Identifying and Repairing a Corrupt TCPIP Stack

The most difficult thing about troubleshooting a system is that such much of the skill is dependent on experience. When a symptom looks like something you’ve seen before but isn’t you can quickly find yourself going down a very dark tunnel. Such can be the case with a corrupt TCPIP stack.

The symptoms of a corrupt TCPIP stack on a server are: after reboot it hangs at applying computer settings, users are unable to browse network shares, network browsing in general is slow, user can’t log in to the computer with message that the domain is unavailable or your computer account does not exist.

These problems can look like a lot of different things: DNS could be down, if you think the problem is the PC then you might try rejoining it to the domain or checking its DNS settings, you might think that AD service is not started, perhaps the switch failed, maybe we should reboot? If you’ve gotten to the maybe we should reboot option that’s when you know that you’re out of real ideas.

But these are all symptoms of a corrupt TCPIP stack on the server. Sure not every user will complain about problems at first, that is because much of the work we do on our computers is async and not dependent on our computer being able to interact with the server in real time. So while it might seem like the problem started with one computer and then spread through the network in reality the bomb went off but not everyone noticed at the same time.

I can’t tell you what causes a corrupt TCPIP stack. But I can show you how to reset it. Fortunately Microsoft has made this a very simple task. Just visit this kb article:

http://support.microsoft.com/kb/299357 and use the FixIt. After you have run the FixIt you will need to re-enter your TCPIP settings into the NIC properties. Be sure to read the manual process so you understand what the FIxIt is going to do for you.

The reset command is available in the IP context of the NetShell utility. Follow these steps to use the reset command to reset TCP/IP manually:

  1. To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER: cmd
  2. At the command prompt, copy and paste (or type) the following command and then press ENTER: netsh int ip reset c:\resetlog.txt Note If you do not want to specify a directory path for the log file, use the following command: netsh int ip reset resetlog.txt
  3. Reboot the computer.

When you run the reset command, it rewrites two registry keys that are used by TCP/IP. This has the same result as removing and reinstalling the protocol. The reset command rewrites the following two registry keys:

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ 
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\ 
				

To run the manual command successfully, you must specify a file name for the log, in which the actions that netsh takes will be recorded. When you run the manual command, TCP/IP is reset and the actions that were taken are recorded in the log file, known as resetlog.txt in this article.

The first example, c:\resetlog.txt, creates a path where the log will reside. The second example, resetlog.txt, creates the log file in the current directory. In either case, if the specified log file already exists, the new log will be appended to the end of the existing file.

Especially note that the Parameters registry key is replaced. This explains why you need to reenter your TCPIP values but it should also alert you to the fact that if you have any custom settings in there you will need to reapply those as well. In a recent case, the server had IPv6 disabled to support Peachtree and that entry in Parameters/DisabledComponents had to be recreated.

Originally posted in 2012 this popular post was migrated over from our previous blog

Make your IT business better than the competition. Help for IT Pros, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit, 365 Security kit and more. https://www.thirdtier.net

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: