Static IP assign. works fine, DHCP does not?

S

shadowwyvern

Gawd
Joined
Sep 22, 2005
Messages
604
My laptop (Windows XP Sp2 Pro) suddenly (entered/resumed from standby, worked before, not after) will not get an address from DHCP. I have tried it on 3 different networks, with different DHCP servers (1 wired, 2 wireless), nothing. As soon as I statically assign an address, everything works like a charm. I have:

-killed all firewalls (windows and Comodo)
-rebooted
-disabled/re-enabled the wired adapter, and toggled the wireless switch on the wireless
-tried it in safemode w/networking
-repaired the windows networking stack using winsockxpfix

I did have a few network connections open when I dropped it into standby, but it came out just fine, and I would think a reboot would fix any hanging connections. Any suggestions to fix this? If not, I can reformat, but I would really like to narrow down the cause of this problem.

Thanks.
 
remove the drivers for the network card in device manager. reboot. reinstall. reboot.

usually works wonders.
 
Start > Run

cmd

(in command prompt)

c:\> netsh
netsh> winsock
netsh winsock> reset library

exit out of everything and reboot
 
No joy, I reinstalled both the wired drivers and the wireless drivers, ran sully's command, rebooted, still nothing. The only thing I have not touched is the bluetooth software, which does have a virtual network adapter, but it is currently disabled
 
What's the hardware? What laptop? What NIC?

It sounds really dumb, but have you double, triple, and quadruple checked your network settings to guarantee that you don't have any static info in there still? Have you tried to statically IP your machine to ensure that the NIC(s) is actually functional?

When you try to connect, what exactly is happening?


EDIT: You don't have ZoneAlarm do you? What kind of security or AV software are you running? I've seen issues like this with ZA and with Norton Internet Security.
 
Lenovo T60 - Intel PRO/1000 wired, intel 3945 wireless. Normally I run Comodo and AVG, but for testing I have disabled Comodo.

DHCP times out. It tries, I see 3 sent packets on a fresh network connection. The DHCP service works fine, starts and stops without problems.
 
Have you tried to statically IP and verify that the NIC is working at all? Even if you just use a crossover and direct connect two pcs.

I think right now the most important thing is to make sure that the NIC is working period.
 
sully127 said:
Start > Run

cmd

(in command prompt)

c:\> netsh
netsh> winsock
netsh winsock> reset library

exit out of everything and reboot
Click to expand...

That's what that utility he said he ran in the first post does...it's just a GUI form.
"repaired the windows networking stack using winsockxpfix"
 
Are you sure the DHCP server has enough addresses in the pool to assign you one?

You might end up firing up a network sniffer to watch what is happening. It might not be on your workstation.
 
if you assign a static address, can you then ping the "DHCP server"?

i probably would look at a packet sniffer just for curiosity's sake


but if you have ruled out any issues with the actual network... and the wireless AND wired NICs are doing the same thing... it really does sound like a jacked up stack or some sort of damaged networking component in windows...

i'd probably stick in a linux LIVECD or a WINPE disk that supports your nic, just to test your hardware and network
 
I can ping the DHCP server just fine. I did notice another strange thing however. While I can access the internet just fine, if i try, for example:
Code: 
nslookup www.google.com

I get time outs and such (DNS server is the same as my DHCP server), but I can ping google by that hostname and it works. However, I cannot resolve any other hostnames, which leads me to believe the google IP mapping is cached.

Also, for kicks I scanned my system for viruses, despite having run no new programs (or even browsed the internet) on the machine for some time, and AVG passed it. Anyway, google appears to resolve to google actual (instead of some phishing site for example), assuming google owns 64.233.169.0/24.

I also just realized that I had not actually gotten an interface repair to finish (since I only repair the DHCP config and it timed out (kinda silly of windows to flush the caches AFTER trying to renew and address). So I repaired the static interface and got dns back. However, dynamic config STILL does not work.
 
Apologies for the double post, but this is probably significant enough to merit it.

I ran wireshark on my desktop while my laptop tried to get an ip. I got nothing from it until windows gave up, whereupon I got a total of 5 packets:
3x ARP packets labeled "Gratuitous ARP from 169.254.168.35"
2x IGMP packets from 169.254.168.35, both of which were "V3 Membership Report"

I assume the ARP packets were windows checking to see if anyone had the IP it picked for itself, and the IGMP packets were it announcing itself. This pretty much confirms it is the laptop, and not the network.

What now?

Thanks for all the replies so far :)
 
WTF

You really have me stumped here.

Are you saying that when you connect with DHCP, even though you can't pull an IP address, you can resolve the DNS of google?

What happens when you flush your dns? ipconfig /flushdns

I really just don't get it. I'd like to think that if it was something I was hands-on with that I'd be able to figure it out, but at this point... I just don't know.

You said you've tried multiple networks right... not just multiple SSIDs from different WAPs on the same network? You've also tried multiple wired networks, right? Not just multiple jacks?

EDIT: having just seen your last message, have you tried anything OS-related - as in trying a disc-bootable OS as mentioned above or ERD Commander or such? Sounds like Windows at this point even though that feels like a cop-out answer.
 
Well, to be honest, I am about to take the cop-out solution and reformat :p.

Yes, I have tried multiple jacks, both of my 2 switches, multiple cables, etc. I tired 3 different wireless networks: an unencrypted one run by my university, mine, and a friend's (both with WPA). All had 4 or 5 bars of signal strength.

I also ran a packet capture on the laptop while it was trying to get an address. Nothing DHCP related, but during the "Acquiring network address" phase I received several broadcast packets, so the interface was working.

EDIT: Flushing the DNS returns "Successfully flushed DNS Resolver Cache"
 
Try doing "sfc /scannow" It's possible a file got corrupted and causing it to not pickup DHCP. Or you can also try another cable.
 
Now that you flushed your DNS cache, see if you can still get google to resolve.
 
shadowwyvern said:
This is most strange:
I cannot resolve www.google.com or www.yahoo.com with nslookup
I can ping them both using ping <dns name>
I can browse to them both

WTF?
Click to expand...

what is google's IP resolving to?

have you checked this on another machine? if not let us check it.....

what does the "404" look like, is the browsers "page cannot be displayed" or is it an actual 404 from a webserver?

maybe its just early in the morning, but from your last couple reply's i'm tending to think your DNS has been screwed with... most likely maliciously
 
Also, from the command line type:

route print

This will display your Routing Table and aid you in troubleshooting there.
 
When I tried a few minutes ago, www.google.com = 64.233.169.147

When I do try to browse the web, I get the firefox error page, not the server's. I did not think to look at the [age source to verify that it IS firefox and not a web page made to impersonate it.

Again, I can ping some hosts by hostname, but am unable to nslookup any hostname (times out). A wireshark capture shows no packets leaving the system when I attempt to nslookup a hostname.

Works fine in linux (ubuntu live CD), and my routing table looks good, and I can ping my default gateway (which is also the DNS server and the DHCP server).

Unless someone has an amazing solution, this OS has about an hour or two to live :p. Not a big deal really, I needed to resize the partition anyway, and it is safer to reformat than to gparted the drive. At this point, I would just really like to solve the "puzzle" of what happened to the system. The system has passed a pair of AVG scans and I am running another right now with a virus DB less than a day old (and > than a day newer than when I first had this problem). Any other test I should run before the drive is nuked?
 
At this point, I'd say pull the trigger, but like you, I wish this were a lab problem so we could at least look up the answer in the back of the book...
 
Well, I may have found the problem. After reformatting both my desktop and my laptop, my desktop started to not obtain a DHCP lease. Turns out, Comodo firewall is at fault. Just disabling it does not seem to work, you have to uninstall it. This seems to be a fairly common issue on their forums, and there are a few solutions. I have reinstalled, and it appears to be working fine. If the problem flares up again, I will try a few of the solutions and see what works. At least now I can treat it as a lab problem, since it looks as if a fix is always just a few clicks and a reboot away :p
 
You must log in or register to reply here.
Back
Top