Need Network Troubleshooting Assistnace

Have a machine that can't browse the web, and I can't ping it

PC = Windows XP SP2
Network Servers: Windows 2003

Symptoms:
- PC can ping out to other machines on network and web addresses
- PC cannot be pinged itself from other machines or servers
- PC's Email works just fine (Outlook with Exchange)
- PC can access network shares just fine
- CAN'T browse to web sites by IP Address or Name
- DNS seems to work fine because it will resolve Names to IPs when pinging

What we have tried or looked at:
- Network settings look fine, everything is set to use DHCP
- we have done an IPCONFIG /release then IPCONFIG /flushdns then IPCONFIG /renew
- we reset his TCP/IP by using the command: netsh int ip reset resetlog.txt

Any suggestions appreciated!
CI3Asked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
The Cisco client has a firewall which can block some odd things, but I have never seen it affect common items like HTTP. If it is not the newest client you can right click on the icon in the lower right and un-check firewall always on.
0
 
jenkinsmeConnect With a Mentor Commented:
As far as other machines being able to "ping" that machine is Windows Firewall and all other firewalls turned off on the PC? If you run a third-party program such as Norton Internet Security you will want to disable that for testing purposes.

When you go to a command prompt could you paste the ipconfig /all  into a post so we can all see the network settings for the NIC?
0
 
Rob WilliamsCommented:
I would suspect you may have 2 "problems". The fact that they cannot access a web page by IP could well indicate Winsock corruption. The inability to ping the machine is odd, so it could just be the Windows firewall is enabled. It, or any other software firewall will block pings, unless configured otherwise.

A Winsock issue is corruption of the TCP/IP stack. Most often this is the result of a virus or spyware, but not always. To repair see the Microsoft solution:
http://windowsxp.mvps.org/winsock.htm
Or, you can use a third party utility:
http://www.softpedia.com/progDownload/WinSock-XP-Fix-Download-7144.html
 
If it still doesn't work there are other similar solutions:
XP TCP/IP repair utility
http://www.softpedia.com/get/Tweak/Network-Tweak/XP-TCP-IP-Repair.shtml
LSPFix
http://www.cexx.org/lspfix.htm

 
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
pamikenCommented:
What firewall are you using???  I know with Sonicwall's, if you only have a 25 user license, the 26th user can go out to the web.
0
 
CI3Author Commented:
UPDATE:

I knew I'd forget something when I posted the question.
- We had verified the firewall was turned off, it was
- We also had run the utility "WinsockxpFix.exe (no change)
- We did do the usual reboots after each attempt at fixing or running something (no change)
- Also just now the user uninstalled his NIC's and reinstalled them (no change)

RobWill, We have not tried the XP TCP/IP utility yet, the users is offsite and just got called out to a job site but he will be back in a few hours and we will run that one.  I will update you as soon as the user returns and we can run it.  Thanks

Jenkinsme, Here is a copy of the IPCONFIG /all
--------------------------------------------
Windows IP Configuration

        Host Name . . . . . . . . . . . . : CI330241
        Primary Dns Suffix  . . . . . . . : ci3.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ci3.com

Ethernet adapter Local Area Connection 19:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-18-8B-CF-E3-CE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.32.32
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.32.1
        DHCP Server . . . . . . . . . . . : 192.168.32.9
        DNS Servers . . . . . . . . . . . : 192.168.32.9
                                            192.168.101.23
                                            192.168.101.242
        Primary WINS Server . . . . . . . : 192.168.101.215
        Lease Obtained. . . . . . . . . . : Tuesday, June 17, 2008 11:32:25 AM
        Lease Expires . . . . . . . . . . : Wednesday, June 25, 2008 11:32:25 AM

Ethernet adapter Wireless Network Connection 3:
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
        Physical Address. . . . . . . . . : 00-1B-77-21-09-38
0
 
Rob WilliamsCommented:
Excellent point pamiken, many corporate firewalls have 10,25, or 50 user limits..
Can you access the firewall's web management page or any other internal web site to see if it is a browser or network issue?
0
 
CI3Author Commented:
I'll check on the main network Firewall, that may take me a bit as we have another company managing it for us.  As far as I know there are no restrictions, but can't hurt to double check.

Also, good point on testing an internal WebSite, we have a Barracuda SPAM Firewall I someone get on his machine (machine is located at another location) and had them enter in the IP address to hit its web interface and it worked just fine.  So the browser itelf seems to be functioning.
0
 
CI3Author Commented:
Got a reply back on the network firewall, they said there are no restrictions for number of internet connections.

RobWill, we ran the XP TCP/IP repair utility the rebooted.  No change.

One thing I just noticed in doing some tests is it seems to be just a problem with HTTP (which is port 80).  Sites that use HTTPS (port 443 I believe) work fine!  He can hit our Barracuda SPAM Firewall which uses HTTPS.  He can also hit our VPN site that uses HTTPS and I just had him try and hit https://www.wellsfargo.com and it came up fine also!  

We double checked his firewall and its off.  The firewall Im referring to is just the built in Windows XP firewall.  I had him turn it on and then off again.  Just for kicks I had him add an exception to port 80 even though its turned off.  Still no change.  We use Symantec Corperate Anti-Virus (disabled for this testing) and there are no other firewalls installed aside from the built in XP firewall.

Everyone else in this office can browse the web just fine so it seems to be isolated to just this machine.

We also went into his network connection and did a properties on TCP/IP then clicked the Advanced button then went to the Options tab did properties on TCP/IP filtering and verified that everything was set to Permit All

Im stumped&  
0
 
Rob WilliamsCommented:
No chance an incorrect proxy was somehow added to the Internet explorer settings, of that machine? IE menu bar | tools | Internet options | Connections | LAN settings
0
 
CI3Author Commented:
We checked  the LAN Settings in the browser and nothing was checked so no weird proxy being used.
0
 
pamikenConnect With a Mentor Commented:
I would try installing firefox from mozilla.com and see if it's a IE issue or a workstation issue.
0
 
litmuslogicConnect With a Mentor Commented:
Interesting!  What error message are you getting from the browser?  Does it simply time out?  Does it say that the site cannot be found and to check your dns?

Let's try this:

Open the command prompt

type:  telnet www.google.com 80

hit 'enter' a few times then type:


Get HTTP 1.1 /

Please post whatever the output is that you get.

Another thing to try is to give the box a different IP address.  Is there a range that is excluded from DHCP where there may be a few available addresses?  Configure it statically and see if the box can surf and of course, again, please post the results.

0
 
litmuslogicCommented:
Oh, one more thing -- yet another thing to try, if possible is to put the box on a completely different subnet and see if it can surf there.  
0
 
CI3Author Commented:
pamiken: we loaded up Firefox and had the same result.  HTTP pages wouldn't come threw but HTTPS web pages did come threw.

litmuslogic: Our office locations are spread far apart so unfortunately I'm not able to put it on a different subnet to try it.  We did however set the machine to use a free static IP address, rebooted, but still had the same problem.  Telnet failed also - below is what his tenet session returned:

telnet www.microsoft.com 80
Connecting To www.microsoft.com...Could not open connection to the host, on port
80: Connect failed

So with all the testing it really does seem to be something just blocking port 80.




0
 
litmuslogicCommented:
Very interesting, CI3!  How about downloading some small web server, like this one for example:

http://smallsrv.com/

installing on some other box on the same subnet as the problem box and trying to surf to that?  If successful, that I'd say we'd have to go look for some access list somewhere in our path that is blocking port 80, just as you said.
0
 
CI3Author Commented:
litmuslogic, That "smallsrv" does look very interesting and only $49, its cheap.  After you mentioned having him try and hit a web page on his own subnet - made me remember he has a IP'ed printer out there.  So I called and had him try and hit the web interface of the printer that is out on his same subnet.  No luck, same result.  Again, everyone else in his office can hit the web just fine so it seems isolated to just his machine.

By the way thank you everyone who has made suggestions so far!

Unfortunately, I might be almost out of time on this issue, he is going to perform the MUF#2 procedure  (Microsoft Universal Fix #2) (reload the machine) tomorrow afternoon if I/we can't figure it out because he is going out of town for a job...
0
 
litmuslogicCommented:
Oops, didn't realize they were charging for it.  Sorry!
0
 
CI3Author Commented:
litmuslogic: I'm glad you linked it, I just had someone asking me a week or two ago about inexpensive options for an SMTP server on a network without Exchange.
0
 
Rob WilliamsCommented:
>>""try and hit the web interface of the printer that is out on his same subnet.  No luck"
No chance of some sort of virus or malware blocking port 80 is there? If I were a virus wanting to target something that would be at the top of my list. There is a point at which MUF#2 becomes the most practical solution as you have confirmed the browser works, and the above seems to rule out a network issue.
0
 
CI3Author Commented:
I'm going to have him run another Full Scan to check for viruses but I have never been real impressed with Symantec Corperate editions ability to find dug in problems.
0
 
CI3Author Commented:
Virus Scan didn't come back with anything but did have a stange turn of events.

User just called me with an update:
The user was at home working on this laptop last night and he got a call and needed to connect to a clients site, so he instelled his Cisco VPN Client v4.6.04 on the machine (he had uninstalled apparently when he 1st started having issues).  Later after connecting to the clients site he tried to hit the internet again and HTTP pages worked for him!  He brought the machine into work this morning and tried to hit the internet and didn't have any luck.  He uninstalled then reinsteed that Cisco VPN client again and now he can hit HTPP internet sites again...  WTF?  Any ideas?
0
 
CI3Author Commented:
The user had uninstalled it when he started having problems, could it still mess up things even though it was uninstalled at the time when he was having problems?
0
 
Rob WilliamsCommented:
This is Windows right :-)
It's possible. Often un-installs are not complete, especially if it was installed, updated at some point, and then un-installed.
Definitely could cause problems if it was not rebooted after the Cisco un-install. The Cisco client does make a lot of additions and changes to networking, especially security related.
0
 
CI3Author Commented:
Ok, thanks RobWill.  I had him look and the Firewall was ON, I told him to leave it on for now since things seem to be working again but to keep it in mind if he has issues in the future.  So everything seems to be working so i'll call this done, thanks everyone for your help.
0
 
Rob WilliamsCommented:
Keep your fingers crossed.
0
 
CI3Author Commented:
Had lots of great suggestions, but as I didn't really get a solution, everyone gets points who contributed.  Thanks!
0
 
Rob WilliamsCommented:
Thanks CI3.
Cheers !
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.