We talked about DNS problems at Fallure to resolve, but there are other reasons why a particular machine may be unable to browse the Internet while others on the same lan still can.
First, the same DNS advice applies as in the above article: check web access with a numeric IP address. If that works, you just lack proper DNS. With Windows XP, a user with access to networking properties can easily override default settings from DHCP while retaining their correct machine ip address, so it is worth checking.
Just one silly thing because I've seen this more than once: just because your browser's default page doesn't come up doesn't mean nothing works. I've had customers insist that that their internet was down when really it was just their default home page! Check some other site first.
You should also check that a misconfigured firewall on the machine itself isn't blocking outgoing connection attempts or incoming data. If in doubt, temporarily shut off the local firewall to test. Test wth telnet from the command line: "telnet xyz.com 80"
If Windows, is it really that you can't access the Internet or only that Internet Explorer cannot? Microsoft's IE is a fragile and rather brain-dead thing, easily confused and easily broken. Under Internet Options, Connections, Lan Settings, see if Detect Settings Automatically is set. If it is, IE is going to look for a proxy server before it pays attention to its default route. If you have a proxy server, and intend to use it, that's fine, but if more than one proxy exists, IE may pick up the wrong one. Try unchecking that.
If IE still isn't working, try downloading Firefox or any other browser. If the other browser works, it's all IE's fault. Is anyone really surprised?
Some lan firewalls have access lists. It's not uncommon to configure a firewall not to grant access to any machine it did not provide a DHCP address for. If the user over-rode their DHCP address, or if an accidental DHCP server appeared on the network, the user may be blocked (or may just have misconfigured themselves).
The right default route is of course important. I've seen this get screwed up when a lan was split for security or performance reasons: what was formally all 192.168.1.x is now 192.168.1.x and 192.168.2.x. The new lan was added to the DHCP server, but they used the same default gateway everywhere. That won't work: the gateway for 192.168.2.x machines needs to be in the 192.168.2.0 network.
An old or forced arp entry at the firewall that incorrectly identifies a pc will prevent that machine from passing through the router. Power cycling the router is a quick fix if there is any chance of that being true.
If in a corporate environment, you may be blocked at a smart switch. Try switching a working machine to that port, keeping in mind that the port could be allocated to a specific mac address.
Anything else? Sure - all kinds of strange permissions and corruption issues that could affect a machine. Viruses and other malware can do strange things with network access. These can be tough to spot and hard to fix reliably.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2011-02-01 Anthony Lawrence