Solved

Windows network half functional

Posted on 2009-05-12
19
204 Views
Last Modified: 2012-05-06
I've an odd one. I have a windows 2003 server machine that is configured for a LAN (10.1.134.?/24). From the machine, I can interact with the network (internet browsing, pinging, etc), but I can't contact it from another machine on the LAN. The windows firewall is not enabled (by default).

I used nmap to scan open ports on the machine and nmap just sits and spins. The switch infrastructure knows the system exists (arp tables are populated).

It's behaving as if the system will not respond to anything it didn't initiate.

I've switch network cables, network interfaces (there are two interfaces on the system),ports on the switch it's connected to, connected to a different switch. I've connected it and another system to a dumb, isolated switch and that doesn't work.

I've also set it up to used dhcp. It successfully receives configureation information fro the dhcp server, but behaves the same as static settings.

I'm not even sure where to start looking (aside from the network configuration which appears to be fine).

Any pointers would be appreciated.

Thanks,

John  88{Q
0
Comment
Question by:tcengineer
  • 9
  • 7
  • 3
19 Comments
 
LVL 6

Expert Comment

by:MikeGGG
ID: 24366582
I would start ON BOTH MACHINES with:
- checking if both machines are in the same subnet
- routing table?
- clearing ARP table?
- HOSTS file?


0
 

Author Comment

by:tcengineer
ID: 24366753
I've cleared the arp tables on the systems and the pertinent switches. I've verified the routes are correct on each machine. Each host file only has "localhost at 127.0.0.1".

I've tried the "other" machine on the same subnet and a different subnet.
0
 

Author Comment

by:tcengineer
ID: 24368084
Another data point:

I booted the target system into safe mode with networking and it still behaves the same way.

I also have the target system and another laptop connected together via cross-over cable, just to get the network infrastructure out of the mix.
0
 
LVL 6

Expert Comment

by:MikeGGG
ID: 24371965
So, just to clear the things.
Lets say your computer is A, Target system is B
A can communicate with B but B cannot?
Can B communicate with other networked components?
Already tried to boot B from some Linux/WinPE CD?
0
 

Author Comment

by:tcengineer
ID: 24374184
I refer to the "target" system as the one that can communication with other systems on the LAN and the internet, but no system can communicate with the "target" system.

I have not tried booting from a linux CD.

I've run wireshark on the target system, and I can see broadcast traffic but no other.
0
 
LVL 7

Expert Comment

by:MariusSunchaser
ID: 24374370
Hi there.

From your brief description, this is definatelly a firewall problem.
Follow these steps:
1. Boot from a live CD.
If the problem persists, then it is not because of the computer. You should check your network firewalls.
2. If the problem is solved, then it is something with the computer. Check for other softwares installed on the computer with firewall capability (usually antivirus - I had a computer that had comodo installed, and even after uninstall some parts of comodo continued to block ports).
0
 

Author Comment

by:tcengineer
ID: 24374727
The reason I booted in safe mode with networking was to try and eliminate the possibility of a firewall being the culprit. The behavior still exists when in safe mode with networking.

By "Live CD", are you referring to a linux boot CD?

Currently, the system is isolated from the infrastructure and is connected directly to another system via cross-over cable. It has minimal network configuration (e.g. 169.254.?.?/16), Microsofts' default network configuration when link is sensed but no dhcp server is present.
0
 
LVL 6

Expert Comment

by:MikeGGG
ID: 24374742
Please check if you have any IP Security Policy applied on your server
0
 
LVL 6

Expert Comment

by:MikeGGG
ID: 24374757
sorry, the link is here
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 6

Expert Comment

by:MikeGGG
ID: 24374789
>>By "Live CD", are you referring to a linux boot CD?
you can boot from any "Live" CD, for example, Knoppix, or from BartPE,
Most important - your network card should be known for this version of boot CD so I would recommend latest version of Knoppix
0
 
LVL 7

Expert Comment

by:MariusSunchaser
ID: 24375605
Any Live CD you have there. I am using Knoppix.

Ahm, you will not be able to communicate with a crossover with 169.254.* IP. If you want to test with crossover, set manual IP with 192.168.1.1 and .2, for example.
0
 

Author Comment

by:tcengineer
ID: 24376027
MikeGGG: I'll look into the IPSEC configuration and let you know.

Marius: I currently have the problem system (win2k3) and a vista laptop connected to each other via a crossover cable. I have the NICs configured to get their IP settings automatically.

The servers' settings:
IP Address: 169.254.41.152
Netmask: 255.255.0.0

The laptops' settings:
IP Address 169.254.175.21
Netmask: 255.255.0.0

The server can ping the laptop, but the laptop can not ping the server.

I'm running the server in safe mode with networking.
0
 

Author Comment

by:tcengineer
ID: 24376495
MikeGGG:
I checked the IP Policy settings and they are identical to another win2k3 server I have on the network that DOES NOT behave the same way as the trouble server.

In fact none of the rules are "assigned".
0
 
LVL 6

Expert Comment

by:MikeGGG
ID: 24376646
The only idea I see now is to disable your existing network card, install another one and check from OSI Level 1 to Level 7 :)
0
 

Author Comment

by:tcengineer
ID: 24377152
Yike! Nothing is ever easy.

I think I'll try deleting the NICs and reinstalling the drivers, to see if that will help.

I'll let you know....

John  88{Q
0
 
LVL 7

Expert Comment

by:MariusSunchaser
ID: 24382225
tcengineer: 169.254.* is not a valid IP.

Why do you configure 2 computers to get IP through DHCP if there is no DHCP server available?
As I said, if you connect them via cross-over, set them a static IP in the same network!
Please update.
0
 

Author Comment

by:tcengineer
ID: 24384793
I set static IP addresses in the 192.168 range and retested, with the same behavior.

I also updated to the latest drivers for the NIC and retested with the same results.

I will be away from the computer today but will pick it up again tomorrow.

John  88{Q
0
 
LVL 6

Accepted Solution

by:
MikeGGG earned 250 total points
ID: 24385424
Please do the following:
- download the Knoppix Live CD from www.knoppix.com
- connect your target computer to a network where he will be able to obtain DHCP IP
- Boot your target computer from this CD
- check if your network card is recognized
-  check if you got the IP configuration
- check the connectivity

If you are successful, we should agree that you have some kind of firewall on your server, maybe some rootkit, I am out of ideas - your computer is not visible from here :)
0
 

Author Closing Comment

by:tcengineer
ID: 31580615
MikeGGG: I'm out of town but will be able to try your suggestions next week when I get back. I've resigned to try your suggestions and if they don't work, I'll rebuild the system.

I'll make a note of what the I end up doing.

Thanks for your patience!

John  88{Q
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This video discusses moving either the default database or any database to a new volume.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now