tcp/ip problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I've read through the posts that show up in google - groups but nothing
suggested has worked for this customer's machine, so here goes...

Original Symptoms: XP Home SP2 machine that had been working cannot get to
the internet. There is no s/w firewall installed, and it is connected to the
internet via DSL, going through a linksys router. Other machines thus
connected can get to the internet ok, but this one can't. The machine pauses
after selecting user logon and task manager shows that only part of the
startup processes are loaded. Several minutes later, the rest of them load.
Norton AV then displays two successive mostly-blank error dialog referencing
email scanning proxy on boot up. The latter looks to be a symptom, not the
problem.

Msconfig showed services.exe being loaded from c:\windows\connectionstatus\
and this turns out to be a variant of W32Sober, so I removed it manually and
using the Symantec removal tool. There was another fishy item in msconfig, a
service named nipientd (no hits on google). In the services applet, the path
to the executable is blank and nothing is found when using xp search to look
for nipientd on C: with system/hidden folders included. There are a few
references to it in the registry as legacy_nipientd, but no indication what
the executable is. Since the service is disabled and has stayed so, I don't
consider it part of the remaining problem, although it might have been a
cause.

If the machine is aquiring an IP address when booting up, it can't be
displayed. Ipconfig returns "internal error occurred: the request is not
supported. unable to query host name." A ping attempt returns "error 2." I
followed the procedure described in kb811259 of deleting the winsock and
winsock2 keys in the registry and reinstalling tcp/ip by using "have disk"
and pointing it to \windows\inf directory. No help. Tried a second ethernet
NIC, no help.

One odd thing that happens during the reinstall of ms tcp/ip is that I get a
"driver not digitally signed" warning. I have reinstalled ip on several other
machines and have never seen that.

lspfix.exe (from cexx.org) shows only two of the three network protocol
handlers present: mswsock.dll and winrnr.dll. rsvpsp.dll is not listed,
although it is in \system32 along with the others, and all are shown to be
Microsoft files. System Information only shows two entries in Components -
Network - Protocol. The two entries listed are MSAFD TCP [tcp/ip] and MSAFD
TCP [udp/ip]. According to kb811259, there should be 10 entries listed here
(e.g. rsvp, et al), and if there are less, the winsock2 key is corrupted.

The problem is that deleting the winsock keys and going through the tcp/ip
reinstall procedure in kb811259 does not correct the problem. A poster in one
of the hits on google said that he had tried a repair reinstall and it had
not corrected the problem, although I don't know that he was having the same
problem (I searched on "unable to query host name"). This makes me wonder if
the inf or pnf file is corrupted or was replaced by malware.

Since networking and inf files are not protected by system file protection,
I didn't expect sfc /scannow to find anything, and it didn't. I was unable to
bring the machine back to the shop because they were running end-of-month
financials, so I will be visiting with them on Monday. The next thing I am
going to try is to replace the appropriate inf files and delete the matching
pnf files before reinstalling tcp/ip.

Anyone else have a more definitive solution?
 
Did you try running "netsh int ip reset"


wyocowboy said:
I've read through the posts that show up in google - groups but nothing
suggested has worked for this customer's machine, so here goes...

Original Symptoms: XP Home SP2 machine that had been working cannot get to
the internet. There is no s/w firewall installed, and it is connected to
the
internet via DSL, going through a linksys router. Other machines thus
connected can get to the internet ok, but this one can't. The machine
pauses
after selecting user logon and task manager shows that only part of the
startup processes are loaded. Several minutes later, the rest of them
load.
Norton AV then displays two successive mostly-blank error dialog
referencing
email scanning proxy on boot up. The latter looks to be a symptom, not the
problem.

Msconfig showed services.exe being loaded from
c:\windows\connectionstatus\
and this turns out to be a variant of W32Sober, so I removed it manually
and
using the Symantec removal tool. There was another fishy item in msconfig,
a
service named nipientd (no hits on google). In the services applet, the
path
to the executable is blank and nothing is found when using xp search to
look
for nipientd on C: with system/hidden folders included. There are a few
references to it in the registry as legacy_nipientd, but no indication
what
the executable is. Since the service is disabled and has stayed so, I
don't
consider it part of the remaining problem, although it might have been a
cause.

If the machine is aquiring an IP address when booting up, it can't be
displayed. Ipconfig returns "internal error occurred: the request is not
supported. unable to query host name." A ping attempt returns "error 2." I
followed the procedure described in kb811259 of deleting the winsock and
winsock2 keys in the registry and reinstalling tcp/ip by using "have disk"
and pointing it to \windows\inf directory. No help. Tried a second
ethernet
NIC, no help.

One odd thing that happens during the reinstall of ms tcp/ip is that I get
a
"driver not digitally signed" warning. I have reinstalled ip on several
other
machines and have never seen that.

lspfix.exe (from cexx.org) shows only two of the three network protocol
handlers present: mswsock.dll and winrnr.dll. rsvpsp.dll is not listed,
although it is in \system32 along with the others, and all are shown to be
Microsoft files. System Information only shows two entries in Components -
Network - Protocol. The two entries listed are MSAFD TCP [tcp/ip] and
MSAFD
TCP [udp/ip]. According to kb811259, there should be 10 entries listed
here
(e.g. rsvp, et al), and if there are less, the winsock2 key is corrupted.

The problem is that deleting the winsock keys and going through the tcp/ip
reinstall procedure in kb811259 does not correct the problem. A poster in
one
of the hits on google said that he had tried a repair reinstall and it had
not corrected the problem, although I don't know that he was having the
same
problem (I searched on "unable to query host name"). This makes me wonder
if
the inf or pnf file is corrupted or was replaced by malware.

Since networking and inf files are not protected by system file
protection,
I didn't expect sfc /scannow to find anything, and it didn't. I was unable
to
bring the machine back to the shop because they were running end-of-month
financials, so I will be visiting with them on Monday. The next thing I am
going to try is to replace the appropriate inf files and delete the
matching
pnf files before reinstalling tcp/ip.

Anyone else have a more definitive solution?
Click to expand...
 
remove the NIC from control panel, redetect and reinstall.
try network setup again.

--
A Professional Amateur...If anyone knew it all, none of would be here!
wyocowboy said:
I've read through the posts that show up in google - groups but nothing
suggested has worked for this customer's machine, so here goes...

Original Symptoms: XP Home SP2 machine that had been working cannot get to
the internet. There is no s/w firewall installed, and it is connected to
the
internet via DSL, going through a linksys router. Other machines thus
connected can get to the internet ok, but this one can't. The machine
pauses
after selecting user logon and task manager shows that only part of the
startup processes are loaded. Several minutes later, the rest of them
load.
Norton AV then displays two successive mostly-blank error dialog
referencing
email scanning proxy on boot up. The latter looks to be a symptom, not the
problem.

Msconfig showed services.exe being loaded from
c:\windows\connectionstatus\
and this turns out to be a variant of W32Sober, so I removed it manually
and
using the Symantec removal tool. There was another fishy item in msconfig,
a
service named nipientd (no hits on google). In the services applet, the
path
to the executable is blank and nothing is found when using xp search to
look
for nipientd on C: with system/hidden folders included. There are a few
references to it in the registry as legacy_nipientd, but no indication
what
the executable is. Since the service is disabled and has stayed so, I
don't
consider it part of the remaining problem, although it might have been a
cause.

If the machine is aquiring an IP address when booting up, it can't be
displayed. Ipconfig returns "internal error occurred: the request is not
supported. unable to query host name." A ping attempt returns "error 2." I
followed the procedure described in kb811259 of deleting the winsock and
winsock2 keys in the registry and reinstalling tcp/ip by using "have disk"
and pointing it to \windows\inf directory. No help. Tried a second
ethernet
NIC, no help.

One odd thing that happens during the reinstall of ms tcp/ip is that I get
a
"driver not digitally signed" warning. I have reinstalled ip on several
other
machines and have never seen that.

lspfix.exe (from cexx.org) shows only two of the three network protocol
handlers present: mswsock.dll and winrnr.dll. rsvpsp.dll is not listed,
although it is in \system32 along with the others, and all are shown to be
Microsoft files. System Information only shows two entries in Components -
Network - Protocol. The two entries listed are MSAFD TCP [tcp/ip] and
MSAFD
TCP [udp/ip]. According to kb811259, there should be 10 entries listed
here
(e.g. rsvp, et al), and if there are less, the winsock2 key is corrupted.

The problem is that deleting the winsock keys and going through the tcp/ip
reinstall procedure in kb811259 does not correct the problem. A poster in
one
of the hits on google said that he had tried a repair reinstall and it had
not corrected the problem, although I don't know that he was having the
same
problem (I searched on "unable to query host name"). This makes me wonder
if
the inf or pnf file is corrupted or was replaced by malware.

Since networking and inf files are not protected by system file
protection,
I didn't expect sfc /scannow to find anything, and it didn't. I was unable
to
bring the machine back to the shop because they were running end-of-month
financials, so I will be visiting with them on Monday. The next thing I am
going to try is to replace the appropriate inf files and delete the
matching
pnf files before reinstalling tcp/ip.

Anyone else have a more definitive solution?
Click to expand...
 
wyocowboy said:
I've read through the posts that show up in google - groups but nothing
suggested has worked for this customer's machine, so here goes...

Original Symptoms: XP Home SP2 machine that had been working cannot get to
the internet. There is no s/w firewall installed, and it is connected to the
internet via DSL, going through a linksys router. Other machines thus
connected can get to the internet ok, but this one can't. The machine pauses
after selecting user logon and task manager shows that only part of the
startup processes are loaded. Several minutes later, the rest of them load.
Norton AV then displays two successive mostly-blank error dialog referencing
email scanning proxy on boot up. The latter looks to be a symptom, not the
problem.

Msconfig showed services.exe being loaded from c:\windows\connectionstatus\
and this turns out to be a variant of W32Sober, so I removed it manually and
using the Symantec removal tool. There was another fishy item in msconfig, a
service named nipientd (no hits on google). In the services applet, the path
to the executable is blank and nothing is found when using xp search to look
for nipientd on C: with system/hidden folders included. There are a few
references to it in the registry as legacy_nipientd, but no indication what
the executable is. Since the service is disabled and has stayed so, I don't
consider it part of the remaining problem, although it might have been a
cause.

If the machine is aquiring an IP address when booting up, it can't be
displayed. Ipconfig returns "internal error occurred: the request is not
supported. unable to query host name." A ping attempt returns "error 2." I
followed the procedure described in kb811259 of deleting the winsock and
winsock2 keys in the registry and reinstalling tcp/ip by using "have disk"
and pointing it to \windows\inf directory. No help. Tried a second ethernet
NIC, no help.

One odd thing that happens during the reinstall of ms tcp/ip is that I get a
"driver not digitally signed" warning. I have reinstalled ip on several other
machines and have never seen that.

lspfix.exe (from cexx.org) shows only two of the three network protocol
handlers present: mswsock.dll and winrnr.dll. rsvpsp.dll is not listed,
although it is in \system32 along with the others, and all are shown to be
Microsoft files. System Information only shows two entries in Components -
Network - Protocol. The two entries listed are MSAFD TCP [tcp/ip] and MSAFD
TCP [udp/ip]. According to kb811259, there should be 10 entries listed here
(e.g. rsvp, et al), and if there are less, the winsock2 key is corrupted.

The problem is that deleting the winsock keys and going through the tcp/ip
reinstall procedure in kb811259 does not correct the problem. A poster in one
of the hits on google said that he had tried a repair reinstall and it had
not corrected the problem, although I don't know that he was having the same
problem (I searched on "unable to query host name"). This makes me wonder if
the inf or pnf file is corrupted or was replaced by malware.

Since networking and inf files are not protected by system file protection,
I didn't expect sfc /scannow to find anything, and it didn't. I was unable to
bring the machine back to the shop because they were running end-of-month
financials, so I will be visiting with them on Monday. The next thing I am
going to try is to replace the appropriate inf files and delete the matching
pnf files before reinstalling tcp/ip.

Anyone else have a more definitive solution?
Click to expand...
 
I had the same problem. I uninstalled sp2, then reinstalled it. Everything
works ok now.


wyocowboy said:
I've read through the posts that show up in google - groups but nothing
suggested has worked for this customer's machine, so here goes...

Original Symptoms: XP Home SP2 machine that had been working cannot get to
the internet. There is no s/w firewall installed, and it is connected to the
internet via DSL, going through a linksys router. Other machines thus
connected can get to the internet ok, but this one can't. The machine pauses
after selecting user logon and task manager shows that only part of the
startup processes are loaded. Several minutes later, the rest of them load.
Norton AV then displays two successive mostly-blank error dialog referencing
email scanning proxy on boot up. The latter looks to be a symptom, not the
problem.

Msconfig showed services.exe being loaded from c:\windows\connectionstatus\
and this turns out to be a variant of W32Sober, so I removed it manually and
using the Symantec removal tool. There was another fishy item in msconfig, a
service named nipientd (no hits on google). In the services applet, the path
to the executable is blank and nothing is found when using xp search to look
for nipientd on C: with system/hidden folders included. There are a few
references to it in the registry as legacy_nipientd, but no indication what
the executable is. Since the service is disabled and has stayed so, I don't
consider it part of the remaining problem, although it might have been a
cause.

If the machine is aquiring an IP address when booting up, it can't be
displayed. Ipconfig returns "internal error occurred: the request is not
supported. unable to query host name." A ping attempt returns "error 2." I
followed the procedure described in kb811259 of deleting the winsock and
winsock2 keys in the registry and reinstalling tcp/ip by using "have disk"
and pointing it to \windows\inf directory. No help. Tried a second ethernet
NIC, no help.

One odd thing that happens during the reinstall of ms tcp/ip is that I get a
"driver not digitally signed" warning. I have reinstalled ip on several other
machines and have never seen that.

lspfix.exe (from cexx.org) shows only two of the three network protocol
handlers present: mswsock.dll and winrnr.dll. rsvpsp.dll is not listed,
although it is in \system32 along with the others, and all are shown to be
Microsoft files. System Information only shows two entries in Components -
Network - Protocol. The two entries listed are MSAFD TCP [tcp/ip] and MSAFD
TCP [udp/ip]. According to kb811259, there should be 10 entries listed here
(e.g. rsvp, et al), and if there are less, the winsock2 key is corrupted.

The problem is that deleting the winsock keys and going through the tcp/ip
reinstall procedure in kb811259 does not correct the problem. A poster in one
of the hits on google said that he had tried a repair reinstall and it had
not corrected the problem, although I don't know that he was having the same
problem (I searched on "unable to query host name"). This makes me wonder if
the inf or pnf file is corrupted or was replaced by malware.

Since networking and inf files are not protected by system file protection,
I didn't expect sfc /scannow to find anything, and it didn't. I was unable to
bring the machine back to the shop because they were running end-of-month
financials, so I will be visiting with them on Monday. The next thing I am
going to try is to replace the appropriate inf files and delete the matching
pnf files before reinstalling tcp/ip.

Anyone else have a more definitive solution?
Click to expand...
 
Or locate, download, install and run "Winsockipfix.exe".


Bill said:
Did you try running "netsh int ip reset"


wyocowboy said:
I've read through the posts that show up in google - groups but nothing
suggested has worked for this customer's machine, so here goes...

Original Symptoms: XP Home SP2 machine that had been working cannot get
to
the internet. There is no s/w firewall installed, and it is connected to
the
internet via DSL, going through a linksys router. Other machines thus
connected can get to the internet ok, but this one can't. The machine
pauses
after selecting user logon and task manager shows that only part of the
startup processes are loaded. Several minutes later, the rest of them
load.
Norton AV then displays two successive mostly-blank error dialog
referencing
email scanning proxy on boot up. The latter looks to be a symptom, not
the
problem.

Msconfig showed services.exe being loaded from
c:\windows\connectionstatus\
and this turns out to be a variant of W32Sober, so I removed it manually
and
using the Symantec removal tool. There was another fishy item in
msconfig, a
service named nipientd (no hits on google). In the services applet, the
path
to the executable is blank and nothing is found when using xp search to
look
for nipientd on C: with system/hidden folders included. There are a few
references to it in the registry as legacy_nipientd, but no indication
what
the executable is. Since the service is disabled and has stayed so, I
don't
consider it part of the remaining problem, although it might have been a
cause.

If the machine is aquiring an IP address when booting up, it can't be
displayed. Ipconfig returns "internal error occurred: the request is not
supported. unable to query host name." A ping attempt returns "error 2."
I
followed the procedure described in kb811259 of deleting the winsock and
winsock2 keys in the registry and reinstalling tcp/ip by using "have
disk"
and pointing it to \windows\inf directory. No help. Tried a second
ethernet
NIC, no help.

One odd thing that happens during the reinstall of ms tcp/ip is that I
get a
"driver not digitally signed" warning. I have reinstalled ip on several
other
machines and have never seen that.

lspfix.exe (from cexx.org) shows only two of the three network protocol
handlers present: mswsock.dll and winrnr.dll. rsvpsp.dll is not listed,
although it is in \system32 along with the others, and all are shown to
be
Microsoft files. System Information only shows two entries in
Components -
Network - Protocol. The two entries listed are MSAFD TCP [tcp/ip] and
MSAFD
TCP [udp/ip]. According to kb811259, there should be 10 entries listed
here
(e.g. rsvp, et al), and if there are less, the winsock2 key is corrupted.

The problem is that deleting the winsock keys and going through the
tcp/ip
reinstall procedure in kb811259 does not correct the problem. A poster in
one
of the hits on google said that he had tried a repair reinstall and it
had
not corrected the problem, although I don't know that he was having the
same
problem (I searched on "unable to query host name"). This makes me wonder
if
the inf or pnf file is corrupted or was replaced by malware.

Since networking and inf files are not protected by system file
protection,
I didn't expect sfc /scannow to find anything, and it didn't. I was
unable to
bring the machine back to the shop because they were running end-of-month
financials, so I will be visiting with them on Monday. The next thing I
am
going to try is to replace the appropriate inf files and delete the
matching
pnf files before reinstalling tcp/ip.

Anyone else have a more definitive solution?
Click to expand...
Click to expand...
 
Norman said:
I had the same problem. I uninstalled sp2, then reinstalled it. Everything
works ok now.
Click to expand...

Thanks. If replacing the inf/pnf files doesn't work, I'll give that a try.
 
Norman said:
I had the same problem. I uninstalled sp2, then reinstalled it. Everything
works ok now.
Click to expand...

Well, replacing the inf/pnf files that were likely to be involved did not
solve the problem. I tried runinng a system restore, but that also failed
(restore unsuccessful). Since the SP2 uninstaller produced a rather large
list of things that were likely not to work after uninstalling sp2, I
canceled out of that and tried a repair reinstall of xp w/sp2 first, and
bingo, it corrected the problem.

This is different from one post that I found on google where a person had
tried a repair reinstall for the same symptoms, and it did not work for him.
If I run across this again, a repair reinstall will be the first thing I try.
 
Ok, one more chapter...

As I stated, the repair reinstall fixed the problem such that I could get to
the internet in our shop via our DSL router. Customer picks up machine late
yesterday and calls in this morning saying that they still can't get to the
internet. Over the phone, I have her try ipconfig (shows all zeros) so I have
her try ipconfig /renew and it comes back with "access is denied." Ipconfig
/release returns "address already released."

So I go up to their place and try netdiag /test:winsock and it all comes
back as "pass." Tried netsh int ip... and no change. Since I had already put
in hours on this machine I took the path of least resistance and static
assigned the address, gateway and dns and it now gets to the internet ok.

Apparently, other folks have seen this problem...

http://groups.google.com/group/micr...ess+is+denied"&rnum=18&hl=en#f6532aa6ba609616

.... and there doesn't seem to be any ready resolution. The behavior of the
LED on the router port to which this machine is connected appears to match
what was described by the person that took the Sniffer trace in the link
above. The LED would pulse rapidly, pause, repeat. The adapter status in xp
was stuck on "aquiring address."

Surmising that maybe xp was trying to aquire the last-used dhcp address
(which would have been on the shop subnet) I searched in regedit for a string
consisting of the first 3 octets of the address that had worked in the shop,
found one reference, deleted it and rebooted. No change.

Although I have Ethereal on my laptop, I refrained from taking a trace,
since I had it working and neither my boss or the customer was motivated to
pay me for diagnosing Microsoft's problem.

Anybody know of a specific fix for this specific problem?
 
What problem?

You have not included any part of any previous message in this post.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Back
Top