Solved

Need Network Troubleshooting Assistnace

Posted on 2008-06-17
27
272 Views
Last Modified: 2010-04-21
Have a machine that can't browse the web, and I can't ping it

PC = Windows XP SP2
Network Servers: Windows 2003

Symptoms:
- PC can ping out to other machines on network and web addresses
- PC cannot be pinged itself from other machines or servers
- PC's Email works just fine (Outlook with Exchange)
- PC can access network shares just fine
- CAN'T browse to web sites by IP Address or Name
- DNS seems to work fine because it will resolve Names to IPs when pinging

What we have tried or looked at:
- Network settings look fine, everything is set to use DHCP
- we have done an IPCONFIG /release then IPCONFIG /flushdns then IPCONFIG /renew
- we reset his TCP/IP by using the command: netsh int ip reset resetlog.txt

Any suggestions appreciated!
0
Comment
Question by:CI3
  • 12
  • 8
  • 4
  • +2
27 Comments
 
LVL 5

Assisted Solution

by:jenkinsme
jenkinsme earned 100 total points
Comment Utility
As far as other machines being able to "ping" that machine is Windows Firewall and all other firewalls turned off on the PC? If you run a third-party program such as Norton Internet Security you will want to disable that for testing purposes.

When you go to a command prompt could you paste the ipconfig /all  into a post so we can all see the network settings for the NIC?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
I would suspect you may have 2 "problems". The fact that they cannot access a web page by IP could well indicate Winsock corruption. The inability to ping the machine is odd, so it could just be the Windows firewall is enabled. It, or any other software firewall will block pings, unless configured otherwise.

A Winsock issue is corruption of the TCP/IP stack. Most often this is the result of a virus or spyware, but not always. To repair see the Microsoft solution:
http://windowsxp.mvps.org/winsock.htm
Or, you can use a third party utility:
http://www.softpedia.com/progDownload/WinSock-XP-Fix-Download-7144.html
 
If it still doesn't work there are other similar solutions:
XP TCP/IP repair utility
http://www.softpedia.com/get/Tweak/Network-Tweak/XP-TCP-IP-Repair.shtml
LSPFix
http://www.cexx.org/lspfix.htm

 
0
 
LVL 4

Expert Comment

by:pamiken
Comment Utility
What firewall are you using???  I know with Sonicwall's, if you only have a 25 user license, the 26th user can go out to the web.
0
 

Author Comment

by:CI3
Comment Utility
UPDATE:

I knew I'd forget something when I posted the question.
- We had verified the firewall was turned off, it was
- We also had run the utility "WinsockxpFix.exe (no change)
- We did do the usual reboots after each attempt at fixing or running something (no change)
- Also just now the user uninstalled his NIC's and reinstalled them (no change)

RobWill, We have not tried the XP TCP/IP utility yet, the users is offsite and just got called out to a job site but he will be back in a few hours and we will run that one.  I will update you as soon as the user returns and we can run it.  Thanks

Jenkinsme, Here is a copy of the IPCONFIG /all
--------------------------------------------
Windows IP Configuration

        Host Name . . . . . . . . . . . . : CI330241
        Primary Dns Suffix  . . . . . . . : ci3.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ci3.com

Ethernet adapter Local Area Connection 19:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-18-8B-CF-E3-CE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.32.32
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.32.1
        DHCP Server . . . . . . . . . . . : 192.168.32.9
        DNS Servers . . . . . . . . . . . : 192.168.32.9
                                            192.168.101.23
                                            192.168.101.242
        Primary WINS Server . . . . . . . : 192.168.101.215
        Lease Obtained. . . . . . . . . . : Tuesday, June 17, 2008 11:32:25 AM
        Lease Expires . . . . . . . . . . : Wednesday, June 25, 2008 11:32:25 AM

Ethernet adapter Wireless Network Connection 3:
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
        Physical Address. . . . . . . . . : 00-1B-77-21-09-38
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Excellent point pamiken, many corporate firewalls have 10,25, or 50 user limits..
Can you access the firewall's web management page or any other internal web site to see if it is a browser or network issue?
0
 

Author Comment

by:CI3
Comment Utility
I'll check on the main network Firewall, that may take me a bit as we have another company managing it for us.  As far as I know there are no restrictions, but can't hurt to double check.

Also, good point on testing an internal WebSite, we have a Barracuda SPAM Firewall I someone get on his machine (machine is located at another location) and had them enter in the IP address to hit its web interface and it worked just fine.  So the browser itelf seems to be functioning.
0
 

Author Comment

by:CI3
Comment Utility
Got a reply back on the network firewall, they said there are no restrictions for number of internet connections.

RobWill, we ran the XP TCP/IP repair utility the rebooted.  No change.

One thing I just noticed in doing some tests is it seems to be just a problem with HTTP (which is port 80).  Sites that use HTTPS (port 443 I believe) work fine!  He can hit our Barracuda SPAM Firewall which uses HTTPS.  He can also hit our VPN site that uses HTTPS and I just had him try and hit https://www.wellsfargo.com and it came up fine also!  

We double checked his firewall and its off.  The firewall Im referring to is just the built in Windows XP firewall.  I had him turn it on and then off again.  Just for kicks I had him add an exception to port 80 even though its turned off.  Still no change.  We use Symantec Corperate Anti-Virus (disabled for this testing) and there are no other firewalls installed aside from the built in XP firewall.

Everyone else in this office can browse the web just fine so it seems to be isolated to just this machine.

We also went into his network connection and did a properties on TCP/IP then clicked the Advanced button then went to the Options tab did properties on TCP/IP filtering and verified that everything was set to Permit All

Im stumped&  
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
No chance an incorrect proxy was somehow added to the Internet explorer settings, of that machine? IE menu bar | tools | Internet options | Connections | LAN settings
0
 

Author Comment

by:CI3
Comment Utility
We checked  the LAN Settings in the browser and nothing was checked so no weird proxy being used.
0
 
LVL 4

Assisted Solution

by:pamiken
pamiken earned 100 total points
Comment Utility
I would try installing firefox from mozilla.com and see if it's a IE issue or a workstation issue.
0
 
LVL 2

Assisted Solution

by:litmuslogic
litmuslogic earned 100 total points
Comment Utility
Interesting!  What error message are you getting from the browser?  Does it simply time out?  Does it say that the site cannot be found and to check your dns?

Let's try this:

Open the command prompt

type:  telnet www.google.com 80

hit 'enter' a few times then type:


Get HTTP 1.1 /

Please post whatever the output is that you get.

Another thing to try is to give the box a different IP address.  Is there a range that is excluded from DHCP where there may be a few available addresses?  Configure it statically and see if the box can surf and of course, again, please post the results.

0
 
LVL 2

Expert Comment

by:litmuslogic
Comment Utility
Oh, one more thing -- yet another thing to try, if possible is to put the box on a completely different subnet and see if it can surf there.  
0
 

Author Comment

by:CI3
Comment Utility
pamiken: we loaded up Firefox and had the same result.  HTTP pages wouldn't come threw but HTTPS web pages did come threw.

litmuslogic: Our office locations are spread far apart so unfortunately I'm not able to put it on a different subnet to try it.  We did however set the machine to use a free static IP address, rebooted, but still had the same problem.  Telnet failed also - below is what his tenet session returned:

telnet www.microsoft.com 80
Connecting To www.microsoft.com...Could not open connection to the host, on port
80: Connect failed

So with all the testing it really does seem to be something just blocking port 80.




0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 2

Expert Comment

by:litmuslogic
Comment Utility
Very interesting, CI3!  How about downloading some small web server, like this one for example:

http://smallsrv.com/

installing on some other box on the same subnet as the problem box and trying to surf to that?  If successful, that I'd say we'd have to go look for some access list somewhere in our path that is blocking port 80, just as you said.
0
 

Author Comment

by:CI3
Comment Utility
litmuslogic, That "smallsrv" does look very interesting and only $49, its cheap.  After you mentioned having him try and hit a web page on his own subnet - made me remember he has a IP'ed printer out there.  So I called and had him try and hit the web interface of the printer that is out on his same subnet.  No luck, same result.  Again, everyone else in his office can hit the web just fine so it seems isolated to just his machine.

By the way thank you everyone who has made suggestions so far!

Unfortunately, I might be almost out of time on this issue, he is going to perform the MUF#2 procedure  (Microsoft Universal Fix #2) (reload the machine) tomorrow afternoon if I/we can't figure it out because he is going out of town for a job...
0
 
LVL 2

Expert Comment

by:litmuslogic
Comment Utility
Oops, didn't realize they were charging for it.  Sorry!
0
 

Author Comment

by:CI3
Comment Utility
litmuslogic: I'm glad you linked it, I just had someone asking me a week or two ago about inexpensive options for an SMTP server on a network without Exchange.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>""try and hit the web interface of the printer that is out on his same subnet.  No luck"
No chance of some sort of virus or malware blocking port 80 is there? If I were a virus wanting to target something that would be at the top of my list. There is a point at which MUF#2 becomes the most practical solution as you have confirmed the browser works, and the above seems to rule out a network issue.
0
 

Author Comment

by:CI3
Comment Utility
I'm going to have him run another Full Scan to check for viruses but I have never been real impressed with Symantec Corperate editions ability to find dug in problems.
0
 

Author Comment

by:CI3
Comment Utility
Virus Scan didn't come back with anything but did have a stange turn of events.

User just called me with an update:
The user was at home working on this laptop last night and he got a call and needed to connect to a clients site, so he instelled his Cisco VPN Client v4.6.04 on the machine (he had uninstalled apparently when he 1st started having issues).  Later after connecting to the clients site he tried to hit the internet again and HTTP pages worked for him!  He brought the machine into work this morning and tried to hit the internet and didn't have any luck.  He uninstalled then reinsteed that Cisco VPN client again and now he can hit HTPP internet sites again...  WTF?  Any ideas?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 200 total points
Comment Utility
The Cisco client has a firewall which can block some odd things, but I have never seen it affect common items like HTTP. If it is not the newest client you can right click on the icon in the lower right and un-check firewall always on.
0
 

Author Comment

by:CI3
Comment Utility
The user had uninstalled it when he started having problems, could it still mess up things even though it was uninstalled at the time when he was having problems?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
This is Windows right :-)
It's possible. Often un-installs are not complete, especially if it was installed, updated at some point, and then un-installed.
Definitely could cause problems if it was not rebooted after the Cisco un-install. The Cisco client does make a lot of additions and changes to networking, especially security related.
0
 

Author Comment

by:CI3
Comment Utility
Ok, thanks RobWill.  I had him look and the Firewall was ON, I told him to leave it on for now since things seem to be working again but to keep it in mind if he has issues in the future.  So everything seems to be working so i'll call this done, thanks everyone for your help.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Keep your fingers crossed.
0
 

Author Closing Comment

by:CI3
Comment Utility
Had lots of great suggestions, but as I didn't really get a solution, everyone gets points who contributed.  Thanks!
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks CI3.
Cheers !
--Rob
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now