[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

two Win2k's won't respond to Ping

Posted on 2004-11-27
30
Medium Priority
?
203 Views
Last Modified: 2011-02-10
We have five machines, three of them XPPro, two 2kPro.  The XPPro's are fine.  Starting at the end of the day Wednesday (after working fine until then) suddenly the two 2kPro's do not respond to pings (request timed out).  They do not respond whether the pinger is XP or another 2k.  However each 2k can ping and respond to itself (computername, 127.0.0.1 & IP address).

When I restart a 2k, early in the boot process it responds for a while, but then quits responding shortly after the userid/password prompt appears.

Both 2k's still work fine on the internet (DSL) so they're getting through the switch and out to the router ok.

All are on the same subnet 192.168.0.1.  Initially are were DHCP but now one of the 2k's is static (192.168.0.10).

There is no firewall that I know of on the 2k machines.  At one time we had StarBand and and Ositis WinProxy on one of the 2k machines, but that has been removed for some time now.  At any rate, the other 2k machine never had WinProxy on it.

I removed the three most recent hotfixes that had been applied last Saturday (three full business days before the failure) with no help.

I'm going crazy!  What could be suddenly inhibiting ping responses?  I'm considering trying an XP Pro Upgrade if all else fails!  Thanks for any suggestions!  I need this working before Monday!
0
Comment
Question by:matteary
  • 13
  • 6
  • 5
  • +3
30 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 12687034
Hi matteary,

Most likely some program has changed the tcp/ip stack so it now doesn't respond to ICMP packages anymore. Could be a firewall installed in the past.
One thing to be sure the tcp/ip stack is returned to the default is to reset the stack.
Here's a tool to do so:
http://www.spychecker.com/download/download_winsockxpfix.html
(don't let the name confuse you, it works for all windows versions)

Greetings,

LucF
0
 

Author Comment

by:matteary
ID: 12687054
Thanks for your reply!  Just tried it and rebooted, no change.

Forgot to mention, I also ran three different virus scanners, all said clean.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12687068
Are all the machines connected to the same router ?

Did this issue start once removing StarBand and and Ositis WinProxy or even after removing they all worked fine ?

can you ping these 2k machines by their name ? have you tried that  yet ?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LVL 49

Expert Comment

by:sunray_2003
ID: 12687085
are all the machines same workgroup ?

i kind of suspect the previous proxy you had got. make sure it has been uninstalled or removed completely
0
 

Author Comment

by:matteary
ID: 12687094
We removed StarBand and WinProxy months ago (March), this was working fine since then until I came in Wednesday to work on other things and it seemed to start happening right at the end of the business day before I had even done anything yet.

Each 2k machine can ping itself by name, but nobody can ping another 2k machine by name or by address.  However when anybody tries to ping another 2k machine by name, Ping does seem to be resolving the address correctly.
0
 

Author Comment

by:matteary
ID: 12687098
Yes, all on the same router and in the same WorkGroup.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12687107
So the only change that can be seen here between when it was working and now is that windows updates which you have already removed.

Not sure adding lmhosts file in each of the machine would help or not

LMHOSTS File Information and Predefined Keywords
http://support.microsoft.com/kb/102725/EN-US/
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12687117
go to advanced tcp/ip settings and under WINS tab and enable netbios over tcp/ip and see what happens ..
rebooting might help
0
 

Author Comment

by:matteary
ID: 12687123
Well, actually there have been many Windows Updates since March; I only removed the most recent few.  And I already tried the LMHosts trick with no change.  Sorry, to be a wet rag with all my answers!

There are traces of Ositis WinProxy on one of the two 2k's, but there never was any WinProxy on the other.  I'll try to more completely remove it from the one, but I can't imagine how would it affect the other?
0
 

Author Comment

by:matteary
ID: 12687164
NetBIOS over TCP/IP was already enabled.

I removed all traces of Ositis WinProxy from the registry and Program Files (on the one 2k, there was already no trace on the other 2k).

The puzzle remains!
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12687172
I am going to take my regular afternoon nap so will come back later in the evening and see if there are other options.

just try to restart ur 2000 machines and see if that would help ..
0
 

Author Comment

by:matteary
ID: 12687186
I've rebooted them until I'm blue in the face.

If nothing miraculous shows up in the next few minutes I might go and get WinXPPro upgrade and try it tomorrow.  But if that doesn't work ...
0
 
LVL 12

Expert Comment

by:valicon
ID: 12687817
Have you tried removing TCP/IP and then reinstalling it on both of these machines?  This will give you an entirely new stack.  Try that and let's see if that resolves the issue.
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12688209
Hey matteary,

I haven't read every post completely, but just at glancing, it seems that the XP firewall is enabled on the XP PCs.  By default it may not allow pings.  Try disabling the firewall on one of the PCs and then try pinging it.  

To disable it, go to the properties of the LAN, Advanced tab, settings.

Thanks,
cfairley
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12688213
Sorry, never mind, I just read that you had no firewall.  I'll go back to my thinking corner!
0
 
LVL 3

Expert Comment

by:Julian_C
ID: 12689600
Sorry, if I've missed this somewhere in the thread but are you pinging by name or IP?

What happens if you ping by the connections IP on the machine (you said 127.0.0.1 but I wonder what you get with 192.168.0.10)?

Also, what's your route print look like? Have you tried repatching through different ports in the switch?

If we get nowhere with that then I'd like you to try a sniffer. If you don't have one I can point you to a free sniffer that doesn't require the installation of a driver so it won't break your build (even tho it sounds broken anyway!)

Cheers
Julian
0
 

Author Comment

by:matteary
ID: 12690190
The same thing (request timed out) happens whether pinging by name or by IP.

I can successfully ping from the machine to itself, by name, by IP, by LocalHost, and by 127.0.0.1.

Will try different switch ports this afternoon before I try upgrading to XPPro.  The current ports are working fine for DSL internet access though.

I'd be interested to know about the free sniffer.

Thanks!
0
 
LVL 3

Expert Comment

by:Julian_C
ID: 12690633
It's called NGSSniff (note the double 'S') and can be downloaded from
http://www.nextgenss.com/sniff.htm
It runs without any driver installs but did fail the other day for me looking for a C Runtime DLL but I can post that somewhere if you get the error.

Put it on the pinger and pingee and set the IP addreses of the respective listenning and sending interfaces in the capture menu. The ping away and see what you get. Let me know if you need anymore info.

Cheers
Julian

0
 

Author Comment

by:matteary
ID: 12690979
Tried different switch ports, made no difference.

Forgot to mention, I had tried removing TCP/IP and reinstalling it, no better.

Tried NGSSniff.  Ran it on an XP (ok, 192.168.0.100) and a 2k (bad, 192.168.0.10).

When it's capturing the 2k address on the XP it says unable to bind to address.
When it's capturing the XP address on the 2k it captures nothing.

When it's capturing the XP address on the XP it captures the pings from XP to 2k (as well as traffic to/from router/gateway/internet).
When it's capturing the 2k address on the 2k it captures nothing.  This seems particularly odd.

Thanks for all you guys' help!
0
 
LVL 3

Expert Comment

by:Julian_C
ID: 12691205
I'm a little confused by the use list there. You always put the IP address of the machine you are running the sniffer in the capture bit. Not the one your listenning for or sending too. It just binds to the local network card, so if you have multiple networks it listens to the correct one. So, on your dodgy win2k box with the static IP run up NGSSniff and enter IP 192.168.0.10. On the XP box, run up NGsSniff and enter 192.168.0.9. Now select start capture on each box and run a ping from the XP box to try and ping the Win2k. What happens? What happens when you ping the XP box from the Win2k box as well as I forgot to ask that?

Cheers
Julian
0
 

Author Comment

by:matteary
ID: 12691278
The good XP box is 192.168.0.100.  Call it Box A.

The bad box is 192.168.0.10, it was Win2k but now it's WinXPPro (no firewall active) and still has the problem!  Call it Box B.

Box A captures its 192.168.0.100 address and Box B captures its 192.168.0.10 address.

When B successfully pings A,
A shows ICMPs both B to A and A to B,
B shows ICMPs both B to A and A to B.

When A fails pinging B (request timed out),
A shows ICMPs A to B, nothing B to A,
B shows nothing.
0
 
LVL 32

Expert Comment

by:LucF
ID: 12691366
Let's see if there are any problems in your tcp/ip stack, just to be sure as this doesn't look like normal stack acting to me in any way.
This tool will give you the attached LSP's in your stack, please run it, but DON'T let it remove anything it finds, most things will be needed.
http://www.cexx.org/lspfix.htm 
See what dll's are mentioned to be attached to the stack.

LucF
0
 

Author Comment

by:matteary
ID: 12691398
LSPFix finds these:

nwprovau.dll NWLink IPX/SPX/NetBIOS...
mswsock.dll  Tcpip
winrnr.dll      NTDS
rsvpsp.dll      (protocol handler)

I notice that a good XP machine does NOT have nwprovau.dll; I assume that's because it has NetBIOS over TCP set to be "use DHCP server settings" rather than on?
0
 
LVL 32

Expert Comment

by:LucF
ID: 12691422
Hmm... that looks perfectly normal :(
I'm really wondering what's preventing the responce now...

Just to sort it out... have you tried another NIC? Another cable? Another switch (or even better in this case, a hub)?

LucF
0
 
LVL 3

Accepted Solution

by:
Julian_C earned 2000 total points
ID: 12691739
I wouldn't worry about the network stack as it sounds fine if it can ping other machines and you say that these boxes can still access the Internet. This means networking is OK.

So, we have to try something else...

For some reason the packets never reach the network stack high enough up the layers for the sniffer to see. It would be really good to make sure this isn't some wierd behaviour on the switch and establish that the traffic is actually coming up the wire. Do you own a hub rather than a switch? With that you could put another machine on the same switch port (both on the hub using the uplink to the switch port) as your win2k and just check that the traffic was actually making it to the NIC on the Win2K server.(Did you ever try switching ports?)

Assuming that the traffic is making it to the machine and being dropped leads me to think that it's a packet filter of some description. You can ping out but not in. That alone says ICMP works and is routing OK but.... Now you have XP can you make sure the FW is off and also check the log. Also, is there anything in the event logs? Does the switc/dsl router thing have any decent logging too?

Next, can you see file shares on the win2k (now XP) machines and can they see shares on the other machines?

If it is a packet filter of some kind then I bet it's logging the drops somewhere. You could try running filemon from http://www.sysinternals.com and see if you get any file writes at the time you try pinging. If so, you may find the log and see the process that's doing it... I'll keep thinking

Cheers
Julian
0
 

Author Comment

by:matteary
ID: 12691840
Ok, here's the situation at the moment.  It's WORKING!

It seems that the infernal Cisco VPN Service was mucking things up.  Stop & Disable it and all is well.  But this has been on there for months and months, why did it go bad now?  As far as I know it wasn't updated recently but I'm not here all day so not sure.

Thanks for all your help!  I'll come back and try to assign points in a day or so after I've decompressed a bit!
0
 
LVL 3

Expert Comment

by:Julian_C
ID: 12694581
Cool! Pleased you finally got to the bottom of it. Do you need to get it working with the VPN enabled at the same time? I've just scanned the thead again and can't see any reference to the VPN and how it's set up etc. Is it a PIX? Do you have Proxy ARP switched on, on your internal interface? If you need help on this then I guess a new question in Security/Firewalls or Networking would probably get to more focused experts.

Good luck.

Cheers
Julian
0
 

Author Comment

by:matteary
ID: 12702030
I'm going to give this one to Julian since he said
"For some reason the packets never reach the network stack high enough up the layers for the sniffer to see"
and that got me looking at the services.  Of course, why I didn't do that earlier?

Thanks all!
0
 

Author Comment

by:matteary
ID: 12702046
Oh and to answer the last question, no they don't need the Cisco VPN Service!
0
 
LVL 3

Expert Comment

by:Julian_C
ID: 12704551
Good news on the VPN service (or very annoying, depending on how you look at it)! And thanks for the points, glad to be of assistance.

Cheers
Julian
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This shares a stored procedure to retrieve permissions for a given user on the current database or across all databases on a server.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Loops Section Overview
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question