nlockwood
asked on
Clients cannot Access Shared resources on DC
Here's the scope:
I currently have a Win2k DC with a shared a few shred printers a a few shared directories. my issue is this. for the past 2 days my clients (xp and win9x) have not been able to aceess any of the shared resources. When the 9x machines try to logon It comes up with a password error or access has been denied. Withe the XP machines it does go trough but if you unc to the server it will prompt with a password and then give me a access deined. I can log onto the server via terminal services and locally. I checked to make sure DNS and the netlogon service was started and even stopped and restarted the services. I've checked for Viruses and there is Norton running on this server as well.
Here is the kicker.. If I reboot the server I can log on from 1-10min and access shared resources. after that it goes to the standard errors listed above. I checked the event log for anything crazy and nothing was there. It's almost like there is either something going hay wire with AD or DNS or both...
If anyone can help Your input would be much appreciated.
Thanks In Advance
I currently have a Win2k DC with a shared a few shred printers a a few shared directories. my issue is this. for the past 2 days my clients (xp and win9x) have not been able to aceess any of the shared resources. When the 9x machines try to logon It comes up with a password error or access has been denied. Withe the XP machines it does go trough but if you unc to the server it will prompt with a password and then give me a access deined. I can log onto the server via terminal services and locally. I checked to make sure DNS and the netlogon service was started and even stopped and restarted the services. I've checked for Viruses and there is Norton running on this server as well.
Here is the kicker.. If I reboot the server I can log on from 1-10min and access shared resources. after that it goes to the standard errors listed above. I checked the event log for anything crazy and nothing was there. It's almost like there is either something going hay wire with AD or DNS or both...
If anyone can help Your input would be much appreciated.
Thanks In Advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did check for viruses from norton's sarc page did not find any I will try the spybot software right now...
ASKER
Ok I ran Spybot search and destroy on the server and It did find some stuff.. I still am having the same issue. I am going to run the software on all the clients too. just to try something...
ASKER
After running spybot seach and destroy on the server and all the clients. I still have the issue. I've also noticed that I cannot get into the licenseing on the server. I'm thinking that the dns is screwed up some how... Any thoughts..
First, make sure the RestrictAnonymous key is set to 0 on your GC. See:
246261 How to Use the RestrictAnonymous Registry Value in Windows 2000
http://support.microsoft.com/?id=246261
Other things to check:
- run nbtstat -c on the Win9x client and see if the DC information is correct
- Check for this reg key on the DC: HKLM\System\CurrentControl
- Disable SMB signing in the default domain controllers policy
- Make sure the share you're talking about isn't encrypted
246261 How to Use the RestrictAnonymous Registry Value in Windows 2000
http://support.microsoft.com/?id=246261
Other things to check:
- run nbtstat -c on the Win9x client and see if the DC information is correct
- Check for this reg key on the DC: HKLM\System\CurrentControl
- Disable SMB signing in the default domain controllers policy
- Make sure the share you're talking about isn't encrypted
Are there any errors in event viewer?
Does it happen if you add the server ip to a HOSTS file on a client?
Does it happen if you add the server ip to a HOSTS file on a client?
ASKER
Ok I found the fix. after 5 long hours with 3 Microsoft Tech's. Here's the skinny. The system was infected with a few Backdoor Trojans; NAV Corp didn't pick them up. BKDR_insider and and BKDR_def.a. after runing the free scan from trendmicro's site to clean them. I then picked out non microsoft serivces that looked like microsoft services (i.e. Remote access admin, WINDOWSUPDATE) After rebooting the service again we relized that the IPC$, ADMIN$, C$, and the PRINT$ were misisng. So after deleteing the Autoshare keys in the HK_LOCALMACHINE/system/cur
Nathan
Nathan
spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download
AdAware
http://www.lavasoftusa.com/
Spycop:
http://www.spycop.com/
BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.
Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.
General and overall information about Spy/Adware
http://www.cexx.org/adware.htm