asked on

Win 2003 Server - working network card but unable to send/receive traffic

A week ago the server stopped sending / receiving TCP/IP network traffic.

It's almost as if network traffic is being black-holed. i.e the network card is working, correctly configured, but any traffic sent to or being sent from the server is not usable.

The server can ping itself, i.e. on its own IP, eg 192.168.1.5 and loopback 127.0.0.1

When logging on I get an error message that "At least one service or driver failed during startup. Use Event viewer to examine the event log for details.".

I looked in the logs, but could see nothing of significance but there is only one possible error message that I can see:
4292 : The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.

If I boot a rescue OS from a CD on the same server, configuring the same IP parameters, the server is accessible, so this is definitely not a hardware issue.

Any suggestions please?

Glen Knight

This is quite a common error and can be resolved by following this solution here: http://support.microsoft.com/kb/956189

thabash

Post the result of netdiag

Wonko_the_Sane

Are you also getting event 7023?

If so: http://support.microsoft.com/kb/912023
Usually just running regsvr32 polstore.dll and starting IPSec helps in this case.

egxis

ASKER

I briefly ping when booting up, before whatever blocks me:
Request timeout for icmp_seq 3930
64 bytes from 192.168.1.5: icmp_seq=3931 ttl=128 time=0.439 ms
Request timeout for icmp_seq 3932

If I look at the ipsec detail, could this be IPSec's doing?

@demazter:
I did add port 4500 per the following KB, but it made no difference:
http://support.microsoft.com/kb/956189

@thabash:
"netdiag" log and "netsh ipsec dynamic show config" detail below.

@Wonko_the_Sane:
There was no registry key for IPSec under:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\

Z:\>netdiag 

..................................... 

Computer Name: ABCDMC0019 
DNS Host Name: ABCdmc0019.card.acme.local 
System info : Microsoft Windows Server 2003 (Build 3790) 
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel 
List of installed hotfixes : 
KB921503 
KB923561 
KB924667-v2 
KB925902 
KB926122 
KB927891 
KB930178 
KB931768 
KB931784 
KB931836 
KB932168 
KB933360 
KB933566 
KB933729 
KB933854 
KB935839 
KB935840 
KB935966 
KB936021 
KB936357 
KB937143 
KB938127-IE7 
KB938464 
KB938759-v4 
KB939653 
KB939653-IE7 
KB941568 
KB941644 
KB941672 
KB941693 
KB942615-IE7 
KB942830 
KB942831 
KB943055 
KB943460 
KB943484 
KB943485 
KB944533-IE7 
KB944653 
KB945553 
KB946026 
KB947864-IE7 
KB948496 
KB948590 
KB948881 
KB949014 
KB950759-IE7 
KB950760 
KB950762 
KB950974 
KB951698 
KB951746 
KB951748 
KB952004 
KB952954 
KB953298 
KB953838-IE7 
KB954211 
KB954550-v5 
KB955069 
KB955759 
KB956390-IE7 
KB956572 
KB956802 
KB956803 
KB956841 
KB956844 
KB957095 
KB957097 
KB958215-IE7 
KB958469 
KB958644 
KB958687 
KB958690 
KB958869 
KB959426 
KB960225 
KB960714-IE7 
KB960803 
KB960859 
KB961063 
KB961118 
KB961260-IE7 
KB961371 
KB961371-v2 
KB961373 
KB961501 
KB963027-IE7 
KB967715 
KB967723 
KB968389 
KB968537 
KB969059 
KB969805 
KB969897-IE7 
KB969947 
KB970238 
KB970483 
KB971032 
KB971486 
KB971557 
KB971633 
KB971657 
KB971737 
KB971961 
KB972270 
KB973037 
KB973346 
KB973507 
KB973525 
KB973687 
KB973825 
KB973869 
KB973904 
KB973917 
KB974318 
KB974392 
KB974455-IE7 
KB974571 
KB975467 
KB976325-IE7 
KB976749-IE7 
Q147222 


Netcard queries test . . . . . . . : Passed 
[WARNING] The net card 'Broadcom NetXtreme Gigabit Ethernet #2' may not be w 
orking. 
[WARNING] The net card 'Microsoft Tun Miniport Adapter' may not be working. 



Per interface results: 

Adapter : Local Area Connection 

Netcard queries test . . . : Passed 

Host Name. . . . . . . . . : ABCdmc0019 
IP Address . . . . . . . . : 192.168.1.5 
Subnet Mask. . . . . . . . : 255.255.255.0 
Default Gateway. . . . . . : 192.168.1.1 
Dns Servers. . . . . . . . : 127.0.0.1 


AutoConfiguration results. . . . . . : Passed 

Default gateway test . . . : Failed 
No gateway reachable for this adapter. 

NetBT name test. . . . . . : Passed 
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge 
r Service', <20> 'WINS' names is missing. 
No remote names have been found. 

WINS service test. . . . . : Skipped 
There are no WINS servers configured for this interface. 

Adapter : Local Area Connection 2 

Netcard queries test . . . : Failed 
NetCard Status: DISCONNECTED 
Some tests will be skipped on this interface. 

Host Name. . . . . . . . . : ABCdmc0019 
IP Address . . . . . . . . : 192.168.1.6 
Subnet Mask. . . . . . . . : 255.255.255.0 
Default Gateway. . . . . . : 192.168.1.1 
Dns Servers. . . . . . . . : 127.0.0.1 




Global results: 


Domain membership test . . . . . . : Passed 


NetBT transports test. . . . . . . : Passed 
List of NetBt transports currently configured: 
NetBT_Tcpip_{AFAE4903-0739-4055-B7C3-6128D16BABD7} 
NetBT_Tcpip_{3D9E57F4-F8E1-4B5E-AB52-E391B0C730F0} 
2 NetBt transports currently configured. 


Autonet address test . . . . . . . : Passed 


IP loopback ping test. . . . . . . : Passed 


Default gateway test . . . . . . . : Failed 

[FATAL] NO GATEWAYS ARE REACHABLE. 
You have no connectivity to other network segments. 
If you configured the IP protocol manually then 
you need to add at least one valid gateway. 


NetBT name test. . . . . . . . . . : Passed 
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi 
ce', <03> 'Messenger Service', <20> 'WINS' names defined. 


Winsock test . . . . . . . . . . . : Passed 


DNS test . . . . . . . . . . . . . : Failed 
[WARNING] Cannot find a primary authoritative DNS server for the name 
'ABCdmc0019.card.acme.local.'. [WSAEADDRNOTAVAIL ] 
The name 'ABCdmc0019.card.acme.local.' may not be registered in 
DNS. 
[WARNING] Cannot find a primary authoritative DNS server for the name 
'ABCdmc0019.card.acme.local.'. [WSAEADDRNOTAVAIL ] 
The name 'ABCdmc0019.card.acme.local.' may not be registered in 
DNS. 
[WARNING] Cannot find a primary authoritative DNS server for the name 
'ABCdmc0019.card.acme.local.'. [ERROR_TIMEOUT] 
The name 'ABCdmc0019.card.acme.local.' may not be registered in 
DNS. 
[WARNING] Cannot find a primary authoritative DNS server for the name 
'ABCdmc0019.card.acme.local.'. [ERROR_TIMEOUT] 
The name 'ABCdmc0019.card.acme.local.' may not be registered in 
DNS. 
[WARNING] The DNS entries for this DC are not registered correctly on DNS se 
rver '0.0.0.0'. Please wait for 30 minutes for DNS server replication. 
[FATAL] No DNS servers have the DNS records for this DC registered. 


Redir and Browser test . . . . . . : Passed 
List of NetBt transports currently bound to the Redir 
NetBT_Tcpip_{AFAE4903-0739-4055-B7C3-6128D16BABD7} 
NetBT_Tcpip_{3D9E57F4-F8E1-4B5E-AB52-E391B0C730F0} 
The redir is bound to 2 NetBt transports. 

List of NetBt transports currently bound to the browser 
NetBT_Tcpip_{AFAE4903-0739-4055-B7C3-6128D16BABD7} 
NetBT_Tcpip_{3D9E57F4-F8E1-4B5E-AB52-E391B0C730F0} 
The browser is bound to 2 NetBt transports. 


DC discovery test. . . . . . . . . : Passed 


DC list test . . . . . . . . . . . : Failed 
Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_ 
FOUND] 


Trust relationship test. . . . . . : Skipped 


Kerberos test. . . . . . . . . . . : Passed 


LDAP test. . . . . . . . . . . . . : Passed 


Bindings test. . . . . . . . . . . : Passed 


WAN configuration test . . . . . . : Skipped 
No active remote access connections. 


Modem diagnostics test . . . . . . : Passed 

IP Security test . . . . . . . . . : Skipped 

Note: run "netsh ipsec dynamic show /?" for more detailed information 


The command completed successfully 

Z:\>netsh ipsec dynamic show config 

IPSec Configuration Parameters 
------------------------------ 
IPSecDiagnostics : 0 
IKElogging : 0 
StrongCRLCheck : 1 
IPSecloginterval : 3600 
IPSecexempt : 3 
Boot Mode : Permit 
Boot Mode Exemptions : 
Protocol Src Port Dst Port Direction 
--------- --------- --------- --------- 
UDP 0 68 Inbound

Open in new window

Wonko_the_Sane

Yes..... the missing regkey is the problem!!!
Run the command I gave you and you'll be fine...

Wonko_the_Sane

Again:
regsvr32 polstore.dll

Then start IP Sec Service. Worst case it doesn't help, but only takes 20 seconds to try...

Glen Knight

>>I briefly ping when booting up, before whatever blocks me
This sounds more like antivirus software. Can you uninstall any antivirus software you have on the server and reboot. Does it continue?

Wonko_the_Sane

The brief ping is completely normal in this situtation. When IP Sec starts (or fails to start) it enters block mode, but until then the server will respond to ping. It had this dozens of times before.

egxis

ASKER

@Wonko_the_Sane:
Ran it - same result, unless I need to change my (default / non-existent) IPSec config?

@demazter:
I use NOD32 but uninstalling it makes no difference.

Wonko_the_Sane

No, no reason to change the IPSec config. It is a good test though. Open the IPSec Management console and see if you get a file not found error. If yes, that is your problem. If not it's something else.

Is the regkey there after running the command? If not - are you sure you are running it correctly? Run it from a CMD, not from Start/Run. It should prompt you if you want to register the dll.

Glen Knight

I have seen NOD32 do this (I am a reseller) have you completely uninstalled?
You don't have any other security software on there? Can you disable the Windows Firewall.

Is it NOD32 Antivirus or Smart security?

egxis

ASKER

@Wonko_the_Sane:
I can see the policy - no issues.

@demazter:
I have uninstalled / reinstalled, and thought it unlikely that NOD32 was to blame.
I used the NOD32 uninstaller as well as using the ESET uninstaller application.
Any additional suggestions?

Hi8uS

Have you followed the suggestion in the original post... i.e. disable the ipsec service? unless you ahve IPsec policies you do not need to have this running.

egxis

ASKER

I have disabled IPSec, no difference, however looking closely at an "ipconfig /all" I see I have some tunelling interfaces. I don't know how they got there and don't think that they should be there...

Tunnel adapter Automatic Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : C0-A8-0A-06
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.6%2
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
                                       fec0:0:0:ffff::2%2
                                       fec0:0:0:ffff::3%2
   NetBIOS over Tcpip. . . . . . . . : Disabled

Open in new window

Wonko_the_Sane

If IPSec is really disabled you would no longer get the "entered Blocked mode' message in the event log... Can you check your system log for any IPSec related events and post all of them here?

Hi8uS

Do you use IPv6 on your network? I ask as the DNS and IP address above are IPv6 and not IPv4 as stated earlier in your posts.

egxis

ASKER

@Wonko_the_Sane:
With IPSec disabled I get an event log message that says IPSec is running in Bypass mode

@Hi8uS:
I don't use IPv6 and don't know why the server has it installed. I have removed the IPv6 bindings to the network card, but have not removed IPv6 in its entirety.

Unfortunately, even with the above two "fixes" the server is still black-holing traffic.
During startup I can get two successful ping responses before whatever is sucking my network traffic in kicks in and causes the server to not have network connectivity...

Wonko_the_Sane

Well, maybe the IPSec message pointed us in the wrong direction... And the antivirus software is uninstalled, right?

Maybe we should take this back to the start and try the first thing I would have checked if it weren't for the IPSec message :)

- when you ping it, are you on the same subnet?
- did you try to check if the Windows firewall is on? This also may cause this behaviour, a few pings before it loads, then blocks all traffic...

egxis

ASKER

@Wonko_the_Sane:

- antivirus software is uninstalled, right?
yes

- when you ping it, are you on the same subnet?
yes - and as I mentioned, I'm able to receive 1 or 2 ping responses before it blackholes

- did you try to check if the Windows firewall is on? This also may cause this behaviour, a few pings before it loads, then blocks all traffic...
Windows firewall is definitely off

ASKER CERTIFIED SOLUTION

Wonko_the_Sane

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

egxis

ASKER

After running the following two commands and resetting my TCP/IP configuration, it was fixed

netsh int ip reset c:\resetlog.txt
netsh winsock reset catalog