jmcguire56
asked on
Loss of network connectivity
I have a Dell Poweredge 2850 running Windows Server 2003 SP2 and is one of our AD controllers. In addition to AD it also does some print serving and is our management server for Symantec Endpoint Protection. Out of the blue I have lost all network connectivity to it. It is running on a static IP. I can ping its own address but when I try to ping other addresses I get "Destination host unreachable".
From another computer I have set up a continuous ping to the server. I get Request timed out.
However, when I reboot the server and I see on the screen, "Preparing network connections" the continuous ping receives a reply from the server. When the screen changes to "Applying computer settings" the continuous ping changes back to Request timed out.
So something in Windows is hosing the network stack on the server. I've tried the following:
-removing SEP
-reinstalling SEP
-removing all Windows updates from the last two months
-stopping all non-Microsoft services
-replaced the nic
-replaced the cable
-tried plugging into a different switch port
-tried plugging into a switch
-updated nic drivers
-tried using DHCP instead of static address...no connectivity
I can't think of anything else to try.
From another computer I have set up a continuous ping to the server. I get Request timed out.
However, when I reboot the server and I see on the screen, "Preparing network connections" the continuous ping receives a reply from the server. When the screen changes to "Applying computer settings" the continuous ping changes back to Request timed out.
So something in Windows is hosing the network stack on the server. I've tried the following:
-removing SEP
-reinstalling SEP
-removing all Windows updates from the last two months
-stopping all non-Microsoft services
-replaced the nic
-replaced the cable
-tried plugging into a different switch port
-tried plugging into a switch
-updated nic drivers
-tried using DHCP instead of static address...no connectivity
I can't think of anything else to try.
Any firewalls?
Post your ipconfig /all for this machine as well as an external machine.
Also include your physical network paths.
Post your ipconfig /all for this machine as well as an external machine.
Also include your physical network paths.
ASKER
From an external pc:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
Physical Address. . . . . . . . . : 00-19-B9-04-7D-9D
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.9
DNS Servers . . . . . . . . . . . : 192.168.2.13
192.168.2.16
Primary WINS Server . . . . . . . : 192.168.2.16
Secondary WINS Server . . . . . . : 192.168.2.13
From the server in question:
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-0E-2A-FB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.13
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.9
DNS Servers . . . . . . . . . . . : 192.168.2.16
192.168.2.13
Primary WINS Server . . . . . . . : 192.168.2.16
Secondary WINS Server . . . . . . : 192.168.2.13
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
Physical Address. . . . . . . . . : 00-19-B9-04-7D-9D
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.9
DNS Servers . . . . . . . . . . . : 192.168.2.13
192.168.2.16
Primary WINS Server . . . . . . . : 192.168.2.16
Secondary WINS Server . . . . . . : 192.168.2.13
From the server in question:
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-0E-2A-FB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.13
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.9
DNS Servers . . . . . . . . . . . : 192.168.2.16
192.168.2.13
Primary WINS Server . . . . . . . : 192.168.2.16
Secondary WINS Server . . . . . . : 192.168.2.13
ASKER
Dan,
Last Known Good Configuration did not work. When I do a Route Print it shows the default gateway as 192.168.2.9 which is proper.
Last Known Good Configuration did not work. When I do a Route Print it shows the default gateway as 192.168.2.9 which is proper.
ASKER
Ged325,
to answer your other question, no firewalls between 192.168.2.13 and any other device on the 192.168.2.0 network.
to answer your other question, no firewalls between 192.168.2.13 and any other device on the 192.168.2.0 network.
Are you pinging by name or by IP?
On the server what if you switched the WINS to be 2.13 for primary and 2.16 for the secondary?
Same for DNS.
Can 2.16 ping 2.13 by name or IP?
On the server what if you switched the WINS to be 2.13 for primary and 2.16 for the secondary?
Same for DNS.
Can 2.16 ping 2.13 by name or IP?
Another thing to look at is the router. Does the router see your IP in its arp table? If you trace to any IP does it get to a second hop?
ASKER
Dan,
I don't have access to our routers, they are managed by our ISP.
If I run a tracert from the server I get a "destination host unreachable" right away.
I don't have access to our routers, they are managed by our ISP.
If I run a tracert from the server I get a "destination host unreachable" right away.
ASKER
Ged,
I'm pinging by IP and name. Same result. I've tried switching the order of DNS and Wins...same result.
2.16 cannot ping 2.13 by name or IP. When pinging by name it does resolve to the proper IP address.
I'm pinging by IP and name. Same result. I've tried switching the order of DNS and Wins...same result.
2.16 cannot ping 2.13 by name or IP. When pinging by name it does resolve to the proper IP address.
Can server ping default gateway?
Also any IPv6 going on? If so can you disable for now?
Also any IPv6 going on? If so can you disable for now?
ASKER
The server cannot ping the default gateway. No v6 here.
That needs to be resolved first. There's got to be a piece of software or something that is preventing outbound connections. Once that's fixed the rest will flow through. Your issue is definitely on the server end.
Any services hanging (stuck in starting state?)
http://www.eggheadcafe.com/aspnet_answers/windowsservernetworking/May2006/post26804106.asp
http://www.eggheadcafe.com/aspnet_answers/windowsservernetworking/May2006/post26804106.asp
ASKER
I agree....I thought it might be a Windows Update but I have removed all updated downloaded in Feb, Jan, and Dec. but that hasn't resolved it. I've turned off all non-Microsoft services as well but that hasn't resolved it either. Not sure where to go other than demoting it, removing it from AD, and re-imaging.
what about RRAS? or any other routing going on? Can you do a wireshark trace on the server and do a ping to you GW?
ASKER
No RRAS....but I just checked the Event Log and I see an error regarding IPSEC services. The service is set to automatic but it is NOT started. I checked my other servers and IPSEC is ON. When I try to start IPSEC on this server I get an error message stating, "Error 2: The system cannot find the file specified."
Could this be it?
Could this be it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Already working on that...results shortly.
ASKER
Success....It was the IPSEC service that was not starting. Following kb912023 fixed it.
Ged, I'll give you the points since pointing me to hanging services led me to find the problem.
Thanks for your help.
Ged, I'll give you the points since pointing me to hanging services led me to find the problem.
Thanks for your help.
Also for troubleshooting can you do a route print in dos and see where it thinks it is supposed to direct packets.