Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up
-
I think it may be related to my WebRoot deployment but I have many workstations that will not ping from our DNS server and from the workstation back to DNS server. I've scavanged stale DNS records, I've checked DHCP and DNS and they look fine, I've searched past posts on here and SpiceWorks and can' find a solution. I really think it may be due to WebRoot and perhaps one setting there might fix all of this.
We also have an application that writes tons of files to the network and I've been getting sporatic reports of it locking up when writing files to the network. Oftentimes, they close the locked program, try again and it works but it may come again later in the day. I believe it is related to this issue.
So anything I could check? Thanks...
-
By default Webroot does not block pings.
Honestly, I have never checked for a setting to disable that. -
@JaredBusch said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
By default Webroot does not block pings.
Honestly, I have never checked for a setting to disable that.I'm thinking...thinking....that web I removed the old anti-virus from the servers that "Windows Firewall" took over some stuff but not sure where to look.
Also, I used to be able to use REMOTE COMPUTER MANAGEMENT to check logs on other workstations on the domain and that has stopped working too...
I will continue this in the morning...we aren't down but may still experience lockups in that app until I find out what is going on.
I also rebooted our main firewall (which doesn't contain any DNS/DHCP controls), rebooted switches, heck, rebooted my PC several times...still have many PC's I can't ping and they can't ping me back and the aforementioned can't use COMPUTER MANAGEMENT remotely.
-
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
-
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Check the built in firewall configuration on your server. I doubt Webroot would cause these kinds of issues.
-
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Symantec! Oh that's not good it has been known for destroying workstations when it is removed.
-
@coliver said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Symantec! Oh that's not good it has been known for destroying workstations when it is removed.
Yes, this. Did you run the special removal tool, or just do a standard uninstall?
-
@coliver said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Symantec! Oh that's not good it has been known for destroying workstations when it is removed.
Yep... sadly you might be in for a reinstalling/reimaging good time.
Try a network stack reset to see if that fixes your issue.
-
@Dashrender said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@coliver said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Symantec! Oh that's not good it has been known for destroying workstations when it is removed.
Yep... sadly you might be in for a reinstalling/reimaging good time.
Try a network stack reset to see if that fixes your issue.
I sure hope not...especially on these servers...I will try the network stack reset...thankfully, these problems are more annoying than show stopping but it is driving me crazy...
-
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@Dashrender said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@coliver said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Symantec! Oh that's not good it has been known for destroying workstations when it is removed.
Yep... sadly you might be in for a reinstalling/reimaging good time.
Try a network stack reset to see if that fixes your issue.
I sure hope not...especially on these servers...I will try the network stack reset...thankfully, these problems are more annoying than show stopping but it is driving me crazy...
Consider yourself lucky that your problems are more just annoying than show stopping. Symantec is persona non grata to most of us for many reasons. One is that uninstalling their software breaks systems.
-
@travisdh1 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@Dashrender said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@coliver said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Users already reporting lockups in that one program which extensively writes to a network share. These problems have only occurred since removing Symantec Endpoint from our servers when we migrated to WebRoot. I did not load WebRoot (as of yet) on servers.
Symantec! Oh that's not good it has been known for destroying workstations when it is removed.
Yep... sadly you might be in for a reinstalling/reimaging good time.
Try a network stack reset to see if that fixes your issue.
I sure hope not...especially on these servers...I will try the network stack reset...thankfully, these problems are more annoying than show stopping but it is driving me crazy...
Consider yourself lucky that your problems are more just annoying than show stopping. Symantec is persona non grata to most of us for many reasons. One is that uninstalling their software breaks systems.
Oh I agree, which is one of the reasons I put off upgrading for 5 years (this place was already on Symantec)...and for the most part, it has been very quiet since WebRoot...but the not pinging workstations and this one program locking up when writing to network share is going to annoy me until I get it working again.
-
If you have Windows Firewall disabled, re-enable it, then turn it off, but leave the service running, and see if the problems go away.
Start with one workstation and the server that appears to be dropping when writing.
-
Another thing to check for is the Symantec Network Threat Protection driver. You'll find this under Device Manager network connections as Teefer2 or something similar.
If you find it, it may be difficult to remove, as standard methods tend to fail.
You might want to look in the registry and delete the 'Config' entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network
Then you should be able to remove your network cards and the teefer2 entries from device manager.
Reboot, and then reconfig the network cards. Make sure you have the latest updated drivers.
-
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Another thing to check for is the Symantec Network Threat Protection driver. You'll find this under Device Manager network connections as Teefer2 or something similar.
If you find it, it may be difficult to remove, as standard methods tend to fail.
You might want to look in the registry and delete the 'Config' entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network
Then you should be able to remove your network cards and the teefer2 entries from device manager.
Reboot, and then reconfig the network cards. Make sure you have the latest updated drivers.
IF I am looking in right spot, I only see one Network Adapter...MICROSOFT HYPER-V NETWORK ADAPTER on our file server that I removed Symantec from (but didn't install WebRoot as of yet).
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
If you have Windows Firewall disabled, re-enable it, then turn it off, but leave the service running, and see if the problems go away.
Start with one workstation and the server that appears to be dropping when writing.
On the file server (where the files write to), Windows Firewall is On. Now, if I ping back to a workstation that I know has both "can't ping" and that drafting program lockup, it won't ping...DESTINATION HOST UNREACHABLE. I don't think it is related as another PC that can ping both ways also locked up with the drafting program.
It's maddening I tell you!
-
Hmm. in reading your error message it refers to COM+, but this doesn't seem right. It appears WMI may not have the correct fire wall rules.
On the Hyper-V server try this:
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
Pretty sure Symantec mucked up Windows Firewall.
You might try turning it off for testing and see if the problems go away. Then you'll know specifically if it is firewall related.
-
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Hmm. in reading your error message it refers to COM+, but this doesn't seem right. It appears WMI may not have the correct fire wall rules.
On the Hyper-V server try this:
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
Pretty sure Symantec mucked up Windows Firewall.
You might try turning it off for testing and see if the problems go away. Then you'll know specifically if it is firewall related.
Trying this...
I did find an old SpiceWorks ticket (thank goodness for documenting) I opened over a year ago when we moved to the Cloud Based Symantec. It was titled New Anti-Virus - DHCP/DNS Issues. But my fault, I didn't document it very well at the solution...at the time, it said I couldn't ping or even connect to C$ on most workstations...my solution read as this:
"The File/Print sharing option was not allowed in firewall profile. I added it but it still didn't work. It was set to RED and not green."
That doesn't tell me much...don't know if I changed it on the Symantec End, Windows Firewall end and if that, which server?
I really do think Symantec mucked up some things...
Also side note, I have Webroot uninstalled on a suspect machine that will not PING and I actually have all of WebRoot's firewall turned off for all machines...still pinging issues...so guessing it is on the server(s) that I removed Symantec from.
-
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Hmm. in reading your error message it refers to COM+, but this doesn't seem right. It appears WMI may not have the correct fire wall rules.
On the Hyper-V server try this:
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
Pretty sure Symantec mucked up Windows Firewall.
You might try turning it off for testing and see if the problems go away. Then you'll know specifically if it is firewall related.
Trying this...
I did find an old SpiceWorks ticket (thank goodness for documenting) I opened over a year ago when we moved to the Cloud Based Symantec. It was titled New Anti-Virus - DHCP/DNS Issues. But my fault, I didn't document it very well at the solution...at the time, it said I couldn't ping or even connect to C$ on most workstations...my solution read as this:
"The File/Print sharing option was not allowed in firewall profile. I added it but it still didn't work. It was set to RED and not green."
That doesn't tell me much...don't know if I changed it on the Symantec End, Windows Firewall end and if that, which server?
I really do think Symantec mucked up some things...
Also side note, I have Webroot uninstalled on a suspect machine that will not PING and I actually have all of WebRoot's firewall turned off for all machines...still pinging issues...so guessing it is on the server(s) that I removed Symantec from.
I was going to mention that it really sounded like a server side issue with the multiple clients failing on the writes. Google search also provided some Symantec removal tools that might be of assistance.
You might also attempt to restore the firewall to defaults. You can do this through the Windows Firewall config. There should be an option on the left hand side to restore defaults.
Like I said previously, you can try and just turn off the firewall on the server and see if the problems go away. If so, you know that it has something to do with the firewall.
-
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@garak0410 said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Hmm. in reading your error message it refers to COM+, but this doesn't seem right. It appears WMI may not have the correct fire wall rules.
On the Hyper-V server try this:
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
Pretty sure Symantec mucked up Windows Firewall.
You might try turning it off for testing and see if the problems go away. Then you'll know specifically if it is firewall related.
Trying this...
I did find an old SpiceWorks ticket (thank goodness for documenting) I opened over a year ago when we moved to the Cloud Based Symantec. It was titled New Anti-Virus - DHCP/DNS Issues. But my fault, I didn't document it very well at the solution...at the time, it said I couldn't ping or even connect to C$ on most workstations...my solution read as this:
"The File/Print sharing option was not allowed in firewall profile. I added it but it still didn't work. It was set to RED and not green."
That doesn't tell me much...don't know if I changed it on the Symantec End, Windows Firewall end and if that, which server?
I really do think Symantec mucked up some things...
Also side note, I have Webroot uninstalled on a suspect machine that will not PING and I actually have all of WebRoot's firewall turned off for all machines...still pinging issues...so guessing it is on the server(s) that I removed Symantec from.
I was going to mention that it really sounded like a server side issue with the multiple clients failing on the writes. Google search also provided some Symantec removal tools that might be of assistance.
You might also attempt to restore the firewall to defaults. You can do this through the Windows Firewall config. There should be an option on the left hand side to restore defaults.
Like I said previously, you can try and just turn off the firewall on the server and see if the problems go away. If so, you know that it has something to do with the firewall.
While I don't think it would affect anything during business hours, I'll hold off on turning the firewall off until later...
-
Always a good idea
-
@pchiodo said in Most Workstations Don't Ping But Are Connected - Some Network Apps Are Locking Up:
Always a good idea
But always tempting to try anyway during business hours...
