Solved

Lost TCP/IP stack

Posted on 2014-04-11
26
155 Views
Last Modified: 2014-11-05
Hello,

Had a user's machine that lost it's network connectivity.   The network icon is 'x'd out.  When I run ipconfig, there are no results.  

I tried the following:

Remove the NIC from Device Manager and reinstalled driver.

Netsh winsock reset
netsh ip int reset

Ran ComboFix malware check

Took her drive and put it in another machine.  Same result - so I'm pretty sure it's the OS, not the hardware.

Tried to add another NIC.

Added a static IP.

Ran sfc /scannow

At a loss.  Thanks for your assistance.
0
Comment
Question by:DBI-DT
  • 11
  • 5
  • 5
  • +2
26 Comments
 
LVL 10

Expert Comment

by:Rafael
ID: 39995083
Did you check to make sure the cable and or card are good as well as the switch port? If not do that first. then try this. Uninstall all networking components, NIC cards and drivers. Reboot, Check to make sure all networking components have been uninstalled. Reboot a second time to make sure nothing pops back up. Then shut down computer. Install a different network card, not the same one you previously used. Connect good Ethernet cable turn on computer. The system should find the card and will prompt to install drivers. It may also prompt to install networking. At which time install just TCP/IP only when completed let it install the NIC drivers. I'm not sure which of the two will come up first.  Then after it comes up check your stack by doing a ping to 127.0.0.1 and to localhost.  If all went well both pings should work.
0
 

Author Comment

by:DBI-DT
ID: 39995093
We tried several cables and ports.   We put the drive in other machine and still had the problem.   Other than the NIC cards, what else would need to be uninstalled.

We can ping the localhost.
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39995108
It seems to be profile related. Have you logged in a Administrator and tried ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:DBI-DT
ID: 39995128
Yes.  Does not work in Safe Mode, either.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 39998587
((((((All operation must be done by Administrative rights ))))))

the first solution is that install NIC and install driver that from manufacturer
second .......................................................................................Microsoft
if rhe same result go down :

----------------------------------------------------------------


If you reinstall NIC ,or new NIC , did the system find it ? if no , it may incompatible ( check http://www.microsoft.com/en-us/windows/compatibility/CompatCenter/Home?Language=en-US ) or damaged
the 2 pcs , are they have  the same configuration ? if yes do the following :
install the NIC in another environment system
are the 2 pcs have some programs related to hardware or maintenance or tuneup
what is the OS , motherboard , and NIC ?
0
 

Author Comment

by:DBI-DT
ID: 39998845
It is not the NIC. It's the TCP/IP stack.  We moved the hard drive to a new machine with the same configuration and we get the same results.   We put a new drive in the original machine and the NIC works.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 39998894
NIC is damaged

This tool may help you http://support.microsoft.com/kb/299357
0
 

Author Comment

by:DBI-DT
ID: 39999467
We did this.  See above.   It is NOT a hardware issue.   The NIC is fine when we rebuilt the machine with another drive.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40005289
Author is right, this is at the OS level.

Try running anti-virus but you probably need to re-install the OS.
0
 

Author Comment

by:DBI-DT
ID: 40005348
There is no reinstall of W7 like XP, is there?  It's a total rebuild of the OS.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40005352
I was saying clean rebuild of the OS not just repair.

I know it's time consuming and a pain but it might take less time than troubleshooting this type of issue.

You can also revert to the point where the NIC was working properly if you setup system restore option.
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40005379
Sometimes your DHCP service is not able to pull an IP address, the reason could be that the network stack on Windows goes banana. To fix the problem, open command prompt with administrator privilege (click on Start ¿ type in “cmd” ¿ right click on the command prompt and choose “Run as Administrator”) and type these command:

netsh int ip reset C:\netsh.log.txt
netsh winsock reset


… then all your network configuration will be reset.

Update: The command netsh is very powerful, you can control a lot of things in Windows with it, like network interfaces, route table …

Some examples:

Set the LAN adapter to static IP address:
netsh interface ip set address name="Local Area Connection" static 192.168.10.15 255.255.255.0 192.168.10.11

Update: The command netsh is very powerful, you can control a lot of things in Windows with it, like network interfaces, route table …

Set the LAN adapter to DHCP:
netsh interface ip set address name="Local Area Connection" dhcp


Configure the LAN adapter’s secondary DNS:
netsh interface ip add dns name="Local Area Connection" 8.8.8.8 index=2

Also, have you tried to reset the stack?  http://support.microsoft.com/kb/299357
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40006775
try this

in the device manager, delete the NIC entirely, reboot, and let windows reinstall it. normally, it will get a new NIC id and reinstall most of the related stuff including the protocol stack

before that, you may also want to check in the NIC's properties if tcpip is present and checked. unchecking tcpip should lijkely produce the results you describe. if it is present you can remove and add it again as a quicker test that does not require to reboot
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40007027
Skull...
Thanks for confirming what I mentioned :)  That is pretty much what I mentioned in my first and subsequent response. The only thing is I would also like to add in to try to use a different slot on the motherboard with a different card. Sometimes, this helps as well. :)
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40007882
if the problem is related to some os weird misconfiguration, changing the slot is likely to do the same trick. i'm not 100% sure it will actually change the card's cid but it is also worth a shot. feel free to post results...
0
 

Author Comment

by:DBI-DT
ID: 40017648
Ok, we have a trend now.  3 machines with the same issue.  No TCP/IP stack.  Anyone know of any viruses going around that are affecting TCP/IP?
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40018219
Now that is seems to be a trend, it may be either Recent Windows Updates or
Active Directory related. Have these machines received any recent updates via Group Policy? Have you ran RSOP on them and compared to working machines? Have you made any changes in group policies or IP schemes ?

For Windows Updates, roll back the updates to the last time it worked. Also NOTE: No more updates for Windows XP so keep that in mind when backing out the configs.
0
 

Author Comment

by:DBI-DT
ID: 40018229
We rolled back all the updates over the last month.  No joy.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40018230
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40018338
apparently nothing new. considering the age of this thread, a new one would have already shown up in google.

for example zeroaccess rootkit infections are known to sometimes break the tcp stack when they are removed.

but then, there are many other possibilities.

did you try the procedure i gave you ?
can you post an exact description of what happens when you run ipconfig ?
0
 

Author Comment

by:DBI-DT
ID: 40018427
We put a different card in the desktop without any success.  The other machines are laptops so we can't add/change the card.

When I run IPCONFIG, it returns no information because there is not TCP/IP stack.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40019371
the procedure i suggested did not imply to physically remove the card ; just from the device manager.
http://www.experts-exchange.com/Networking/Protocols/Q_28410809.html#a40006775
if you added another card and ended up with the same problem, it likely will not work. btw was the other card the same model ?

regarding ipconfig, "no information" is not what i'm asking : does it hang ? give a blank output ? list the cards with empty information ? list the cards with the usual lines but no ips ? copy and paste the output and include informations regarding eventual delays.

when you look at the card properties, does tcpip show up ? there should be a series of checkboxes with various drivers including tcpip. if not, you should be able to add tcpip from there which effectively reinstalls quite a few things as well. removing tcpip from ALL cards and adding it again is likely to either work or produce some useful error message.

what security software do you use ? there is also a chance that an update or the removal of a specific malware produced such a mess. unfortunately in that case, disabling it will not make a difference.

also you should post the output from "netsh int ip reset". if the command succeded, you do have a tcpip stack. whatever the case there is most likely some kind of useful debug information in there.

what happens when you set an address manually through netsh

can you run netstat ? with no errors ?
0
 

Author Comment

by:DBI-DT
ID: 40022970
We think it might be Symantec Endpoint at this time.  We've removed it and and are seeing TCP/IP coming back online.  Will update.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40024759
you're looking into either a faulty symantec dll replacing a windows dll (or hooked to ndis or the likes) ar possibly a misconfiguration that blocks arp, or dhcp or possibly dns operations... impossible to determine without the required information.
0
 

Accepted Solution

by:
DBI-DT earned 0 total points
ID: 40416183
Resolution:  Remove and reinstall Symantec Endpoint.
0
 

Author Closing Comment

by:DBI-DT
ID: 40423561
We reinstalled Symantec and it worked.   I don't believe it was submitted by anyone else, but will gladly give points if it was.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPv6 question 1 17
IP address incorrect 8 79
Which Protocol is better for IP based Camera traffic in a Network. 2 46
Application timeout question 2 37
Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question