Strange case of ping time-out

We have a single .local domain under AD of about 35 workstations running
fully patched XP SP3, and 2 servers running fully patched 2003 Standard SP2.

All hosts have internet access via a Cisco firewall which connects to a
broadband router. They are all functioning properly except one workstation.

This HP-Compaq d330 microtower cannot access the Internet via IE7.
Investigation shows that when it tries to ping anything outside our
192.168.1.x subnet it times out. All shares, printers, and server functions
on our LAN are accessible.

Comparison of 'ipconfig /all' and 'route print' responses between this
workstation and a d330 which can access the internet shows no differences
other than name, IP address, and MAC address. All our hosts get DNS and WINS
from the 2 DCs, and use the Cisco firewall as gateway.

%system%\drivers\etc\hosts is the default version, identical on all.

Machine is free from malware as far as McAfee AV, Microsoft MRT, and
Malwarebytes can see.

I am at a loss how to proceed with this problem. I am reluctant to flatten
and rebuild as it has some apps used by our engineers where we do not have
CDs and which may no longer be available to download.

Sherlock Holmes said "Once we have eliminated the impossible, that which is
left must be the case, however improbable". Right now I am out of improbable
ideas.

--
TIA,
Newell White

1. Clear the dns cache from the problem system by typing "ipconfig /
flushdns" at a command prompt. Then type "ipconfig /registerdns". Then
try to ping google.com by name. If ping is successful, the problem is
with IE. Test with different browser

2. If above does not work, do a nslookup test. See if it resolves a
domain name. If it works, then dns is fine and most likely the problem
is the browser.

3. If nslookup fails, then enter an external dns in the ip config of
workstation and test again.

4. Also ping an outside IP address. If ping works, try running a
tracert to outside IP and see if it works.

Good luck,

- Raheem

"Raheem" wrote:

> 1. Clear the dns cache from the problem system by typing "ipconfig /
> flushdns" at a command prompt. Then type "ipconfig /registerdns". Then
> try to ping google.com by name. If ping is successful, the problem is
> with IE. Test with different browser
>
> 2. If above does not work, do a nslookup test. See if it resolves a
> domain name. If it works, then dns is fine and most likely the problem
> is the browser.
>
> 3. If nslookup fails, then enter an external dns in the ip config of
> workstation and test again.
>
> 4. Also ping an outside IP address. If ping works, try running a
> tracert to outside IP and see if it works.
>
> Good luck,
>
> - Raheem
>
After /flushdns and /registerdns nothing changed.

ping www.google.com resolved to 209.85.229.99 but timed out.

tracert 209.85.229.99 successfully reversed the IP to ww-in-f99.google.com
But first hop to our firewall timed out.

So to restate:
DNS server in DC (192.168.1.6) can contact the outside to resolve DNS
forward and reverse look-ups.

All but one workstations can access the outside world via the firewall
(192.168.1.1 or 192.168.1.200 - we have 2 gateways, DHCP supplies one as
scope option, the other as lease option on reserved addresses for 50% of our
workstations).

Problem workstation can ping either gateway, and resolve URLs, but cannot
ping any routable IP address.

There are two possible explanations I can dream up:
1) Malware I cannot detect or identify.
2) A broken software component used in handling TCP/IP traffic which is
needed to pass packets through routers but not on our LAN.

I am not knowledgable about (2) so can only plug away at (1)
--
Regards,
Newell White

It was probably the TCP/IP stack.

Restored normal functionality by:
netsh int ip reset resetlog.txt
netsh winsock reset

then reboot.
--
Newell White


"Newell White" wrote:

>
> "Raheem" wrote:
>
> > 1. Clear the dns cache from the problem system by typing "ipconfig /
> > flushdns" at a command prompt. Then type "ipconfig /registerdns". Then
> > try to ping google.com by name. If ping is successful, the problem is
> > with IE. Test with different browser
> >
> > 2. If above does not work, do a nslookup test. See if it resolves a
> > domain name. If it works, then dns is fine and most likely the problem
> > is the browser.
> >
> > 3. If nslookup fails, then enter an external dns in the ip config of
> > workstation and test again.
> >
> > 4. Also ping an outside IP address. If ping works, try running a
> > tracert to outside IP and see if it works.
> >
> > Good luck,
> >
> > - Raheem
> >
> After /flushdns and /registerdns nothing changed.
>
> ping www.google.com resolved to 209.85.229.99 but timed out.
>
> tracert 209.85.229.99 successfully reversed the IP to ww-in-f99.google.com
> But first hop to our firewall timed out.
>
> So to restate:
> DNS server in DC (192.168.1.6) can contact the outside to resolve DNS
> forward and reverse look-ups.
>
> All but one workstations can access the outside world via the firewall
> (192.168.1.1 or 192.168.1.200 - we have 2 gateways, DHCP supplies one as
> scope option, the other as lease option on reserved addresses for 50% of our
> workstations).
>
> Problem workstation can ping either gateway, and resolve URLs, but cannot
> ping any routable IP address.
>
> There are two possible explanations I can dream up:
> 1) Malware I cannot detect or identify.
> 2) A broken software component used in handling TCP/IP traffic which is
> needed to pass packets through routers but not on our LAN.
>
> I am not knowledgable about (2) so can only plug away at (1)
> --
> Regards,
> Newell White
>
>

Cool. Thx for sharing.

- Raheem