are received during outage

PING traffic does NOT succeed when hitting google at 8.8.8.8 or 8.8.4.4 during outage

PING traffic does not succeed to any known external resource during outage

Admins can remote computer during outage (but they are on intranet, but a different subnet in a different city/state)

There are no known software conflicts, and problem still occurs when only the browser is in use

Problem occurs across multiple websites

Computer was replaced and the same result occurs

Computer is fully updated with MS updates

 

Does anyone have any other possible cause or solution for this behavior?


Edited by britechguy, 17 June 2017 - 09:10 AM.
Moved to networking forum - likely networking issue

-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


BC AdBot (Login to Remove)

 


#2 wing987

wing987
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 05 June 2017 - 09:19 AM

So....nobody has any ideas? 84 people read this and decided that they knew nothing about the topic?


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


#3 sikntired

sikntired

  • Members
  • 928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:02 AM

Posted 05 June 2017 - 05:09 PM

Well, I can certainly tell you that I have no ideas. However, I have posted about a past problems and usually someone does come along and is of assistance. Then there is the occasion where nobody responds because they neither have a solution nor can offer any advice. When this happens, "Google is your friend". I have solved (as well as many others) a particular problem that seems vexing, by doing so.



#4 wing987

wing987
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 09 June 2017 - 03:38 PM

Google is always....ALWAYS a friend.  The problem here is even Google is failing to provide answers.

 

I have even had the user record their actions on their computer to see if I can find similarities. All I had was that she used bookmarks in IE.

 

Moreover, she also gets a separate issue where SSL settings revert and things fail, at least until you turn SSL back on. However, this is easy to resolve despite now knowing what changes the settings to begin with.

 

Which made me consider malware, but none found and firewall logs do not show her system phoning home....

 

And now I posted here with no results that help yet 


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:02 AM

Posted 09 June 2017 - 04:20 PM

The fact that these issues...whatever they are...apply only to 1 system/user on an enterprise network...and original system was replaced with same issues...well, that's something that should concern the network admin and/or IT dept.

 

Changed hardware, same user, same problems.  Is that a pattern?

 

Louis



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:02 AM

Posted 11 June 2017 - 12:04 PM

A enterprise network usually implies that there are a number of employees sharing this network.  Companies which use this type of network usually will have a IT guy who maintains the computers and the network.  If this is the case here you should bring this to their attention and allow them to affect a repair.  If this network is your own business and you don't have a IT tech you could let us know this and we can make suggestions.  My problem is that if this isn't your company and there is a IT tech who is being paid for doing this work it is not your place to try to affect a repair.  Another consideration is that if this is not your personal computer but a company's you probably don't have a administrator account and will not be able to make certain changes, another reason to let the IT tech handle this as they would have a admin account.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 wing987

wing987
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 15 June 2017 - 10:25 AM

I AM the IT guy responsible for this, and the entire team has addressed this persons issue. We cannot identify the cause, and each possible source of the problem shows itself as not able to be the source while pointing to another source as possible. Hence the detailed troubleshooting that was listed, although that is a brief summary that avoids all the individual steps taken to gather that information.

 

I am reaching out to other techs who may have any other idea that I can try....anything at all


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


#8 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 17 June 2017 - 12:12 AM

I would look at the GPO for that machine, its Windows Event Logs, and the firewall logs.


Edited by jwoods301, 17 June 2017 - 01:20 PM.


#9 toofarnorth

toofarnorth

  • Members
  • 367 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 17 June 2017 - 03:59 PM

Hello

 

Its difficult to troubleshoot without knowing more about your network.

Any antivirus with behavioral monitoring switched on?

What kind of firewall do you use? Does it have a function to check endpoint for security compliance?

What are the results of gpresult /v?

When the problem exists, what does IE report in proxy server settings?


tfn



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:02 AM

Posted 18 June 2017 - 10:12 AM

Problem occurs across multiple computers, but always this one user

 

This statement points out that the problem isn't because of a problem with one computer, it's because of one user.  I would want to observe how this user is accessing the network if this is only occurring with them.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 wing987

wing987
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 20 June 2017 - 11:31 AM

Hello

 

Its difficult to troubleshoot without knowing more about your network.

Any antivirus with behavioral monitoring switched on?

What kind of firewall do you use? Does it have a function to check endpoint for security compliance?

What are the results of gpresult /v?

When the problem exists, what does IE report in proxy server settings?


tfn

*Antivirus, yes, but nothing fancy. Only MS Endpoint protection as part of sccm 2012. No log of anything being blocked before, during, or after.

*Firewall I cannot discuss as per my NDA, but it is not running security compliance checks. Logs show no blocking of any traffic for that system.

*gpresult /v was done (my apologies for not including it in the original post) and they match what the policy is set to for all users

*IE reports no proxy set when working properly, and no proxy set when the problem occurs, and the VPN software we use is not installed on that particular machine since it never leaves the facility, thus avoiding a conflict there as well


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


#12 wing987

wing987
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 20 June 2017 - 11:43 AM

 

Problem occurs across multiple computers, but always this one user

 

This statement points out that the problem isn't because of a problem with one computer, it's because of one user.  I would want to observe how this user is accessing the network if this is only occurring with them.

 

Agreed, and we did just that.  The ONLY thing I can see that is more than the average user would be the use of RDP by using shortcuts on the desktop, which IT set up. These work fine and the problem occurs even when they have not been used that day. However, this is not specific to her...others do the same thing without any event occurring, even though it is not common to use RDP outside of IT.

 

This looks like a roaming profile issue in AD, yet she does not have a roaming profile.  Nobody does in the company. I do know however that the problem occurs the most in the morning, when the user is visiting local news websites in order to create "motivational power point slides" that get displayed on the floor (hence the use of RDP, to post the presentations).  It is not every day, and we cannot predict when it will occur, but when the problem occurs it is fully confirm-able....with ICMP traffic failing as well but only on the external traffic, local resources like the intranet still work.

 

Something else to consider, this user is at a different physical site. I am located in Idaho, and she is located in Iowa.  When the problem occurs the local traffic, INCLUDING TRAFFIC FROM IDAHO, function just fine.  So it is not a problem at the outbound port on the firewall or router, rather it is a problem with devices that are not on our network. She can hit servers here at corporate, and i can remote her computer. I can see the ICMP traffic from here to there, even over devices that are not ours.  But, ping google and it fails....


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


#13 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 20 June 2017 - 03:27 PM

The ONLY thing I can see that is more than the average user would be the use of RDP by using shortcuts on the desktop, which IT set up.

 

As a side note, you might read Demonslay335's take on RDP -

 

https://www.bleepingcomputer.com/forums/t/645075/how-to-protect-rdp-connection-againts-ransomware/



#14 toofarnorth

toofarnorth

  • Members
  • 367 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 21 June 2017 - 06:08 AM

 

 

Something else to consider, this user is at a different physical site. I am located in Idaho, and she is located in Iowa.  When the problem occurs the local traffic, INCLUDING TRAFFIC FROM IDAHO, function just fine.  So it is not a problem at the outbound port on the firewall or router, rather it is a problem with devices that are not on our network. She can hit servers here at corporate, and i can remote her computer. I can see the ICMP traffic from here to there, even over devices that are not ours.  But, ping google and it fails....

Do you do split tunneling on the VPN or does all traffic including internet go through it?

tfn

 



#15 wing987

wing987
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:04:02 AM

Posted 26 June 2017 - 11:42 AM

JWoods, I agree but this is the decision that the owner of the company has made rather than invest in remote software that is more secure. The good news, it does not appear that any attacks or malware has occurred, and the systems she RDP's to are local to her portion of the network.

 

Toofarnorth, we use MPLS for the corporate systems and data, and split the web browsing traffic off to a local ISP.  But this problem only affects her, and she is part of a group setup in the firewall that others are able to function fine with...and she is not being targeted for any blocking.  That was the first thing we checked.

 

I have however began focusing on the occasional SSL error. I had assumed it was a side effect of the problem but now have begun trying to actively fix it (SSL settings get changed sometimes....after viewing the websites and then suddenly BAM, no connection...and then you have to re-enable SSL 3.0). This has not been a problem every time, but maybe....just maybe it will lead to the problem.


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users