Clients cannot Access Shared resources on DC

Here's the scope:

I currently have a Win2k DC with a shared a few shred printers a a few shared directories.  my issue is this.  for the past 2 days my clients (xp and win9x) have not been able to aceess any of the shared resources.  When the 9x machines try to logon It comes up with a password error or access has been denied.  Withe the XP machines it does go trough but if you unc to the server it will prompt with a password and then give me a access deined.  I can log onto the server via terminal services and locally.  I checked to make sure DNS and the netlogon service was started and even stopped and restarted the services.  I've checked for Viruses and there is Norton running on this server as well.

Here is the kicker..  If I reboot the server I can log on from 1-10min and access shared resources. after that it goes to the standard errors listed above.  I checked the event log for anything crazy and nothing was there.  It's almost like there is either something going hay wire with AD or DNS or both...

If anyone can help Your input would be much appreciated.

Thanks In Advance
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check for adware and sypware

spybot here



BHODemon and Hijack This and Browser Hijack Blaster
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at

General and overall information about Spy/Adware
Or maybe a virus

Online Scanners

 Norton Web Services  
Go to this page and click on Scan for Viruses

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
Downloading Scan for Viruses controls. Please wait...
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
Note: Scan for Viruses does not scan compressed files"
 Trend Micro HouseCall
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nlockwoodAuthor Commented:
I did check for viruses from norton's sarc page did not find any I will try the spybot software right now...
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

nlockwoodAuthor Commented:
Ok I ran Spybot search and destroy on the server and It did find some stuff..  I still am having the same issue.  I am going to run the software on all the clients too.  just to try something...
nlockwoodAuthor Commented:
After running spybot seach and destroy on the server and all the clients.  I still have the issue.  I've also noticed that I cannot get into the licenseing on the server.  I'm thinking that the dns is screwed up some how...  Any thoughts..
First, make sure the RestrictAnonymous key is set to 0 on your GC.  See:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000

Other things to check:

- run nbtstat -c on the Win9x client and see if the DC information is correct
- Check for this reg key on the DC:  HKLM\System\CurrentControlSet\Control\LSA\NoLMHash - If its there, set to 0 and reboot
- Disable SMB signing in the default domain controllers policy
- Make sure the share you're talking about isn't encrypted
Rob StoneCommented:
Are there any errors in event viewer?

Does it happen if you add the server ip to a HOSTS file on a client?
nlockwoodAuthor Commented:
Ok I found the fix.  after 5 long hours with 3 Microsoft Tech's.  Here's the skinny.  The system was infected with a few Backdoor Trojans;  NAV Corp didn't pick them up.  BKDR_insider and  and BKDR_def.a.  after runing the free scan from trendmicro's site to clean them.  I then picked out non microsoft serivces that looked like microsoft services (i.e. Remote access admin, WINDOWSUPDATE) After rebooting the service again we relized that the IPC$, ADMIN$, C$, and the PRINT$ were misisng.  So after deleteing the Autoshare keys in the HK_LOCALMACHINE/system/currentcontrolset/services/lanmanserver/paremeters hive.  My clients were once again successfully able to logon to the server and get at network resources.  How about them apples...

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.