agnesfernandes
asked on
Windows 2003 destination host unreachable - Network hardware working ok
There is a Windows 2003 server which is not available in the network.
1. ping to 127.0.0.1 works
2. ping to self ip [giving static ip] works.
3. ping to any other PC in the network gives destination host unreachable.
4. I used a BART PE CD to boot the PC and when I give the same static IP it works and I am able to ping all PC's and go out of the network too.
Step 4 goes to prove that the hardware is working fine.
There is no firewall configured in the Server.
Can someone suggest a solution to the problem apart from the reinstall solution?
thanks
agnes
1. ping to 127.0.0.1 works
2. ping to self ip [giving static ip] works.
3. ping to any other PC in the network gives destination host unreachable.
4. I used a BART PE CD to boot the PC and when I give the same static IP it works and I am able to ping all PC's and go out of the network too.
Step 4 goes to prove that the hardware is working fine.
There is no firewall configured in the Server.
Can someone suggest a solution to the problem apart from the reinstall solution?
thanks
agnes
Questions....
What happens when you do a tracert?
Do you have mutiple subnets in your network or just one subnet with a NAT firewall for internet access?
Do you have RRAS installed on the server?
Are there multiple network cards in the server?
What does your routing table look like?
Things to check...
Proper routing table
Is the network cable good? Just because there's a link light doesn't always mean that the cable is functional
Proper metric is set for the interface as well as the gateway
Proper gateway is set
Simple things to try....
Disable all firewalls present
Reset the tcp/ip stack (will require all TCP/IP information to be reconfigured)
Disable RRAS service if installed
Update the NIC drivers with the latest ones from the server manufacturer or hardware manufacturer
What happens when you do a tracert?
Do you have mutiple subnets in your network or just one subnet with a NAT firewall for internet access?
Do you have RRAS installed on the server?
Are there multiple network cards in the server?
What does your routing table look like?
Things to check...
Proper routing table
Is the network cable good? Just because there's a link light doesn't always mean that the cable is functional
Proper metric is set for the interface as well as the gateway
Proper gateway is set
Simple things to try....
Disable all firewalls present
Reset the tcp/ip stack (will require all TCP/IP information to be reconfigured)
Disable RRAS service if installed
Update the NIC drivers with the latest ones from the server manufacturer or hardware manufacturer
Any interesting logs? does it allow a few pings while booting into 2003 and then stops?
ASKER
I have removed the network card and reinstalled it with new drivers.
there is a single subnet.
and since the Bart PE CD is able to ping all the intranet and internet ip's I am presuming that the hardware is fine.
The server was working fine and there was a power failure - so the server shutdown abnormally. I am supplying this information just in case it helps in analysis. I have only 14 hours left, else I HAVE TO REINSTALL.
thanks
there is a single subnet.
and since the Bart PE CD is able to ping all the intranet and internet ip's I am presuming that the hardware is fine.
The server was working fine and there was a power failure - so the server shutdown abnormally. I am supplying this information just in case it helps in analysis. I have only 14 hours left, else I HAVE TO REINSTALL.
thanks
are you getting this in the system log, 4292 IPSec:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1. I uninstalled and reinstalled TCP/IP using this procedure
---------------------+++++
How to uninstall and reinstall TCP/IP
If TCP/IP is not working and the command "netsh interface ip reset resetlog.txt" fails to resolve the problem, you can try the following procedure in Windows XP or Windows 2003 Server, which basically enables the TCP/IP uninstall function that is normally not available in these operating systems.
In brief, you have to do the following:
Enable the uninstalling of TCP/IP
Uninstall TCP/IP
Reinstall TCP/IP
Reboot
Complete procedure
Open regedit (click on [Start], Run..., type: regedit , click on [OK]
In the left pane navigate to the following two keys and delete them:
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\Winsock
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\WinSock2
Optional backup of the TCP/IP configuration file: Close regedit, open Windows Explorer, and locate the nettcpip.inf file in %winroot%\inf (for example in: C:\WINDOWS\inf). Make a backup copy to restore later, if needed.
Open the nettcpip.inf in the editor (for example, in notepad.exe).
Under the section [MS_TCPIP.PrimaryInstall],
Open Network Connections, right-click on Local Area Connection, and select Properties.
Click on Install, Protocol, Have disk, and type the path to the inf folder you used above, for example: c:\windows\inf
Choose TCP/IP from the list. This will take you back to the properties screen, but now the [Uninstall] button is available, which was the purpose of the above procedure.
Highlight TCP/IP and click on [Uninstall].
If you're not in a hurry, reboot at this point. Ignore the warning messages that a lot of services are failing.
Optional: If you saved a backup copy of nettcpip.inf, restore it now.
Open Network Connections, right click on Local Area Connection, and select Properties
In the properties of Local Area Connection click Install, Protocol, "Have disk", and type the same path again, for example: c:\windows\inf
Choose TCP/IP from the list and install it.
Reboot.
--------------------------
2. For good measure I ran winsockfix.exe and reset winsocks.
3. Then
reset the entire IP stack with the command:
netsh int ip reset c:\resetlog.txt
Finally this is what is happening,
I am not getting the 4292 in IP Sec.
However I am getting the error
IPSEC services service on the Local computer Error:1747: The authentication service is unknown.
So currently I have disabled the IPSec service and the Windows 2003 server is now working. I am able to ping other PC's and access the Internet addresses.
My question now is
A. How does disabling IPSEC services affect the Server?
B. How do I get around this Problem? Because the moment I start IPSEC services manually the Server is not available in the network.
Thanks in advance for your efforts and time
agnes
---------------------+++++
How to uninstall and reinstall TCP/IP
If TCP/IP is not working and the command "netsh interface ip reset resetlog.txt" fails to resolve the problem, you can try the following procedure in Windows XP or Windows 2003 Server, which basically enables the TCP/IP uninstall function that is normally not available in these operating systems.
In brief, you have to do the following:
Enable the uninstalling of TCP/IP
Uninstall TCP/IP
Reinstall TCP/IP
Reboot
Complete procedure
Open regedit (click on [Start], Run..., type: regedit , click on [OK]
In the left pane navigate to the following two keys and delete them:
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\Winsock
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\WinSock2
Optional backup of the TCP/IP configuration file: Close regedit, open Windows Explorer, and locate the nettcpip.inf file in %winroot%\inf (for example in: C:\WINDOWS\inf). Make a backup copy to restore later, if needed.
Open the nettcpip.inf in the editor (for example, in notepad.exe).
Under the section [MS_TCPIP.PrimaryInstall],
Open Network Connections, right-click on Local Area Connection, and select Properties.
Click on Install, Protocol, Have disk, and type the path to the inf folder you used above, for example: c:\windows\inf
Choose TCP/IP from the list. This will take you back to the properties screen, but now the [Uninstall] button is available, which was the purpose of the above procedure.
Highlight TCP/IP and click on [Uninstall].
If you're not in a hurry, reboot at this point. Ignore the warning messages that a lot of services are failing.
Optional: If you saved a backup copy of nettcpip.inf, restore it now.
Open Network Connections, right click on Local Area Connection, and select Properties
In the properties of Local Area Connection click Install, Protocol, "Have disk", and type the same path again, for example: c:\windows\inf
Choose TCP/IP from the list and install it.
Reboot.
--------------------------
2. For good measure I ran winsockfix.exe and reset winsocks.
3. Then
reset the entire IP stack with the command:
netsh int ip reset c:\resetlog.txt
Finally this is what is happening,
I am not getting the 4292 in IP Sec.
However I am getting the error
IPSEC services service on the Local computer Error:1747: The authentication service is unknown.
So currently I have disabled the IPSec service and the Windows 2003 server is now working. I am able to ping other PC's and access the Internet addresses.
My question now is
A. How does disabling IPSEC services affect the Server?
B. How do I get around this Problem? Because the moment I start IPSEC services manually the Server is not available in the network.
Thanks in advance for your efforts and time
agnes
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tried all the steps mentioned in the article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;870910
Finally I am still getting the same results. If I stop IPsec services the PC is able to access everything in the network, else it fails.
http://support.microsoft.com/default.aspx?scid=kb;en-us;870910
Finally I am still getting the same results. If I stop IPsec services the PC is able to access everything in the network, else it fails.
ASKER
I had to reformat the Server and reinstall everything.
How is carl_legere's solution the accepted solution?
It doesn't work, period.
It doesn't work, period.
I too was having the same issue but it was a virtual machine (Svr 2K3). It was working fine and then we upgraded our VMWare infrastruture to 4.1 (from 3.5). This was the only server we had any problems with but sure enough I followed carl_legere's advice and was backup in minutes.
Brilliant. Thank you Carl.
Brilliant. Thank you Carl.
Regards.