Clients cannot Access Shared resources on DC

Posted on 2003-11-14
Last Modified: 2010-04-14
Here's the scope:

I currently have a Win2k DC with a shared a few shred printers a a few shared directories.  my issue is this.  for the past 2 days my clients (xp and win9x) have not been able to aceess any of the shared resources.  When the 9x machines try to logon It comes up with a password error or access has been denied.  Withe the XP machines it does go trough but if you unc to the server it will prompt with a password and then give me a access deined.  I can log onto the server via terminal services and locally.  I checked to make sure DNS and the netlogon service was started and even stopped and restarted the services.  I've checked for Viruses and there is Norton running on this server as well.

Here is the kicker..  If I reboot the server I can log on from 1-10min and access shared resources. after that it goes to the standard errors listed above.  I checked the event log for anything crazy and nothing was there.  It's almost like there is either something going hay wire with AD or DNS or both...

If anyone can help Your input would be much appreciated.

Thanks In Advance
Question by:nlockwood
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 44

Expert Comment

ID: 9750621
Check for adware and sypware

spybot here



BHODemon and Hijack This and Browser Hijack Blaster
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at

General and overall information about Spy/Adware
LVL 44

Accepted Solution

CrazyOne earned 500 total points
ID: 9750628
Or maybe a virus

Online Scanners

 Norton Web Services  
Go to this page and click on Scan for Viruses

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
Downloading Scan for Viruses controls. Please wait...
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
Note: Scan for Viruses does not scan compressed files"
 Trend Micro HouseCall
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month

Author Comment

ID: 9750762
I did check for viruses from norton's sarc page did not find any I will try the spybot software right now...
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.


Author Comment

ID: 9750980
Ok I ran Spybot search and destroy on the server and It did find some stuff..  I still am having the same issue.  I am going to run the software on all the clients too.  just to try something...

Author Comment

ID: 9754447
After running spybot seach and destroy on the server and all the clients.  I still have the issue.  I've also noticed that I cannot get into the licenseing on the server.  I'm thinking that the dns is screwed up some how...  Any thoughts..
LVL 21

Expert Comment

ID: 9759495
First, make sure the RestrictAnonymous key is set to 0 on your GC.  See:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000

Other things to check:

- run nbtstat -c on the Win9x client and see if the DC information is correct
- Check for this reg key on the DC:  HKLM\System\CurrentControlSet\Control\LSA\NoLMHash - If its there, set to 0 and reboot
- Disable SMB signing in the default domain controllers policy
- Make sure the share you're talking about isn't encrypted
LVL 15

Expert Comment

by:Rob Stone
ID: 9763424
Are there any errors in event viewer?

Does it happen if you add the server ip to a HOSTS file on a client?

Author Comment

ID: 9775883
Ok I found the fix.  after 5 long hours with 3 Microsoft Tech's.  Here's the skinny.  The system was infected with a few Backdoor Trojans;  NAV Corp didn't pick them up.  BKDR_insider and  and BKDR_def.a.  after runing the free scan from trendmicro's site to clean them.  I then picked out non microsoft serivces that looked like microsoft services (i.e. Remote access admin, WINDOWSUPDATE) After rebooting the service again we relized that the IPC$, ADMIN$, C$, and the PRINT$ were misisng.  So after deleteing the Autoshare keys in the HK_LOCALMACHINE/system/currentcontrolset/services/lanmanserver/paremeters hive.  My clients were once again successfully able to logon to the server and get at network resources.  How about them apples...


Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question