ccgll01
asked on
RPC service missing+no network connections+no printers+cl&ose+no drag and drop
Hello,
I am running two file servers on the same network. Both have Windows 2000 server with sp4. Both have no network connections but you can still connect to their shares. One server is a small print server but you cannot see the printers anymore and printing does not work. You cannot drag and drop on either server. It has been two days and on the one server that is not the print server the RPC service is totally missing from the services. Both have the cl&ose button on the add/remove programs window with the icons only on the left side of the window. Here is what I have tried so far.
sfc /purgecache
sfc /scannow
There was an artcile from Microsoft about unregistering files appwiz.cpl and mshtml.dll and re-register them after you extract the correct version.
I have installed sp4 again.
I have tried to re-install IE 6.0 sp1
There have been some patches that I have tried to apply.
I have Symantec Antivirus that I have run a scan in safe mode as well but it can't find anything.
I have tried ad aware, spybot search and destroy, hi jack this.
I have run the blaster removal tool from symantec, welchia removal tool, sasser removal tool. Nothing finds anything.
I may be missing something else but that is all I can remember. Any ideas would be helpful.
One other thing is that I tried to start and logon with a different user and password.
I have also tried to start in safe mode but the problem still exists.
I want to try to disconnect them from the network to see if that helps by isolating them.
I am out of ideas, any suggestions would be great!
I am running two file servers on the same network. Both have Windows 2000 server with sp4. Both have no network connections but you can still connect to their shares. One server is a small print server but you cannot see the printers anymore and printing does not work. You cannot drag and drop on either server. It has been two days and on the one server that is not the print server the RPC service is totally missing from the services. Both have the cl&ose button on the add/remove programs window with the icons only on the left side of the window. Here is what I have tried so far.
sfc /purgecache
sfc /scannow
There was an artcile from Microsoft about unregistering files appwiz.cpl and mshtml.dll and re-register them after you extract the correct version.
I have installed sp4 again.
I have tried to re-install IE 6.0 sp1
There have been some patches that I have tried to apply.
I have Symantec Antivirus that I have run a scan in safe mode as well but it can't find anything.
I have tried ad aware, spybot search and destroy, hi jack this.
I have run the blaster removal tool from symantec, welchia removal tool, sasser removal tool. Nothing finds anything.
I may be missing something else but that is all I can remember. Any ideas would be helpful.
One other thing is that I tried to start and logon with a different user and password.
I have also tried to start in safe mode but the problem still exists.
I want to try to disconnect them from the network to see if that helps by isolating them.
I am out of ideas, any suggestions would be great!
ASKER
It could be virus related, we have had users connected to the network with the Welchia virus that have since been cleaned but may have done some damage.
I was able to put back the RPC service on the one machine by editing the registry so now both servers have the RPC service in the registry but it just won't start.
The isolation test didn't really change anything. I still had the same problems on both servers even with the network cables unplugged from the network.
There are two entries in the event log that look like they may contain something useful but I will have to get back to you on those.
What I mean by there are no network connections but I can still connect to the shares is that when I open the network and dialup connections box from the control panel to look at my network connection it is totally blank. no icons appear that usually show my ethernet connections to the network. But when a user logs onto the network they can connect to the server and the share that they want. I can even do an ipconfig on the server and see my network connections and their settings are still there, I just can't change them.
Do you know where in the registry I may find the rpc settings to see if they are valid?
Have you heard of all these problems being related, meaning the spooler service not starting for the printers, the rpc service not starting, add/remove programs, no network connection icons?
I was able to put back the RPC service on the one machine by editing the registry so now both servers have the RPC service in the registry but it just won't start.
The isolation test didn't really change anything. I still had the same problems on both servers even with the network cables unplugged from the network.
There are two entries in the event log that look like they may contain something useful but I will have to get back to you on those.
What I mean by there are no network connections but I can still connect to the shares is that when I open the network and dialup connections box from the control panel to look at my network connection it is totally blank. no icons appear that usually show my ethernet connections to the network. But when a user logs onto the network they can connect to the server and the share that they want. I can even do an ipconfig on the server and see my network connections and their settings are still there, I just can't change them.
Do you know where in the registry I may find the rpc settings to see if they are valid?
Have you heard of all these problems being related, meaning the spooler service not starting for the printers, the rpc service not starting, add/remove programs, no network connection icons?
There are several window boxes that require RPC services to work correctly, I believe the network connections listing is one of them along with many of the other Control Panel controls. Based on your description I'd say that's what you're seeing, or not seeing as the case might be.
I know of someone who had the Nachi virus and after running the clean-up fix from Microsoft still couldn't get RPC to start. He went to another server and compared RPC related entries in the registry and found a couple that were different, so he changed them via REGEDT32. After that he was able to start the RPC service. But man did he pull his hair out trying to fix that one.
I don't know what key/value entries he modified but I can get them for you if you need it.
Good luck!
I know of someone who had the Nachi virus and after running the clean-up fix from Microsoft still couldn't get RPC to start. He went to another server and compared RPC related entries in the registry and found a couple that were different, so he changed them via REGEDT32. After that he was able to start the RPC service. But man did he pull his hair out trying to fix that one.
I don't know what key/value entries he modified but I can get them for you if you need it.
Good luck!
ASKER
I did a search on the registry and can't find many entries for the RPC service. You may be on to something. Can you get the keys for me. Maybe something is changed in my registry or missing perhaps?
I was also thinking about running other spyware type removers? When I run ad-adware I alsways seem to get items that it find that are bad. Can you suggest any others that may help or do you think this isn't the right path to go down.
I still think there is some patch or it's a virus that has changed something on the servers. I am thinking of callong Microsoft tech support if I can't get this soon.
Thanks for any help you can give.
I was also thinking about running other spyware type removers? When I run ad-adware I alsways seem to get items that it find that are bad. Can you suggest any others that may help or do you think this isn't the right path to go down.
I still think there is some patch or it's a virus that has changed something on the servers. I am thinking of callong Microsoft tech support if I can't get this soon.
Thanks for any help you can give.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The registry entry that you gave me was right on. I didn't even have to reboot and everything worked. although I have rebooted for the updating process from Microsoft and things still work.
The RPC service started, print spooler started, add/remove doesn't have the cl&ose button.
I am running the windows update and scanning for viruses now.
I am glad that you came up with this so that I don't have to call Microsoft. You never know if you will get a good tech and plus there's always a fee.
I will award you full points for this. I don't understand why no one else responded to my question. I thought this was a good sight to get answers from a whole host of online viewers. At least you were there. Thanks again!
The RPC service started, print spooler started, add/remove doesn't have the cl&ose button.
I am running the windows update and scanning for viruses now.
I am glad that you came up with this so that I don't have to call Microsoft. You never know if you will get a good tech and plus there's always a fee.
I will award you full points for this. I don't understand why no one else responded to my question. I thought this was a good sight to get answers from a whole host of online viewers. At least you were there. Thanks again!
I'm really glad this worked out and thanks for the points. Hope you still have some hair left.
Now don't be raggin on the Experts that hang out on this site cause I know I've gotten good suggestions from them in the past. But do your part too, and supply answers when you see problems you've encountered in the past. Those experts need the competition.
Now don't be raggin on the Experts that hang out on this site cause I know I've gotten good suggestions from them in the past. But do your part too, and supply answers when you see problems you've encountered in the past. Those experts need the competition.
- Have you had any occurances of a virus reported on this machine recently?
It's interesting that the RPC service won't start on one machine and is missing from the other. I would have expected a virus common to both machines to generate similar problems.
- Did your isolation test reveal anything?
- Are there any interesting entries in the event log?
- What do you mean by; "Both have no network connections but you can still connect to their shares."