Win 2K Pro Lost Connectivity

[Guest]

My wife's computer has for a number of years been doubling as my home
network's print spooler having a shared printer connected to it (and she's
also my Time Server). Last couple of days, I've been pulling my hair out
trying to figure out why I can no longer connect to the printer nor the time
service. Furthermore, her computer has been exhibiting some rather strange
behavior she tells me - the "Run", "Log Off", and "Shut Down" commands have
disappeared from her Start Menu - and if I pull up the Group Policy MSC and
toggle the settings that make the items re-appear - they'll disappear again
within a minute or two. Her machine has the latest Norton AV and Internet
Security software along with Ad-Aware Pro and Ad-Watch running in the
background. I've gone through all the settings of these and have
experimented with disabling all of them - all to no avail. I noticed when I
ran a constant ping on another machine within the subnet, that ping can
connect during the boot process but gets blocked sometime after logon. I
tried removing all the startup items in the registry
(HKLM\software\Microsoft\Windows\CurrentVersion\Run) and rebooting with the
same results. I enabled Logging during Bootup, but the log entries are no
different than a previous entry made 6 months ago. What's curious is that
from her machine, I can connect to any other machine within my subnet, but no
other machine can reach her machine via TCP or NetBios.

Can someone give me some ideas on where to go from here? I don't want to
get drastic and do a re-install of Win2K Pro - but that's about the only
thing I can think of at this point.

TIA

 

[Pegasus \(MVP\)]

My wife's computer has for a number of years been doubling as my home
network's print spooler having a shared printer connected to it (and she's
also my Time Server). Last couple of days, I've been pulling my hair out
trying to figure out why I can no longer connect to the printer nor the time
service. Furthermore, her computer has been exhibiting some rather strange
behavior she tells me - the "Run", "Log Off", and "Shut Down" commands have
disappeared from her Start Menu - and if I pull up the Group Policy MSC and
toggle the settings that make the items re-appear - they'll disappear again
within a minute or two. Her machine has the latest Norton AV and Internet
Security software along with Ad-Aware Pro and Ad-Watch running in the
background. I've gone through all the settings of these and have
experimented with disabling all of them - all to no avail. I noticed when I
ran a constant ping on another machine within the subnet, that ping can
connect during the boot process but gets blocked sometime after logon. I
tried removing all the startup items in the registry
(HKLM\software\Microsoft\Windows\CurrentVersion\Run) and rebooting with the
same results. I enabled Logging during Bootup, but the log entries are no
different than a previous entry made 6 months ago. What's curious is that
from her machine, I can connect to any other machine within my subnet, but no
other machine can reach her machine via TCP or NetBios.

Can someone give me some ideas on where to go from here? I don't want to
get drastic and do a re-install of Win2K Pro - but that's about the only
thing I can think of at this point.

TIA

Disable all your PC-based firewalls. Also - please do not multi-post. You're
wasting everybody's time. Use cross-posting if you wish to increase your
audience.

 

[Guest]

Disable all your PC-based firewalls.

Already done this - as I stated, I disabled all startup stuffs, one of which
was the Norton Firewall, this is not the problem - nothing resolves the IP
getting blocked after boot-up. This is a very strange problem - and one not
caused by the installation of anything I not my wife has done. It occurred
suddenly out of the clear blue and I need to be able to troubleshoot it. I
was able to connect to this machine before, all my computers within my subnet
had access to this machine. I'm not clueless and am a professional in the
field with numerous certifications (not that a piece of paper is any good for
anything other than wiping... I know more than a few so-called certified
idiots!).

What I'm looking for is a method of diagnosing this networking issue - go
ahead an be as technical and deep as it takes, I assure you I can follow
along.

Also - please do not multi-post. You're
wasting everybody's time. Use cross-posting if you wish to increase your
audience.

<rant alert> As to multi-post or cross-post - I completely disagree with you
as to exposure and assistance. I AM NOT WASTING ANYBODY'S TIME nor bandwidth
except those that are reading this. You wasted your time telling me
something totally useless and not helpful. Some would reply on one area
where they'd never see the other (and not everyone uses the same browser that
supports proprietary non-standard crap, if you get my drift). In my case,
there is no simple means of cross-posting and I'm not about to go out of my
way to make you nor anyone else feel good about what is a difficult and
non-accessible web user interface. I access this site directly from
Microsoft and am using their idea of a discussion group user interface - this
is not exactly what I would consider an interface designed adequately in
terms of usability. </rant alert>

 

[Jud]

- nothing resolves the IP

getting blocked after boot-up

Excuse me if I sound thick, I may have missed a previous post, but what do
you mean exactly.

I have seen PC's lose all connectivity to the outside world following virus
attacks, and I have seen new and old units lose connectivity for no reason
at all, there is always something I do when this happens and this is to
remove all the network related items including TCP/IP, Client for MS etc etc
then remove the NIC and power on without it, let windows
settle then power off reinstall the NIC boot up and add any thing you
removed... It does work nearly all the time and why I don't know

Jud

 

[Pegasus \(MVP\)]

Already done this - as I stated, I disabled all startup stuffs, one of which
was the Norton Firewall, this is not the problem - nothing resolves the IP
getting blocked after boot-up. This is a very strange problem - and one not
caused by the installation of anything I not my wife has done. It occurred
suddenly out of the clear blue and I need to be able to troubleshoot it. I
was able to connect to this machine before, all my computers within my subnet
had access to this machine. I'm not clueless and am a professional in the
field with numerous certifications (not that a piece of paper is any good for
anything other than wiping... I know more than a few so-called certified
idiots!).

What I'm looking for is a method of diagnosing this networking issue - go
ahead an be as technical and deep as it takes, I assure you I can follow
along.


<rant alert> As to multi-post or cross-post - I completely disagree with you
as to exposure and assistance. I AM NOT WASTING ANYBODY'S TIME nor bandwidth
except those that are reading this. You wasted your time telling me
something totally useless and not helpful. Some would reply on one area
where they'd never see the other (and not everyone uses the same browser that
supports proprietary non-standard crap, if you get my drift). In my case,
there is no simple means of cross-posting and I'm not about to go out of my
way to make you nor anyone else feel good about what is a difficult and
non-accessible web user interface. I access this site directly from
Microsoft and am using their idea of a discussion group user interface - this
is not exactly what I would consider an interface designed adequately in
terms of usability. </rant alert>

I am disturbed about the Start Menu items disappearing and re-appearing.
There may be something lurking there.

About your connectivity problem: If this was my machine then I would
do this, in no particular order:
- Uninstall the Norton Firewall. Many firewalls retain some functionality
even when disabled - ZoneAlarm was one of them.
- Use fixed IP addresses rather than DHCP so that you know exactly
which machine has which address.
- Change your IP addresses. I have seen adapters that failed with one
block of addresses and worked perfectly well with others.
- Post the output of the command ipconfig /all from two PCs so that
we can check your settings.
- Watch the network properties dialog box when pinging, both on the
transmitting and the receiving PC. Their counters are supposed tick
over synchronously.
- Use a sniffer to monitor your network traffic, e.g. Ethereal.
- Try a different network adapter on the problem machine.
- Use a direct cross-over cable in order to eliminate cabling,
hub/switch or interference issues (e.g. a NIC on another
machine that broadcasts lots of noise).

 

[Guest]

I am disturbed about the Start Menu items disappearing and re-appearing.
There may be something lurking there.

So am I...

About your connectivity problem: If this was my machine then I would
do this, in no particular order:
- Uninstall the Norton Firewall. Many firewalls retain some functionality
even when disabled - ZoneAlarm was one of them.

That was one of my initial items I've already thought of but was hesitant to
do. It just doesn't make sense that the machine would act as if there was a
firewall running when I went ahead and removed the start-up AND disabled all
the services in the MMC associated with Symantec. The machine still boots up
and running a constant ping from another machine and monitoring the net
traffic with a sniffer - ping will connect during boot, but I still get a
block shortly after bootup (and autologon - if I disable the autologon and
let it sit, the block will occur before logon, so this tells me it's not
anything happening with startup). So I went ahead and uninstalled all
Symantec firewalling, antivirus, Ad-aware, and Ad-Watch - no go - still have
the same problem...

- Use fixed IP addresses rather than DHCP so that you know exactly
which machine has which address.

I never use DHCP internally, I consider it a waste of resources - I only
have 5 or 6 machines, and my wife's machine and my kids - I know which IP is
which all the time... I like it that way...

- Change your IP addresses. I have seen adapters that failed with one
block of addresses and worked perfectly well with others.

OK - changed my 192.168.1.x subnet to 192.168.100.x... No change in behavior

- Post the output of the command ipconfig /all from two PCs so that
we can check your settings.

I know enough about networking to know what I'm doing... And what's up with
my network. I've had machines in my household for many years and am running
a lot of various platforms. This is a situation that's happened strangely
without my or my wife's intervention - one day I was able to connect and use
resources on my wife's machine, then next time I try (just happened to want
to print something) suddenly there's no connection. I've dug pretty deeply
now - this is quite strange. It's as if there was a firewall operating.
From her machine I can see and use the rest of my network. From the rest of
my servers, her machine is invisible.

- Watch the network properties dialog box when pinging, both on the
transmitting and the receiving PC. Their counters are supposed tick
over synchronously.

There is not enough time to pull up a network status dialog before I lose
connection - his connection is only visible during boot. From the machines
pinging, the network counter work as would be expected.

- Use a sniffer to monitor your network traffic, e.g. Ethereal.

I have both SNORT and, with your suggestion, downloaded Ethereal on her
machine and another Win machine on my subnet. I ran an extended run with
various connection attempts - nbtstat, ping, echo, telnet, ssh - all were
informative, but still her machine acts as if there's a firewall blocking
incoming packets on UDP and TCP. NetBios on my WINS server cannot resolve
her IP, but when I run an nbtstat from her machine to check other machines,
she gets through to the WINS server and receives WINS replies. I did notice
Browser broadcasts coming from her machine and thinking maybe her machine was
forcing strange WINS behavior, I turned off the Browser service (I've never
been too keen on old-fashioned WINS and NetBIOS - too much network traffic
and too confusing). But, this still doesn't resolve the problem... Besides,
why should I care about this if it wasn't an issue for the last couple of
years - nothing has changed as far as topology and machines and IPs go?

- Try a different network adapter on the problem machine.
- Use a direct cross-over cable in order to eliminate cabling,
hub/switch or interference issues (e.g. a NIC on another
machine that broadcasts lots of noise).

Good idea... I'll try these shortly. I'm in process now of backing up her
data files and email (which is something I don't do often enough since I got
rid of the old tape drive - hard drives are cheap these days and I just
backup to a network share on a huge RAID - I should write a script to do this
and set up an AT job... too many "should's", other priorities...).

I'll try changing the NIC (I've got a couple of them laying around) and the
cross-over (I have a laptop I could use for an easy portable solution to
connect to via the cross-over, which I just happen to have) as a last resort
before doing a re-install of her OS.

Geez... This backup is taking a lot longer than I anticipated... argghh...
I may have to postpone - I have a real job to go to in the morning...

I've told my wife that I'm about out of options and to start looking for her
original CDs and install media. My wife is not happy - she tells me she'll
need her computer in the morning to VPN to her office and work on a
database... Only, now I tell her her machine is no longer protected in any
way - without AV or Firewall - she'll have to rely on the CISCO VPN's
security and stay off the internet (at least, I could change the security
settings of her browser while the backup is happening). I've already spent
more time on this than I would for any paying client (It has been interesting
and keeps me away from being glued to the TV watching the unfolding drama in
the delta - what a way to spend Labor Day!) *sigh*.

 

[Pegasus \(MVP\)]

So am I...


That was one of my initial items I've already thought of but was hesitant to
do. It just doesn't make sense that the machine would act as if there was a
firewall running when I went ahead and removed the start-up AND disabled all
the services in the MMC associated with Symantec. The machine still boots up
and running a constant ping from another machine and monitoring the net
traffic with a sniffer - ping will connect during boot, but I still get a
block shortly after bootup (and autologon - if I disable the autologon and
let it sit, the block will occur before logon, so this tells me it's not
anything happening with startup). So I went ahead and uninstalled all
Symantec firewalling, antivirus, Ad-aware, and Ad-Watch - no go - still have
the same problem...


I never use DHCP internally, I consider it a waste of resources - I only
have 5 or 6 machines, and my wife's machine and my kids - I know which IP is
which all the time... I like it that way...


OK - changed my 192.168.1.x subnet to 192.168.100.x... No change in behavior

I know enough about networking to know what I'm doing... And what's up with
my network. I've had machines in my household for many years and am running
a lot of various platforms. This is a situation that's happened strangely
without my or my wife's intervention - one day I was able to connect and use
resources on my wife's machine, then next time I try (just happened to want
to print something) suddenly there's no connection. I've dug pretty deeply
now - this is quite strange. It's as if there was a firewall operating.
From her machine I can see and use the rest of my network. From the rest of
my servers, her machine is invisible.


There is not enough time to pull up a network status dialog before I lose
connection - his connection is only visible during boot. From the machines
pinging, the network counter work as would be expected.


I have both SNORT and, with your suggestion, downloaded Ethereal on her
machine and another Win machine on my subnet. I ran an extended run with
various connection attempts - nbtstat, ping, echo, telnet, ssh - all were
informative, but still her machine acts as if there's a firewall blocking
incoming packets on UDP and TCP. NetBios on my WINS server cannot resolve
her IP, but when I run an nbtstat from her machine to check other machines,
she gets through to the WINS server and receives WINS replies. I did notice
Browser broadcasts coming from her machine and thinking maybe her machine was
forcing strange WINS behavior, I turned off the Browser service (I've never
been too keen on old-fashioned WINS and NetBIOS - too much network traffic
and too confusing). But, this still doesn't resolve the problem... Besides,
why should I care about this if it wasn't an issue for the last couple of
years - nothing has changed as far as topology and machines and IPs go?


Good idea... I'll try these shortly. I'm in process now of backing up her
data files and email (which is something I don't do often enough since I got
rid of the old tape drive - hard drives are cheap these days and I just
backup to a network share on a huge RAID - I should write a script to do this
and set up an AT job... too many "should's", other priorities...).

I'll try changing the NIC (I've got a couple of them laying around) and the
cross-over (I have a laptop I could use for an easy portable solution to
connect to via the cross-over, which I just happen to have) as a last resort
before doing a re-install of her OS.

Geez... This backup is taking a lot longer than I anticipated... argghh...
I may have to postpone - I have a real job to go to in the morning...

I've told my wife that I'm about out of options and to start looking for her
original CDs and install media. My wife is not happy - she tells me she'll
need her computer in the morning to VPN to her office and work on a
database... Only, now I tell her her machine is no longer protected in any
way - without AV or Firewall - she'll have to rely on the CISCO VPN's
security and stay off the internet (at least, I could change the security
settings of her browser while the backup is happening). I've already spent
more time on this than I would for any paying client (It has been interesting
and keeps me away from being glued to the TV watching the unfolding drama in
the delta - what a way to spend Labor Day!) *sigh*.

I have my own share of unexplainable problems once every so
often. If I cannot resolve them within a reasonable period of time
then I re-image the machine. I make it a habit to create a new
image file twice each year, and I always keep the two most
recent images. At the moment I score one re-image about once a
year. It saves me a rebuild once a year, or spending a lot of
time trying to resolve a weird problem.