[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows XP Pro machine suddenly blocking incoming connections

Posted on 2011-10-23
36
Medium Priority
?
744 Views
Last Modified: 2012-08-13
We have a Windows XP Pro machine running a web server which all the XP Pro client machines on our network access.  Suddenly it has stopped serving pages.  On futher invesitgation the machne can't be pinged by any of the client machine or by the router (to which they're all connected) however it can ping the client machines and the router.  I created a shared folder on the web server however none of the client machines can access this folder.  I have disabled the Firewall on the web server and uninstalled AVG Anti Virus (which has been known to cause problems).  The last time we know for sure that a client machine accessed the web server was last Wednesday so I rolled the web server back to the Friday before that using System Restore but this made no difference.  The technical support team that supports the software running on the server have checked the settings for the web server software and they can find nothing wrong, in fact it works fine when used on the host machine - only the network clients can't get pages from it.
0
Comment
Question by:frasierphilips
  • 12
  • 10
  • 7
  • +4
36 Comments
 
LVL 16

Expert Comment

by:sjklein42
ID: 37014982
Still sounds an awful lot like a firewall is blocking incoming traffic.  Any third-party firewall software on the machine, like Norton?  You might also want to scan the server with malwarebytes if you haven't already done so.  AVG doesn't catch everything.
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37014984
know you said you have no firewall turned on but everything you have eplained so far points to that as being the problem, If you can not ping the XP box from any other network PC or device , but the XP box can ping everything else, It would have to be a firewall issue on the XP box. Check windows firewall agian and make sure it is turned off.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015035
Hi
Suggest check what network protocols are installed on the network card.
If you see anything other than the standard TCP/IP, Microsoft Client, uninstall them and check the settings for the actual network card.
If not, uninstall the driver, and reboot, force Windows to rescan for the hardware.
By the way, if you find a Novell client somehow installed remove it, reboot and then try to connect.

Had something similar some time back.

Are you running IIS on the XP machine?

Also check msconfig via start, then run, type msconfig are the run prompt
check what applications are running and make sure you don't have any malware, spyware etc.
De-select anything which is not required, do a reboot and check.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:frasierphilips
ID: 37015043
No other 3rd Party Firewall software running.  I set the Windows Firewall to Off and stopped the Firewall service - still made no difference.  I'll scan for Malware.
0
 

Author Comment

by:frasierphilips
ID: 37015047
@andrewmcc - as a first step, we installed a new network card and it made no difference.  IIS isn't running.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015056
Have you checked the network protocols?
See if the ip is set to auto or manual.

For some reason before, had some serious pain getting rid of AVG.
There is a manual download tool to get rid of it.
http://www.avg.com/us-en/utilities
select whichever version you need to remove it.

Do you have a replacement a/v and i/s package?
Would strongly recommend Kapersky Internet Security 2012.
Seems to be worth while and almost bullet proof these days compared to anything else.
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37015059
have you tried moving the PC to a different network port?
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015062
Re switch or router, have you tried powering off the router and back on again.
Like Mlchelp - valid question
0
 

Author Comment

by:frasierphilips
ID: 37015089
Not tried machine on new network port but it can access internet with no problems.  Not tried rebooting router or checked network protocols but machine worked fine for months and months and no one has changed any hardware settings and no new software has been installed.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015090
What version of TCP is active on the Win XP machine?
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37015092
I would try the network port.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015094
If you have TCP/IP version 6 that might be causing an issue.
I know of a reg fix reset that will reset the TCP stack if v6 is active.
0
 

Author Comment

by:frasierphilips
ID: 37015097
Presume it's TCP V4 - what causes V6 to be installed?
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37015104
I dont think it does in XP, didnt you say it was XP ?
0
 

Author Comment

by:frasierphilips
ID: 37015106
XP Pro
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015109
Would suggest you go through the suspect pc with a fine toothcomb.
Re V6 - wierd - several things do cause it.
Worth checking the settings on the tcp ip option via networks.
Also check what clients are active - ie. microsoft novell etc
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015112
Am in UK, up for next hours if you want to try options.
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37015116
if you replaced the network card already and  your sure there is no 3P firewall installed then I? would move it to a different network port.
0
 

Author Comment

by:frasierphilips
ID: 37015120
@andrewmcc - in UK too but machine is in closed office, inaccessible and no remote access - thanks for offer though.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015124
Can you check following and reply;

msconfig (do you know how to use it?) - check in startup tab - anything suspect?

network settings - what clients are active and protocol options - tcpip - if tcpip v6 is active?

what user accounts are active - via computer management?

simple query - is there a name conflict of the pc? try renaming the pc as test, reboot and then see if it can access network, ping router, etc - also try to unplug everything apart from one pc, then test, see if that makes a difference, then add second then third etc
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37015127
if it was a protocol issue or ip v6 then he wouldnt be able to ping the other machines or the router. Either the icmp packet is being blocked going to the PC or the echo reply packet is being blocked on the return, make sure you do not have proxy arp turned on in that part of your network.
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 37015132
check the dynamic tables on your network and see if the proper mac addrss is there in the switch it is connected to, if its a layer 3 switch, it is possible that the port on that switch is causing the issue.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 37015133
Xp does have that silly incoming connection limit thing
http://support.microsoft.com/kb/314882
I've used a patch to get around it but upgradingto 7 was the real solution for me.
http://www.speedguide.net/articles/windows-xp-sp2-tcpipsys-connection-limit-patch-1497
0
 

Author Comment

by:frasierphilips
ID: 37015137
yep - very technical, our company provides support to them - I can't help thinking we're going off at a tangent.  This system has run for months and months with no problem.  The customer is a Ford repair centre and the system is running their proprietary ECAT parts management system - it's worked fine for all of this year.  The staff aren't technical so it's highly unlikely that they've changed anything - I think it's more likely hardware failure or a virus.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015152
Good luck, try what have listed.
final option would be to check the hosts file
c:\windows\system32\drivers\other - see what might be entered within the file
Last thought .
0
 
LVL 16

Expert Comment

by:sjklein42
ID: 37015165
Is it possible the machine's IP address has changed and isn't what you think it is?

IPCONFIG /ALL
0
 

Author Comment

by:frasierphilips
ID: 37015171
Nope - tried all of that.  Just to make life trickier, changing things like the machine name or installing a new network card is enough to make the Ford system generate a new installation ID which in turn invalidates the license and locks the software out meaning you have to call support and get them to reactivate it.
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37015178
Try what I suggested re TCP version.
Plus what I listed.
0
 
LVL 1

Expert Comment

by:reward01
ID: 37019079
First:
Are you all using a Static IP Address?
If not you want to set it to one!

If you are I would check your Binding Order (Advanced under the network adapter window).
0
 
LVL 22

Expert Comment

by:CompProbSolv
ID: 37019128
If the computer has a static IP address, consider (temporarily) reconnecting it to an entirely separate (and simple) switch, along with another computer with a static IP address.  Try pinging in both directions and see what happens.  This will rule out any odd issues in the existing switch or router.

Firewall and malware issues (as suggested by others) seem to be the likely issues.  I didn't see any post that a good malware scan was done.

What if the web server is booted in Safe Mode w/Networking?  Can it be pinged then?
0
 

Accepted Solution

by:
frasierphilips earned 0 total points
ID: 37020853
Thanks all - the system seems to have rectified itself.
0
 

Author Closing Comment

by:frasierphilips
ID: 37049281
Machine returned to working order of its own accord
0
 

Author Comment

by:frasierphilips
ID: 37030778
We have made a small amount of progress - we have discovered that if you boot the machine in 'Safe Mode with Network Connection' all these issues vanish.  I'm beginning to wonder if the problems are caused by a Firewall issue (the Firewall is disabled by default in Safe Mode I believe) - is there any way to verify that the Firewall is definitively off other than believing what the Windows GUI tells you?  I have messed about with 'NETSH FIREWALL' via the command prompt to no avail.
0
 
LVL 22

Expert Comment

by:CompProbSolv
ID: 37034852
When Safe Mode resolves a symptom, one approach to identifying the culprit is through MSConfig.

Try Start, Run, MSConfig
Click on the Startup tab
Click on Disable All
Click on the Services tab
Click on Hide all Microsoft services
Click on Disable all
Click on OK

Allow the system to reboot.

If the problem is NOT resolved, go back into MSConfig, services, un-check "Hide all Microsoft service", click on Disable all, then OK.

If this resolves it on reboot, the problem is in one of the Microsoft services.  You can enable them (one at a time or in groups) until you identify which caused the problem.

If the system IS resolved by the initial MSConfig settings (with Microsoft services hidden), the problem is in one of the other services or in one of the Startup items.  Re-enable them (I'd try all Services first), reboot, and see if the problem returns.
0
 

Author Comment

by:frasierphilips
ID: 37113035
Sorry for the delay in responding, I've been on holiday.  I did as was suggested and now all that is enabled are:-

DCOM Server Process Launcher
DHCP Client
Remote Procedure Call (RPC) Locator
Remote Procedure Call (RPC)

Everything in 'Startup' is also disabled.

The machine still cannot receive incoming ping requests (which it can when booted in Safe Mode with Network Support)

0
 
LVL 16

Expert Comment

by:sjklein42
ID: 37113549
On the server, PING responses are controlled via:

Start / Control Panel / Windows Firewall / Advanced / ICMP Settings...

Ensure that "Allow Incoming Echo Request" is enabled.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question