DNS issue in LAN - network slow down

openmind

Senior Member
Hi All,

Our network is in workgroup but not in domain because of most of the computers in the office are home edition operating systems. Though we have windows server 2012 as a file server.

Our issue is the network slow, by analyzing I found the issue may be with the computers cannot identify the other computers with their computer name, I mean DNS issue in LAN.

INTERNET is working fine. The DHCP server giving all computers the gateway ip to firewall ip and DNS primary server as ISP IP which is external one.

when I execute the command "nbtstat -r" which gives results related to Netbios /lookup functionality, here in results "Resolved by Broadcast " should be zero but I am getting some 77 value. It means its confirming that some broadcast issue is there because of computers cannot lookup with the computer names.

So whether I need to create a local DNS server to resolve computers like "storage-pc" -> 192.168.1.11 ,"antivirus-pc" -> 192.168.1.12 etc.,. ??? but except some pcs all are DHCP clients.

Please suggest me ,I have no idea what to do !!!
 
If I understand your setup correctly you don't have a domain controller, but do you have a server dedicated to providing the DNS?

It is important to know what is actually slow here. Do you mean the retrieval of files or the general navigation of your given share (on the file server). Another thing to consider is the IOPS on the file server itself. Does the file server have attached storage, whether that be ISCSI or NFS/SMB or is it a standalone bloated server with local disks?

These are all factors I would be considering. I assume that you have a gigabit network running? Also how many users does the file server serve?
 
Yes, I’m a little vague on why you have a dns on a workgroup server… is this a full dns or just the limited amount needed to run the file server?

p.s. check the dns settings… if you didn’t put anything in this then the default windows answer is the loopback address (127.0.0.1) which only people on (or remoting into) the actual server can see.

Pps best practice on a domain is to set dns to the server or the router for a workgroup… when in doubt set the dns to the router address.
 
Thank you people for your reply.

May be I failed to explain in right manner. Let me try to clarify the things.

Network is in Workgroup. We have "Windows Server 2012 " running in the network for the purpose of file-server, in the same server I have installed the Active Directory for the purpose of the controlling the Files and Folders in better way in view of permissions, I mean I have created users in Active Directory with their permissions accordingly and saved those username and passwords in the Windows Credentials and created shortcut for those shared folders on file server.

As you know when we install Active Directory on the server ,it will automatically includes the DNS service, though I am not using this DNS service for any purpose as of now ! but still it is running on the server by default.

Now my issue: is the accessing speed of data on the file server ,transferring/ copying of the files from file server are slow. One more thing is printers shared on the computers are going offline sometimes ( may be because of pc's unable to find the printer shared computer with its name).

Users : 55
Gigabit ? : No ,mostly we having the laptops in the network.

I think issue may be : here are some outputs of "nbtstat -r" for different computers in the network.
Please check below linked Images
http://s44.photobucket.com/user/openmind1188/media/Img2_zps7ec0318c.png.html

Issue may be with Broadcast storm ? As computers unable to identify each other by their name. Proof : "Resolved by Broadcast " should be "zero" ?

Also printers shared with computers were going offline sometimes, so I have shared it with ips now.

Currently all computers are set to DNS primary server as ISP's dns servers.

What may be the issue ? what you people suggest ? Sorry if I failed again explain in right way.
 
The kind of intermittent printer dropout you are describing is generally a power problem of some sort:

Cheap local (usb) printers are designed for household use and have a tendency towards shutting themselves down to save power if un-used for X amount of time… hp and Brother printers are especially known for this.
Some of the cheap Samson printers have better wake up software and actual Network printers or the print server (usb port) built into the better routers like my tp-link http://www.tp-link.com.au/products/?categoryid=201&ref=pline are designed for small networks and DON’T shut themselves off like a computer (specially any laptop) usb port will.

Recommendations;
1. A network diagram would be very helpful.
2. In the mean time I’d upgrade the server DNS roll and point it at itself (that’s its own address not the loopback default) 1st then the router address as a secondary… this is almost certain to be partly causing the issues.
2a. open the command prompt and ping google.com from all the machines inside the network… this will force them the use their dns and should help you spot any breaks.
ping google.png


p.s. I noticed your screenshots are normal commands but best practice (especially on servers) is always use an admin prompt. You can’t really do any damage with this but many of the Microsoft commands are annul about it… worst case scenario is that your commands without elevated rights will be ignored by the system. A admin prompt will have the word Administrator in the tile bar… see my screenshot.
 
Kind of an awkward situation.....
Active Directory installed but not using a Domain and consequently no DNS name resolution for local machines as they are Workgroup machines.
Well I guess you could go ahead and add the WINS role to your 2k12 Server and then on each machine point them to the IP address of your brand new WINS server using....
The advanced button in the properties of IPv4 in the properties of each individual machines network adapter they are using on the network and enable NetBIOS over TCP/IP and turn on the TCP/IP NetBIOS helper service on each machine if it is not already running and set to Automatic (Trigger Start).
Or I suppose you could build and LMHOSTS file with all the machine names and IP addresses and place it here
C:\Windows\System32\drivers\etc
With
Users : 55
you're just above the "small" in the small network size, especially if 55 users also means 55 separate machines. You may want to consider moving over to a real full Active Directory Domain and using a properly functioning DNS server for local name resolution.
And if you're talking about 55 laptops all using WiFi, you need to remember that, that is a shared bus so depending on what everyone is doing it may be a bit crowded (overwhelmed).
 
Network Diagram:
Router(Linksys WAG320n) ->Firewall(Cyberoam)->Cisco Switch ----> Server ( 192.168.1.7 ),Printers ,pcs and other switches
192.168.2.1 192.168.1.1 1.254 |__Access Point 1
|__Access Point 2

Hi Trouble ,

What about the dynamic ips of computers in the network ? I mean whether server will update the computer names and associate ips (even for dynamic) frequently and provides to clients when I set it up as you told me in last post ?

Here in my case , I need to provide Primary DNS server as 192.168.1.7 and Secondary of ISP IP or Gatewary (firewall) ip or Router ip ????

Thanks a Lot for your help !
 
Sorry Network Diagram doesn't seems to be posted in right way.

Router ip :192.168.2.1
Firewall ip :192.168.1.1
Cisco Switch ip: 192.168.1.254

From Cisco Switch all other switches,printers ,server and 2 Access Points connecting...
 
Fyi as this is a workgroup and not a domain, I assumed the router rans your main dhcp; so yes in that case the server has dns1 as 192.168.1.7 and dns2 is 192.168.2.1
I'd set the router dns1 as 192.168.1.7 i.e. the server and the second as your isp or perhaps even google… the general idea is to send any local dns requests back into the system before they get outside.

The server gets top billing so that local files i.e. stored on the network file server can be located by machines within the workgroup but not controlled by the server... since this isn't a domain we have to account for that dns routing issue.

However;
You have a firewall and that adds some extra options so dns (on your firewall) can be passed through from/ to the dhcp or set as a static i.e. dns1 is 192.168.1.7 (the server) dns2 is 192.168.2.1 the router/isp and even a dns3 8.8.8.8 which is the google.

Option 2 for higher volume;
Build a separate (possibly virtual) server and place it between the router and remaining network… this server will run both your dhcp and main dns then you rout all network traffic into this (allowing for the firewall) so that everything on or remoting into your network has only one dns number for user simplicity... you can of course have several copies of this dns server kicking in to help spread the workload.

To be clear, there are always other options and it really does come down to "how much traffic" the network supports + "your budget/ helpdesk needs" - "level of security".
 
Very thanks for your guidance !

Sorry forgot to mention about DHCP ,here I am using Firewall (192.168.1.1) as a DHCP Server.

@ussnorway-said "To be clear, there are always other options and it really does come down to "how much traffic" the network supports + "your budget/ helpdesk needs" - "level of security"."

It seems you tried to explain something which was gone over my head but not passed through my brain.....hahaahaaa !

I mean I didn't get you exactly ,can you please elaborate it if possible. How can I calculate the "how much traffic generating currently", "how much traffic our network supports ", "help desk needs" and "level of security".

One last thing is about how can I check if the issue is resolved or not ,I mean to find out there is no Broadcast Storm etc.

Thanking You !http://windowsforum.com/members/ussnorway.60912/
 
It is simply an old idiom for calculating resources… in layman's terms, a network with too much security is just as worthless as one without any because it gets too slow/ expensive and people stop using it.

You calculate load by looking at the business objectives/ plan. We are ten posts in and still missing details… you have 55 users;
How many of these users are on this network at any given time?
Are there peaks (like lunchtime) that see higher traffic than normal and is this operation running 24 hours a day… can make a balance of overhead (defrag, anti-virus scan, backups etc) tricky.

How many "point of entry" (poe) do you have/ need;
Are these users all in one building/ place or spread out all over the globe and how many of these users have to share their access point… as Trouble already said, having everyone on a wifi (laptop) will overload any network much faster than normal pcs.

Helpdesk is your staff expertise training & Knowledge of the system;
A network is the base of the system and when it falls over because of "shit happens" you will need everyone to know what needs to be done in what order… to be blunt, a wait and see (committee) approach won't cut it then.

Most importantly… why is this system a workgroup instead of a domain… does it really even need to be a single network or can it be broken up into smaller workgroups networks and spread out to avoid the bottlenecks… Is the data stored on this server considered too secret that someone will be actively attempting to steal it or can it be outsourced to one of the business clouds Microsoft offers?

DNS… What model is this firewall?
It's not set in granite but normal practice is to put dns and dhcp together at "point of entry" (poe) as they kind of need each other to work their magic. I wasn't aware that Cyberoam make a firewall with dhcp. The normal build I experience is "pass through" or "static", however If the firewall acts as a poe for your network then perhaps it can also run your main dns and you just point everything at the firewall that will reduce traffic but of course is slightly less secure.
 
In my previous posts I mentioned rough count of devices.Let me try to provide you whole information.

1.)
Router : Linksys WAG320n (192.168.2.1)
|
Firewall : Cyberoam CR100iNG ( 192.168.1.1) - Gateway & DHCP Server
|
Managed Cisco Switch(Gigabit) (192.168.1.254) : Cisco SG300-28P ( All other switches ,access points and server are connecting to this switch)
|
Switches (unmanaged & 100Mbps) : 2 ( connecting few pc's )
Access Points : 2 ( Cisco WAP 4410N ) (All wireless depends on this two APs)
2.)
Network Printers : 2
USB Shared Printer : 1
Server (Dell) :1 ,Server O.S : Windows Server 2012 (file-server)
Desktops : 19
Laptops : 37
Mobiles : 5
Total Computers = 56 + 5 (Mobiles)
3.)
Mostly all people will not be in office at a time, some will be in vacation ,onsite ,going outside for meetings. Probably 3:30 PM to 6:00 PM will be peak time in office. I used to scan devices in the office with Advanced IP Scanner ,on average it will show 56 devices (including printers,router, access points ,switch )
Is it possible to capture the network traffic somehow in peak time and convert it into sum numbers ,so that I can calculate and compare the traffic for few days and then I can take steps to increase any resource if required.
4.)
Network is in Workgroup, the reason I have mentioned before ,most of the computers are Home Editions and we cannot add those to Domain ,as you know. Currently there is no option other than Workgroup (I will see later about upgrading to Professional or Enterprise to bring those in Domain).
All devices are located in one office, one network.
5.)
General traffic/ usage on network.
All users need to access file-server, printers (all users daily print lots ) ,outlook for all users, few people use general web browsing and few people have downloading and uploading related tasks etc.,
6.)
Finally Team : 1 ( it's me, no one else here to take care. )
My Duties : Systems Troubleshooting, Network maintenance, looking after website & emails ( hosted with Netfirms ), installation and configuration ,backup for server (currently there is no backups for individual computers ) etc.

Thank you for sharing your knowledge & thoughts. Looking forward for further steps !
 
1.)
Router : Linksys WAG320n (192.168.2.1)
|
Firewall : Cyberoam CR100iNG ( 192.168.1.1) - Gateway & DHCP Server
|
Managed Cisco Switch(Gigabit) (192.168.1.254) : Cisco SG300-28P ( All other switches ,access points and server are connecting to this switch)
|
Switches (unmanaged & 100Mbps) : 2 ( connecting few pc's )

I see... ok yes this is fine.

Access Points : 2 ( Cisco WAP 4410N ) (All wireless depends on this two APs)
------- snip
Laptops : 37
Mobiles : 5
Total Computers = 56 + 5 (Mobiles)

6 years old, single channel… IMO you are asking too much from them.

Option 1, add a couple more wifi (preferably dual band) routers to help spread the load… at $50-80 dollars each they are much better than one expensive super-switch.

Option 2, it's slightly awkward but laptops can be connected into the land line to take some pressure off the wifi… add some extra landline hubs in key places around the building.
Advantage; it's cheap because a hub is just a glorified plastic plug with some network cable.
Disadvantage; people get used to thinking of laptops as mobile devices and tend to resent being shackled to workbenches… even if it does offer them better bandwidths.

p.s. I'm not a fan of mac address filtering normally but if you need to use it to police these extra access hubs then remember that laptops tend to have a different id when using these and any virtual machines installed within these laptops need to be allowed for.

General traffic/ usage on network.
All users need to access file-server, printers (all users daily print lots ) ,outlook for all users, few people use general web browsing and few people have downloading and uploading related tasks etc.,
6.)
Finally Team : 1 ( it's me, no one else here to take care. )

My personal thing for monitoring software is to use whatever software comes with the router/ firewall but I have also used "wireless wizard" http://www.nerinetworks.com/download/wirelesswizard.php

To be clear, all firewall makers including Cyberoam offer training courses for their products and (if you can swing it with the boss) that’s my recommendation.

Pps. You get back out of these courses what you put into them i.e. don't treat it as a piss up and do take a complete network diagram along with you… you will be in a room with other nefarious trolls and someone will always come up with a better way to do things that you hadn't considered.
 
Really appreciate your follow up and providing solutions.

For the suggestion to add more wi-fi access points, anyhow we are adding another floor on the same building so some people will shift there ,so I am going to get two more access points for the new floor ,ultimately it will be done what you have suggested.

For connecting laptops with cables ,I will see if any one will never move laptops then I will connect those to cable.

Few changes done yesterday :

Before we had 192.168.1.0-1.255 range ,but after we configure this managed switch ,access points and firewall recently ,we were facing issues like taking too long time to connecting (unable to ip) ,samsung mobiles were not working....so yesterday people from our vendor came and created VLAN in the managed switch for port 12 and 24 ,and we are connecting two Access Points to these two ports ,now the wired network range is 192.168.1.0-1.255 and wireless network range is 192.168.10.0-10.255. And adjust in the Cyberoam firewall to allow Internet and interconnection for able to ping each other( diff. ranges).
 
Thank you for your follow up and solutions !

For your suggestion adding more Access Points , we are going to add one more floor in the same building with same
number of people ,so I will add APs there then automatically the load will be distributed.

For your suggestion of connecting some wireless devices with cables ,I will see if possible for some devices.

Few Changes have done Yesterday:

We had issues after setting up new firewall ,managed switch and Access Points that few computers are taking too long
to connect (unable to get ips ) ,samsung mobiles were not able to connect etc. So the people from our vendor came and
created one VLAN on the managed switch for ports 12 and 24 ,so the two access points are connecting to these two
ports and wireless range will be 192.168.10.0 - 1.255 and cabled network range will be 192.168.10.0 - 10.255.

So they have adjust something in the firewall and switch to allow the VLAN for network and able to ping two different
range for utilizing the resources like shared files and printers.

DNS Issue :

As I have informed you the DNS service is running already in the file server.So I have installed the WINS server feature
in the same Windows Server 2012 and I have set the DHCP to Primary DNS server as 192.168.1.7 and secondary to ISP DNS IP.

Here I did not make any changes for the DNS and WINS ,all are defaults ,now the Internet is working normally, but I am
not sure about if the broadcast is the still persists as I have assumed to have this issue.

Below are the results after adding DNS server as local dns server, but still looks same ,there is any way to check
whether the local DNS is working normally.

upload_2014-9-7_14-34-13.png


One more thing about pinging : Here I am pinging to yahoo.com ,why I am not sure it is getting request time in the middle for all
website.

upload_2014-9-7_14-35-38.png
 
I’m glad you are getting on top of it.

Dns (dynamic name server) testing isn’t something I do a lot of and I’m not sure what it is you need;

For example my home server is called nibbithost… if I wanted to add an alias entry for it into a secondary dns that resolves to say “nibbitbannana”, I could then use nslookup to test that the name is found (or even just ping it) but I assume you want some sort of tracking software to say how many hits that name gets in a certain time period. Firewall training is my first thought but again that isn’t something I spend any time worrying about.
 
I believe something is odd with our wireless network....

upload_2014-9-9_16-36-58.png


Here in the above picture I am pinging to Firewall ( 192.168.1.1 ). When I tried to ping to Firewall from wired computer it seems okay, I mean it was pinging without "Request timed out." and time are also in order (say, time=2ms)....
 
I see a router/ firewall thats overloaded but still (mostly) working... if it was no dns replys at all then it would get me thinking a ping block somewhere in the firewall routing rules.
 
Back
Top