Smokey's Security Weblog

veritas odium parit

How to recover a really dead Windows XP (SP2/SP3) TCP/IP stack

About this article

Author/source: Hublerb – Tech Support Guy

– Complete destruction and restoration of dead TCP/IP stack
– Recovery from fatal failure or partial or complete corruption of TCP/IP

Related error messages / occurances

– IP Driver Error Code 2.
– TCP/IP network transport is not installed error message from active sync.
– TCP/IP driver missing from devmgmt.msc showing hidden devices.
– Ipconfig produces immediate failure message.
– An Internal error occured: The request is not supported.
– Unable to query host name.
– The specified device instance handle does not correspond to a present device message regarding DHCP service in services.msc
– Net start tcpip >>> fails with system error 2, The system cannot find the file specified.
– Ping error: Unable to contact IP driver, error code 2.
– Repair Local Area Connection: Failed to query TCP/IP settings of the connection. Cannot proceed.
-TCP/IP Protocol Driver Service Failed To Start, system cannot find the file specified.
– The TCP/IP Protocol Driver service failed to start due to the following error:The system cannot find the file specified.

Failed repair methods

– Netsh int ip reset resetlog.txt >>> no effect
– Non-full reinstall of TCP/IP using only the have disk method. >>> no effect
– Netsh Winsock reset >>> no effect
– Winsockxpfix >>> no effect
– Reinstalling network card >>> no effect

Solutions

Repair install

1. Insert and boot from your WindowsXP CD
2. At the second R=Repair option, press the R key
3. This will start the repair
4. Press F8 for I Agree at the Licensing Agreement
5. Press R when the directory where WindowsXP is installed is shown. Typically this is C:\WINDOWS
6. It will then check the C: drive and start copying files
7. It will automatically reboot when needed. Keep the CD in the drive.
8. You will then see the graphic part of the repair that is like during a normal install of XP (Collecting Information, Dynamic Update, Preparing Installation, Installing Windows, Finalizing Installation)
9. When prompted, click on the Next button
10. When prompted, enter your XP key
11. Normally you will want to keep the same Workgroup or Domain name
12. The computer will reboot
13. Then you will have the same screens as a normal XP Install
14. Activate if you want (usually a good idea)
15. Register if you want (but not necessary)
16. Finish

Hardcore method when nothing else is working

Step #1

1. Locate the Nettcpip.inf file in %winroot%\inf, and then open the file in Notepad.
2. Locate the [MS_TCPIP.PrimaryInstall] section.
3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0x80.
4. Save the file, and then exit Notepad.
5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
6. On the General tab, click Install, select Protocol, and then click Add.
7. In the Select Network Protocols window, click Have Disk.
8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.
9. Select Internet Protocol (TCP/IP), and then click OK.
Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.
10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
11. Restart

Succesfull uninstallation of TCP/IP will remove numerous keys from the registry including:

HKLM/system/CurrentControlSet/services/tcpip
HKLM/system/CurrentControlSet/services/dhcp
HKLM/system/CurrentControlSet/services/dnscache
HKLM/system/CurrentControlSet/services/ipsec
HKLM/system/CurrentControlSet/services/policyagent
HKLM/system/CurrentControlSet/services/atmarpc
HKLM/system/CurrentControlSet/services/nla

These represent various interconnected and interdependant services.

For good measure you should delete the following keys before reinstalling TCP/IP in step #2:

HKLM/system/CurrentControlSet/services/winsock
HKLM/system/CurrentControlSet/services/winsock2

Step #2

Reinstall of TCP/IP

Following the above substep #3, replace the 0x80 back to 0xa0, this will eliminate the related “unsigned driver” error that was encountered during the uninstallation phase.

Return to “local area connection”> properties > general tab > install > Protocol > TCP/IP

You may receive an “Extended Error” failure upon trying to reinstall the TCP/IP, this is related to the installer sub-system conflicting with the security database status.

To check the integrity of the security database
esentutl /g c:\windows\security\Database\secedit.sdb

There may be a message saying database is out of date
First try the recovery option
esentutl /r c:\windows\security\Database\secedit.sdb

If this don’t work for you, you needthe repair option
esentutl /p c:\windows\security\Database\secedit.sdb

Rerun the /g option to ensure that integrity is good and database is up to date.

Now return to the “local area network setup”
Choose install > protocol > TCP/IP and try again

Reboot.

Author / Source: Hublerb – Tech Support Guy

Advertisements

July 20, 2008 Posted by | Advisories, Friends, Uncategorized | , , , , , , , , , , , , , , , , , , , , , , , | 86 Comments