Windows 2003 Server: NAT, ARP Cache Issue


Recommended Posts

Hi guys,

I'm working a server that is running Windows 2003, the server itself is a router. Which means all the internal LAN computers will go through this server as a gateway into WAN. It is a dual NIC setup, 1 NIC is connected to the WAN and another is internal switch.

the problem:

Everything works fine and so on... however once in a while, LAN computer will not be able to browse the net or ping or whatever... it seems like they are off the connection. But my server WAN connection is still connected (although even the server won't be able to browse anything).

Here is my situation:

When the problem happens, it won't be fixed until I "repair" my WAN connection. However, I get an error message saying "ARP cache fails to clear". Even though repairing says failed, my net will be back up and the computers behind LAN will work again. But after awhile samething happens.

I've done some surfing on this ARP caching problem, the most common solution is to disable routing and remote services. Which I did and it does clear the cache. However the problem doesn't go away once I re-enable my routing services.

I really need to know if there is a solution to this. Is there a way to keep my connection stable without the disconnection and keep NAT services running while not having ARP problem.

I'm sure there are plenty of Window Server based NAT out there... Please help me~

Thanks.

Have you tried clearing your arp cache on your own?

The repair options does this

http://support.microsoft.com/kb/289256

A Description of the Repair Option on a Local Area Network or High-Speed Internet Connection

NOTE: The actions occur in the order that they are listed. A corresponding command is listed next to each action.

? Dynamic Host Configuration Protocol (DHCP) lease is renewed: ipconfig /renew

? Address Resolution Protocol (ARP) cache is flushed: arp -d *

? Reload of the NetBIOS name cache: nbtstat -R

? NetBIOS name update is sent: nbtstat -RR

? Domain Name System (DNS) cache is flushed: ipconfig /flushdns

? DNS name registration: ipconfig /registerdns

The following action has been added to Windows XP Service Pack 1:

? IEEE 802.1X Authentication Restart

How about you actually figure out what your issue is vs clicking a magic button?

Which step do you think is fixing your issue? I would guess that your wan connection lost is dhcp lease.. So step 1 is what is fixing your problem. Or ir could be a flush of your dns.. but I would assume when you tested that you could not ping -- that you would actually test with IP vs name.. since otherwise its a pretty lame test for connectivity.

Can you ping your wan connections gateway would be the first test you should do in testing connectivity.

As to why you can not clear you arp cache? Im curious how much is in your cache when you try to clear? How about you do a arp -c to view your cache before you clear it.

Vs clicking the magic "repair" button next time -- how about getting some actual info on what yo;) problem is ;) Do you still have an IP on your wan interface? Can you ping your ISP gateway by IP? Just because your modem has sync an shows a light does not mean you have connectivity, etc.. Kind of hard if no IP address, etc.

Hi, Thanks for the response...

I don't think it is the ARP problem anymore. However, instead of using repair... I can bring back my net by typing ipconfig /renew at the command prompt.

However I don't think it is an ISP problem, since I tried a Dlink router which seems to keep my connection on perfectly.

arp -c command show normal status with the routing information

When this problem hits, I cannot ping my ISP gateway (or any external websites using domain names or IP), it seems any traffic through my WAN is lost. I still have external IP address. It will not work even by unplugging the physical WAN connection and plugging it back in (in which I still would get an IP address). I have to renew using ipconfig to bring my WAN back online.

This problem does not happen on a predictable time frame, it can happen 5min since I last fix it.. or 5 hours.

Regards,

Well unplugging the interface an plugging it back in would renew an IP.. What IP address do you think you have when it does not work -- if 169.254.x.x that is a APIPA an not going to do you any good.

When you do a renew -- do you get a new IP address??

I would suggest you post the output of ipconfig /all showing what your IP address is an lease time on your WAN interface, when its working. Please snipped out the last 2 octets so no one has your IP.

Please NOTE what your IP address is, an what the dhcp lease time is, etc.. example

Lease Obtained. . . . . . . . . . : Wednesday, October 31, 2007 9:32:23 AM

Lease Expires . . . . . . . . . . : Friday, November 02, 2007 9:32:23 AM

When you have the issue -- please do another IPconfig /all an post what it shows.. Then do a IPconfig /renew -- an post what it shows after it works.

Please make sure to NOTE -- if you are getting a new IP address, or renewing the same one.. How long is the lease, etc..

Normally the IP address would attempt to renew at the 50% mark of the lease time.. And you should be good until it actually fails to renew -- at which time you would loose your IP, an could switch over to tha APIPA address (169.254) which would be useless to get on the internet with, etc.

Since you say it works fine with a router -- I would assume your having a dhcp renew issue with your ISP an this servers wan interface.

At no point in time do i get an 169.254.x.x IP.

I don't think it is DHCP renew problem. When my WAN port stops responding, it still shows my correct internet IP. I'm not at the computer now, but I'll post the lease time and stuff later.

when I unplug, and replug, I get the same internet IP just fine, but still won't be able to access the net. Only when I do ipconfig /renew will I be able to get back.

I'm using cable modem to the internet. So essentially, when the problem hits, I can't even access my cable modem's built in http server. So I'm quite sure it is not ISP problem but a windows server configuration problem.

The weird thing is that I've setup this server since 2 weeks ago. And only since last week it started to show this problem, before it would be on all the time >.<''

On other forums, I found users with the same sort of connection problem and arp cache (although, I don't think it is arp problem at all now, just that arp can't be flushed with NAT routing services on.) However, there is really no answer to that connection problem or what might be causing it. The fact that it started out okay and started to happen after few days or so confuses me. I can reinstall windows server and the problem will probably go away for a few days... but then it will just come back.

See here and here

I can switch NIC to another brand I guess, or just forget Windows Server and install Linux as the router. But that would be so time consuming to set up... arg >.<''

If you have a router that works fine -- why do you feel windows as a router is helping you? Are you using ISA? What features of windows as a router do you need/want?

Using a windows OS is a pretty expensive router if you ask me ;) An what does it get you? Without ISA is pretty limited on the feature set.

If your looking for a good router -- I would go with ipcop, smoothwall, m0n0wall or pfsense, etc. as choice for a router OS. I can tell you right now that ipcop or pfsense should only take about 15 minutes to have up an running.. http://www.pfsense.com/ you could boot from liveCD to check, etc.

Hey,

I've redid my NAT service again, but more carefully this time... The good news is that it seems to be no dropping now. I haven't lost a single connection yet. Although if this works, I don't know what I did to the server in the beginning.

Regarding why I use a server as a router... well, its mostly for self-learning purposes and somewhat of curiosity. My router is good, but lacked downstream QoS, besides, I have a server running as file and ftp/web most of the time... So I decided to merge them to see.

Anyway, I'm running into other problems with VPN >.<'' But I guess I'll make another thread for that.

Are you running ISA on this server -- 2k3 out of the box does not support any type of QOS or bandwidth shaping.

If your looking for a good do everything OS, routing file serving, vpn, etc.. I would suggest you check out ClarkConnect -- the free version should suite you just fine.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Vivetool also has a GUI. Literally took me three clicks to enable this from there.
    • Microsoft Weekly: OneDrive horror stories, ramblings about Start menu, and more by Taras Buria This week's news recap is here, delivering you a roundup of the most important Microsoft stories, including a bunch of odd stuff and bugs in Windows, OneDrive horror stories, ramblings about the Start menu, a couple of new Windows 11 preview builds, important news from AMD, and a lot more. Quick links: Windows 10 and 11 Windows Insider Program Updates are available Reviews are in Gaming news Windows 11 and Windows 10 Here, we talk about everything happening around Microsoft's latest operating system in the Stable channel and preview builds: new features, removed features, controversies, bugs, interesting findings, and more. And, of course, you may find a word or two about older versions. Microsoft released a new out-of-band update to fix boot issues on certain Surface devices. The company announced certain Windows 365 updates, such as VBS and HVCI support (by default) and app provisioning in Windows 365 instead of entire cloud PCs. Microsoft is also removing legacy drivers from Windows Update in a new "strategic move." This is the default Windows 365 wallpaper On the negative side, we have the latest Patch Tuesday updates breaking the DHCP Server in all Windows Server editions. Also, there is some bad news for PC users with Windows Hello cameras: after the April 2025 Patch Tuesday updates, Windows Hello does not work in the dark. The change was quietly introduced to address security issues. Windows Goodbye That is not all, though. As it turned out, solid-state drives from WD could still block your computer from installing Windows 11 version 24H2, which was released in October 2024. Also, Microsoft's Family Safety feature is now blocking Chrome, for some reason. Here is an editorial from Usama Jawad (welcome back) about how, four years after the initial release, Windows 11 still does not offer strong enough reasons to upgrade from the outgoing Windows 10. Also, Usama shared his thoughts about the Start menu and why he had stopped caring about its changes altogether. Speaking of the Start menu, check out our overview of what users wanted from Microsoft and what the company delivered in the redesigned Start menu, which was recently announced. Windows Insider Program Here is what Microsoft released for Windows Insiders this week: Builds Canary Channel Build 27881 This week's Canary build introduced context menu improvements, new accessibility features, Settings app tweaks, and more. Dev Channel Nothing in the Dev Channel this week Beta Channel Nothing in the Beta Channel this week Release Preview Channel Build 26100.4482 (KB5060829) This build improves File Explorer and search performance, adds some changes to default browser settings, and fixes multiple bugs. Some hidden stuff in the recent Windows 11 preview builds includes a new adaptive battery saver. This feature dynamically adapts battery saver mode according to your workflow, but in its current form, it is not fully operational. Even though Microsoft acknowledged its existence, the adaptive part still needs improvements. Another useful change in the recent builds is the return of a clock in the notification center. This time, however, Microsoft makes it more customizable, and you can toggle it on or off. Also, the company is moving more Control Panel bits to the Settings app and adding a rather unexpected customization feature that will let you select where system indicators (flyouts and sliders) appear on the screen. Microsoft started rolling out a new update for the Snipping Tool app. The latest release lets you save screen recordings as GIFs. Shortly after that, we posted a guide with a bit more detail about the feature. Updates are available This section covers software, firmware, and other notable updates (released and coming soon) from Microsoft and third parties, delivering new features, security fixes, improvements, patches, and more. Microsoft is working on a Dashboard redesign for PowerToys. Developers published an early look at what is coming to the app in future updates, revealing a better-organized page with quick links, a shortcut overview, and a list of available modules. This week's Office updates are rather mixed. OneDrive, for one, is having problems finding files. Microsoft acknowledged the issue, which affects users on Windows, iOS, Android, and the web. Unfortunately, that is not the only negative story about OneDrive. A new report from a frustrated user revealed a scary tale of Microsoft locking them out of an account full of invaluable content. Outlook also has some issues, this time, with opening emails, and Microsoft 365 will soon disable outdated protocols for file access. Finally, Copilot in Excel received a major update for context awareness, which made the assistant more useful when answering questions about data. This week's browser updates include several releases. Firefox announced a new method for pinning and unpinning tabs. It is now available for testing in the Nightly channel. Microsoft Edge was updated with fixes for two security vulnerabilities (high severity) originating from Chromium. Finally, here is this week's Microsoft 365 Roadmap with an overview of all the new stuff that Microsoft added to the website. Here are other updates and releases you may find interesting: Microsoft 365 security in the spotlight after Washington Post hack. Microsoft expands European sovereign cloud offerings with new data and key controls. Microsoft Defender XDR received TITAN-powered Security Copilot recommendations. Microsoft reportedly plans more layoffs. Watchdog found Microsoft guilty of confusing advertising when it comes to Copilot. Here are the latest drivers and firmware updates released this week: AMD released a new chipset driver for Ryzen processors under version 7.06.02.123, which followed a security update for TPM-Pluton. Nvidia 576.80 WHQL with fixes for the RTX 5090 FE, new game support, and a long list of fixes. You can get some extra performance on certain AMD Ryzen chips with a simple system tweak. Surface Pro 11 and Surface Laptop 7 received big firmware updates with multiple fixes and improvements. Reviews are in Here is the hardware and software we reviewed this week This week, Steven Parker reviewed the TerraMaster D4 SSD, a palm-sized DAS with up to 32TB of storage that you can connect over USB4. This thing is rather impressive, and for a modest price tag, it delivers a tiny footprint, great looks, full RAID support in TOS 6, quick connection, and more. On the gaming side Learn about upcoming game releases, Xbox rumors, new hardware, software updates, freebies, deals, discounts, and more. AMD and Microsoft announced some big news this week. The two companies revealed a new multi-year partnership, which secures AMD as the future maker of chips for Xbox consoles and other hardware. Sarah Bond announced the partnership in a new video on the official Xbox media channels. Turn 10 Studios announced a new Forza Motorsport update. Update 21 brings IndyCar content, Career mode expansion, Featured Tours, new reward cars, and more. It is now available on Xbox and PC via the Microsoft Store and Steam. Minecraft is another Microsoft-owned game that received a big update this week. The long-anticipated graphics overhaul is finally here with directional lighting, volumetric fog, improved shadows, reflections, godrays, and a lot more. In addition, Mojang released Chase the Skies, the latest content drop, which adds happy ghasts, new music disks, a locator bar for players, environmental fog in the overworld, new background music, and all sorts of small gameplay changes. Microsoft announced new games for Game Pass. The latest additions include FBC: Firebreak, Crash Bandicoot 4: It's About Time, Start Trucker, Wildfrost, Rematch, Call of Duty: WWII, Rise of the Tomb Raider, and more. As usual, some games are leaving the subscription. Valve released a big update for the Steam overlay. The latest version introduced major upgrades to CPU and VRAM usage, temperatures, and other important metrics that you might want to track when playing games on your gaming rig. Deals and freebies Also, be sure to check out this week's Weekend PC Game Deals article, which features rhythm bundles, fishing festivals, DRM-free summer sales, and more. Other gaming news includes the following: Take-Two confirmed Borderlands 4 will not cost $80 for the base game. The Coalition expanded the Gears of War: Reloaded beta after its rocky start. Ara: History Untold 1.4 update delivered overhauls to AI, map generation, combat, and more. Star Citizen Alpha 4.2 update lands with radiation hazards, dynamic rain, and more. This link will take you to other issues of the Microsoft Weekly series. You can also support Neowin by registering a free member account or subscribing for extra member benefits, along with an ad-free tier option. Microsoft Weekly image background by steve_a_johnson on Pixabay
    • I'm afraid not, Microsoft does release updated installation images for Windows through MVS every month, but they do not include any update to Defender's components or signatures. That's what the package talked about in the article is for, it includes a PowerShell script for the update.
  • Recent Achievements

    • First Post
      Johnny Mrkvička earned a badge
      First Post
    • Week One Done
      viraltui earned a badge
      Week One Done
    • One Month Later
      serfegyed earned a badge
      One Month Later
    • Dedicated
      firey earned a badge
      Dedicated
    • Dedicated
      fettermanj earned a badge
      Dedicated
  • Popular Contributors

    1. 1
      +primortal
      635
    2. 2
      ATLien_0
      230
    3. 3
      Michael Scrip
      217
    4. 4
      Xenon
      149
    5. 5
      Steven P.
      141
  • Tell a friend

    Love Neowin? Tell a friend!