Hi Everyone,
I have a bit of a head scratcher with a client of mines My Book Live…
Infrastructure setup:
- Workgroup Configuration
- TP-LINK ADSL Router
- Planet SGSW Switch
- Clients all configured with Static IP’s Including High Capacity Printers
- Clients all on Windows 10 (Anniversary Upgrade)
- ADSL Connects to Switch and clients connect to same switch
Routers and Switches have been swopped out and problem still persists…
At some point in a day (Not Every Day) users machines become sluggish and slow when traversing the network and when accessing the MBL and its files. Here comes the pearler… If you reboot any of the client PC’s during this speed degradation on the network the clients PC’s do not boot up, they sit with a black screen and you can only see the mouse cursor on the monitor. As soon as I disconnect the MBL from the network the machines boot up with ease. Reboot the machines and reconnect the MBL and the machines hand once again.
During one of these outages I was running WireShark off of one of the users machines and noticed MYBOOKLIVE broadcasting an LLMNR protocol to a 2. Even the web interface on the MBL drive was non responsive.
LLMNR Definition
> The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.
Any ideas what we are looking at here? Any suggestions to remedy this are welcome as this is bringing the entire network to a screaming halt and costing the client a loss in earnings.
Thanking you in advance…
I did a web search for LLMNR flood. This is common enough to warrant quite a few hits. I have no idea why MBL should be sending the LLMNR flood, but maybe someone knows how to disable it on MBL. Are you sure that your MBL is initiating the flood rather than just participating in responding? (There are reports of a Chrome browser bug provoking these floods, but I couldn’t follow that description.)
I’m not sure how the LLMNR flood could cause a Windows boot to hang but I can see how logins could hang if you don’t use local accounts.
All that is not much help I’m afraid.
I also came across the LLMNR flood with Chrome, however the client is using Firefox. I have search to see if there is a similar LLMNR flooding with FireFox, I will review that now.
The WireShark Content is as follows:
Source : 172.100.X.X
Destination IP : 224.0.0.252
Protocol : LLMNR
Info : Standard Query 0xSOMENUMBERS A MYBOOKLIVE or AAA MYBOOKLIVE
This only came up on WireShark once the NAS started misbehaving.
But yes… It is very weird that the Win10 PC’s refused to boot during this period. Take them offline by removing their NIC’s and they boot fine.
While this LLMNR protocol packets are flying around the drive is slow to respond and open files and the Web Interface is as slow as a mule.
I picked up that my customer had enabled Twonky Server under the media tab on the NAS management console. I have disabled it and for the time being things have seemed to have calmed down.
Interesting though that this would of prevented the Windows 10 PC’s from booting?
We are keeping a watchful eye on the network and will revert back should this have resolved the issues being experienced.
