Users losing intermittent connection to network

[malds001]

This problem is driving me crazy, was wondering if anyone could provide some insight.

Lots of users are losing network connectivity to resources, word documents / applications / network drives even RDP sessions are dropping, it causing corruption and havoc all round.

I am not sure how to detect the problem, it would suggest packet loss, since it's affecting so many different sources and destinations I can only assume it's a switch, but there are 8 switches all daisy chained to the master switch which has all the servers connected.

I assume it's the master switch, is there anything else that could affect this? Broadcast storm perhaps, if so how how can I detect this. Downloading wireshark at the moment but since I have no idea what to be looking at this might be lost cause. My plan was to install it on a users machine and simply monitor the traffic and hope something obvious becomes apparent.

We recently moved a lot of desks around 2 weeks ago, maybe it's a damaged cable somewhere.

Any ideas would be much appreciated.

 

[iaind]

are they all in a single long chain?

Set up a continuous ping from a client on each switch to one of the servers and you'll be able to find the point in the chain that is failing

What switches are they?

 

[malds001]

They are HP ProCurve 1800 switches.

I have been running persistant pings to all those who have complained, which is a lot, there is no time out from ping -t commands. Users do not report a network diconnect, access to the resource just ceases, as if packets get lost.

Users do not all DC at the same time.

 

[Andyt_uk]

STP turned on? I'd suspect a network loop somewhere

 

[K.C. Leblanc]

I've writen a long reply, then relised not all your computers are effected at the same
time, generally a packet storm effects the whole network. I don't know how comprehensive the management on procurve 1800s is, but have a look they probably keep an error log.

With wireshark the key thing is the quantity of packets. Get used to how many bounce around your network when it's working correctly, when trouble strikes this should go through the roof. You should hopefully see a large proportion of the packets have come from the same MAC address.

There are several ways of tying a MAC address down to particular piece of hardware.

You could try a piece of software called angry IP scanner. Configure it to show MAC addresses then scan your whole IP range, should give a list of the MAC addresses of all your computers. Doesn't always resolve MACs for printers.

You can also look at the web managment of your switches. They should list what MAC address is assigned to which port.

Or open a command prompt on the server and type arp -a. It'll list all the IPs and MACs it recognises (you can copy and paste this into excel to make it easier to sort).

 

[Curiosityx]

Is the issue happening when users are connecting to one particular server or all servers?

Have you checked that the network adapters if 10/100 variant are forced to 100M/Full Duplex that is if the switches are managed and can be forced at the switch port as well, it sounds like you have a either a duplex mismatch somewhere or bad connection on the primary switch.