No TCP, yet UDP and ICMP still work

[marc.mims]

I am encountering an intermittent problem with multiple Windows XP
Professional systems on a network. The users report no network access.
Indeed, in the failed state, the systems cannot make TCP connections.
Yet, name resolution (UDP) and ping (ICMP) work. Rebooting resolves
the problem, temporarily.

The failures occur intermittently and infrequently. (On a network of
perhaps 50 such systems, we have 2-3 of these failures per week.) The
failures have been reported on systems that have been up and running
for days, in some cases, and on initial boot.

I'm having difficulty formulating a web search that returns meaningful
results. If this is a known issue I would appreciate references to MS
KB articles or other applicable resources. If it isn't a known issue,
I would appreciate suggestions on how to troubleshoot it.

-Marc

 

[Chuck]

I am encountering an intermittent problem with multiple Windows XP
Professional systems on a network. The users report no network access.
Indeed, in the failed state, the systems cannot make TCP connections.
Yet, name resolution (UDP) and ping (ICMP) work. Rebooting resolves
the problem, temporarily.

The failures occur intermittently and infrequently. (On a network of
perhaps 50 such systems, we have 2-3 of these failures per week.) The
failures have been reported on systems that have been up and running
for days, in some cases, and on initial boot.

I'm having difficulty formulating a web search that returns meaningful
results. If this is a known issue I would appreciate references to MS
KB articles or other applicable resources. If it isn't a known issue,
I would appreciate suggestions on how to troubleshoot it.

-Marc

Marc,What exact error message or problem do you see when TCP connections fail?
This sounds like a personal firewall problem, excepting for the "intermittent"
pattern. Or maybe LSP / Winsock corruption.
<http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html>
http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html
<http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html>
http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html

What are the failed computers trying to connect to? Other similar systems? A
local server? Multiple local servers? Distant (Internet) servers? Are all
computers on the same subnet? Connected by what network devices?
<http://nitecruzr.blogspot.com/2005/06/background-information-useful-in.html>
http://nitecruzr.blogspot.com/2005/06/background-information-useful-in.html

 

[semifor]

What exact error message or problem do you see when TCP connections fail?

Typically, to determine if the system is sufferring from this
particular problem, I attempt to telnet to one or more local servers on
know ports: the SMTP server, web server, etc. Telnet simply reports
"unable to connect".

What are the failed computers trying to connect to? Other similar systems? A
local server? Multiple local servers? Distant (Internet) servers? Are all
computers on the same subnet? Connected by what network devices?

The systems are all on the same subnet, but not all on the same switch.
Attempts to connect to other systems on the LAN and Internet fail in
the same way, although name resolution works for both local and Iternet
systems and pinging those systems is successful.

I ran "netstat -a" on the most recent failure. It showed some TCP
connections in CLOSE WAIT state and some LISTENING. Connection
attempts to 127.0.0.1 on those listening ports failed in the same way.

The failures occur on same very new Dell systems as well as some rather
old systems from various manufacturers. So far, I unaware of anything
that differentiates the systems that are failing from those that are
not. I suspect when I find the common difference I'll have the problem
90% solved. ;-)

The failing systems run a variety of TCP services: e-mail, web
browsers, etc. The failures can occur on an initial boot, e.g., a
system powered down over night or over a weekend, but may not occur for
hours, days, or even weeks.

-Marc