Blocked Internet Connection

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Last night I was using my Thinkpad P50 (Windows 22H2) as usual. When I went to bed I simply left it—as I often do—in situ without putting it to sleep.
This morning the internet and local network are completely inaccessible.
All browsers report that the internet has been blocked.
Running a ping from the command prompt results in General failure
Ethernet and WiFi connections appear to be working nominally.
Windows Troubleshooter reports no issues (except that it cannot connect to microsoft.com)

Thus far I have tried the following several times in various orders:
  • Disabling Windows Firewall (& restart)
  • netsh winsock & IP reset, Flush DNS (& restart)
  • Uninstall network adapters (& restart)
I don't use:
  • Third-party firewall or virus/malware monitoring software (I run Malwarebytes on occasion)
  • VPN (I run Proton VPN on rare occasions. I uninstalled it for testing)

My other laptop and my phone can access the internet without issue, as can the P50 when booted into an Ubuntu live environment (which is how I'm here now).

I'll continue to troubleshoot but I'm really rusty and would value any insights or tests that I might have missed.
I'm currently preparing a Windows 10 USB installer in the hope of running some of the included recovery tools.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,273
Location
I am omnipresent
You do or don't have an real IP? A 10.whatever or 192.whatever vs a 169.254.whatever?
Can you access local shared folders or printers or is name resolution the biggest issue? Can you get to a share by netBIOS name or IP?
What's your Provider Order (Network Connections, hold down ALT, Advanced settings) look like?
Have you tried manual IP and dns assignment?
Did you check for Malware?
Do you have a Hyper V virtual switch or bridged connection installed?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,728
Location
Horsens, Denmark
This sounds vaguely like something I had years ago. IIRC, I followed instructions online to remove and reinstall the TCP/IP stack (more than just the NIC).
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
You do or don't have an real IP? A 10.whatever or 192.whatever vs a 169.254.whatever?
Yes, sorry, the machine is picking up an IP over DHCP on both Ethernet and WiFi.
Can you access local shared folders or printers or is name resolution the biggest issue? Can you get to a share by netBIOS name or IP?
Aside from my phone this laptop is the only device on the LAN, but I can't even access the router.
What's your Provider Order (Network Connections, hold down ALT, Advanced settings) look like?
Screenshot 2024-10-04 144150.png

Have you tried manual IP and dns assignment?
I tried manual DNS; I'll try setting a manual IP.

Did you check for Malware?
Yes, with Malwarebytes. I downloaded a new installer on another machine to get the latest definitions.

Do you have a Hyper V virtual switch or bridged connection installed?
Nerp.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
This sounds vaguely like something I had years ago. IIRC, I followed instructions online to remove and reinstall the TCP/IP stack (more than just the NIC).
Right, that's what netsh int ip reset does.
I've tried that half a dozen times already. This is something more nefarious.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Can you revert to the last restore point or partition image created?
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Can you revert to the last restore point or partition image created?
I'll try that.


I just booted into the recovery environment and uninstalled the most recent Windows Update but that didn't help.

Also, I just noticed that the system time on my P50 was set 4 hours ahead, to 20:00 when it's only 16:00.
I don't know if it's a cause or a symptom but it's always cause for concern.

I changed it back manually and checked my router's time, which is also at 20:00. I corrected that as well.

That doesn't explain why my spare laptop and my phone are able to connect.
 
Last edited:

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
I've booted into Ubuntu live environment again and am scanning the Windows partition with ClamAV.
...
Now scanning with Kaspersky Rescue Disk.
 
Last edited:

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Since I don't know all about IT support, I simply restore the whole C: with Acronis or Macrium Reflex, etc. That takes less than 5 minutes and fixes anything done at the software level. Obviously it does nothing for a bad HDD/SSD or power supply or some external factors.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Since I don't know all about IT support, I simply restore the whole C: with Acronis or Macrium Reflex, etc. That takes less than 5 minutes and fixes anything done at the software level. Obviously it does nothing for a bad HDD/SSD or power supply or some external factors.
I've been derelict in my backup routine but I actually do have a copy of this system on the drive I swapped out a few weeks ago. I like a fresh system as much as the next guy but the thought of spending hours reinstalling and configuring all my software is more objectionable than the thought of spending hours chasing down gremlines.

I'm going to use DISM to check the system files and if that doesn't work I'll probably just bite the bullet and reformat (or install on a different drive).
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,273
Location
I am omnipresent
Honestly something like this would piss me off enough to keep digging vs. wipe and reload. The biggest problem I have for doing that with personal systems is putting security certificates, private networks and database connections back. It's not like any one of those things is a big deal but I have a lot of them.

I went through around three days of inexplicable issues with RDP connections to and from my workstation when I upgraded it to Windows 11. The new workstation doesn't do that. Sometimes something just breaks.

I just tried it. No error.

OK. You have an IP and no error. Do you have access to the router's web interface? What happens if you use external DNS, like 8.8.8.8?
Does your router show your PC as a device on the LAN? Could it be something as simple as a cable gone bad?
Can your phone see your PC over a file management client (Solid Explorer on Android, for example)?
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Honestly something like this would piss me off enough to keep digging vs. wipe and reload.
I feel you, bro. I have that same tenacity. I've spent the last 14 hours (minus nap time) banging my head against this. I just know that at some point I'm going to want to use my computer for something other than troubleshooting itself.
OK. You have an IP and no error.
Right.
Do you have access to the router's web interface?
No, not from the P50. Only from my much older Thinkpad T520 and from my phone.
What happens if you use external DNS, like 8.8.8.8?
Nada. DNS doesn't seem to be the issue. I can't even reach the router at the gateway address.
Does your router show your PC as a device on the LAN?
Yup. It shows one connection for Ethernet and another for WiFi
Could it be something as simple as a cable gone bad?
The cable is good. I've been swapping it back and forth between the two laptops on my desk. The cable also runs directly to the router with no intervening hardware.
Can your phone see your PC over a file management client (Solid Explorer on Android, for example)?
Solid explorer doesn't see the P50 but it does see the T520.
The T520 sees only itself.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Also, the time on the P50 keeps slipping four hours ahead for some reason, even though I keep manually setting it.

Speaking of which, I'm falling asleep at my desk so I'm going to have to pick this up in the morning.

Thanks for all the help so far, fam. 🙏💤
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
New observation:
07:15 Invoked Windows 10's Network Reset function. Didn't work.

I'm thinking of installing a third-party firewall like TinyWall to see if it doesn't knock something loose.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
TinyWall didn't solve anything directly but I filtered its connections window to show only active connections and it displayed an svchost process and something called MuseHub (which I promptly uninstalled). Then later it briefly showed MsSense.exe. I looked up the remote IP address 172.172.255.216 but can't find anything useful. Sysinternals Process Explorer doesn't show anything obviously amiss. I wonder if I'm barking up the wrong tree with this lead.
 

Attachments

  • Screenshot 2024-10-05 124009.png
    Screenshot 2024-10-05 124009.png
    620.3 KB · Views: 1
  • Screenshot 2024-10-05 120642.png
    Screenshot 2024-10-05 120642.png
    20 KB · Views: 1

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Here's another TinyWall screenshot from after a fresh reboot.
Dunno yet if it reveals anything meaningful about my situation.
Note that one of those svchost processes is now using IPV6.
Also note that the remote address is now .217 instead of .216
1728136663057.png
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
I ran a file comparison using Beyond Compare between the P50's current drive and the previous drive (of which it's a recent clone) but there were tens of thousands of differences which I couldn't possibly parse in any meaningful way.

I'm thinking maybe a registry comparison would might provide more useful information but I can't remember what tools I used to use that can compare a live registry to that on another drive.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,273
Location
I am omnipresent
You'll find thousands of registry differences as well though.
BUT, as a last stab at a fix, you could upgrade to Windows 11, just to see if it magically fixes itself. If you downgrade back, you'll have a modest number of defaults you'll have to fix, but I'll bet that if it starts working on 11, it'll work when you drop back to 10 as well.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
My computer tells me it won't run Windows 11 but if I know OS enthusiasts, there's probably a workaround.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
It is called Rufus and it is at Rufus.ie.
Oh, I've been using Rufus forever. Didn't know it could do that.

Sadly, I started dicking around with swapping drives and at one point when I plugged the drive in question (nVME) back into its slot, the computer booted into a sort of blue screen error which I've thus far been unable to resolve. I tried running SpinRite on it because sometimes it works magic but it didn't help this time.

So now I can't boot into Windows in order to try the Windows 11 upgrade-in-place.

It's been ages since I've spent this much time delving into an issue instead of just nuking. Really takes me back 👴
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Is it 7th gen or older iNtel not allowing Win 11 or is it the TPM? Maybe it's time to buy a new laptop.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,357
Location
Gold Coast Hinterland, Australia
Is it 7th gen or older iNtel not allowing Win 11 or is it the TPM? Maybe it's time to buy a new laptop.
IIRC Primarily lack of TPM on 7th gen era systems, so I would assume they just decided to make it easier on the consumer to rule out 7th gen CPUs as well despite there being no technical reason on the cpu side...

I've had a look to see if any new CPU extensions were added in 8th gen Intel, and I can't find any. (There are no differences in supported CPU instructions between Skylake (6th gen), Kaby Lake (7th gen) and Coffeelake (8th gen) architectures, other than some of the Pentium/Celeron variants removing AVX/AVX2 instructions on the 8th gen side).

In fact, I can't find any new instruction extensions, except for SHA (Goldmont in ~2016), Secure Memory Extensions (AMD Zen) and Total Memory Encryption (IceLake, Xeon, 10th gen mobile, and some 11th gen desktop).
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
It was my understanding that the OS dividing lines are not necessarily technical, but practical business decisions. MS will not support old hardware forever. They enforced Win 10 on the 7th gen when they were virtually the same as the 6th gen.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,273
Location
I am omnipresent
There's an i9-7900k workstation on my desk in my office. It has 64GB RAM and some kind of low-end Quadro GPU in it and that thing is by no means a low end PC, but it can't run Windows 11. I finally got tired of messing with having to specially prepare upgrade media for it and switched it to Windows Server 2022, which is built from the Windows 11 codebase and does not have the hardware compatibility nonsense that Windows 11 does.

Which I think says a lot about how important that TPM compatibility really is.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Okay; Plot twist:

A few months ago I tried to access company email on my P50. I went through the 2FA rigamarole but was ultimately unable to gain access. The next workday, my local IT guys told me that I'd unwittingly enrolled my machine in MS Intune and said they'd un-enroll me.

Shortly thereafter, global security began regularly texting me, asking why I'm using my personal PC for work. I explained to them multiple times that I wasn't, but for some reason it didn't sink in. Probably a flag they neglected to clear on their end.

As it turns out, the machine (despite Local IT's claim to the contrary) was still enrolled in Intune, granting global security clear access to my file system.

Unbeknownst to me at the time, late last Thursday night (early morning for them), global security apparently discovered "ransomware" on my machine and forcibly cut it off from network access and revoked my account password. As I don't work Fridays, I had no idea about this, so when I discovered no internet on Friday, IT didn't factor into the equation.

On Sunday (my Monday) afternoon, after I'd already formatted the drive, and while I was preparing to head to work I finally noticed that I couldn't log into Teams or into any of my Excel sheets on my phone, which was odd. When I got to the office I found a paper note sitting on my desk, instructing me to visit IT and have my password reinstated.

That's when I learned about global IT's escapade, and that had likely crippled my internet using a group policy of some kind.


I suspect that if I reflect on this for long enough a lesson will emerge.
 
Last edited:

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Are you saying the P50 was your personal computer? I've sometimes had to use it over the Citrix, but I always restore C: after use.
Buy yourself a copy of Macrium. It saves much grief.
 

Piyono

Storage is cool
Joined
Jan 25, 2002
Messages
599
Location
Toronto
Are you saying the P50 was your personal computer?
Yes. It was the subject of this thread.
Buy yourself a copy of Macrium. It saves much grief.
I lack discipline when it comes to backups. Most nights I'm too lazy to even plug in my USB drives for a local backup.

But how is Macrium different than something like Clonezilla or DriveImage XML?
Is it automated? Does it have a huge installation footprint? Does it call home all the time?
I guess I have some YouTubing to do.
 
Last edited:

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
It's just one option. Try the demo version. The paid (perpetual license) version has incremental backups, rapid delta restore, encryption, and a number of features that make it easy for a regular person not in IT to use. I normally travel with a bootable USB that has at least one image set so I can recover from anything, even replace the boot SSD in the laptop, whether on a boat in the ocean, in a mountain cabin, a tent in Africa, etc.
You can probably find an older free version online. I restore so often that the rapid delta restore alone is worth my time.
 
Top