Solved

Lost TCP/IP stack

Posted on 2014-04-11
26
150 Views
Last Modified: 2014-11-05
Hello,

Had a user's machine that lost it's network connectivity.   The network icon is 'x'd out.  When I run ipconfig, there are no results.  

I tried the following:

Remove the NIC from Device Manager and reinstalled driver.

Netsh winsock reset
netsh ip int reset

Ran ComboFix malware check

Took her drive and put it in another machine.  Same result - so I'm pretty sure it's the OS, not the hardware.

Tried to add another NIC.

Added a static IP.

Ran sfc /scannow

At a loss.  Thanks for your assistance.
0
Comment
Question by:DBI-DT
  • 11
  • 5
  • 5
  • +2
26 Comments
 
LVL 10

Expert Comment

by:Rafael
ID: 39995083
Did you check to make sure the cable and or card are good as well as the switch port? If not do that first. then try this. Uninstall all networking components, NIC cards and drivers. Reboot, Check to make sure all networking components have been uninstalled. Reboot a second time to make sure nothing pops back up. Then shut down computer. Install a different network card, not the same one you previously used. Connect good Ethernet cable turn on computer. The system should find the card and will prompt to install drivers. It may also prompt to install networking. At which time install just TCP/IP only when completed let it install the NIC drivers. I'm not sure which of the two will come up first.  Then after it comes up check your stack by doing a ping to 127.0.0.1 and to localhost.  If all went well both pings should work.
0
 

Author Comment

by:DBI-DT
ID: 39995093
We tried several cables and ports.   We put the drive in other machine and still had the problem.   Other than the NIC cards, what else would need to be uninstalled.

We can ping the localhost.
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39995108
It seems to be profile related. Have you logged in a Administrator and tried ?
0
 

Author Comment

by:DBI-DT
ID: 39995128
Yes.  Does not work in Safe Mode, either.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 39998587
((((((All operation must be done by Administrative rights ))))))

the first solution is that install NIC and install driver that from manufacturer
second .......................................................................................Microsoft
if rhe same result go down :

----------------------------------------------------------------


If you reinstall NIC ,or new NIC , did the system find it ? if no , it may incompatible ( check http://www.microsoft.com/en-us/windows/compatibility/CompatCenter/Home?Language=en-US ) or damaged
the 2 pcs , are they have  the same configuration ? if yes do the following :
install the NIC in another environment system
are the 2 pcs have some programs related to hardware or maintenance or tuneup
what is the OS , motherboard , and NIC ?
0
 

Author Comment

by:DBI-DT
ID: 39998845
It is not the NIC. It's the TCP/IP stack.  We moved the hard drive to a new machine with the same configuration and we get the same results.   We put a new drive in the original machine and the NIC works.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 39998894
NIC is damaged

This tool may help you http://support.microsoft.com/kb/299357
0
 

Author Comment

by:DBI-DT
ID: 39999467
We did this.  See above.   It is NOT a hardware issue.   The NIC is fine when we rebuilt the machine with another drive.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40005289
Author is right, this is at the OS level.

Try running anti-virus but you probably need to re-install the OS.
0
 

Author Comment

by:DBI-DT
ID: 40005348
There is no reinstall of W7 like XP, is there?  It's a total rebuild of the OS.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40005352
I was saying clean rebuild of the OS not just repair.

I know it's time consuming and a pain but it might take less time than troubleshooting this type of issue.

You can also revert to the point where the NIC was working properly if you setup system restore option.
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40005379
Sometimes your DHCP service is not able to pull an IP address, the reason could be that the network stack on Windows goes banana. To fix the problem, open command prompt with administrator privilege (click on Start ¿ type in “cmd” ¿ right click on the command prompt and choose “Run as Administrator”) and type these command:

netsh int ip reset C:\netsh.log.txt
netsh winsock reset


… then all your network configuration will be reset.

Update: The command netsh is very powerful, you can control a lot of things in Windows with it, like network interfaces, route table …

Some examples:

Set the LAN adapter to static IP address:
netsh interface ip set address name="Local Area Connection" static 192.168.10.15 255.255.255.0 192.168.10.11

Update: The command netsh is very powerful, you can control a lot of things in Windows with it, like network interfaces, route table …

Set the LAN adapter to DHCP:
netsh interface ip set address name="Local Area Connection" dhcp


Configure the LAN adapter’s secondary DNS:
netsh interface ip add dns name="Local Area Connection" 8.8.8.8 index=2

Also, have you tried to reset the stack?  http://support.microsoft.com/kb/299357
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40006775
try this

in the device manager, delete the NIC entirely, reboot, and let windows reinstall it. normally, it will get a new NIC id and reinstall most of the related stuff including the protocol stack

before that, you may also want to check in the NIC's properties if tcpip is present and checked. unchecking tcpip should lijkely produce the results you describe. if it is present you can remove and add it again as a quicker test that does not require to reboot
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 10

Expert Comment

by:Rafael
ID: 40007027
Skull...
Thanks for confirming what I mentioned :)  That is pretty much what I mentioned in my first and subsequent response. The only thing is I would also like to add in to try to use a different slot on the motherboard with a different card. Sometimes, this helps as well. :)
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40007882
if the problem is related to some os weird misconfiguration, changing the slot is likely to do the same trick. i'm not 100% sure it will actually change the card's cid but it is also worth a shot. feel free to post results...
0
 

Author Comment

by:DBI-DT
ID: 40017648
Ok, we have a trend now.  3 machines with the same issue.  No TCP/IP stack.  Anyone know of any viruses going around that are affecting TCP/IP?
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40018219
Now that is seems to be a trend, it may be either Recent Windows Updates or
Active Directory related. Have these machines received any recent updates via Group Policy? Have you ran RSOP on them and compared to working machines? Have you made any changes in group policies or IP schemes ?

For Windows Updates, roll back the updates to the last time it worked. Also NOTE: No more updates for Windows XP so keep that in mind when backing out the configs.
0
 

Author Comment

by:DBI-DT
ID: 40018229
We rolled back all the updates over the last month.  No joy.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40018230
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40018338
apparently nothing new. considering the age of this thread, a new one would have already shown up in google.

for example zeroaccess rootkit infections are known to sometimes break the tcp stack when they are removed.

but then, there are many other possibilities.

did you try the procedure i gave you ?
can you post an exact description of what happens when you run ipconfig ?
0
 

Author Comment

by:DBI-DT
ID: 40018427
We put a different card in the desktop without any success.  The other machines are laptops so we can't add/change the card.

When I run IPCONFIG, it returns no information because there is not TCP/IP stack.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40019371
the procedure i suggested did not imply to physically remove the card ; just from the device manager.
http://www.experts-exchange.com/Networking/Protocols/Q_28410809.html#a40006775
if you added another card and ended up with the same problem, it likely will not work. btw was the other card the same model ?

regarding ipconfig, "no information" is not what i'm asking : does it hang ? give a blank output ? list the cards with empty information ? list the cards with the usual lines but no ips ? copy and paste the output and include informations regarding eventual delays.

when you look at the card properties, does tcpip show up ? there should be a series of checkboxes with various drivers including tcpip. if not, you should be able to add tcpip from there which effectively reinstalls quite a few things as well. removing tcpip from ALL cards and adding it again is likely to either work or produce some useful error message.

what security software do you use ? there is also a chance that an update or the removal of a specific malware produced such a mess. unfortunately in that case, disabling it will not make a difference.

also you should post the output from "netsh int ip reset". if the command succeded, you do have a tcpip stack. whatever the case there is most likely some kind of useful debug information in there.

what happens when you set an address manually through netsh

can you run netstat ? with no errors ?
0
 

Author Comment

by:DBI-DT
ID: 40022970
We think it might be Symantec Endpoint at this time.  We've removed it and and are seeing TCP/IP coming back online.  Will update.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40024759
you're looking into either a faulty symantec dll replacing a windows dll (or hooked to ndis or the likes) ar possibly a misconfiguration that blocks arp, or dhcp or possibly dns operations... impossible to determine without the required information.
0
 

Accepted Solution

by:
DBI-DT earned 0 total points
ID: 40416183
Resolution:  Remove and reinstall Symantec Endpoint.
0
 

Author Closing Comment

by:DBI-DT
ID: 40423561
We reinstalled Symantec and it worked.   I don't believe it was submitted by anyone else, but will gladly give points if it was.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now