Solved

Help Server down!!

Posted on 2006-06-22
23
657 Views
Last Modified: 2008-02-20
I rebooted our exchange server and now I cannot ping anyhting not even the internet router, nobody can ping it, it can ping itself

I cannot ping Hsotnames or IP addresses. I noticed i nthe eventlog something major happened to to symantec Antivirus it erros that it could not read a bajillion files

I tried a repair on the adapter but it says cannot clear ARP Cache.

I have looked through the processes and cant find anything that looks fishy
I have checked the start up and also do not see anyhting in start up thats wierd.. it has no internet access so I cant run an online scan..

any ideaS?
0
Comment
Question by:o0JoeCool0o
  • 7
  • 3
  • 2
  • +8
23 Comments
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Few things to check.

1. The IP address on the server is in the same subnet.
2. Try pinging some other machines in same subnet.
3. Check firewall.
4. Check arp entries using "arp -a".

Try acquiring IP address using DHCP, if sucessful it will eliminate any network connectivity issues.(Like Bad cable, Bad Switch port, Incorrect VLAN etc.)
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
What is this connected to, a switch or a hub?  

Does the switch/hub have a light showing the the Ethernet connection is up?

Does the NIC on the server have a light showing the the Ethernet connection is up?

What do you get when you issue the command:

     ipconfig /all

What does windows show as the adapter status?

When was the last time this was re-booted?  What has changed since then (and don't say nothing)?
0
 
LVL 2

Expert Comment

by:Todd_Bunch
Comment Utility
I would start by running "cmd" then type in ipconfig to see what IP address the server has.
0
 
LVL 10

Expert Comment

by:fm250
Comment Utility
Try to get another NIC and install it and see if it works.
Disable the AV for sometime and see if that helps.
check the switch and cable ... you can connect this cable to another machine and see if it is the switch, cable or the server itself.
come back and let us know what happens?

hope this helps!
0
 
LVL 4

Assisted Solution

by:johanvz1
johanvz1 earned 200 total points
Comment Utility
Hi,

Log into safe mode with networking uninstall your antivirus then see if you can actually see the network after you do and ipconfig /flushdns and ipconfig /release and ipconfig /renew. Then boot into windows like normal and see if you can access mail and the network from hereon proceed to check your eventlog start>run>evenvwr and check your application and event logs to see what happened to your antvirus. Also if it not exchange specifig like Symantic Antivirus for exchange it is a VERY BAD idea to have a normal av client installed on your exchange server as this has been known to cause many strange problems in the past.

So first get your server up and then worry about restoring your av client and protection.

Rgds,

Johan
0
 
LVL 4

Expert Comment

by:johanvz1
Comment Utility
Hi,

One example of normal symantec antivirus client corporate edition my exchange server 2003 sometime randomly did not send out mail or receive it and it came up with errors pointing do DNS and we did all kinds of tests and it was the av client all along. So my question first before you do what I suggested. How long has the av client been installed on the exchange server?. What might have triggered it, a new installation or configuration change on the server perhaps?.

Regards,

Johan
0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
well I found a problem with the AV client I had to do a manual definition update (thought it was a virus)
I havnt tried ermoving it yet Ill do that now and reboot

I booted into safemode with networking and POOF I could ping again. I even got internet access it was neat.
So I did an online virus scan and it came up with nothing so I dont think its a virus.

I rebooted back to normal mode and once again I cannot ping anyhting
I get destination host unreachable. Tehre are 2 NICS in the server and Ive tried them both to no avail.

This is really frustrating.

I cannot access network shares either nor can anyhting else talk to it or its services.


0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
Running a packet sniffer shows alot of incoming traffic but nothing outgoing.

I also tried setting DHCP instead of static but it cannot contact the dhcp server

this is so frustrating
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
What OS do you have installed?  Does it have the Windows built in firewall?  Is is enabled?  It is configured to allow traffic out?
0
 
LVL 7

Assisted Solution

by:puter_geek
puter_geek earned 180 total points
Comment Utility
Have you tried a winsock fix?  I don't know if it works with WinServ2003, but it certainly won't hurt anything.
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

copy it onto a floppy or burn to a cd and run it from there.

jolly good


puter_geek
0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
Its server 2003 Firewall is disabled
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 10

Expert Comment

by:fm250
Comment Utility
check for services and or programs that may doing that?
Also reset all the configuration and try different static ip(s).
Since you can get connection in safe mode then the problem lays somewhere in your OS, or the software. you may switch nics just to make sure.


hope this helps!
0
 
LVL 22

Expert Comment

by:rickhobbs
Comment Utility
Did you remove the AV client?
0
 
LVL 6

Expert Comment

by:Booda2us
Comment Utility
Hello Joecool, have you tried booting to "Last known good config"? Maybe a system restore is in order, since all is good in safe mode , check your logs for event on the reboot when problem started. Try running ' fixmbr' from a command prompt.  Hope this helps...Booda2us
0
 
LVL 3

Assisted Solution

by:juandelacruz2001
juandelacruz2001 earned 100 total points
Comment Utility
If the system seems to work OK on Safe Mode with Networking, the try to disable STARTUP and NON-MICROSOFT SERVICES by using MSCONFIG command. Reboot the system to normal mode and check if it works. Hopefully it does, then isolate which of the disabled services and startup tasks that caused the networking issue.

Good luck.
0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
yeah that wasnt it, after a support call to microsoft, it ended up being more fo a bug with SP1 in server 2003.

When the system is writing the local IPSEC policy if it gets interrrupted from another program or service it can corrupt the file.
once the system detects the corruption it DELETES the IPSEC folder from the registry

HKLM/Software/Policies/Windows/IPSEC

in order to restore the registry settings you must re register the probestart.dll library then it will recreate the keys

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B870910

too bad this wasnt his first thought, this was 3 and a half hours into the support call.. ah well its fixed!!!!
0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
oops polestore.dll not provestart haha time to go home!
0
 
LVL 22

Accepted Solution

by:
rickhobbs earned 20 total points
Comment Utility
Too bad you didn't do a search on the problem.  The solution was located last year in http://www.experts-exchange.com/Operating_Systems/Q_21391515.html?query=<span%20class=
0
 
LVL 23

Expert Comment

by:Erik Bjers
Comment Utility
contact Symantec support and ask for NONAV, this is a utility that can be used to remove all traces of your AV program (much better than the uninstall).  Unfortunatly Symantec has to give you the URL and username and password to get NONAV, but they should give it to you.

Let me know if you need the number for support, I can give it to you in the morning.

eb
0
 
LVL 10

Expert Comment

by:fm250
Comment Utility
Interesting to know that.
0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
I did lots of searching thanks, if I had known that IPSEC wasnt running and couldnt start then of course Id have found it. But all I saw was that I had no network conenctivity except in safemode which would lead anyone (even microsft when i talked to them) to believe it was something third party.

It took the microsoft professioanl support 3.5 hours to find this out.

0
 
LVL 6

Expert Comment

by:Booda2us
Comment Utility
we all deserve poinx
0
 
LVL 4

Author Comment

by:o0JoeCool0o
Comment Utility
Ill split the points for your guys' effort even though i had to pay 300 dollars to get my issue resolved I usually dont expect points unless I solve someones issue...
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now