OK guys, I have my weirdest problem yet, I'd appreciate any suggestions.

About 2 weeks ago, one of the XP SP3 machines started doing something weird ...

Randomly, once a day or once in two days, the browsers cannot connect to the Internet for about 1-2 minutes, then the problem is gone. No other machine on the network is affected, so it's not the router.

Both FF, IE cannot connect, so not a browser issue either. The browsers simply try to load any which webpage being accessed and time out. Other programs and protocols work - ping, traceroute, p2p, ftp, etc. Router interface is also available. Seems limited to HTTP requests in some way. Not DNS related, because IP addresses don't work either, and resolution works for other programs.

After a minute or two, it gets back to normal.

Nothing strange in the process table or netstat. The machine is stable and works fine. No errors or strange behavior of any kind, save for this little quirk.

The only thing that did seem weird was the WebClient service, used for WebDAV thingie, in the stopping state, but even when stopped, the problem manifests. So not this service either. But maybe this is a clue?

Like I mentioned:

Other hosts work, not a router issue.
All browsers on the same machine affected, not a browser issue.
Tried different nics in the box, so not a bad nic.

Nothing has changed in the machine setup prior to the problem emerging, so I'm suspecting something with the tcpip stack. Any ideas what to check or how to debug this? Maybe Wireshark?

Most importantly, did anyone see something like this?

Regards,
Mrk

Well, that's what I've seen with proxy autodiscovery - proxy forced via DHCP/DNS + system policies when the proxy somehow decided it's going to take a rest :)

If that's not your case, then a network traffic sniffer or at least some monitor that will watch what's the browser trying to do at that time seems like a good idea.

I'm not using a proxy, so I'll probably start sniffing ...
Mrk

I'd say this is more of a local PC problem than a network problem.

I'd download the latest NIC driver
Uninstall current NIC
Reboot...and install NIC using the latest driver
Reboot, then run a TCP/Winsock repair utility
http://www.snapfiles.com/reviews/WinSock_XP_Fix/winsockxpfix.html

Also as mentioned above..probably be good to check that connection setup..ensure there's no proxy entered. Although that usually just causes a 10-15 second delay upon launch..not a 1-2 minute delay.

You might look also at LayerView.

http://www.layerview.net/


http://www.layerview.net/freelicense.php

-{ Quote: "You might look also at LayerView.
" }-

Nice utility, tnx. 8)

I agree, I'd check the drivers.

When I tried upgrading this machine to Win 7 x64, it was fine, except it could see the network adapter, so no network. If I shut the machine down completely, and brought it back it would work briefly.

Weirdest part was once the adapter was down, restoring the XP image didn't bring it back. still had to completely power down.

Finally downloaded latest mother board drives from Nvidia. Reinstall x64 Win 7. But since it couldn't see the adapter it didn't give the option to install the drivers. I powered down and came back up. In the few minutes the adapter was there, I was able to install the drivers.

End of problem.

Pete

-{ Quote: "I agree, I'd check the drivers.

When I tried upgrading this machine to Win 7 x64, it was fine, except it could see the network adapter, so no network. If I shut the machine down completely, and brought it back it would work briefly.

Weirdest part was once the adapter was down, restoring the XP image didn't bring it back. still had to completely power down.

Finally downloaded latest mother board drives from Nvidia. Reinstall x64 Win 7. But since it couldn't see the adapter it didn't give the option to install the drivers. I powered down and came back up. In the few minutes the adapter was there, I was able to install the drivers.

End of problem.

Pete" }-
Pete the problem that you described is caused from the bios.
If you encounter it again enter in the bios settings and check if the nic is listed or it just "disappeared".

Last year I had the same problem and the definite way to solve it was to clear the cmos and then reconfigure the bios.

Panagiotis

Anything going on in Task Manager when this is happening?

ie. antivirus updating, etc.

Hi all,

Thanks for the suggestions. I will try some few innocent tricks before going with Wireshark ...

I'll try chkdisk.
I'll try reboot/poweroff.
I'll see if there are any nic updates, but this happens on two unrelated card, so I doubt this is the problem here.

noway, I'm not running an anti-virus. And no change in the process table when this happens. netstat also shows no interesting activity. There are no half-open tcp connections, so I guess the problem is internal.

Why do I always find these odd thingies?
And why do I have the mental disorder to care about them :)

Mrk

Flush your DNS and reset the Winsock and restart.

To flush DNS go to start > run > cmd prompt

ipconfig /flushdns should do the trick and you will get a message when its complete.

To reset Winsock use the cmd prompt again and type this:

netsh winsock reset

Do both and then restart.

Before going with the idea of resetting the winsock, I used both netdiag, msinof32 and xpnetdiag, neither reported any issues. Using netdiag /test:winsock /v, again all is well. Checked devices, manually went through the registered winsock entries, the problem ain't there.

It's something wicked.

It even might be a weird hardware issue ...

Reminds me a little of the wireless saga on T61, if this is the case, then I'm doomed and will never solve this :)

Mrk

Resetting the Winsock wont cause any harm. It with either A) Fix the issue or B) not fix the issue and not make the issue any worse. If you do fix it thats one less thing to look into later. Its a major culprit in most internet page time outs.

any more clues in event viewer logs, errors or warnings?

-{ Quote: "Pete the problem that you described is caused from the bios.
If you encounter it again enter in the bios settings and check if the nic is listed or it just "disappeared".

Last year I had the same problem and the definite way to solve it was to clear the cmos and then reconfigure the bios.

Panagiotis" }-


Hi Panagiotis

In this case it was driver issue. I'd restore the XP image, and once I turned the machine off after restore, no further problems. With the Win 7x64, once I downloaded, and installed the correct drivers, again the problem went way. Didn't need to touch the bios.

Not really a surprise. This is a 64 bit ready machine, but was set up 2.5 years ago as a 32 bit machine.

Pete

Well, resetting the winsock did not help, as I expected. Saw it again. Packet capture shows only SYNs going out from my machine and no replies, which comes as no surprise.

The only other thing I can think of is ISP using some weird heuristic network analysis and then when identifying "malformed" packets, it honeytraps them, slowing down the traffic, but it only happens on one machine, whereas ISP sees the router address and not the internal ones, plus I doubt they have that ability and skill or need. After all, port 80.

Mrk

Well... here's a rather crazy idea, but I could confirm whether it's ISP or your internal stuff... so...

- set up an internal webserver somewhere
- set up an authoritative internal DNS server somewhere and do some Verisign-style wildcard records for TLDs there, pointing those to your webserver's IP
- point your box to that DNS and have phun
;D

OK, a small update. Seems I'm running out of connections :)

Not just open and half-open, but total number of endpoints. That's what I've been able to ascertain using TCPView by Sysinternals. Having a 12MB internet has its down sides, it seems ...

Well, I guess I'll just have to live with it. And throttle down the network utilization a little bit.

Mrk

Some more info ...

I found the Windows XP avoiding tcp/ip port exhaustion guide. It turns out the number of allowed ports and default time_wait are horrible. And to change them, the user has to make their own registry keys.

For anyone interested:
http://msdn.microsoft.com/en-us/library/aa560610%28BTS.20%29.aspx

So much more difficult than Linux sysctl ...

Cheers,
Mrk

Ah, yeah... the defaults are broken. I changed those on XP boxes so long time ago that I've completely forgotten about this.

OP, I am having the exact same issue since a few days. Can you share the security setup on the affected machine? Also, do u use uTorrent by any chance?

I'm using both emule and utorrent. Security setup - lua :) But this is not a security issue but one of system network optimization.

I have increased the number of half-open tcp connections to 100, but that does not matter, because trending the behavior, it's the time_wait that takes 80-90% of endpoints, so there's quite a bit of overhead. I will reduce the timeout to 30 seconds and follow and see what gives.

Mrk

tcp/ip port exhaustion... what ever will we have next to worry about :) :)