I've been an IT professional for county government over 2 1/2 years and this problem has occurred 3 times. I can fix it by restarting the primary server, but I would like to fix it without having to take that route. Here's the situation. On our primary server (from here on out called Server1) we have software running called Springbrook (fund accounting and utility billing enterprise software). The users access Springbrook via mapped drives to Server1. I place shortcut on their desktops that pulls the software from the mapped drive. Sometimes, I don't know why, 3 or more users lose access to Server1, which causes them to lose access to Springbrook. The rest of us can still access Server1. By losing access to Server1 I mean PC A cannot ping, RD to, or access shares on Server1. Ping tells me the remote host is unreachable, RD gives the same message, and when I try to explore the mapped drive the message tells me the network path is not available. If I restart Server1 then those 3 users can suddenly access Server1 again.
I assume the only thing happening is that a network service is restarting, but I don't know if it's the NetLogon service, an AD service, or it may be something else I'm not aware of. Restarting the users' PCs doesn't solve the problem. Nor does rejoining the PC to the domain fix the issue; it's always restarting Server1 that fixes the issue.
This doesn't happen often. Like I said, in the 2 1/2 years I've been here it's happened 3 times. Out of those 3 times it hasn't been the same PCs either. I would like to know how to prevent it or at least how to fix it without restarting the server completely.
AD domain. Windows Server 2008 R2 server. Sonicwall TZ210 firewall. Netgear 24 port gig switch. PCs hook into Netgear gig 5 port switches.
Thanks.
EDIT: Thanks for the answers so far. Poor question writing on my part. I failed to mention that the affected PCs can communicate with other PCs on the network, even Server2 (we have to DCs). Server1 can't ping to the affected PCs either.
I found the answer to the problem! For this year anyway. :)
The problem occurred again yesterday morning and at lunch, but this time it was just one PC that wasn't in the affected group last week. During the problem I did the following:
The monster reared its ugly head again at lunch.
Went to the server, collected wireshark packets between the affected PC and the server. Then, I restarted the server because I know that works. That fixed the issue. I was only able to read through the collected data for a few minutes because other issues came up (I'm the only IT pro - one man crew) that occupied my time for the rest of the shift. Thought about it through the night. Came in this morning, collected network traffic just to see if there were any network process hogs and couldn't find anything bloating the "pipe." Then it hit me: check the kaspersky logs on the server. I checked the network attack blocker logs and found that last week Kaspersky detected dos.generic.synflood "attacks" from the 3 affected machines last week and the affected machine yesterday. When Kaspersky detects things like that, it will cut off communication with the attacking node for 60 minutes. The logs gave the exact time of the issue and the time matched up with the time affected users called me about the issue. I tracked the logs back 30 days and noticed those logs were clean of attacks.
I set the network attack blocker to only block the attacking node for 1 minute. I'm also going to investigate what the synflood attacks could be. At least for now I know why those machines were disconnected from the server. Of course now, I need to figure out the source of those dos.generic.synflood attacks.
If you can't ping the server, it's dropped off the network and restarting any Windows service won't fix anything for you. You've either got a problem with the network itself, or the server's network card.
Given the fact that it's only some machines, and it doesn't sound like your network is internally routed, one of your switches may be crapping out or having ARP problems. Sounds like they aren't managed, so the next time it happens, you're going to have to do some troubleshooting while the problem is occurring to find the fault.
I'd have to agree with Mfinni, restarting any of the services mentioned, wouldn't allow/stop traffic getting to your server. If anything, check your server for any firewall configurations. Unfortunately, this issue is so intermittent that you are going to be playing a waiting game to troubleshoot. The best you can do is determine a plan of action for when it happens again. For that, I would start by running Wireshark, or some other type of packet sniffer on the server and client, while the issue is occurring, and while you have a constant ping from the affected machines. I would also check if those affected machines can communicate with any other machines on the local / remove subnet to narrow your issue.
Did you try to disable and then re-enable the network card on Server1?
I ran into a similar issue about a year ago, my file server was not recognizing one of the clients. I did the following:
Make sure you do it on the Server1 or whichever one that PC can't access.
Let me know if that helps.