Solved

Windows 7 No Internet Access On 2003 Domain - Can't Ping Default Gateway

Posted on 2010-09-14
45
1,209 Views
Last Modified: 2012-05-10
Fresh build of Windows 7 Ultimate.  Imaged the system at my home (standard cable connection), downloaded and applied all updates, joined to the company's domain via VPN, maped printers, drives, etc.  Everything worked flawlessly until I got the system to the office.

While in the office the new Windows 7 system can access network resources (file shares, printers, browse computers, etc.) but cannot access the internet.  The network notification area states "no internet access".  

Server is 2003 standard.  Approximately 10 other systems (all XP) with no issues.

- Have tried both DHCP (provided by the domain controller) and static addressing.  While on DHCP the system pulls all configurations fine.  Even enabled a separate DHCP scope on the router and pulled from there with the same result.
- I am getting DNS resolution.  Internet addresses are resolved correctly, but obviously pings to anything external are not successful.  DNS is provided by the domain controller.
- Interestingly, I can NOT ping my default gateway (router).  When I attempt to ping my default gateway (which I confirmed is correct) I get:  reply from 192.168.1.111: Destination host unreachable.  Note that that IP (.111) is the Windows 7 system's own IP address.  I can ping other systems on the subnet.
- Updated the NIC driver from the standard Microsoft to the latest from the vendor (though NIC driver seems unlikely as the system worked perfectly from my house?).
- Windows identifies the connection as "domain".  Checked the security settings for the domain type and toggled all settings on and off but no difference.
- Disabled the Windows firewall, but same result.
- Disabled IPV6
- Disabled and enabled the network adapter
- Tried an automated repair of the connection and got the result "default gateway is unavailable" - only suggestion was to ensure the gateway is on the same subnet (of course it is).
- Brand new build so no other software installed to disable or uninstall.
- Cleared DNS cache
- Tried a different port and cable for the heck of it
- No pending updates on the Windows 7 system or the 2003 server
- When originally configuring the system from my home, while connected to the VPN and joined to the domain everything worked fine.

Also, the only other Windows 7 system (Home Premuim in this case) ever used in the office could not access the internet from the office either.  I ran through a small subset of the troubleshooting above on that system (got a DHCP address, name resolution fine, etc.), but didn't get enough time to get into detail on that system.  That system was NOT joined to the domain.

Any thoughts?  At this point it almost seems like a router issue to me?  It's just a cheapo small/home office router (don't remember the make/model right now).
0
Comment
Question by:stevensims
  • 18
  • 12
  • 5
  • +5
45 Comments
 
LVL 3

Expert Comment

by:raxix
Comment Utility
did you try trace route? try this command in DOS
tracert <gateway ip address or DNS IP address>
0
 
LVL 4

Expert Comment

by:sire_harvey
Comment Utility
Was the connection from home a VPN established from your home Router or from client software on the Win7 machine?
From the CMD line, type "route print" without quotes and check your default gateway is correct.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
The VPN was using the standard Windows client connecting to RRAS on the server.

I just lost my remote connection to the system (unsure why), but I'll try the traceroute and check the routing table when I can reconnect.  I'm pretty sure I previously checked routing table and it looked OK, but I'll check again and paste the results.  
0
 
LVL 1

Expert Comment

by:ib02012005
Comment Utility
I do was facing the same problem with Windows 7 installation. But anyhow I managed to overcome this problem with the method explained below:

click on the network icon.

open network and sharing center

click on change adapter settings

there you will find Local area connection

disable the same and re-enable

I think your internet access will be restored.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Thanks ib but I have already disabled/enabled the connection, as well as installed the latest NIC drivers.  
0
 
LVL 1

Expert Comment

by:Barakoli
Comment Utility
Is the router/gateway IP pingable from non-windows 7 machines. Do you receive the Network type splash screen, where you chose Home, Work, Public? This splash screen will not come up if the gateway is not available and without making this selection in Windows 7 you cannot route outbound using the GW.
0
 
LVL 3

Expert Comment

by:raxix
Comment Utility
Do you have any other network connections like wireless connection enabled? If so please disable all those. Because windows 7 takes non LAN connections as default connection to internet as well.
0
 
LVL 6

Expert Comment

by:RootsMan
Comment Utility
Use route print from the Command Prompt. The default route, 0.0.0.0, should have the IP address of your Default Gateway. If the default gateway says local-link or has the wrong IP for your default gateway, then that is probably what is causing your issue.  Also, if you have two entries with 0.0.0.0, then that's an issue too.

Type "route delete 0.0.0.0" then wait for a minute before accessing the Internet.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
I deleted the default route, waited a few minutes and tried again.  I also re-added the default route.  There are no other connections enabled (wireless, VPN, etc.).  

The gateway IS pingable from all other non-Windows 7 systems in the environment.  I did not get the option to select the network type (Home, Work, etc.) for this connection, Windows automatically determined it as "domain".

The default gateway is still unavailable...

Below is the current route table.

.152 is the host in question
.1 is the gateway (router)

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0  255.255.255.255      192.168.1.1    192.168.1.152     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.152    276
    192.168.1.152  255.255.255.255         On-link     192.168.1.152    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.152    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.152    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.152    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
I should also note that i just removed and re-joined to the domain while in the office to see if that helped.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
Your netmask is wrong--it is blocking access to the entire network because it is set to all 255.
It doesn't matter what you do, this machine will communicate to nothing but itself!
You have to change the netmask to 255.255.255.0

It pings itself when asked to point to the gateway because the 'all 255' netmask blocks everything but itself.
Fix this, you'll be okay!
Go into the net settings and change the mask.
0
 
LVL 4

Expert Comment

by:sire_harvey
Comment Utility
lscarbor is correct, however i would change the netmask on the first line to 0.0.0.0 so ALL traffic not to itself is routed via your default gateway.
Top line should look like this:

Network Destination        Netmask          Gateway       Interface       Metric
            0.0.0.0                  0.0.0.0      192.168.1.1    192.168.1.152     21
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Good catch on the route...  I re-enabled DHCP (while moving the computer from a different office for testing - note that my host IP is now back to .111) and here is the current routing table:

C:\Users\administrator>route print
===========================================================================
Interface List
 11...90 fb a6 4b f0 cb ......Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Cont
oller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.111     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.111    276
    192.168.1.111  255.255.255.255         On-link     192.168.1.111    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.111    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.111    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.111    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

I'm still getting the same result... no internet acces, and receiving "destination host unreachable" from my own IP address when trying to ping the default gateway.
0
 
LVL 4

Expert Comment

by:sire_harvey
Comment Utility
Is IPv6 enabled?
5th line in your Active Routes has Gateway for 192.168.1.0 255.255.255.0 is set to On-link
IPv4 should have this as 192.168.1.111
0
 
LVL 6

Expert Comment

by:RootsMan
Comment Utility
Show us your output from: ipconfig /all
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Sire:  I ran the command  "route change 192.168.1.0 mask 255.255.255.0 192.168.1.111" , got the "OK" confirmatin, but the route was not changed.  Is it perhaps sensing that that location is on the link and I can't change that variable?

IPv6 is disabled.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Here is the current ipconfig /all.  Note that i transposed the domain with "private".  

Windows IP Configuration

   Host Name . . . . . . . . . . . . : administrator
   Primary Dns Suffix  . . . . . . . : private.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : private.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : private.local
   Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ether
net Controller
   Physical Address. . . . . . . . . : 90-FB-A6-4B-F0-CB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, September 15, 2010 5:01:11 PM
   Lease Expires . . . . . . . . . . : Monday, September 20, 2010 5:01:12 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.25
   DNS Servers . . . . . . . . . . . : 192.168.1.25
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.private.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : private.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
LVL 4

Expert Comment

by:sire_harvey
Comment Utility
You said you tested from another office?
What routers are in use?
Have you had the machine back at your house, maybe it thinks its still in the HomeGroup?
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Yes, tested from another office, then even from the server room attached directly to the router.  I'll check the router make/model - it's just a generic (cheap) small office/home office router.  

I haven't brought the system back to my house yet.  Can I tell if it thinks its still in the home group?  In the Network and Sharing Center, it states just "private.local" under the "view your active networks" section.  It identifies the network as a domain network, I never had the option to change that designation (as opposed to the typical prompt received when setting up a new network).  
0
 
LVL 4

Expert Comment

by:sire_harvey
Comment Utility
Sounds like its setup all OK.
Is the system 64-bit? There are a few blogs / forums out there about connecting Win7 64 bit machines to home/office routers. Granted these are mostly over wireless, but it may pay to check if there are any firmware updates to the router. Probably a long shot though.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
That does look much better.
I think that it may require a reset on the TCP/IP stack.
Try this command:
netsh int ip reset
Then set the network back up. (nomally pick 'Work')
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
OK, ran the TCP/IP stack reset to no avail.  Still can't ping the default gateway.  And I can't find any means to delete or re-setup the network?

Yes, the system is 64 bit.  I saw quite a few similar problems on blogs/sites like you mentioned, though most of them were for sporadic internet connectivity... most of them were resolved (at least temporarily) by disabling/enabling or updating the driver for the NIC.  Unfortunately none of that worked for me :(

 I did check for firmware updates on the router, but nothing was available.  Rebooted it as well.  The system had no problems connecting to my $40 (and much older) Linksys at home...

Maybe I'll wait until after-hours and try to swap the router just for kicks?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:stevensims
Comment Utility
I was still in a homegroup... left the homegroup, but no change.

Not sure if it matters, but the lan subnet at my house is the same as the subnet at the office (192.168.1.0).
0
 
LVL 2

Expert Comment

by:mcorbitt
Comment Utility
You need to change your subnet at home, being in the same subnet the packets will never get routed out the vpn
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Mcorbitt:  The system was only at my home during the initial setup.  It is now in the office and directly connected.  The VPN connection has been deleted.

Not sure if this is another piece of the problem, but I checked the ARP cache on the system and it did not have an ARP entry for the default gateway.  Interestingly, there was an ARP entry, using the same MAC address as the XP systems have for the default gateway, for the external (WAN) IP of the router?  Maybe created during the initial VPN connection?

I deleted the ARP entry for the WAN interface on the router and, through some troubleshooting (http://superuser.com/questions/101293/windows-7-the-arp-entry-addition-failed-access-is-denied), added an ARP entry for the default gateway (internal IP of the router).  Now the ARP entry matches the working XP systems.

Now, when I ping the default gateway I get "request timed out".  May be a step in the right direction?
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
Is it possible the network interface is bad? (it happens ;-(
Have you run 'winsock reset' ?
I think that in a wired network with direct connection to the router, a ping should work on a very default set up.
Since ping isn't working, something basic is failing.
If you just reset everything, you should be able to ping something on the same network without routes or any other hoop-jumping.
For example, If you flush the arp cache, the next upstream router should ping.
SO:
Can you ping anything? Can anything ping this unit? An object that is not the gateway should ping even if the gateway arp is wrong etc.
In a worst-case, you could do a repair install. It sometimes is the easy way to salvation.
It's a fresh install, so you could just start over.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
It's possible the interface is bad, though it seems unlikely as it worked perfectly at my house, and the system has domain connectivity?

I can ping everything on the domain... the domain controller, other domain workstations, etc.

I'll try the Winsock reset and maybe a repair.  Any other ideas :(
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
How about this:
Open a cmd window elevated. Then type this:
netsh advfirewall set allprofiles state off
(clears the firewall )
Maybe the windows firewall is stuck due to that previous designation of the network being different from your office layout.

I found a similar incident at this location:
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/2b247e18-1d51-4155-8455-2956ae587910
and the above string seems to have corrected it.
Afterwards the firewall should be turned back on, of course, but if it works it would clear up a lot of mystery.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Just did a Winsock repair and restarted... no change.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
Sorry Winsock didn't work--now that I understand you can ping everything except the gateway, I think the best chance is turning the firewall state--fingers crossed for the advfirewall 'fix'.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
I meant 'tuning' the firewall state. Sorry.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Man...  I read the article and tried that command, which did disable the firewall, but still no go.  Destination host unreachable.

Argh!
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
Dang, that looked so good! I'm playing with a Win 7 unit here to try to replicate your issue.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
This section on yours:
Persistent Routes:
  None
Is odd, I think.
On my Win 7 test unit it shows the outside IP
the router is 192.168.2.2 which shows as the gateway address.
But the persistent route shows the public address of the router.
Since I didn't put that in, it seems like yours should show it too.
I'm working on finding out how that entry automagically shows up.
0
 
LVL 1

Expert Comment

by:Barakoli
Comment Utility
If you go into Network and Sharing Center under View your active networks, click the highlighted link on the left and reset your network Location to Work.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
I assume you've restarted the work router.
The reason I ask is I wonder if it is an issue with the router and arp.
If you have another network card handy, you could try that.
(don't laugh! If the router has a block on the existing mac address, changing the card would make the pc appear as a different mac and the router might allow it. Alternately, the router's arp cache might be killing the connection.)
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
In the Network and Sharing Center, under the View Your Active Networks section the "private.local" connection shows, but the only click-able item under there is the icon for the network... clicking lets me change the network name or change the icon... I also have a link to Merge or Delete Network Locations, but both the Merge and Delete options for the private.local network location are grayed out (guessing because it shows as in use).  

No links or options to change the network type... I'm guessing Windows detected it as a domain and won't let me modify.
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
PS: I'm convinced the net card is good, since it will ping other things, but I'm trying to touch the gateway router with a different MAC address. Once you get into the esoteric area this problem is in, you're looking at the electronics, not the IP stuff.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
Yep, restarted the router a while back.  Strange thing is that the only other Windows 7 system ever plugged in at the office appeared to have the exact same issue.  It was a personal system (running Home Premium) so I didn't spend much time troubleshooting, so it could be something else.  That other system was NOT joined to the domain.

I don't have another NIC, but I'll see if I can round one up.
0
 
LVL 1

Expert Comment

by:Barakoli
Comment Utility
Are you running any antivirus software that includes a firewall?
0
 
LVL 5

Accepted Solution

by:
lscarbor earned 500 total points
Comment Utility
Two units that have the same problem make me think the router is not happy with 7. What brand/model is it?
Maybe a flash update is in your future.
0
 
LVL 1

Expert Comment

by:Barakoli
Comment Utility
Are you familiar with Wireshark, a packet capture program. It will give some insight into what happens to the packets as they leave your 7 box.
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
The system was running AVG Free (meh, I know).  I removed it.  

I'm thinking router too... unfortunately no updates available for it.  Not familiar with Wireshark, but good idea, I'll see if I can trace the traffic down.  
0
 
LVL 1

Author Comment

by:stevensims
Comment Utility
All - Thanks for your help on the issue.  Got it fixed... it WAS the router!  Over the weekend I swapped the router for a spare I had sitting around and the sytsem worked perfectly.  I even reset the router to factory default, cabled it directly to the Windows 7 system, and the system still could not talk to the router.  
0
 
LVL 5

Expert Comment

by:lscarbor
Comment Utility
Thank you so much, stevensims--I'm very happy that it is working. Very strange, but not unheard of. Good luck in the future.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now