Solved

LAN says connected, but can't hit internet

Posted on 2012-04-09
39
448 Views
Last Modified: 2014-05-14
One of our employees had an issue with his computer last week.  He had it sent to me to be reimaged as it was slow due to prolonged use, etc.  I reimaged it, put our new antivirus (Sophos) on it and sent it back.  Everything was the same except the AV which numerous others in our company have as well, so I don't think that's the issue.

When the user received the computer, he plugs in with ethernet cord and it connects to the network, says it's connected, but cannot hit the outside world.  It can hit a local snap server which means the connection is working.  He just can't go to any www. site.

I thought it may just be biting the dust so I overnighted him a newer model computer, same load as always.  He got it and is now telling me it's doing the same thing.  I had him try his computer in another office with another ethernet cord and it did not work.  He had another employee bring their computer into his office and theirs worked fine.  Made me sound like somehow, two bad computers...

I then had him take his computer home to test on his home network. He took the ethernet cord from his office and plugged in to his wireless router (I ensured he had the wireless disabled), and the LAN connection worked.  He was able to access the internet on his home network.

I had him go into their networking closet and switch his ethernet cord that makes his jack live to a different port in the switch and it still didn't work.

So the end results is:
- User can't connect to internet at office
- Other employee CAN connect to internet at User's desk
- User CAN connect to internet on home network

Any ideas what could be causing this?
0
Comment
Question by:shedmun
  • 11
  • 8
  • 6
  • +6
39 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 37825087
Look in IE, Tools, Internet Options, Connections, LAN Settings and ensure all three check boxes are unchecked. If either Auto or Proxy are checked, it can cause the effect you see.

... Thinkpads_User
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 37825090
How do you have the IP settings setup on the computer? Do you have it pointing to any specific DNS servers? This could be a cause of internet connectivity issues if you do not have DNS set up properly.

Can you ping external sites? (IE: cmd > ping www.google.com)
0
 
LVL 87

Expert Comment

by:rindi
ID: 37825105
If you are using a proxy server in your company make sure you have that setup in the Internet connections under Control Panel.
0
 
LVL 9

Expert Comment

by:meko72
ID: 37825188
The first thing I would check is the proxy server setting in IE
Also I would check pinging.
0
 

Author Comment

by:shedmun
ID: 37825233
@Thinkpads_User - all three boxes were unchecked
@tracerfett - IP/DNS settings are both set to obtain automatically.  User CAN ping www.google.com:

Packets sent – 4
Received – 4
Lost – 0 (0% loss)

@rindi - no proxy servers.  This is a small 3 person remote office set up with a normal (Century Link) internet connection.  Nothing fancy, just connects them to the internet and that's all.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 37825248
Take one of the machines and temporarily disable Sophos to see if that helps.

... Thinkpads_User
0
 
LVL 9

Expert Comment

by:meko72
ID: 37825289
I would take Thinkpads_User suggestion and disable Sophos I would also disable windows firewall too
0
 

Author Comment

by:shedmun
ID: 37825352
User disabled Sophos Anti-virus in the list of services but still no luck.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 37825425
>>> same load as always.  (from an earlier post).

If everything is the same except Sophos and you disable it without success, is it then possible that the image is sufficiently out of date that newer updates somewhere else have affected it.

You have 1 computer (at least) there to play with. Can you build this fresh and then see what happens.  

... Thinkpads_User
0
 
LVL 3

Expert Comment

by:kronovide
ID: 37825692
check the basics - assign an unused static IP address and see if it gets anywhere.

check with an alternative browser like chrome or firefox, especially if pings are replying.

rename the hosts file in c:\windows\system32 just in case there's an entry in there that is causing misdirects. if it doesnt help then you can simply rename it back to the original.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37826674
Is there any chance you have IP to MAC address static mapping enabled on the router or switch

I have seen this same error caused by a Draytek 2820 router, although the change in PC disproves it slightly, one way to test is setting  static IP settings on the PC to an IP that you know works or is pre tested as working....

Just a suggestion....
0
 
LVL 5

Expert Comment

by:OOsorio
ID: 37827553
1 - ipconfig /flushdns
2 - Try with different browsers
3 - Check to make sure this computer is receiving the correct gateway setting.
0
 

Author Comment

by:shedmun
ID: 37827958
@kronovide - assigning a static IP to the machine worked fine.  

Now the question is, why would it work fine with a static IP but not pulling DHCP?  

As for other browser(s)...we use Microsoft CRM in our company and have to use IE for it so IE must be in working condition regardless of whether another browser works.
0
 

Author Comment

by:shedmun
ID: 37827969
@DLeaver - no IP to MAC assignments.  Just a standard gigabit netgear plug n play switch
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37828069
Ok,....

If you get an IP via DHCP can you ping the default gateway address?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 37830901
It appears you have a conflicting virtual adapter or internet explorer settings:

First off, if you can't get to the internet, but can the intranet files and printers, this problem is not a switch / router / or DHCP problem with the DHCP address. Otherwise, your other DHCP clients will have the same problems.

So, you probably have his internet explorer to go through an Internet proxy... OR you have a VPN configured with the default gateway and the computer can VPN from work to work but not get through the VPN default gateway...

The solutions to each of these:
(Internet Proxy for IE)-Open up Internet Explorer: Go to TOOLS>>INTERNET OPTIONS>>CONNECTIONS TAB>>AND DISABLE AN INTERNET PROXY AND ENABLE AUTO CONFIGURATION SETTINGS

(VPN)-If you configured a vpn adapter, that VPN connection will show up as a workplace connection. On VPN connections I always DELETE the default gateway. The default gateway tells the computer to go through that route for default traffic routing. So, at home your client can connect to the VPN and all traffic could be going all the way back to work and out the work VPN gateway. Most of the time, you will see a VPN client without the ability to get to the internet AT HOME, not at work. Nevertheless, having the default gateway configured on the VPN connection messes up the routing table of the computer. So, if this is the case, you will probably have to flush the ARP cache as well as delete the default gateway address on the VPN connection. Another thing you might consider is disabling the VPN while at work so it doesn't confuse the machine.

The idea that the computer user's account doesn't work, while others at work use the same computer and have no problems with the internet basically concludes this is a configuration setting for that given profile. Both of the above fixes are profile specific.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 37830905
One last thing: If you can't get outside your network, then it can often be a DNS related problem: I suggest you type at the command prompt: IPconfig /all >> ipconfig.txt   Then, take that IPconfig.txt of this computer and post it on EE for experts to evaluate the settings of your default gateway and preferred DNS servers for this problem child client machine.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37831372
@ChiefIT - The Proxy servers has already been done, and if proxies were enabled then why would it work from home?..You could apply the same logic to a corrupt or misconfigured VPN connection (which has never been mentioned by the Asker who has been very thorough in his network detailing so far).  I'm not trying to put you down and I respect your status here, just not convinced that is the issue just yet....
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:shedmun
ID: 37832514
Update to the issue:

Yesterday, everything was working fine after we assigned the static IP and manually entered the DNS settings.  The user left for a few meetings and upon returning, his Outlook client would work, but Internet Explorer would not work.  

I had him remove the static IP address but leave the DNS settings in there.  So currently, the IP is pulling via DHCP, but DNS is manual.  Everything worked then.  

Still unsure why it would work fine one minute and not the next.  I will check with the user this morning and see if he is still able to connect to the internet.
0
 

Author Comment

by:shedmun
ID: 37832663
Update:  the user came in this morning and is able to use Outlook fine for email, but internet explorer is not working again.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37832972
Seems unusual that this should happen on more that one PC as you say this is a new build but try resetting the IP stack as below

Switch to DHCP and let it get an IP etc

Go to an elevated command line and type:

netsh int ip reset reset.log

Restart the PC

See if this resolves the issue
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 37832993
This is strange that DHCP works for others. Are you sure there isn't another rogue DHCP server that's providing bad information?

Maybe check the DHCP logs, as well as going to the server's command prompt and typing DHCPloc.exe to see what servers are offering DHCP. Your DHCP scope options on the server will pass down the DNS servers. If it works for some, it should work for all unless, another server is passing bogus info on the same subnet.
0
 

Author Comment

by:shedmun
ID: 37839482
I had the user login under a different profile on the machine and same result so it's not a profile thing.

Trying the netsh reset now.
0
 

Author Comment

by:shedmun
ID: 37839627
No luck on that
0
 
LVL 5

Expert Comment

by:OOsorio
ID: 37839648
If I remember correctly when you enter static ip information you're able to connect. When you enable DHCP you're not able to connect. If this is correct please post a copy of the settings for each.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37839684
When the PC is connected to the network you can connect to Outlook as I'm guessing it is connected to your Exchange server which its resolving to through at least NetBIOS.  It fails to the internet because it cannot resolve domain names using the same method.

Can you ping -a 8.8.8.8 and do you get a successful reply with a FQDN or just the IP?

If you do then you would assume it is DNS issue, but why just this PC.....

When you put the PC on DHCP does it always give you the same IP?
0
 

Author Comment

by:shedmun
ID: 37839745
@OOsorio:  when I assigned static IP and static DNS, it worked fine.  User then left for a period of time, came back, and Outlook worked, but not IE.  I then had them remove the static IP but leave the static DNS and again, everything worked fine, until they left and came back and Outlook worked but not IE.  I then had them remove the static DNS and so they were pulling IP and DNS automatically and it worked.....until the following morning and it stopped.

Today I had them login under a different profile, no luck.  Enter static DNS, no luck.  Do the netsh reset in cmd, no luck.

I am now having them try the ping -a 8.8.8.8
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 37839871
Back to your original posts, and what follows:  Most of the ideas here work for most of us most of the time.

So what do you think about your idea it might be two bad computers?

Is there one of them that you could wipe clean, put *just* the OS on it and see if it connects properly?

.... Thinkpads_User
0
 

Author Comment

by:shedmun
ID: 37840086
pinging -a 8.8.8.8 came back with a Request Timed Out 100% loss.

If it's two bad computers, I'd be shocked, but that could very well be the case.  I just find it HIGHLY ironic if it is two bad computers.  I can try sending another down there but he would have to send one back for me to wipe and then I'd have to send it back to him.  May just be easier for me to image one and put his data on it and send it to him and see if a third messes up.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37840162
Did you use the same image on both PC's?  This may be the root of the issue, a bad image?....

The other part of the issue is that this is happening at a scheduled time, as it works one day and then stops over night.  So this would mean you have a scheduled task taking place either through Windows or an app or there may be an issue with the NIC's power savings settings.  Have you tried updating the NIC drivers?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 37840543
how many client access licenses (CALS) are you using?

Some routers also ONLY offer 10 access licenses by default. What MAKE/MODEL is your router. It sounds like you might be getting a good DHCP, but not through the router.

I'll bet only ten connections through the router because of either Server CALS, or router access licenses.
0
 

Author Comment

by:shedmun
ID: 37842481
@DLeaver:  two different images as they are two different model computers.  While it did stop working overnight, it also stopped working in the middle of the day when user left and came back from a meeting
@ChiefIT: There are only 3 users and 6 total devices in this office
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37842814
Ok, if you go to the power management settings in the network cards hardware properties, is turn off the device to save power enabled?  I would disable this feature.  Its a bit of a long shot that this has caused the issue, but I can only think of this or the MTU settings on the network card that could be causing an issue outside of a virus or faulting software on the PC....anything in event logs?...
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 37843223
3 computers can have EASILY, 10 user sessions.. 1 server admin, three users, system updloads/downloads, etc... After the 10th one, the CALs on the router will knock you down. This would explain why the one users is having difficulty...

This really sounds like the CALs on the router, knocking down your 10th session through the router... Call your router manufacturer and see if there are Access licensing through the router for that make/model....
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37843420
Internet enabled mobile phones are another reason router CAL's get used up too..

I have seen this before, on SonicWALL TZ 150's we used to use.

When the user went to use the internet they would receive notification that the licenses had run out, in a pop up dialog box - do you get this?

It depends on what router you are using but if this was the case why would it work and then not work just for that PC?  As in, other users would experience the issue as well if they logged in after the problem PC user....just thinking aloud really....
0
 
LVL 5

Expert Comment

by:OOsorio
ID: 37843816
No really because the router remembers who was logged in (PC's, devices, etc.). The theory can be proved by restarting the router, then your assumption can be tested.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 37844489
I don't buy routers with CALs. But I have seen some network admins unpleasently suprised when users couldn't get out of the network because of CALs on the network router. WHY!!! in the world would they limit a router with Client Access Licensing?!... The Server pretty much alread does this. Aynway, the symptoms sound just like this scenario we are troubleshooting. I can show you some EE troubleshoots that have CALs on various routers. It usually shocks people when they unsuspectingly buy a router with 10 access licenses.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now