New Equipment In Your LAN

Every week, someone writes for advice

I just got a new router, and now I can't access my computers from each other.

or

I just got a new router, and none of my computers can access the Internet.

Frequently, the cause of these problems will fall in two categories - new features, and settings.

New Features
Many new, and high end, routers come with protection that emphasise Internet access, and make file sharing an optional activity, to protect the individual computers from each other. Look carefully in the Owner's Manual, for a "DMZ", "Isolation Mode", "Virtual Server", or "VLAN" setting - either on a single port, or affecting the entire LAN.

And if you are setting up a WiFi router, make sure that the radio is turned on. Some WiFi equipment is delivered with the radio turned off, to ensure that you will intentionally activate it, and be prepared for when this is done.

Settings
Any time that I was changing my network equipment, I would take a snapshot of all network settings from all computers. You can never tell when this might be a life saver. Logs from "browstat status", "ipconfig /all", "net config server", and "net config workstation" could all be useful when troubleshooting. Make a set before, and after, any change. Compare each, line by line, and if you spot any differences, explain or fix them before continuing.

If you're having trouble accessing the Internet, check to see if your computers are using manual assignments. New equipment will probably include an IP address change for the router - some vendors provide a default LAN on 192.168.0.0/24, others 192.168.1.0/24, and others have additional variations. Maybe the router handles DNS differently too.

If you're having trouble with Windows Networking, either an Error 5 aka "Access Denied" or an Error 53 aka "Name not Found" may be seen, or you may simply not see any computers in Network Neighbourhood. If this is the problem, check the security components on the computers - since a new router will probably result in a new subnet address, check personal firewalls and anti-worm programs, for settings that are IP address sensitive.

If All Else Fails
Get into Troubleshooting Internet Connectivity, or into Troubleshooting Network Neighbourhood, depending upon the problem being observed.

And of course, make sure that the new router has the current firmware, obtained from the vendor.

>> Top

Network Printing From A Windows Vista Computer

Long ago, a printer would be a device, attached directly to your computer. The earliest computers called a printer a "Line Printer", and let you connect your printer to a physical post on your computer. Some computers might have up to 3 physical ports - labeled "Line Printer 1", "Line Printer 2", or "Line Printer 3", abbreviated as "LPT1", "LPT2", or "LPT3".

Then network printing was made possible. You could setup a printer, locally attached to your computer on LPT1, and share it with your neighbours. You had YourComputer, and you could designate your printer to be shared as YourPrinter1. Similarly, your neighbour might have TheirComputer, and a printer shared as TheirPrinter1. If you wanted a second printer to use occasionally, you could setup your programs to print to LPT2 on your computer. You could redirect your LPT2 to print to "\\TheirComputer\TheirPrinter1".

Then somebody else started writing programs to print directly to "\\TheirComputer\TheirPrinter1", without involving "LPTn".

Now, accessing either a directly attached printer ("LPT1"), a network attached printer redirected (LPT2 redirected to "\\TheirComputer\TheirPrinter1"), or a directly networked printer ("\\TheirComputer\TheirPrinter1") involves specific code in the printer drivers, both in your computer (the client), and in the other computer (the server).

None of these options are magical, and not all printers will have drivers that will support all 3 ways of using the printer. Some drivers will claim to support all 3, but depending upon how your computer, and your neighbours computer is setup, one may work better than another. That's reality.

It appears that not all printer drivers, written for Windows Vista, support the old LPTn standard. If you can't get your network printer to work as "LPTn" redirected to "\\TheirComputer\TheirPrinter1", try bypassing the LPTn redirection.

1. Install the Vista printer driver on your Windows Vista computer.
2. During installation, you'll be prompted to connect the printer to your computer. Choose the option to proceed with installation without connecting the printer.
3. After installation completes, open the Printers wizard from the Windows Vista Control Panel.
4. Right click on the entry for the new printer, and choose Properties.
5. Go to the Ports tab.
6. Click Add Port, select Local Port, then click New Port.
7. For the port name, enter the network path and share name of your printer (ie "\\TheirComputer\TheirPrinter1").
8. Click OK, and verify that the new port is selected.
9. Click OK to close the printer properties.

(Update 10/30): If you're experiencing these, and similar problems with printing, try the Vista Compatibility, Performance, and Reliability Comprehensive Update.

>> Top

A Hidden Personal Firewall - The nVidia nForce Network Adapter

The nVidia corporation, probably best known for their industry leading video cards like the GeForce, is now marketing a hardware based personal firewall. The nForce comes in two forms - an Ethernet adapter PCI card, and a motherboard with an embedded Ethernet adapter.

The nForce is an ICSA certified firewall, with full firewall functionality, that sits inside your computer.

If you're having a Windows Networking, or file sharing, problem, and you have an nForce component in your computer, you need to know this. During January and February 2006, I assisted in diagnosing several network issues that involved the nForce. In at least one case, the person with the computer had no idea what he had purchased, and innocently installed.

Run an "ipconfig /all" on your computer. If you see something like

Windows IP Configuration

Host Name . . . . . . . . . . . . : PChuck1
Primary Dns Suffix  . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nforce Networking Controller

and you're having any type of problem pinging that computer, seeing it in Network Neighborhood, or otherwise accessing that computer thru the network, take a few minutes and read the manual. Or peruse the nVidia Support Forum, and in particular, POST HERE, Problems with nvidia network port. And my latest effort, Firewall Behaviour - And Windows Networking.

And be aware - the drivers for the nVidia nForce Versions 2, 3, and 4 contain shared components. And the installable component in the firewall, the nVidia Access Manager, has been reported to fail open. That is, if you don't install NAM, or don't activate it, the firewall blocks traffic, and not necessarily all traffic.

Be aware of what you're buying, please.

Disenchanted nVidia Customers
Here are some individual discussions and / or threads from folks who have experienced this problem first hand:

• 2006/09/16: Even WikiPedia is involved now. Markus, in Updating Firewall rules for ActiveArmor Network Access Manager provides the link to WikiPedia: NForce4: Flaws, which contains an interesting summary of the problem.
• 2006/08/13: NVIDIA "hidden firewall" causes networking problem, which makes immediate reference to a very long thread in the forum. Usenet technical details require that I archive the end of the thread here, since all posts by the person experiencing the problem are being removed:
  

• 
  >>>>>Good Morning, Chuck. And for the twentieth time, I appeciate your
  >>>>>tenacity and effort in trying to help me solve this frustrating
  >>>>>problem.
  
  >>>>>Update:
  >>>>>I think I followed your suggestions properly. Here's what I did:
  >>>>>1. Established a new account on all three (ASUS-AMD is back up!)
  >>>>>computers. They are adminstrative accounts with identical passwords.
  >>>>>2. Simple file sharing disabled on all three.
  >>>>>3. Created a test folder on AMD64, with full permissions for everyone
  >>>>>under "sharing" tab, and with "read" permissions for each user and
  >>>>>group under the "security" tab. (Some were greyed out).
  >>>>>4. Activated this user name on each computer with "net user name
  >>>>>/active:yes"
  >>>>>5. Checked TCP/IP for correct settings and did "repair" to flush.
  >>>>>6. Put remote registry service on automatic. There are very few
  >>>>>services now disabled (alerter, messenger, clip book)
  >>>>>6. Rebooted.
  >>>>>7. Tested system...Result --->No change. Working from amd64, I can
  >>>>>easily see and copy files from the other two computers. Working from
  >>>>>either asus-amd or mbx-notebook, I can see files and folders on amd64,
  >>>>>but I cannot open them. Tried again with all firewalls disabled. No
  >>>>>change.
  
  >>>>>
  
  >>>
  >>>***********************************************************
  >>>Soooo, Chuck, I guess I am essentially out of luck, and if my
  >>>persistent search for a "hidden" firewall proves to be fruitless, I
  >>>guess I must accept defeat. Or reinstall Windows.
  
  >>>Nothing came of the NVIDIA forum post except the one reply I quoted,
  >>>and there is nothing there which applies to my situation, although
  >>>they've had lots of firewall and driver problems, but not this kind.
  
  >>>I sincerely appreciate all your time and effort.
  >>>I will post a followup.
  >>>Of course if you have any other suggestions (please!), I'll be most
  >>>eager to pursue them
  
  >>>Jack
  
  >>Hello Chuck,
  >>Well, finally some good news. Success! You were right all along in
  >>suspecting a "hidden firewall" in the NVIDIA system. Apparently when I
  >>installed the latest drivers, a network manager was installed. This
  >>was acting as a firewall despite not having the actual NVIDIA firewall
  >>installed and despite not activating the firewall software (Active
  >>Armor or Armor On or something like that.) Fortunately, I was able to
  >>uninstall this manager without uninstalling the "NVIDIA drivers" which
  >>was a separate entity in the "Add-Remove programs". When I rebooted
  >>and went into Device Manager, I could see that there was now an older
  >>date on the driver for the NVIDIA network controller, which Windows
  >>must have silently installed.
  >>Caveat Emptor!
  >>My mind is so muddled now that I can't remember the exact name of the
  >>function I deleted.
  >>But I get easy access to the "server" now from the two secondary
  >>computers. Amen!
  >>Can't thank you enough for all the work you put in on this with me. I
  >>hope others may learn from this. If I have the energy (a bit burnt out
  >>now), I may go through this process again and make some notes to post
  >>for those who may be faced with this problem in the future. No help
  >>from NVIDIA or their forum, sadly.
  >>Sincere appreciation,
  >>Jack
  
  >All right, Jack!! Way to go!!
  
  >YOU will be the help to nVidia customers. Please write up what you can, and
  >whatever you write up will go into my article, and you will be able to help
  >other folks like you.
  
  Hi Chuck.
  I went through the process of reinstalling and uninstalling the
  troublesome NVIDIA network access manager, just so I could plan a post
  with some specific instructions for some unfortunate individual like
  me and try to save that person some time and frustration. So I plan to
  post it as a new topic under the heading
  
  "NVIDIA "hidden firewall" causes networking problem"
  
  I thought it might be more retrievable for someone with a similar
  problem if I put NVIDIA in the title of the topic.
  Many thanks again!
  
  Jack
  

>> Top

Setting Up A WiFi LAN

Are you new to networking, or have you setup a few networks in the past? Networking looks really complicated (it can look that way), but it's basically just hooking up a few wires, and praying real well.

Setting up an Ethernet LAN is pretty simple, but it contains one annoying detail. With a wired LAN, unless the computer and router are right next to each other, you have to figure out how to locate the Ethernet cable that connects them. With a wired LAN, you have cables everywhere.

A WiFi LAN lets you remove the cables. With more work in the beginning, you're freer in the end. Without a simple physical cable, which you can see and touch, you have to setup a wireless connection, that you can't see or touch. But know, and understand, the limitations of WiFi.

• Make It Easy For Yourself - Design The Installation Properly.
  
• Plan The Installation.
  
• Setup The Access Point / Router.
  
• Setup The Clients.
  
• Tune The Wireless Setup.
  

Make It Easy For Yourself - Design The Installation Properly
Purchase The Right Equipment. You can setup a WiFi network without using a router / WiFi access point - this is called ad-hoc WiFi. But setting up an ad-hoc WiFi network is more complicated, and less secure, than an infrastructure (router / WAP based) network.

Plan The Installation
Read The Manual. Having carefully selected your WiFi Access Point / Router, and your WiFi Client Adapters, you hopefully spent some time acquainting yourself with their features. Now, spend some time perusing the guides and instruction manuals. Doing so is a good investment of your time.

Test As You Go. If this is the first time you've setup WiFi equipment, you may benefit from testing as you setup. Having 2 computers is a very good idea

1. Connect one by Ethernet to the AP, and use it to make changes in the AP settings.
2. Connect a second by WiFi, and use it to test the changes to the AP.

Having 1 computer, doing dual duty, can be done; but having 2 computers is a lot less stressful.

Stage The Installation. Setting up a WiFi LAN can be pretty stressful - it's 3 or 4 times as complicated as setting up an Ethernet LAN. If you plan, and setup in stages, you can reduce your stress level significantly.

Setup The Access Point / Router
You still need an Ethernet cable when you setup the access point / router. Whenever you make configuration changes to a router (wired or wireless), the router may have to restart itself. When that happens, you will lose connectivity. Reestablishing connectivity with a wired connection is bad enough; reestablishing a wireless connection in some cases (if, for instance, you get the WPA key wrong) will be impossible. Always connect by Ethernet, if not absolutely impossible, when making changes.

Even though you may have bought the router that afternoon, it may have been sitting in the store for a while, and the vendor may have issued firmware updates for it since it was shipped from the factory. Check with the vendor, and see if any firmware updates are available.

• Setup your computer as a DHCP client.
  
• Install an Access Point / NAT router, and give it power.
  
• Connect an Ethernet cable to the router, and to your computer.
  
• Power your computer up.
  
• Connect your computer to the router thru your browser.
  
• Install any available firmware updates to the router.
  
• Make all the necessary IP and WiFi settings to the router.
  

NOTE: Most access points and routers, wired or wireless, will come with installation guides and configuration utilities, and some will offer to install software on your computer. If you plan your installation properly, no additional software should be necessary. Your Windows system has a browser, and that should be all the software that you need to connect to your access point or router. Don't install unnecessary software.

The changes to a WiFi access point / router include Internet Protocol settings (like a wired NAT router), and WiFi settings. WiFi settings include:

• Connectivity settings.
  
  
  
  • Channel. You need a channel with no other devices within range, to get maximum bandwidth.
    
    
    
    • You can choose from any channel number 1 - 11 (in the USA). To minimise interference, and maximise satisfaction between WiFi neighbours, we choose between 3 non-overlapping channels 1, 6, and 11.
      
      
      
      Non Overlapping Channels
      Bottom ("1")
      Middle ("6")
      Top ("11")
      
      
      
    • With 802.11g-super, there is no channel choice. If a channel number is displayed, it will be "6", and be unselectable.
      
    • If there is any other network within range, using any channel which your router may use, you won't get maximum bandwidth. You will have to share the channel with your neighbor.
      
    
    
  • Interoperability. What standard will you use - 802.11b, 802.11b/g, 802.11g, or the newest (and currently not complete) 802.11n?
    
    
    
    • With 802.11b, you'll get a maximum bandwidth of 11M (half duplex).
      
    • With 802.11b/g (having a combination of 802.11b and 802.11g devices on your LAN), you will get between 11M and 54M (probably substantially less than 54M though). (Again, half duplex).
      
    • Only with 802.11g will you have a prayer of getting a full 54M (and that's with no 802.11b networks anywhere visible). (And still, half duplex).
      
    • If you have 2 802.11Super-G devices, from the same vendor, and no other WiFi devices are within range, you might be able to get 108M.
    • If you get 802.11n equipment, and have no other networks within range, you might get 108M or higher. This simply can't be objectively predicted, for any location, though.
    
    
    
    
  
  
• Security settings.
  
  
  
  • Authentication. How will the wireless clients identify themselves to the router?
    
  • Encryption. How will the wireless clients keep your communications, between themselves and the router, private?
    
  • Logging. How will YOU know what is happening on your WiFi LAN?
    
  • Visibility. Hiding the SSID will not help you, and may hurt network performance. Setup a unique, yet not personally identifying SSID. If you have multiple APs, use the same SSID on each AP, to enable roaming by the clients.
    
  • The issue of Security is covered, in detail, in my article Setting Up A WiFi LAN? Please Protect Yourself!. Please note the above details.
    
  
  

Setup The Clients
Having made the necessary changes, you are free to turn the radio portion of the router on, and to setup the wireless clients. If your main computer also has a WiFi adapter, you can now remove the Ethernet cable between that computer and the router (but keep the cable handy for any future changes that you may make).

Setting up a wired LAN is simple - you connect the cables, things you can see and touch. With WiFi, you have the access point(s) out there - but you can't see or touch them. With WiFi, you setup the WiFi Client, which is a program provided by several vendors. Depending upon your setup, you may have any or all of these clients.

• The computer manufacturer.
  
• The WiFi adapter manufacturer.
  
• Microsoft.
  
• NetStumbler.
  

Before you install the WiFi adapter on your computer, check with the vendor, and see if any driver updates are available. This may include an update to the vendor's WiFi client.

Your access point can have only one WiFi Client managing it; having more than one Client active can cause conflicts. Conflicts can cause erratic performance, loss of connectivity, even the WiFi adapter may turn itself off. Know the possibilities, and only run one WiFi Manager at a time. If you choose to use the native Windows product - Wireless Zero Config aka WZC, consider applying the Wi-Fi Protected Access 2 / WPS IE (updated January 2007) update.

Each WiFi Client will present you with a list of visible access points. You choose, by signal strength, channels, and name, with which access points you wish to associate. The access points that you choose become your Preferred Access Points. The WiFi Client may periodically scan the spectrum for the strongest access point, and connect your computer to that access point. Note that this behaviour may be subject to SSID Visibility.

Any access points that you do not choose are still available for your use. Your WiFi Client probably has a selection to this effect - "Automatically connect to non-preferred networks", for instance, is a selection with the Windows Wireless Zero-Config Client. Make sure that this selection is not enabled automatically. You do not want your client to connect to your neighbors WLAN unexpectedly.

Some Clients also let you prioritise the preferred access points - so you make a list, then you order the list, from top (most preferred) to bottom (least preferred). Your client will then automatically connect you, at any time, to the more preferred access point that is available.

With any access point of interest, if it uses any authentication or encryption, you will have to enter the appropriate information. Your client will create a profile for that access point, and keep that profile available for the future. When you remove an access point from your preferred list, you will delete the profile. You will then have to re enter the profile information later.

Without the correct profile information, you cannot connect to the network provided by the access point. If your client tells you that you are connected (however strong the signal), but you have no IP configuration, check the profile. If in doubt, delete and re enter the profile.

Whenever you setup a WiFi client profile, make sure that you select the appropriate authentication options. Selecting 802.1x authentication, without the complete infrastructure, will cause problems.

When you setup the WiFi client, you'll be using the setup wizard provided by the vendor (or Microsoft). Understanding the above issues, and reading the instruction manual or guide for the WiFi equipment, is essential. See, for instance, Windows Cable Guy Windows XP Wireless Auto Configuration.

Tune The Wireless Setup
Having done the Initial Setup, and having Secured your WiFi LAN, you may want to tune the physical setup. Maximum bandwidth is based upon maximum signal strength. There are a few things that you can do, when installing the equipment, that will prevent you from getting maximum signal strength.

Having completed all of the above tasks, enjoy the freedom.

>> Top

Driver Updates From Microsoft? Please Pass.

To have a stable and secure system, you need to keep your software current. This includes downloading and updating both Microsoft, and third party, software.

Microsoft provides the Windows Update, and Automatic Update, facilities. On a monthly basis (or sometimes more often), Microsoft will issue recommended updates to the Operating System, to Microsoft applications, and even to third party drivers which may be relevant to your computer.

Whether you enable Automatic Updates, or retain control and monitor recommendations by Windows Update, is not the question here. Both have their advantages. But please, whatever you do, don't routinely download third party drivers from Microsoft.

Any time that you install a new computer accessory, consider the possibility that a firmware upgrade, for your product, was applied to units in the product line after your unit was packaged at the factory. The vendors aren't going to open each box, containing a given product, to apply a firmware upgrade. You have to do this yourself. So make it a consistent practice.

This is especially a relevant practice if one of the computers in your network is running Windows Vista. Right now, Windows Vista is subject to change; the drivers developed for Vista are, likewise, subject to change. Every change in Vista (and there have been a lot of changes since it was officially RTM) may affect a driver already released. Always check for new Vista drivers.

If there is a third party driver update that's relevant to your system, get it directly from the vendor, or from the manufacturer of the chip itself - that's what Microsoft does. Sometimes, what Microsoft may have available thru Windows Update is out of date, or is simply defective. You can get anything that's available directly from the manufacturer or the vendor, whenever you need it. If you need help locating the appropriate website, use Google, or websites like Network-Drivers.com.

But, whether you get updates from the vendor of the packaged product (whoever sold the computer to you), or from the manufacturer of the individual chip itself (who built the chip that needs the driver update), be selective about what you install.

• Find the manufacturer / vendor website.
• Read the documentation about the updates that are available, and decide whether what they offer will help you, with your specific problem.
• Download what they're offering, if you decide that you need it.
• Install the update, selectively removing the crap that you don't need.

Note that you need to be selective, when installing (or not) any driver update.

• Unless you see a security warning regarding your product in question, or you see mention of a specific problem that you're experiencing, be selective in what updates you apply. Don't waste time trying to fix what isn't broken.
• Any vendor of a consumer product probably bundles "extra offers" to "increase the consumer value" of what you install. Extra software, maybe trial offers of security products, is routinely added to many driver packages. Don't waste time applying software that you don't need.

Use Windows Update to keep your computer up to date with Microsoft products, but take its driver update notices simply as reminders. Then, if appropriate, follow the reminder, and get updates from the manufacturer or vendor, selectively choosing what you're offered.

>> Top

Re Install Your Network Hardware

Sometimes, even after repairing the network connection, repairing the LSP / Winsock stack, and / or re setting / re installing the network protocols, your problems continue. The next step is to fix a problem which may be in the bindings between the protocols and the network hardware.

First, always check with the hardware vendor, and find out if there's any driver updates available. Your problem may be something just resolved by the vendor, so download and install any driver updates, from the vendor.

If driver updates aren't available, or if installing them didn't fix the problem, then it's time to re install the hardware. Make sure that you have a good copy of the drivers, in an available location, before starting this procedure. If this is your only computer, back up any network resources, maybe print key articles in this blog, before taking your computer offline.

1. Un install the drivers for the network hardware.
   
2. Restart the computer, with the new drivers easily available.
   
   
   
   • Let the system discover the hardware again, or
     
   • Restart Device Manager yourself, and re install the drivers.
     
   
   
3. Restart the computer once more.
   

>> Top

Dealing With Physical Network Problems

Network connectivity issues can easily be caused by physical network problems. Always ensure that you have a reliable and working connection between each computer and another, or each computer and a router.

Diagnosing a possible problem with a wired connection requires checking 3 components.

• The network card on this computer.
  
• The network cable.
  
• The network card on the other computer, or the router port.
  

Does your computer connect to another computer or to a router? If to a router, try another port on the router - preferably swap ports with another, working computer. Also, swap network cables with another computer. Always test with currently known good components, when possible. And please, always start with a pre-made network cable - this is NOT the time to try making your own Ethernet cable!

Remember that the network card on this computer, and the network card on the other computer (or the router) are all computers in their own right. Each device uses drivers and / or firmware. Check with the vendor, and see if this is a known problem, and / or is there a driver or firmware update available? Whenever you have a problem, start with updated software. If you ever go the vendor for advice, that is the first thing they will ask you about.

Examine the network card, or read the manual. Make sure that it doesn't contain an embedded hardware firewall, like the nVidia nForce.

Also, look at whether the problem is constant and permanent, or chronic. If chronic, is there a pattern to when it occurs, and / or is there a consistent workaround? One common example of this possibility would be loss of connectivity when the computer is idle for an hour or so.

Read Practically Networked Problems with Network Cards for suggestions on dealing with problems that originate with a network card itself.

Run the Device Manager (System Properties - Hardware tab), find the network adapter in question, and Troubleshoot it. See if the system can identify a hardware problem.

Always use the right kind of network cable, and always have a spare on hand. If you are connecting a computer to a router, you'll probably use a straight-thru aka patch cable. If you are connecting two computers directly, you will probably need a cross-over aka null-modem cable. Some newer network cards may support use of a straight-thru cable, to connect directly to another computer. But always have a spare cross-over cable to diagnose this problem.

Does the network card, and maybe the router port, have one or two colored lights that light up or change color? Observing their behaviour, and checking the owners manual, could save you a trip to your nearby computer store to buy the wrong component.

On most network cards, the Green light indicates Link (connectivity), while the Yellow light indicates Transmission (activity). The Green light should be solid, while the Yellow light may be either blinking (light activity), or solid (heavy activity).

Windows XP has the Local Area Connection status indicator in the tooltray. Windows Vista has the Network System Icon. Both will indicate logical network status, in some detail, if enabled (Local Area Connection Properties "Show icon ...").

If a router is the other end of the connection, try checking the router access log too. Having a second computer is very useful here.

If your network includes WiFi components, your issues may be even more complex to diagnose.

• WiFi operates at Layer 2 of the OSI Network Model, but it has its own network setup procedures.
  
• Besides networking, WiFi involves radio (really). The WiFi radio signal won't be uniformly available in your work area; however, it will leak into your neighbours work area (and your neighbours signal into your area).
  
• You can control your own network, but you cannot control your neighbours network. And your neighbours network use will affect your network.
  
• You must protect your network from your neighbour's use of it, intentional or not.
  

... or maybe not. If you have no connectivity at all, check that the radios on the computer and on the router / AP are powered on. Seriously.

For more information about WiFi, see Microsoft: A Support Guide for Wireless Diagnostics and Troubleshooting.

And in some cases, if you have XP SP2 on the computer, the (KB893357): WPA2 / WPS IE update for XP SP2 may help.

For truly unacceptable problems, prepare to uninstall the drivers for one or more network adapters.

>> Top

Problems With The LSP / Winsock Layer In Your Network

Microsoft Windows, by default, uses Internet Protocol (IP) for all communications, whether locally (LAN) or remotely (WAN), though it will use other transports for LAN traffic, if you desire. The connection between the applications (programs that you run) on your computer, and the wires, whether physical (Ethernet) or logical (WiFi), is thru a series of programs, arranged in layers.

The Layered Service Provider (LSP) / Windows Sockets (Winsock) portion of the network stack is a key component in all network traffic, LAN and WAN. When it stops working, we say that it's "corrupted". The symptoms of corruption can be unpredictable. By "unpredictable", I've experienced / seen:

• Connectivity thru some services, but not all.
  • Low level services like ping may work, but email won't work.
  • Email might work, but not the browser.
  • If you have multiple browsers, maybe Firefox will work but Internet Explorer won't.
• Connectivity to local addresses, but nothing on the Internet.
• Connectivity to some computers on the LAN, but not others.
• Slow connectivity all around.
• Strange diagnoses / messages, mentioning mysterious objects like handles, semaphores, or sockets.
• Strange name / address resolution results (garbled names).

There are multiple possible solutions to an LSP / Winsock problem, and not one of them have been found to be consistently more effective than the others. Some of them may fix some problems, but find additional problems when run a second time.

Try each solution, if applicable to your system, one after the other, until your problem is resolved. If any of these tools recommend changes, and / or make any changes for you, yet the problems are not fully resolved, continue with the other tools. Then, repeat the entire list.

Each time any changes are made, repeat the diagnosis made previously. Verify that the problem is still with you.

If you do have an LSP / Winsock problem, ignoring it and investigating something easier will not make the problem go away. Be patient, and persistent.

1. Try the easiest solution first. Restart the computer, if you haven't yet done this.
2. Check for a DNS or MTU problem, which can imitate, or mask, a corrupt LSP / Winsock.
3. LSP-Fix.
4. WinsockFix.
5. Winsock2 Fix (Windows 98 / ME only).
6. WinSock XP Fix (Windows XP only).
7. For Windows Vista or XP only, use Windows native procedures. This will vary according to Service Pack level and Version.
   
   
   • To fix a corrupted LSP / Winsock in Windows XP pre-SP2:
     
     1. Backup and delete the following registry keys:

        [HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Winsock]
        [HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Winsock2]

     2. Reboot.
     3. Open the network connections folder, right click your network connection, and click Properties.
     4. Click Install | Protocol | Add.
     5. Click "Have Disk...", type "\windows\inf" in the box, and click OK.
     6. Click "Internet Protocol (TCP/IP)", then click OK.
     7. Reboot.
   • To fix a corrupted LSP / Winsock in XP SP2:
     1. Open a Command Window.
     2. Type "netsh winsock reset catalog" into the command window.
     3. Reboot.
   • To fix a corrupted LSP / Winsock in Vista:
     1. Open a Vista Command Window.
     2. Type "netsh winsock reset" into the window, and press Enter.
     3. Reboot.
   
   
8. Try a registry based rebuild, from Bob Cerelli, One Computer Guy. First, remove the corrupted registry keys. Next, apply the correct, standard registry keys. This will vary by operating system version.
   1. Windows 98.
   2. Windows ME.
   3. Windows 2000.
   4. Windows XP.
   Note no registry based fix is available for Windows Vista, as of yet.
   
9. An additional possibility is corruption in the TCP/IP components. Although LSP / Winsock provides part of the TCP/IP functionality, it is not solely a part of TCP/IP (it can include IPX/SPX and NetBEUI components). The IP stack is separate from LSP / Winsock, and sometimes you will need to (KB299357): reset TCP/IP in Windows Vista or XP, or reload TCP/IP in pre-Windows XP.
10. Next, Re Install Your Network Hardware - first the drivers, then the physical device (if possible).
11. Since system files may have been deleted or altered, try a repair install of Windows.

NOTE: LSPFix, and its peers, identifies and removes problems in the LSP / Winsock stack. If LSPFix, or one of its peers, identifies a stack entry as problematic, you have to trust it, and let it fix the problem. If your network is not working (which, I presume, is why you're here), give it a shot. Create a System Restore checkpoint, if you wish (and take a second checkpoint later, if the problem is fixed).

NOTE: If you're still unsure whether you can trust my advice, and put your computer at the mercy of some free software that you just downloaded, this is good. Be skeptical - that's the beneficial side of paranoia. Next, read Download Software Selectively. Finally, spend some time researching, as advised.

As a last resort, try and diagnose the problem, by enumerating the contents of the LSP. You might identify an unknown problem, and more than you might benefit from your efforts. LSP enumeration will vary, according to what operating system is running on your computer.

• For all operating systems, you can download (free), and use Autoruns, from SysInternals.
  
• For Windows XP SP2, you can use the native command, "netsh winsock show catalog".
  

For more information about LSP / Winsock problems, see the Microsoft articles

• (KB811259): How to determine and recover from Winsock2 corruption.
  
• (KB299357): How to reset Internet Protocol (TCP/IP) in Windows XP.
  
• (KB318584): "Operation Was Attempted on Something That Is Not a Socket" Error Message When You Try to Obtain an IP Address.
  

>> Top

Troubleshooting Network Neighborhood Problems

When you try to access a shared folder from Network Neighborhood / My Network Places, and get the dreaded "Access denied..." error, or when other computers don't show up there at all, you could have any one (or more than one) of several problems. Look closely at the complete and exact text, in any observed error messages; this can help diagnose many problems more effectively.

This article, like Troubleshooting Internet Service Problems, is structured like the OSI 7-Layer Network Model. If you have multiple problems with your network, you have to diagnose and fix the lower level problems first. If you don't, how can you diagnose the higher level problems?

Now before you start troubleshooting, note that you will enjoy it more, and frequently will be more successful, when you work on a properly designed and setup network. Once you've reviewed that, I recommend that you tackle the task at hand in this order.

• Physical Network Problems.
  
• Logical Network Problems.
  
• Address / Name Resolution Problems.
  
• Security Problems.
  
• Network Components and Services.
  
• Browser Problems.
  
• File Sharing and Permissions Problems.
  
• Virtual Private Networking.
  
• Identifying the Scope of the Problem.
  
• Asking For Help.
  

So what are the differences between this article, and Troubleshooting Internet Service Problems? Well, there is good new, and bad news. The good news - this problem is one you can solve yourself, without involving your ISP, or LEC. The bad news - there are a lot more network details that you will have to deal with.

>> Top

Physical Network Problems
The content of Network Neighborhood / My Network Places is cached on your computer, and what you see there could have been placed there as much as an hour ago. Since then, the server that you're trying to access could have been:

• Turned off.
  
• Disconnected, intentionally or unintentionally.
  
• Moved out of range, if on a wireless LAN.
  

Make sure that you don't have a simple physical network problem. And make sure that all computers are directly connected, on the same LAN segment, if at all possible.

Try and diagnose physical network problems from the bottom up.

>> Top

Logical Network Problems

Given a little preparation (have the correct device drivers available), you should be able to re install the drivers for the network adapter without too much trouble. This is usually one of the last things tried, but can be one of the easiest.

The content of Network Neighborhood / My Network Places comes from messages ("Server Message Blocks", aka "SMBs") sent from computer to computer. In Windows Networking, SMBs are most frequently transported over TCP/IP, and proper TCP/IP settings are essential. If you're unfamiliar with IP configurations and networking, ask for help.

Note that SMBs are generally sent over NetBIOS Over TCP/IP, aka NetBT. In large LANs, with a properly setup domain structure, SMBs can be bound directly to IP; this is known as directly hosted SMBs.

Also, a corrupt LSP / Winsock layer can have an effect on Network Neighborhood, just as it affects any network activity. If you've just removed adware / spyware, this is always a possibility.

Are all of the computers on the same subnet, physically and logically? Or did you, for some reason, setup a LAN with 2 routers?

>> Top

Address / Name Resolution Problems
In Windows Networking, using SMBs over NetBT, properly configured name resolution is important. Run "ipconfig /all" and verify the Node Type. An inappropriate Node Type will prevent name resolution, or slow it down.

Any time you run a diagnostic like browstat, ipconfig, ping, or anything else that lists a computer name, and the name is garbaged or contains non alphanumeric characters, a corrupt LSP / Winsock layer is a very good possibility. A problem in the Hosts or LMHosts file can have the same effect.

If an actual "error = 53" message is one of your symptoms, this literally means "host name not found", but there are several possible causes for this scenario. Name resolution configuration is just one of the possible causes.

Most of these instructions are written to focus on the needs of workgroup infrastructures, though domains also apply in most cases. If you're using directly hosted SMBs, consider the needs of domain based name resolution.

>> Top

Security Problems
You need a personal firewall on each computer, but your personal firewall has to be properly setup and used. A misconfigured or misbehaving personal firewall, on a computer, can block access to the server that it's protecting.

If you disable your personal firewall, and the problems stop, then you at least know where to start working. But if the problems don't stop, don't assume that the firewall is not the problem. Many personal firewalls do not react properly to being disabled, and will continue to cause problems after being disabled. And look for a previously overlooked firewall, such as one bundled with your antivirus protection. There could even be a hardware firewall, sitting inside your computer. The nVidia nForce is probably the first, but surely not the last, device of this type.

Misbehaving and misconfigured firewalls, and overlooked firewalls, are probably the most common root cause of problems with Windows Networking, in the cases where I have been able to provide assistance.

And remember that, if you're using an alternate transport such as IPX/SPX or NetBEUI, a firewall will provide no protection.

>> Top

Network Components and Services
Windows Networking depends heavily upon half a dozen key networking components and services. Depending upon the role played by any computer, it may require some, or all, of these components and services, to work properly.

If you add or change any network components, run the Network Setup Wizard before continuing.

If you're using a NAT router as the DHCP server (and most of you will be), please Enable NetBT explicitly, except for specific circumstances. Make this setting consistent across your entire LAN.

If your LAN

• Has a domain.
• Has computers running only Windows 2000, Windows 2002 (aka Windows XP), and Windows 2003 (aka Server 2003).
• Uses DNS, properly setup, for name resolution.

then you may wish to disable NetBT, and use direct hosted SMBs.

If TCP/IP can't be used properly, SMBs using an alternate protocol such as IPX/SPX or NetBEUI may provide immediate access to shares, but still cause "access denied" errors here. If you are using an alternate protocol (listed in the network items list in Local Area Connection - Properties), you may have problems with Network Neighborhood / My Network Places. Please remove both IPX/SPX and NetBEUI, unless one is absolutely needed. You certainly should not need both.

There is one exceptional circumstance where IPX/SPX may be needed. Please follow the complete instructions precisely - using TCP/IP here won't help the browser, and it will cause major security problems.

And sometimes when you run the Network Setup Wizard, you may end up with IPV6 aka Teredo Tunneling, which is not compatible with Windows Networking. You must remove IPV6, at least to diagnose the problem.

>> Top

Browser Problems
The content of Network Neighborhood / My Network Places comes from a subsystem known as the browser. At least one computer must be running the browser service, but having too many browsers can result in a browser conflict.

A master browser conflict can cause various problems in Network Neighborhood. A master browser conflict can have numerous causes. Running Browstat is a good way to start looking for browser related problems.

With Windows XP, computers only display in Network Neighborhood if there is actually a share (and not an administrative $ share either) created. Servers with no shares don't get enumerated by the browser, so they won't be seen in Network Neighborhood.

Available and visible shares, on servers in the same workgroup as your computer, will get listed in the root of Network Neighborhood (My Network Places). Other workgroups, with their computers, will be listed under Entire Network - Microsoft Windows Network. If another computer isn't visible where you think it should be, verify the workgroup name (of the other computer, and of your computer) in System Properties - Computer Name.

An "access denied" message, or inability to see a server in Network Neightborhood, can be caused by the restrictanonymous setting. And a totally invisible server can also be caused by the Hidden setting.

A "network path was not found" message, when referring to the master browser in a browstat log, can be caused by the Remote Registry Service not running on the master browser. Running a server with XP Home, as the master browser, is a bad idea - XP Home does not have the Remote Registry Service, as it does not provide for any administrative access thru the network.

Do you have a network with computers running both Windows 9x (95, 98, ME) and Windows NT (NT, 2000, 2003, XP)? If so, you'll need to check for browser conflicts between computers running the two different operating system families.

Does your domain / workgroup occupy multiple subnets? If so, you need to know about Browsing Across Subnets.

The browser can be a tricky problem to tackle. If you're unsure about how to deal with it, ask for help.

>> Top

Sharing - Naming and Permissions Problems

The names used for the shares, and other factors, can make a difference in their accessibility.

Windows 95 / 98 clients will have a problem with (KB160843): share names with more than 12 characters.

Windows NT / 2000 browser servers will have a problem with (KB231312): server comments greater than 48 characters.

You can get "access denied", and other symptoms, from actual lack of permissions to access the desired share. Shares with name ending in a "$" (Administrative shares) won't be accessible, if the server is depending upon Guest authentication, since Guest doesn't have administrative access.

Either the restrictanonymous setting, or the RestrictNullSessAccess setting, can cause lack of access to a share, if you're attempting Guest authorised access. The latter can even affect shares selectively - some may be accessible, others not.

>>Top

Virtual Private Networking
Windows Networking, in general, involves local connectivity. Resource sharing is more effectively done when client and server are physically located near each other.

What if you have two offices, located at distance from each other, and want to use the Internet to provide communications between the two? This would be a point to point connection, formally setup between the two offices. A Virtual Private Network is a pre-configured, secure communications tunnel, through an otherwise insecure network (aka the Internet), between two locations.

A VPN has to be deliberately designed and setup, from both ends. An improperly designed VPN may cause more problems than it solves.

>> Top


Identifying the Scope of the Problem.

I've developed two simple utilities for checking your network, to identify the scope of a network problem. Both utilities are most useful when run from each computer, with output from all runs aggregated, and compared in masse.

The first utility, CDiag, examines your network by knowing the name and address of each computer. CDiag uses native Windows commands only, and runs from each computer without any explicitly granted network access to other computers.

The second utility, CPSServ, examines your network by automatically discovering each computer. CPSServ requires prior download of PSService, which is part of the free SysInternals PSTools utility. Neither CPSServ nor PSTools require any effort to install. PSService does require administrative access to each computer, so it won't be terribly useful on a network with XP computers running XP Home.

Documentation of both utilities is in progress, so be patient. Limited CDiag documentation is currently available.

>> Top

Asking For Help
If you're reading this article because you need help, please start by reading my Privacy Statement.

Spend a few minutes reading about How To Solve Network Problems.

Provide some background information about the problem, and about your network in general.

Ensure that each computer is Physically, and Logically, connected to your network, to your best ability.

>> Top

Next, provide ipconfig information for each computer. You'll do this from a Command Window (or a command window in Windows Vista).

1. Type "ipconfig /all >c:\ipconfig.txt" (less the "") into a command window (or a command window in Windows Vista). Only type the command into a command window - do not type Start - Run - "ipconfig /all...".
   
2. Type "notepad c:\ipconfig.txt" (less the "") into the same command window.
   
3. In Notepad, make sure that Format - Word Wrap is NOT checked!.
   
4. Copy and paste entire contents of the file into your next message, properly formatted.
   
5. Identify operating system (by name, version, and Service Pack level) with each ipconfig listing.
   
6. Please don't munge or omit any detail, as there is nothing provided by ipconfig that could provide help, to any bad guy, in identifying an entry point to your LAN. The good guys, on the other hand, may need any or all of the details, to accurately diagnose your problem. Help Us To Help You.
   

Did you just run ipconfig, and get good output (similar to what's described in the ipconfig article?). Ok, fine, continue and examine the output as instructed below. If you ran it, and got no response, or no output, or if a window opened and closed so quickly you couldn't read anything, please read my article on Using The Command Window.

Take a look at Reading IPConfig and Diagnosing Network Problems, if you're interested. Or, given a complete and unmunged set of "ipconfig /all" logs, I'll simply plan to use CDiag for the next step.

Next, provide "net config server", and "net config workstation", for each computer. You'll do this from a command window (or a command window in Windows Vista).

1. Type "net config server >c:\netconfig.txt" (less the "") into a command window (or in Windows Vista). Only type the command into a command window - do not type Start - Run - "net config...".
   
2. Type "net config workstation >>c:\netconfig.txt" (less the "") into that command window (or in Windows Vista). Note the ">>" here! Only type the command into a command window - do not type Start - Run - "net config...".
   
3. Type "notepad c:\netconfig.txt" (less the "") into the same command window.
   
4. In Notepad, make sure that Format - Word Wrap is NOT checked!.
   
5. Copy and paste entire contents of the file into your next message, properly formatted.
   

Finally, provide browstat information for each computer. You'll do this from a Command Window (or a command window in Windows Vista). Note that, as indicated in the article, you must download browstat (it's free, and small), as browstat.exe is not a normal component in Windows. Read the article, please.

1. Type "browstat status >c:\browstat.txt" (less the "") into a command window (or a command window in Windows Vista). Only type the command into a command window - do not type Start - Run - "browstat status...".
   
2. Do you have any Windows 9x (95, 98, ME) computers? If so, type "browstat listwfw >>c:\browstat.txt" into the command window (NOTE the ">>").
   
3. Type "notepad c:\browstat.txt" (less the "") into the same command window.
   
4. In Notepad, make sure that Format - Word Wrap is NOT checked!.
   
5. Copy and paste entire contents of the file into your next message, properly formatted.
   

Did you just run browstat, and get good output (similar to what's shown in the article?). Ok, fine, continue and examine the output as instructed below. If you ran it, and got no response, or no output, or if a window opened and closed so quickly you couldn't read anything, please read my article on Using The Command Window. If you ran it, and got "invalid command", "'browstat' is not recognized as an internal or external command...", or similar, please read my article on Using The Path.

See The Browstat Utility from Microsoft, for information on downloading, installing, running, and interpreting logs from, browstat.

Both browstat, ipconfig, and net config produce a lot of output - and if you're unfamiliar with networks, it may look like gobbledegook. But all of it may be useful to the folks who want to help you, so be generous and precise. And please provide the information in text, don't make a picture attachment. Attachments are not appreciated in the forums where serious help is given, and some helpers won't be very courteous if you send attachments.

And, if you truly want serious and well thought answers for your problems, learn how to ask serious and well thought questions. Again, Help Us To Help You.

>> Top