Outbound connections blocked to internal workstations

Outbound connections blocked to internal workstations

Postby boundless316 » 2010-08-16 20:03

I've got several WinXP Pro PC's in a Windows 2008 domain all with UltraVNC installed. Every PC in the domain can connect to any other PC using VNC except one. This one, let's call it PC1, will accept incoming VNC connections but is unable to connect to any other workstations.

For example, PC2 can establish a VNC connection to PC3 and vice versa and both PC2 and PC3 can connect to PC1 but PC1 is unable to connect to PC2 or 3.

No firewalls are enabled on PC1, I've even gone so far as to disable the Windows Firewall service and uninstall TrendMicro. I've re-installed UltraVNC. I've tried other VNC apps, all with the same result. I've tested an entire range of outbound ports using firebind.com, all showed as open. And I've tried switched the VNC listen port to 80 on one of the PC's. Nothing has made a difference.

Any ideas?
boundless316
 
Posts: 5
Joined: 2010-08-16 19:15

Re: Outbound connections blocked to internal workstations

Postby B » 2010-08-16 20:17

What specific errors are you getting? What happens when you connect with the UltraVNC viewer? What happens when you connect via a browser? What happens if you telnet to one of the other machines (e.g., to port 80 on the one you altered)? Is that PC1 machine otherwise able to use local and Internet resources, including http, ftp, SMTP, etc.?

Was there at any point either ZoneAlarm or a Norton product installed on PC1? (These can be ridiculously persistent corruptors of the network stack - even after being uninstalled and even in Safe Mode!)
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Outbound connections blocked to internal workstations

Postby boundless316 » 2010-08-16 20:30

It's a general time out error. ZoneAlarm and Norton have never been installed. PC1 is able to use all other network resources.

I've never tried connecting via a browser, I wasn't aware you could until now. I'm guessing that's where the Java viewer comes into play. What do I need to do? Point the browser to PC1:5800, or whatever I have the Java listen port set to?
boundless316
 
Posts: 5
Joined: 2010-08-16 19:15

Re: Outbound connections blocked to internal workstations

Postby B » 2010-08-16 21:28

It might help to post the specific wording of the error. I've never heard of significant problems with the viewer like this. Try the telnet tests if you get a chance (you may have to install it from disk).

Yes, http://pc2:5800 (not http://pc1:5800 obviously) should do it, <b>if</b> the Javaviewer is currently enabled on that target server PC.
Last edited by B on 2010-08-16 21:29, edited 1 time in total.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Outbound connections blocked to internal workstations

Postby boundless316 » 2010-08-17 15:31

Sorry for the delayed response, these are workstations off site, had to wait for the all clear before I could test. Ok, so I tried the Java viewer and came up with the same results. Other workstations can connect to PC1 but PC1 is unable to connect to other workstations. Telnet test results were the same.

The exact error message is "unable to connect to host: Connection timed out (10060)" When testing the Java viewer it's just the standard "Internet Explorer cannot display the webpage".
boundless316
 
Posts: 5
Joined: 2010-08-16 19:15

Re: Outbound connections blocked to internal workstations

Postby B » 2010-08-17 15:46

And yet you're saying that PC1 <b>can</b> browse to other web pages? Are there any <b>local</b> web pages it can browse to? (Intranet, test web site, local http enabled file share or NAS)

This makes no sense.

1. You can browse to http://yahoo.com from PC1, PC2, and PC3.

2. You can browse to http://pc3:5800 from PC2.

3. You can <b>not</b> browse to http://pc3:5800 from PC1.

Is that accurate? Are we sure these are on the same LAN? What are the IP addresses involved? Routing?
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Outbound connections blocked to internal workstations

Postby boundless316 » 2010-08-17 16:07

B wrote:And yet you're saying that PC1 <b>can</b> browse to other web pages? Are there any <b>local</b> web pages it can browse to? (Intranet, test web site, local http enabled file share or NAS)

This makes no sense.

1. You can browse to http://yahoo.com from PC1, PC2, and PC3.

2. You can browse to http://pc3:5800 from PC2.

3. You can <b>not</b> browse to http://pc3:5800 from PC1.

Is that accurate? Are we sure these are on the same LAN? What are the IP addresses involved? Routing?


I know!! It's infuriating! It's one of those situations I just have to laugh at otherwise I might throw the computer off the roof! :crazy:

And yes that is entirely accurate. All PC's involved are on the same subnet, there is no routing involved. To make it even more insane, PC2 and PC3 can browse to http://PC1:5800 with no problems!!!

The IPs are 192.168.10.104, .105 and .110 respectively. All pulled from the same DHCP server and all using the same DNS server .30.

Edit: Oh! I forgot to mention PC1 will not connect to any other workstations via IP address either. I tried http://192.168.10.105:5800 from PC1 and got the same "Page cannot be displayed" error.
Last edited by boundless316 on 2010-08-17 16:20, edited 1 time in total.
boundless316
 
Posts: 5
Joined: 2010-08-16 19:15

Re: Outbound connections blocked to internal workstations

Postby B » 2010-08-17 16:44

If you're quite sure there are not now and have never been software firewalls (other than Windows Firewall) involved, the only other thing I can even think of is spyware / malware....

You might also try a “netsh int ip reset all” and/or “netsh winsock reset catalog” on PC1....
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Outbound connections blocked to internal workstations

Postby boundless316 » 2010-08-18 13:33

BAH! Kill it with FIRE!

So I reset the IP and Winsock stacks, nogo. Tested from safe mode, hoping that if it was malware/spyware it wouldn't load, nogo. I'm running Malwarebytes now and plan to follow it up with the Windows OneCare scan just in case.

Any other ideas besides nuking the machine?
boundless316
 
Posts: 5
Joined: 2010-08-16 19:15


Return to 1.0.8.X (stable)

Who is online

Users browsing this forum: No registered users and 1 guest