egxis
asked on
Win 2003 Server - working network card but unable to send/receive traffic
A week ago the server stopped sending / receiving TCP/IP network traffic.
It's almost as if network traffic is being black-holed. i.e the network card is working, correctly configured, but any traffic sent to or being sent from the server is not usable.
The server can ping itself, i.e. on its own IP, eg 192.168.1.5 and loopback 127.0.0.1
When logging on I get an error message that "At least one service or driver failed during startup. Use Event viewer to examine the event log for details.".
I looked in the logs, but could see nothing of significance but there is only one possible error message that I can see:
4292 : The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
If I boot a rescue OS from a CD on the same server, configuring the same IP parameters, the server is accessible, so this is definitely not a hardware issue.
Any suggestions please?
It's almost as if network traffic is being black-holed. i.e the network card is working, correctly configured, but any traffic sent to or being sent from the server is not usable.
The server can ping itself, i.e. on its own IP, eg 192.168.1.5 and loopback 127.0.0.1
When logging on I get an error message that "At least one service or driver failed during startup. Use Event viewer to examine the event log for details.".
I looked in the logs, but could see nothing of significance but there is only one possible error message that I can see:
4292 : The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
If I boot a rescue OS from a CD on the same server, configuring the same IP parameters, the server is accessible, so this is definitely not a hardware issue.
Any suggestions please?
This is quite a common error and can be resolved by following this solution here: http://support.microsoft.com/kb/956189
Post the result of netdiag
Are you also getting event 7023?
If so: http://support.microsoft.com/kb/912023
Usually just running regsvr32 polstore.dll and starting IPSec helps in this case.
If so: http://support.microsoft.com/kb/912023
Usually just running regsvr32 polstore.dll and starting IPSec helps in this case.
ASKER
I briefly ping when booting up, before whatever blocks me:
Request timeout for icmp_seq 3930
64 bytes from 192.168.1.5: icmp_seq=3931 ttl=128 time=0.439 ms
Request timeout for icmp_seq 3932
If I look at the ipsec detail, could this be IPSec's doing?
@demazter:
I did add port 4500 per the following KB, but it made no difference:
http://support.microsoft.com/kb/956189
@thabash:
"netdiag" log and "netsh ipsec dynamic show config" detail below.
@Wonko_the_Sane:
There was no registry key for IPSec under:
HKEY_LOCAL_MACHINE\SOFTWAR E\Policies \Microsoft \Windows\
Request timeout for icmp_seq 3930
64 bytes from 192.168.1.5: icmp_seq=3931 ttl=128 time=0.439 ms
Request timeout for icmp_seq 3932
If I look at the ipsec detail, could this be IPSec's doing?
@demazter:
I did add port 4500 per the following KB, but it made no difference:
http://support.microsoft.com/kb/956189
@thabash:
"netdiag" log and "netsh ipsec dynamic show config" detail below.
@Wonko_the_Sane:
There was no registry key for IPSec under:
HKEY_LOCAL_MACHINE\SOFTWAR
Z:\>netdiag
.....................................
Computer Name: ABCDMC0019
DNS Host Name: ABCdmc0019.card.acme.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB921503
KB923561
KB924667-v2
KB925902
KB926122
KB927891
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933566
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB937143
KB938127-IE7
KB938464
KB938759-v4
KB939653
KB939653-IE7
KB941568
KB941644
KB941672
KB941693
KB942615-IE7
KB942830
KB942831
KB943055
KB943460
KB943484
KB943485
KB944533-IE7
KB944653
KB945553
KB946026
KB947864-IE7
KB948496
KB948590
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB950974
KB951698
KB951746
KB951748
KB952004
KB952954
KB953298
KB953838-IE7
KB954211
KB954550-v5
KB955069
KB955759
KB956390-IE7
KB956572
KB956802
KB956803
KB956841
KB956844
KB957095
KB957097
KB958215-IE7
KB958469
KB958644
KB958687
KB958690
KB958869
KB959426
KB960225
KB960714-IE7
KB960803
KB960859
KB961063
KB961118
KB961260-IE7
KB961371
KB961371-v2
KB961373
KB961501
KB963027-IE7
KB967715
KB967723
KB968389
KB968537
KB969059
KB969805
KB969897-IE7
KB969947
KB970238
KB970483
KB971032
KB971486
KB971557
KB971633
KB971657
KB971737
KB971961
KB972270
KB973037
KB973346
KB973507
KB973525
KB973687
KB973825
KB973869
KB973904
KB973917
KB974318
KB974392
KB974455-IE7
KB974571
KB975467
KB976325-IE7
KB976749-IE7
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Broadcom NetXtreme Gigabit Ethernet #2' may not be w
orking.
[WARNING] The net card 'Microsoft Tun Miniport Adapter' may not be working.
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : ABCdmc0019
IP Address . . . . . . . . : 192.168.1.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 127.0.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : Local Area Connection 2
Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.
Host Name. . . . . . . . . : ABCdmc0019
IP Address . . . . . . . . : 192.168.1.6
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 127.0.0.1
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{AFAE4903-0739-4055-B7C3-6128D16BABD7}
NetBT_Tcpip_{3D9E57F4-F8E1-4B5E-AB52-E391B0C730F0}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'ABCdmc0019.card.acme.local.'. [WSAEADDRNOTAVAIL ]
The name 'ABCdmc0019.card.acme.local.' may not be registered in
DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'ABCdmc0019.card.acme.local.'. [WSAEADDRNOTAVAIL ]
The name 'ABCdmc0019.card.acme.local.' may not be registered in
DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'ABCdmc0019.card.acme.local.'. [ERROR_TIMEOUT]
The name 'ABCdmc0019.card.acme.local.' may not be registered in
DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'ABCdmc0019.card.acme.local.'. [ERROR_TIMEOUT]
The name 'ABCdmc0019.card.acme.local.' may not be registered in
DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '0.0.0.0'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{AFAE4903-0739-4055-B7C3-6128D16BABD7}
NetBT_Tcpip_{3D9E57F4-F8E1-4B5E-AB52-E391B0C730F0}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{AFAE4903-0739-4055-B7C3-6128D16BABD7}
NetBT_Tcpip_{3D9E57F4-F8E1-4B5E-AB52-E391B0C730F0}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
FOUND]
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Z:\>netsh ipsec dynamic show config
IPSec Configuration Parameters
------------------------------
IPSecDiagnostics : 0
IKElogging : 0
StrongCRLCheck : 1
IPSecloginterval : 3600
IPSecexempt : 3
Boot Mode : Permit
Boot Mode Exemptions :
Protocol Src Port Dst Port Direction
--------- --------- --------- ---------
UDP 0 68 Inbound
Yes..... the missing regkey is the problem!!!
Run the command I gave you and you'll be fine...
Run the command I gave you and you'll be fine...
Again:
regsvr32 polstore.dll
Then start IP Sec Service. Worst case it doesn't help, but only takes 20 seconds to try...
regsvr32 polstore.dll
Then start IP Sec Service. Worst case it doesn't help, but only takes 20 seconds to try...
>>I briefly ping when booting up, before whatever blocks me
This sounds more like antivirus software. Can you uninstall any antivirus software you have on the server and reboot. Does it continue?
This sounds more like antivirus software. Can you uninstall any antivirus software you have on the server and reboot. Does it continue?
The brief ping is completely normal in this situtation. When IP Sec starts (or fails to start) it enters block mode, but until then the server will respond to ping. It had this dozens of times before.
ASKER
@Wonko_the_Sane:
Ran it - same result, unless I need to change my (default / non-existent) IPSec config?
@demazter:
I use NOD32 but uninstalling it makes no difference.
Ran it - same result, unless I need to change my (default / non-existent) IPSec config?
@demazter:
I use NOD32 but uninstalling it makes no difference.
No, no reason to change the IPSec config. It is a good test though. Open the IPSec Management console and see if you get a file not found error. If yes, that is your problem. If not it's something else.
Is the regkey there after running the command? If not - are you sure you are running it correctly? Run it from a CMD, not from Start/Run. It should prompt you if you want to register the dll.
Is the regkey there after running the command? If not - are you sure you are running it correctly? Run it from a CMD, not from Start/Run. It should prompt you if you want to register the dll.
I have seen NOD32 do this (I am a reseller) have you completely uninstalled?
You don't have any other security software on there? Can you disable the Windows Firewall.
Is it NOD32 Antivirus or Smart security?
You don't have any other security software on there? Can you disable the Windows Firewall.
Is it NOD32 Antivirus or Smart security?
ASKER
@Wonko_the_Sane:
I can see the policy - no issues.
@demazter:
I have uninstalled / reinstalled, and thought it unlikely that NOD32 was to blame.
I used the NOD32 uninstaller as well as using the ESET uninstaller application.
Any additional suggestions?
I can see the policy - no issues.
@demazter:
I have uninstalled / reinstalled, and thought it unlikely that NOD32 was to blame.
I used the NOD32 uninstaller as well as using the ESET uninstaller application.
Any additional suggestions?
Have you followed the suggestion in the original post... i.e. disable the ipsec service? unless you ahve IPsec policies you do not need to have this running.
ASKER
I have disabled IPSec, no difference, however looking closely at an "ipconfig /all" I see I have some tunelling interfaces. I don't know how they got there and don't think that they should be there...
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-0A-06
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.6%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Disabled
If IPSec is really disabled you would no longer get the "entered Blocked mode' message in the event log... Can you check your system log for any IPSec related events and post all of them here?
Do you use IPv6 on your network? I ask as the DNS and IP address above are IPv6 and not IPv4 as stated earlier in your posts.
ASKER
@Wonko_the_Sane:
With IPSec disabled I get an event log message that says IPSec is running in Bypass mode
@Hi8uS:
I don't use IPv6 and don't know why the server has it installed. I have removed the IPv6 bindings to the network card, but have not removed IPv6 in its entirety.
Unfortunately, even with the above two "fixes" the server is still black-holing traffic.
During startup I can get two successful ping responses before whatever is sucking my network traffic in kicks in and causes the server to not have network connectivity...
With IPSec disabled I get an event log message that says IPSec is running in Bypass mode
@Hi8uS:
I don't use IPv6 and don't know why the server has it installed. I have removed the IPv6 bindings to the network card, but have not removed IPv6 in its entirety.
Unfortunately, even with the above two "fixes" the server is still black-holing traffic.
During startup I can get two successful ping responses before whatever is sucking my network traffic in kicks in and causes the server to not have network connectivity...
Well, maybe the IPSec message pointed us in the wrong direction... And the antivirus software is uninstalled, right?
Maybe we should take this back to the start and try the first thing I would have checked if it weren't for the IPSec message :)
- when you ping it, are you on the same subnet?
- did you try to check if the Windows firewall is on? This also may cause this behaviour, a few pings before it loads, then blocks all traffic...
Maybe we should take this back to the start and try the first thing I would have checked if it weren't for the IPSec message :)
- when you ping it, are you on the same subnet?
- did you try to check if the Windows firewall is on? This also may cause this behaviour, a few pings before it loads, then blocks all traffic...
ASKER
@Wonko_the_Sane:
- antivirus software is uninstalled, right?
yes
- when you ping it, are you on the same subnet?
yes - and as I mentioned, I'm able to receive 1 or 2 ping responses before it blackholes
- did you try to check if the Windows firewall is on? This also may cause this behaviour, a few pings before it loads, then blocks all traffic...
Windows firewall is definitely off
- antivirus software is uninstalled, right?
yes
- when you ping it, are you on the same subnet?
yes - and as I mentioned, I'm able to receive 1 or 2 ping responses before it blackholes
- did you try to check if the Windows firewall is on? This also may cause this behaviour, a few pings before it loads, then blocks all traffic...
Windows firewall is definitely off
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After running the following two commands and resetting my TCP/IP configuration, it was fixed
netsh int ip reset c:\resetlog.txt
netsh winsock reset catalog
netsh int ip reset c:\resetlog.txt
netsh winsock reset catalog