none
wired ethernet status says connected, but I can't ping any other device/computer

    Question

  • I have one server (windows 2003) that I cannot get to communicate with the rest of my network.
    The normal network configuration is to have the IP address, Gateway and DNS information statically set. When these items are statically set, the Ethernet connection status says "connected" but I cannot communicate with anything outside of that server.

    I have tried to ping the router, but I get a "Request timed out" message.
    I am able to ping the local IP address and the loop back address and I get responses.

    I have ran the following commands:

    • ipconfig /flushdns 
    • nbtstat -R 
    • nbtstat -RR 
    • netsh int reset all 
    • netsh int ip reset 
    • netsh winsock reset 

    Even after running these commands I am still unable to get the network connection to communicate with other devices/computers on the network.

    I have tried to allow the computer to pickup an IP address from the DHCP server, but it gets a 169.*.*.* address. I have also reloaded the drivers for the network cards without success.



    What suggestions do you have so I can get this server back up and running?

    Thursday, June 16, 2011 8:13 PM

Answers

  • the 9 updates that I removed were:

    KB2530548

    KB2535512

    KB2476490

    KB2536276

    KB2503665

    KB2544521

    KB2539851

    KB2518864

    KB2478658

    I have already tried to reset the IP by using the "netsh int ip reset c:\ipresetlog.txt" command.

     

    When I boot the server into safe mode, I am able to get regular network connectivity.

    The server is not multihomed.

    during my ping test I was pinging the IP address...both 192.168.220.24 and 192.168.220.147 using the -t parameter.

     

    During all of this I checked the event viewer and noticed an error with IPSec, specifically, event ID's  4294 and 4292

    _____

    The event ID 4294 said

    "The IPSec driver has entered Secure mode. IPSec policies, if that have been configured, are now being applied to this computer."

    _____

    The event ID 4292 said:

    "the IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted at boot time IPSec Policy exemptions. User Action: to restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log."

     

    I checked the IPSec service and the startup was set to automatic, but it was not running. I set the IPSec service so that the startup was set to disabled.

    During all of this, I found the Microsoft KB870910 and followed the instructions in that article.

    The first step of the instructions tell you to find the following registry key and delete it...

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

    I was unable to find the registry key so I moved on to step two , which say to perform the following command...

    regsvr32 polstore.dll

     

    After disabling the starup for IPSec and running the regscr32 polstore.dll commands, my server is communicating with the network again.

     

    Thanks to everyone who provided comments on this issue.

    • Marked as answer by geekyguy Friday, June 17, 2011 4:25 PM
    Friday, June 17, 2011 4:25 PM

All replies

  • If you are absolutely sure your IP settings are correct....If you can, uninstall the NIC in device manager, restart, and rescan for new devices.  apply the latest driver. 


    Visit: anITKB.com, an IT Knowledge Base.
    Thursday, June 16, 2011 8:23 PM
  • I have already done this.

    Thanks for the thought though.

    Mark

    Thursday, June 16, 2011 8:41 PM
  • Ok, then the next step, in my opinion, is to check the arp cache.  when you tried to ping the gateway, did you see an entry in the arp cache for the gateway?  if not, that's not good.  Most likely packets arent even leaving that node.  A packet sniffer should be used to verify.

    If you do see an entry for the gateway in the arp cache, then you do know for sure that some IP packets are leaving this computer and returning.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Thursday, June 16, 2011 10:43 PM
  • I will check the ARP cache later, but I wanted to add the following information...

     

    While checking into this further, I noticed that there were 9 Microsoft updates that were automatically installed just before I started having this problem.
    I uninstalled the 9 updates and I was then able to get an IP address from the DHCP server. the address that was given was 192.168.220.147. This is address is within the range of our DHCP server, so I thought this was a good thing.
    Because this is a server I would like to keep the previous IP address that was used before the problem arose.
    I set a DHCP reservation for the mac address to give this server the IP address of 192.168.220.24 and restarted the machine.
    During the restart I did a continuous ping and I did get the following:

    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.60: Destination host unreachable.
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time=7ms TTL=128
    Reply from 192.168.220.24: bytes=32 time<1ms TTL=128
    Reply from 192.168.220.24: bytes=32 time=6ms TTL=128
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    I am unsure as to why the responses would come in as expected during startup, but before I get the logon prompt, the requests start timing out.

     

    Even if I let the computer pickup any IP address from the DHCP server, I get the same results when doing a continuous ping.

    The plot thickens...

    Thursday, June 16, 2011 11:31 PM
  • Could it be some type of firewall application that starts to run that is causing this issue.  Maybe an AV client with built-in firewall or other malware protection app?
    Visit: anITKB.com, an IT Knowledge Base.
    Friday, June 17, 2011 12:03 AM
  • Hi,

     

    Thanks for posting here.

     

    Is this server host multihomed ? Could you also post the KB number of these nine hotfixes that was patched for this server here ?

    And what’s the remote host parameter did you set during the ping test ? hostname, FQDN or IP address?

     

    You may also try to test by booting server in safe mode with networking and see if this issue persist .Meanwhile, resetting TCP/IP is also a common troubleshooting method that you may try:

     

    How to reset Internet Protocol (TCP/IP)

    http://support.microsoft.com/kb/299357

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, June 17, 2011 6:35 AM
  • the 9 updates that I removed were:

    KB2530548

    KB2535512

    KB2476490

    KB2536276

    KB2503665

    KB2544521

    KB2539851

    KB2518864

    KB2478658

    I have already tried to reset the IP by using the "netsh int ip reset c:\ipresetlog.txt" command.

     

    When I boot the server into safe mode, I am able to get regular network connectivity.

    The server is not multihomed.

    during my ping test I was pinging the IP address...both 192.168.220.24 and 192.168.220.147 using the -t parameter.

     

    During all of this I checked the event viewer and noticed an error with IPSec, specifically, event ID's  4294 and 4292

    _____

    The event ID 4294 said

    "The IPSec driver has entered Secure mode. IPSec policies, if that have been configured, are now being applied to this computer."

    _____

    The event ID 4292 said:

    "the IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted at boot time IPSec Policy exemptions. User Action: to restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log."

     

    I checked the IPSec service and the startup was set to automatic, but it was not running. I set the IPSec service so that the startup was set to disabled.

    During all of this, I found the Microsoft KB870910 and followed the instructions in that article.

    The first step of the instructions tell you to find the following registry key and delete it...

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

    I was unable to find the registry key so I moved on to step two , which say to perform the following command...

    regsvr32 polstore.dll

     

    After disabling the starup for IPSec and running the regscr32 polstore.dll commands, my server is communicating with the network again.

     

    Thanks to everyone who provided comments on this issue.

    • Marked as answer by geekyguy Friday, June 17, 2011 4:25 PM
    Friday, June 17, 2011 4:25 PM