[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Windows Server 2003 SP1 Lost Network Connections after Reboot

Posted on 2006-04-28
Medium Priority
Last Modified: 2008-02-01
This is one of the more bizarre situations I've encountered and any help would be appreciated GREATLY. Here's the scenario:

We have several computers on a development network, all running Windows Server 2003 w/ SP1. They've been running SP1 for a while and some of the hotfixes that came after it, but no new patches have been installed in several weeks. The new patches are downloaded every night, if any, but they are not automatically installed. The machines are not used to browse the Internet and no unauthorized software is allowed on them, plus they have appropriate scanners running, so the chance of a virus or spyware is minimal. Everything has been working great for quite some time. Nothing that I know of has recently changed EXCEPT for the installation of AuthDiag 1.0 from Microsoft on two of the machines TODAY.

Shortly after the installation of AuthDiag, one of the machines was rebooted. Note that this was NOT one of the machines that AuthDiag was installed on (however, one of the machines on which it WAS installed was also later "afflicted"). When it attempted to come back up, it hung at "Applying Computer Settings" and would never proceed past this point. During troubleshooting, another machine was rebooted. It too seemed to take a while to finish the "Applying Computer Settings", but at that stage it presented the message that a service had failed. Upon checking, it was determined that the "Network Connections" service did not start. Attempts to start this service manually also failed with a timeout. After opening the Network Connections pane (right-click My Network Places > Properties) NO network connections were found. Suspecting a pattern, two more machines were rebooted with the exact same results - slow to pass "Applying Computer settings, Network Connections service failure, and no connections shown in the Network Connections pane.

AuthDiag was removed and some preliminary research on the Net seemed to indicate SP1 as a potential culprit, as did another employee who suggested the same thing, so as an experiment SP1 was removed from two of the machines and they were rebooted, at which time the network connections were restored. However, this is kind of a drastic step and I'd like to find out more about WHY this occurred if I can, so I decided to try this forum on the chance that maybe someone else has seen something like this before.

Note that I'm not pointing at AuthDiag, or even SP1, as a definitive culprit. All I know at this point is that these entities happened to coincide with the start of the problem or are otherwise potentially related to the problem in some fashion, as described. So if anyone can shed some light on this strange and highly-irritating issue, I would definitely appreciate it. I would like to put SP1 back on so I can stay current with security updates, but at this point I don't know if that can be done. Due to the bizarre nature of the problem and the fact that our development system is pretty important, I'm assigning 500 points.
Question by:tjnoles
  • 3
  • 2
LVL 51

Accepted Solution

Netman66 earned 1500 total points
ID: 16565800
Does this article explain (and correct) your issues?


Author Comment

ID: 16570169

I saw that article earlier but put it on the back burner since the summary stated that "despite these issues, networking continues to function correctly" and our affected systems' networking were definitely not working. I decided to revisit it since you mentioned it and noticed the following:

Following it verbatim didn't work but it gave me some ideas that did, as far as I can tell. First, I was able to restore network connectivity by switching the RPC service logon from "Network Service" to "Local System". I know there is a dependency of the "Network Connections" service on the "RPC" service, so I decided to try the account switch. I've read about some security issues involving the use of "Local System" vs. "Network Service" but on the affected systems the "Network Connections" service will NOT start unless the "RPC" service is logging on with it, so there it is.

I checked what some other working systems had their "RPC" service using for a comparison. The systems that had service pack 1 removed ARE using "Local System" for the "RPC" service (this happened automatically) - after installation of the service pack it switches to "Network Service" (I tried this). However, I have some "pristine" Win2K3 SP1 systems running on a virtual network that have their "RPC" service using "Network Service" and they aren't having any problems, so go figure. For some reason, the systems on our development network can't run like that.

So, I've been testing the systems pretty heavily, and have even installed SP1 and all following hotfixes and, as long as "Local System" is used for the "RPC" service, all is well at this point. I intend to keep investigating this, but I'm awarding the points to you since your help was the "catalyst" for this discovery and the systems ARE working.

Author Comment

ID: 16570197

So, unless you have any further information re: this situation, I suppose I need to follow the grading guidelines and assign a "B", which I will do in a few days (to give you time to respond) if I do not see any additional responses. If you know WHY these systems are behaving this way, that definitely ranks as an "A". In either case, you deserve the points and you have my thanks.
LVL 51

Expert Comment

ID: 16572815
The servers that are functioning with the Network Service account - can you compare te setting below between the servers you set to Local System?

Open Administrative Tools
Open Component Services
Expand Component Services>Computers
Right-click My Computer and select Properties
On the MSDTC tab, select the Security Configuration button
Check the DTC Logon account - is it the same between servers that are functional and ones that were not?

You may want to go through each tab and setting to compare the differences (if any) between servers using the Network account for RPC and the servers using SYSTEM for RPC.

Let me know if you find anything interesting.

As for your last post, do what you think is fair - it's okay with me.


Author Comment

ID: 16573227

I'm leaving on a business trip today and won't be back until the Monday after next, but I will compare these settings when I return. Thank you.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Loops Section Overview
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question