matteary
asked on
two Win2k's won't respond to Ping
We have five machines, three of them XPPro, two 2kPro. The XPPro's are fine. Starting at the end of the day Wednesday (after working fine until then) suddenly the two 2kPro's do not respond to pings (request timed out). They do not respond whether the pinger is XP or another 2k. However each 2k can ping and respond to itself (computername, 127.0.0.1 & IP address).
When I restart a 2k, early in the boot process it responds for a while, but then quits responding shortly after the userid/password prompt appears.
Both 2k's still work fine on the internet (DSL) so they're getting through the switch and out to the router ok.
All are on the same subnet 192.168.0.1. Initially are were DHCP but now one of the 2k's is static (192.168.0.10).
There is no firewall that I know of on the 2k machines. At one time we had StarBand and and Ositis WinProxy on one of the 2k machines, but that has been removed for some time now. At any rate, the other 2k machine never had WinProxy on it.
I removed the three most recent hotfixes that had been applied last Saturday (three full business days before the failure) with no help.
I'm going crazy! What could be suddenly inhibiting ping responses? I'm considering trying an XP Pro Upgrade if all else fails! Thanks for any suggestions! I need this working before Monday!
When I restart a 2k, early in the boot process it responds for a while, but then quits responding shortly after the userid/password prompt appears.
Both 2k's still work fine on the internet (DSL) so they're getting through the switch and out to the router ok.
All are on the same subnet 192.168.0.1. Initially are were DHCP but now one of the 2k's is static (192.168.0.10).
There is no firewall that I know of on the 2k machines. At one time we had StarBand and and Ositis WinProxy on one of the 2k machines, but that has been removed for some time now. At any rate, the other 2k machine never had WinProxy on it.
I removed the three most recent hotfixes that had been applied last Saturday (three full business days before the failure) with no help.
I'm going crazy! What could be suddenly inhibiting ping responses? I'm considering trying an XP Pro Upgrade if all else fails! Thanks for any suggestions! I need this working before Monday!
ASKER
Thanks for your reply! Just tried it and rebooted, no change.
Forgot to mention, I also ran three different virus scanners, all said clean.
Forgot to mention, I also ran three different virus scanners, all said clean.
Are all the machines connected to the same router ?
Did this issue start once removing StarBand and and Ositis WinProxy or even after removing they all worked fine ?
can you ping these 2k machines by their name ? have you tried that yet ?
Did this issue start once removing StarBand and and Ositis WinProxy or even after removing they all worked fine ?
can you ping these 2k machines by their name ? have you tried that yet ?
are all the machines same workgroup ?
i kind of suspect the previous proxy you had got. make sure it has been uninstalled or removed completely
i kind of suspect the previous proxy you had got. make sure it has been uninstalled or removed completely
ASKER
We removed StarBand and WinProxy months ago (March), this was working fine since then until I came in Wednesday to work on other things and it seemed to start happening right at the end of the business day before I had even done anything yet.
Each 2k machine can ping itself by name, but nobody can ping another 2k machine by name or by address. However when anybody tries to ping another 2k machine by name, Ping does seem to be resolving the address correctly.
Each 2k machine can ping itself by name, but nobody can ping another 2k machine by name or by address. However when anybody tries to ping another 2k machine by name, Ping does seem to be resolving the address correctly.
ASKER
Yes, all on the same router and in the same WorkGroup.
So the only change that can be seen here between when it was working and now is that windows updates which you have already removed.
Not sure adding lmhosts file in each of the machine would help or not
LMHOSTS File Information and Predefined Keywords
http://support.microsoft.com/kb/102725/EN-US/
Not sure adding lmhosts file in each of the machine would help or not
LMHOSTS File Information and Predefined Keywords
http://support.microsoft.com/kb/102725/EN-US/
go to advanced tcp/ip settings and under WINS tab and enable netbios over tcp/ip and see what happens ..
rebooting might help
rebooting might help
ASKER
Well, actually there have been many Windows Updates since March; I only removed the most recent few. And I already tried the LMHosts trick with no change. Sorry, to be a wet rag with all my answers!
There are traces of Ositis WinProxy on one of the two 2k's, but there never was any WinProxy on the other. I'll try to more completely remove it from the one, but I can't imagine how would it affect the other?
There are traces of Ositis WinProxy on one of the two 2k's, but there never was any WinProxy on the other. I'll try to more completely remove it from the one, but I can't imagine how would it affect the other?
ASKER
NetBIOS over TCP/IP was already enabled.
I removed all traces of Ositis WinProxy from the registry and Program Files (on the one 2k, there was already no trace on the other 2k).
The puzzle remains!
I removed all traces of Ositis WinProxy from the registry and Program Files (on the one 2k, there was already no trace on the other 2k).
The puzzle remains!
I am going to take my regular afternoon nap so will come back later in the evening and see if there are other options.
just try to restart ur 2000 machines and see if that would help ..
just try to restart ur 2000 machines and see if that would help ..
ASKER
I've rebooted them until I'm blue in the face.
If nothing miraculous shows up in the next few minutes I might go and get WinXPPro upgrade and try it tomorrow. But if that doesn't work ...
If nothing miraculous shows up in the next few minutes I might go and get WinXPPro upgrade and try it tomorrow. But if that doesn't work ...
Have you tried removing TCP/IP and then reinstalling it on both of these machines? This will give you an entirely new stack. Try that and let's see if that resolves the issue.
Hey matteary,
I haven't read every post completely, but just at glancing, it seems that the XP firewall is enabled on the XP PCs. By default it may not allow pings. Try disabling the firewall on one of the PCs and then try pinging it.
To disable it, go to the properties of the LAN, Advanced tab, settings.
Thanks,
cfairley
I haven't read every post completely, but just at glancing, it seems that the XP firewall is enabled on the XP PCs. By default it may not allow pings. Try disabling the firewall on one of the PCs and then try pinging it.
To disable it, go to the properties of the LAN, Advanced tab, settings.
Thanks,
cfairley
Sorry, never mind, I just read that you had no firewall. I'll go back to my thinking corner!
Sorry, if I've missed this somewhere in the thread but are you pinging by name or IP?
What happens if you ping by the connections IP on the machine (you said 127.0.0.1 but I wonder what you get with 192.168.0.10)?
Also, what's your route print look like? Have you tried repatching through different ports in the switch?
If we get nowhere with that then I'd like you to try a sniffer. If you don't have one I can point you to a free sniffer that doesn't require the installation of a driver so it won't break your build (even tho it sounds broken anyway!)
Cheers
Julian
What happens if you ping by the connections IP on the machine (you said 127.0.0.1 but I wonder what you get with 192.168.0.10)?
Also, what's your route print look like? Have you tried repatching through different ports in the switch?
If we get nowhere with that then I'd like you to try a sniffer. If you don't have one I can point you to a free sniffer that doesn't require the installation of a driver so it won't break your build (even tho it sounds broken anyway!)
Cheers
Julian
ASKER
The same thing (request timed out) happens whether pinging by name or by IP.
I can successfully ping from the machine to itself, by name, by IP, by LocalHost, and by 127.0.0.1.
Will try different switch ports this afternoon before I try upgrading to XPPro. The current ports are working fine for DSL internet access though.
I'd be interested to know about the free sniffer.
Thanks!
I can successfully ping from the machine to itself, by name, by IP, by LocalHost, and by 127.0.0.1.
Will try different switch ports this afternoon before I try upgrading to XPPro. The current ports are working fine for DSL internet access though.
I'd be interested to know about the free sniffer.
Thanks!
It's called NGSSniff (note the double 'S') and can be downloaded from
http://www.nextgenss.com/sniff.htm
It runs without any driver installs but did fail the other day for me looking for a C Runtime DLL but I can post that somewhere if you get the error.
Put it on the pinger and pingee and set the IP addreses of the respective listenning and sending interfaces in the capture menu. The ping away and see what you get. Let me know if you need anymore info.
Cheers
Julian
http://www.nextgenss.com/sniff.htm
It runs without any driver installs but did fail the other day for me looking for a C Runtime DLL but I can post that somewhere if you get the error.
Put it on the pinger and pingee and set the IP addreses of the respective listenning and sending interfaces in the capture menu. The ping away and see what you get. Let me know if you need anymore info.
Cheers
Julian
ASKER
Tried different switch ports, made no difference.
Forgot to mention, I had tried removing TCP/IP and reinstalling it, no better.
Tried NGSSniff. Ran it on an XP (ok, 192.168.0.100) and a 2k (bad, 192.168.0.10).
When it's capturing the 2k address on the XP it says unable to bind to address.
When it's capturing the XP address on the 2k it captures nothing.
When it's capturing the XP address on the XP it captures the pings from XP to 2k (as well as traffic to/from router/gateway/internet).
When it's capturing the 2k address on the 2k it captures nothing. This seems particularly odd.
Thanks for all you guys' help!
Forgot to mention, I had tried removing TCP/IP and reinstalling it, no better.
Tried NGSSniff. Ran it on an XP (ok, 192.168.0.100) and a 2k (bad, 192.168.0.10).
When it's capturing the 2k address on the XP it says unable to bind to address.
When it's capturing the XP address on the 2k it captures nothing.
When it's capturing the XP address on the XP it captures the pings from XP to 2k (as well as traffic to/from router/gateway/internet).
When it's capturing the 2k address on the 2k it captures nothing. This seems particularly odd.
Thanks for all you guys' help!
I'm a little confused by the use list there. You always put the IP address of the machine you are running the sniffer in the capture bit. Not the one your listenning for or sending too. It just binds to the local network card, so if you have multiple networks it listens to the correct one. So, on your dodgy win2k box with the static IP run up NGSSniff and enter IP 192.168.0.10. On the XP box, run up NGsSniff and enter 192.168.0.9. Now select start capture on each box and run a ping from the XP box to try and ping the Win2k. What happens? What happens when you ping the XP box from the Win2k box as well as I forgot to ask that?
Cheers
Julian
Cheers
Julian
ASKER
The good XP box is 192.168.0.100. Call it Box A.
The bad box is 192.168.0.10, it was Win2k but now it's WinXPPro (no firewall active) and still has the problem! Call it Box B.
Box A captures its 192.168.0.100 address and Box B captures its 192.168.0.10 address.
When B successfully pings A,
A shows ICMPs both B to A and A to B,
B shows ICMPs both B to A and A to B.
When A fails pinging B (request timed out),
A shows ICMPs A to B, nothing B to A,
B shows nothing.
The bad box is 192.168.0.10, it was Win2k but now it's WinXPPro (no firewall active) and still has the problem! Call it Box B.
Box A captures its 192.168.0.100 address and Box B captures its 192.168.0.10 address.
When B successfully pings A,
A shows ICMPs both B to A and A to B,
B shows ICMPs both B to A and A to B.
When A fails pinging B (request timed out),
A shows ICMPs A to B, nothing B to A,
B shows nothing.
Let's see if there are any problems in your tcp/ip stack, just to be sure as this doesn't look like normal stack acting to me in any way.
This tool will give you the attached LSP's in your stack, please run it, but DON'T let it remove anything it finds, most things will be needed.
http://www.cexx.org/lspfix.htm
See what dll's are mentioned to be attached to the stack.
LucF
This tool will give you the attached LSP's in your stack, please run it, but DON'T let it remove anything it finds, most things will be needed.
http://www.cexx.org/lspfix.htm
See what dll's are mentioned to be attached to the stack.
LucF
ASKER
LSPFix finds these:
nwprovau.dll NWLink IPX/SPX/NetBIOS...
mswsock.dll Tcpip
winrnr.dll NTDS
rsvpsp.dll (protocol handler)
I notice that a good XP machine does NOT have nwprovau.dll; I assume that's because it has NetBIOS over TCP set to be "use DHCP server settings" rather than on?
nwprovau.dll NWLink IPX/SPX/NetBIOS...
mswsock.dll Tcpip
winrnr.dll NTDS
rsvpsp.dll (protocol handler)
I notice that a good XP machine does NOT have nwprovau.dll; I assume that's because it has NetBIOS over TCP set to be "use DHCP server settings" rather than on?
Hmm... that looks perfectly normal :(
I'm really wondering what's preventing the responce now...
Just to sort it out... have you tried another NIC? Another cable? Another switch (or even better in this case, a hub)?
LucF
I'm really wondering what's preventing the responce now...
Just to sort it out... have you tried another NIC? Another cable? Another switch (or even better in this case, a hub)?
LucF
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, here's the situation at the moment. It's WORKING!
It seems that the infernal Cisco VPN Service was mucking things up. Stop & Disable it and all is well. But this has been on there for months and months, why did it go bad now? As far as I know it wasn't updated recently but I'm not here all day so not sure.
Thanks for all your help! I'll come back and try to assign points in a day or so after I've decompressed a bit!
It seems that the infernal Cisco VPN Service was mucking things up. Stop & Disable it and all is well. But this has been on there for months and months, why did it go bad now? As far as I know it wasn't updated recently but I'm not here all day so not sure.
Thanks for all your help! I'll come back and try to assign points in a day or so after I've decompressed a bit!
Cool! Pleased you finally got to the bottom of it. Do you need to get it working with the VPN enabled at the same time? I've just scanned the thead again and can't see any reference to the VPN and how it's set up etc. Is it a PIX? Do you have Proxy ARP switched on, on your internal interface? If you need help on this then I guess a new question in Security/Firewalls or Networking would probably get to more focused experts.
Good luck.
Cheers
Julian
Good luck.
Cheers
Julian
ASKER
I'm going to give this one to Julian since he said
"For some reason the packets never reach the network stack high enough up the layers for the sniffer to see"
and that got me looking at the services. Of course, why I didn't do that earlier?
Thanks all!
"For some reason the packets never reach the network stack high enough up the layers for the sniffer to see"
and that got me looking at the services. Of course, why I didn't do that earlier?
Thanks all!
ASKER
Oh and to answer the last question, no they don't need the Cisco VPN Service!
Good news on the VPN service (or very annoying, depending on how you look at it)! And thanks for the points, glad to be of assistance.
Cheers
Julian
Cheers
Julian
Most likely some program has changed the tcp/ip stack so it now doesn't respond to ICMP packages anymore. Could be a firewall installed in the past.
One thing to be sure the tcp/ip stack is returned to the default is to reset the stack.
Here's a tool to do so:
http://www.spychecker.com/download/download_winsockxpfix.html
(don't let the name confuse you, it works for all windows versions)
Greetings,
LucF