My environment looks something like this:

(FS1) NW 6.5 SP6 File & Print (Master Replica, Sub1 container)
(FS2) NW 6.5 SP6 Old File server (no replica, Sub1 container)
(GW1) NW 6.5 SP6 GW8 (MTA, POA, GWIA, WebAccess, GWAVA4) (R/W Replica, Sub1 container)
(ZEN1) NW 6.5 SP8 ZEN Desktop Mgmt 7.1 (no replica, Sub6 container)
(DNS1) NW 6.5 SP8 DNS/DHCP (All DNS/DHCP objects for this server are in Sub1 container including DNS-DHCP sub container) (Was RADIUS & BorderManager 3.8 SP3, see below) (R/W Replica, Sub1 container)
(RAD1) OES2 SP1 Linux fully patched (FreeRadius, LDAP for VPN/WiFi auth) (R/W Replica, installed in Org1 container - moved to Sub5 container)
Plus 4 Win2003 servers with AD. Two are on DMZ.

Enterasys Gig switched network with 5 VLANs, 1 eDir 8.7.x tree, 1 partition (Tree1), 1 org container (Org1), 6 sub containers (Sub1-6).

Approximately 3-5 weeks ago everything was working great. I upgraded two of the NW servers (since the lab upgrades went well) to SP8 successfully and wanted to let them sit for a couple weeks to make sure all was stable.

I started editing my RADIUS config (NMAS/BM) in C1 adding a WAP (MAC Auth) and it disabled my entire RADIUS system. I did a few hours research and decided to install an OES2 SP1 FreeRadius server since the NMAS/BM server is no longer supported. I built the RAD1 server with DNS/DHCP since I wanted to replace all services on DNS1 eventually. I installed RAD1 to the Org1 container (only service accounts here) but immediately started having network authentication issues with users. Users are mainly in Sub1 and Sub2 containers. I moved it (and all RAD1 named objects) to Sub5 container (where my MAC auth user objects and old RADIUS objects reside). It looks like some objects not directly associated with the server are still in Org1 (DNS-DHCP, RootServerInfo, nssvolumes, UNIX Config, Apache Group, apchadmn-Registry, DHCP_RAD1 (tried moving it but it wouldn't) and dhcpLocator). Users are mainly in Sub1 and Sub2 containers. Authentication problems went away.

I built my FreeRadius server and got it working with my VPN (Cisco). Since then the network has been having intermittent problems finding the tree at login. We have about 100 users and I hear from maybe 2 per day. A workstation reboot or time usually fixes the issue. Now the network is slower than molasses. When I run Wireshark and capture file transfers to and from servers I see lots of TCP (NCP) duplicate ACKs & retransmission packets (TCPCON on FS1 shows Segments Recd: 444000, Sent: 675000, Retrans: 19100, server uptime: 1hr:20min). I see some retransmit packets also during the eDir sync between servers also. I have rebooted the switch all the servers are on and I've rebooted FS1 (most used server). I have also seen the same retransmit packets when I tried to download the newest version of Wireshark from their website. I have moved my packet sniffer from the same switch that the servers are on to other switches and it has the same issue. I have also seen lots of "incorrect TCP NCP checksum" packets but looking on the web that could be because much of my file transfer and packet sniffing is on the same workstation.

I don't know, I'm at a loss. Any ideas? I'm rebooting a couple other switches tonight also. Any help will be greatly appreciated.