frasierphilips
asked on
Windows XP Pro machine suddenly blocking incoming connections
We have a Windows XP Pro machine running a web server which all the XP Pro client machines on our network access. Suddenly it has stopped serving pages. On futher invesitgation the machne can't be pinged by any of the client machine or by the router (to which they're all connected) however it can ping the client machines and the router. I created a shared folder on the web server however none of the client machines can access this folder. I have disabled the Firewall on the web server and uninstalled AVG Anti Virus (which has been known to cause problems). The last time we know for sure that a client machine accessed the web server was last Wednesday so I rolled the web server back to the Friday before that using System Restore but this made no difference. The technical support team that supports the software running on the server have checked the settings for the web server software and they can find nothing wrong, in fact it works fine when used on the host machine - only the network clients can't get pages from it.
sjklein42
Still sounds an awful lot like a firewall is blocking incoming traffic. Any third-party firewall software on the machine, like Norton? You might also want to scan the server with malwarebytes if you haven't already done so. AVG doesn't catch everything.
know you said you have no firewall turned on but everything you have eplained so far points to that as being the problem, If you can not ping the XP box from any other network PC or device , but the XP box can ping everything else, It would have to be a firewall issue on the XP box. Check windows firewall agian and make sure it is turned off.
Hi
Suggest check what network protocols are installed on the network card.
If you see anything other than the standard TCP/IP, Microsoft Client, uninstall them and check the settings for the actual network card.
If not, uninstall the driver, and reboot, force Windows to rescan for the hardware.
By the way, if you find a Novell client somehow installed remove it, reboot and then try to connect.
Had something similar some time back.
Are you running IIS on the XP machine?
Also check msconfig via start, then run, type msconfig are the run prompt
check what applications are running and make sure you don't have any malware, spyware etc.
De-select anything which is not required, do a reboot and check.
Suggest check what network protocols are installed on the network card.
If you see anything other than the standard TCP/IP, Microsoft Client, uninstall them and check the settings for the actual network card.
If not, uninstall the driver, and reboot, force Windows to rescan for the hardware.
By the way, if you find a Novell client somehow installed remove it, reboot and then try to connect.
Had something similar some time back.
Are you running IIS on the XP machine?
Also check msconfig via start, then run, type msconfig are the run prompt
check what applications are running and make sure you don't have any malware, spyware etc.
De-select anything which is not required, do a reboot and check.
ASKER
No other 3rd Party Firewall software running. I set the Windows Firewall to Off and stopped the Firewall service - still made no difference. I'll scan for Malware.
ASKER
@andrewmcc - as a first step, we installed a new network card and it made no difference. IIS isn't running.
Have you checked the network protocols?
See if the ip is set to auto or manual.
For some reason before, had some serious pain getting rid of AVG.
There is a manual download tool to get rid of it.
http://www.avg.com/us-en/utilities
select whichever version you need to remove it.
Do you have a replacement a/v and i/s package?
Would strongly recommend Kapersky Internet Security 2012.
Seems to be worth while and almost bullet proof these days compared to anything else.
See if the ip is set to auto or manual.
For some reason before, had some serious pain getting rid of AVG.
There is a manual download tool to get rid of it.
http://www.avg.com/us-en/utilities
select whichever version you need to remove it.
Do you have a replacement a/v and i/s package?
Would strongly recommend Kapersky Internet Security 2012.
Seems to be worth while and almost bullet proof these days compared to anything else.
have you tried moving the PC to a different network port?
Re switch or router, have you tried powering off the router and back on again.
Like Mlchelp - valid question
Like Mlchelp - valid question
ASKER
Not tried machine on new network port but it can access internet with no problems. Not tried rebooting router or checked network protocols but machine worked fine for months and months and no one has changed any hardware settings and no new software has been installed.
What version of TCP is active on the Win XP machine?
I would try the network port.
If you have TCP/IP version 6 that might be causing an issue.
I know of a reg fix reset that will reset the TCP stack if v6 is active.
I know of a reg fix reset that will reset the TCP stack if v6 is active.
ASKER
Presume it's TCP V4 - what causes V6 to be installed?
I dont think it does in XP, didnt you say it was XP ?
ASKER
XP Pro
Would suggest you go through the suspect pc with a fine toothcomb.
Re V6 - wierd - several things do cause it.
Worth checking the settings on the tcp ip option via networks.
Also check what clients are active - ie. microsoft novell etc
Re V6 - wierd - several things do cause it.
Worth checking the settings on the tcp ip option via networks.
Also check what clients are active - ie. microsoft novell etc
Am in UK, up for next hours if you want to try options.
if you replaced the network card already and your sure there is no 3P firewall installed then I? would move it to a different network port.
ASKER
@andrewmcc - in UK too but machine is in closed office, inaccessible and no remote access - thanks for offer though.
Can you check following and reply;
msconfig (do you know how to use it?) - check in startup tab - anything suspect?
network settings - what clients are active and protocol options - tcpip - if tcpip v6 is active?
what user accounts are active - via computer management?
simple query - is there a name conflict of the pc? try renaming the pc as test, reboot and then see if it can access network, ping router, etc - also try to unplug everything apart from one pc, then test, see if that makes a difference, then add second then third etc
msconfig (do you know how to use it?) - check in startup tab - anything suspect?
network settings - what clients are active and protocol options - tcpip - if tcpip v6 is active?
what user accounts are active - via computer management?
simple query - is there a name conflict of the pc? try renaming the pc as test, reboot and then see if it can access network, ping router, etc - also try to unplug everything apart from one pc, then test, see if that makes a difference, then add second then third etc
if it was a protocol issue or ip v6 then he wouldnt be able to ping the other machines or the router. Either the icmp packet is being blocked going to the PC or the echo reply packet is being blocked on the return, make sure you do not have proxy arp turned on in that part of your network.
check the dynamic tables on your network and see if the proper mac addrss is there in the switch it is connected to, if its a layer 3 switch, it is possible that the port on that switch is causing the issue.
Xp does have that silly incoming connection limit thing
http://support.microsoft.com/kb/314882
I've used a patch to get around it but upgradingto 7 was the real solution for me.
http://www.speedguide.net/articles/windows-xp-sp2-tcpipsys-connection-limit-patch-1497
http://support.microsoft.com/kb/314882
I've used a patch to get around it but upgradingto 7 was the real solution for me.
http://www.speedguide.net/articles/windows-xp-sp2-tcpipsys-connection-limit-patch-1497
ASKER
yep - very technical, our company provides support to them - I can't help thinking we're going off at a tangent. This system has run for months and months with no problem. The customer is a Ford repair centre and the system is running their proprietary ECAT parts management system - it's worked fine for all of this year. The staff aren't technical so it's highly unlikely that they've changed anything - I think it's more likely hardware failure or a virus.
Good luck, try what have listed.
final option would be to check the hosts file
c:\windows\system32\driver
Last thought .
final option would be to check the hosts file
c:\windows\system32\driver
Last thought .
Is it possible the machine's IP address has changed and isn't what you think it is?
IPCONFIG /ALL
IPCONFIG /ALL
ASKER
Nope - tried all of that. Just to make life trickier, changing things like the machine name or installing a new network card is enough to make the Ford system generate a new installation ID which in turn invalidates the license and locks the software out meaning you have to call support and get them to reactivate it.
Try what I suggested re TCP version.
Plus what I listed.
Plus what I listed.
First:
Are you all using a Static IP Address?
If not you want to set it to one!
If you are I would check your Binding Order (Advanced under the network adapter window).
Are you all using a Static IP Address?
If not you want to set it to one!
If you are I would check your Binding Order (Advanced under the network adapter window).
If the computer has a static IP address, consider (temporarily) reconnecting it to an entirely separate (and simple) switch, along with another computer with a static IP address. Try pinging in both directions and see what happens. This will rule out any odd issues in the existing switch or router.
Firewall and malware issues (as suggested by others) seem to be the likely issues. I didn't see any post that a good malware scan was done.
What if the web server is booted in Safe Mode w/Networking? Can it be pinged then?
Firewall and malware issues (as suggested by others) seem to be the likely issues. I didn't see any post that a good malware scan was done.
What if the web server is booted in Safe Mode w/Networking? Can it be pinged then?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Machine returned to working order of its own accord
ASKER
We have made a small amount of progress - we have discovered that if you boot the machine in 'Safe Mode with Network Connection' all these issues vanish. I'm beginning to wonder if the problems are caused by a Firewall issue (the Firewall is disabled by default in Safe Mode I believe) - is there any way to verify that the Firewall is definitively off other than believing what the Windows GUI tells you? I have messed about with 'NETSH FIREWALL' via the command prompt to no avail.
When Safe Mode resolves a symptom, one approach to identifying the culprit is through MSConfig.
Try Start, Run, MSConfig
Click on the Startup tab
Click on Disable All
Click on the Services tab
Click on Hide all Microsoft services
Click on Disable all
Click on OK
Allow the system to reboot.
If the problem is NOT resolved, go back into MSConfig, services, un-check "Hide all Microsoft service", click on Disable all, then OK.
If this resolves it on reboot, the problem is in one of the Microsoft services. You can enable them (one at a time or in groups) until you identify which caused the problem.
If the system IS resolved by the initial MSConfig settings (with Microsoft services hidden), the problem is in one of the other services or in one of the Startup items. Re-enable them (I'd try all Services first), reboot, and see if the problem returns.
Try Start, Run, MSConfig
Click on the Startup tab
Click on Disable All
Click on the Services tab
Click on Hide all Microsoft services
Click on Disable all
Click on OK
Allow the system to reboot.
If the problem is NOT resolved, go back into MSConfig, services, un-check "Hide all Microsoft service", click on Disable all, then OK.
If this resolves it on reboot, the problem is in one of the Microsoft services. You can enable them (one at a time or in groups) until you identify which caused the problem.
If the system IS resolved by the initial MSConfig settings (with Microsoft services hidden), the problem is in one of the other services or in one of the Startup items. Re-enable them (I'd try all Services first), reboot, and see if the problem returns.
ASKER
Sorry for the delay in responding, I've been on holiday. I did as was suggested and now all that is enabled are:-
DCOM Server Process Launcher
DHCP Client
Remote Procedure Call (RPC) Locator
Remote Procedure Call (RPC)
Everything in 'Startup' is also disabled.
The machine still cannot receive incoming ping requests (which it can when booted in Safe Mode with Network Support)
DCOM Server Process Launcher
DHCP Client
Remote Procedure Call (RPC) Locator
Remote Procedure Call (RPC)
Everything in 'Startup' is also disabled.
The machine still cannot receive incoming ping requests (which it can when booted in Safe Mode with Network Support)
On the server, PING responses are controlled via:
Start / Control Panel / Windows Firewall / Advanced / ICMP Settings...
Ensure that "Allow Incoming Echo Request" is enabled.
Start / Control Panel / Windows Firewall / Advanced / ICMP Settings...
Ensure that "Allow Incoming Echo Request" is enabled.