Solved

Clients cannot Access Shared resources on DC

Posted on 2003-11-14
8
309 Views
Last Modified: 2010-04-14
Here's the scope:

I currently have a Win2k DC with a shared a few shred printers a a few shared directories.  my issue is this.  for the past 2 days my clients (xp and win9x) have not been able to aceess any of the shared resources.  When the 9x machines try to logon It comes up with a password error or access has been denied.  Withe the XP machines it does go trough but if you unc to the server it will prompt with a password and then give me a access deined.  I can log onto the server via terminal services and locally.  I checked to make sure DNS and the netlogon service was started and even stopped and restarted the services.  I've checked for Viruses and there is Norton running on this server as well.

Here is the kicker..  If I reboot the server I can log on from 1-10min and access shared resources. after that it goes to the standard errors listed above.  I checked the event log for anything crazy and nothing was there.  It's almost like there is either something going hay wire with AD or DNS or both...

If anyone can help Your input would be much appreciated.

Thanks In Advance
0
Comment
Question by:nlockwood
8 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9750621
Check for adware and sypware

spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download

AdAware
http://www.lavasoftusa.com/

Spycop:
http://www.spycop.com/

BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 500 total points
ID: 9750628
Or maybe a virus

Online Scanners

 Norton Web Services  
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
 
Downloading Scan for Viruses controls. Please wait...
 
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
 
Note: Scan for Viruses does not scan compressed files"
======================
 Trend Micro HouseCall        
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp
======================

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp
0
 
LVL 1

Author Comment

by:nlockwood
ID: 9750762
I did check for viruses from norton's sarc page did not find any I will try the spybot software right now...
0
 
LVL 1

Author Comment

by:nlockwood
ID: 9750980
Ok I ran Spybot search and destroy on the server and It did find some stuff..  I still am having the same issue.  I am going to run the software on all the clients too.  just to try something...
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:nlockwood
ID: 9754447
After running spybot seach and destroy on the server and all the clients.  I still have the issue.  I've also noticed that I cannot get into the licenseing on the server.  I'm thinking that the dns is screwed up some how...  Any thoughts..
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9759495
First, make sure the RestrictAnonymous key is set to 0 on your GC.  See:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000
http://support.microsoft.com/?id=246261

Other things to check:

- run nbtstat -c on the Win9x client and see if the DC information is correct
- Check for this reg key on the DC:  HKLM\System\CurrentControlSet\Control\LSA\NoLMHash - If its there, set to 0 and reboot
- Disable SMB signing in the default domain controllers policy
- Make sure the share you're talking about isn't encrypted
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9763424
Are there any errors in event viewer?

Does it happen if you add the server ip to a HOSTS file on a client?
0
 
LVL 1

Author Comment

by:nlockwood
ID: 9775883
Ok I found the fix.  after 5 long hours with 3 Microsoft Tech's.  Here's the skinny.  The system was infected with a few Backdoor Trojans;  NAV Corp didn't pick them up.  BKDR_insider and  and BKDR_def.a.  after runing the free scan from trendmicro's site to clean them.  I then picked out non microsoft serivces that looked like microsoft services (i.e. Remote access admin, WINDOWSUPDATE) After rebooting the service again we relized that the IPC$, ADMIN$, C$, and the PRINT$ were misisng.  So after deleteing the Autoshare keys in the HK_LOCALMACHINE/system/currentcontrolset/services/lanmanserver/paremeters hive.  My clients were once again successfully able to logon to the server and get at network resources.  How about them apples...


Nathan
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now