Cannot access shares on WIndows 2003 server

I have 5 servers - 2 Windows 2003 and 3 Windows 2000. All have shares. All are peer to peer (No Directory Services or Domain). Until Monday, all servers could access all shares on all other servers. Due to some change we made in firewall or other activity (??), two of the WIndows 2000 servers cannot access one of the Windows 2003 shares. All XP clients can access all shares on 2000 and 2003 servers. All 2003 servers can access shares on 2000 servers.  The 2000 servers can access the shares on 2003 server 1 but NOT on 2003 server 2. We made no known changes to permissions. However, we did install a new firewall appliance and were restricting some access. We have since backed out the firewall settings. It appears to be some permission issue. Message we get is "The network name is no longer available" or "The network services have not been started".  Again, we can go from the 2003 server to the 2000 server with no problem but not the other way around.
LVL 1
mjburgardAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
mjburgardConnect With a Mentor Author Commented:
Sorry, Had to rebuild the server from scratch. Nothing seemed to work. LIkely a virus or trojan horse that corrupted share access but was not found.
0
 
Fatal_ExceptionCommented:
So, the problem ONLY exists when trying to get to shares FROM the 2000 server to the 2003 Server #2?  The XP Clients can get there just fine?  So, we know that the network services have been started, so that is not the issue..  and you can ping the #2 from the 2K server..

Have you tried setting up a 'test' share on the server yet (with new share and NTFS permissions)?

right?
0
 
mjburgardAuthor Commented:
OK,

When on the 2000 server, I go through Exploer and My Network Places, Entire Network, Microsoft Windows Networking, CWP (our workgroup) - All the computers show up. I select the Windows 2003 server (CWPPOPNET1) and the shares show up. I select the share in question and it opens. However, when I try to go one level below, it locks up. The message is "\\servername\sharename\folder is not accessible. The specified network name is not longer available."  This also happens if I go through run and type the servername. The server opens but I can't drill down.

I created a new testshare. Created 3 levels deep. Gave it full control to everyone. It works fine that I can see. However, I am not sure what NTFS permissions I am supposed to set.

HOwever, when I copied file folders from the "Non-Accessible" share to the new "test Share", the folder where I copied the new files became instantly "Non-accessible"
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
adamdrayerCommented:
try to access the share by \\w.x.y.z\sharename, and see if that works.  Always good to rule out DNS problems first.  

Is the server & sharenames > 256 characters?  

Have you looked at the share permissions as well as the NTFS permissions?

Are you running DFS anywhere?
0
 
Fatal_ExceptionCommented:
Yes, from your explanation, it appears that this could be a Permissions Problem (since the test share worked until you copied the files..)  You might try re-enumerating the Permissions on this folder...  

And Adam!  again, it is good to see you, my friend!

FE
0
 
adamdrayerCommented:
Hey FE =)  Didn't realize it was you posting.  Still getting used to this new skin.  

Yeah, I'm gonna start hanging around again like I used to.  Every year I make a conscience effort to becoming more active in the community,but by summertime I just get bogged down.  Hopefully that won't happen this year.

Btw, mjburgard, I assume you are trying to access this share as the same user in the same workgroup on all computers?
0
 
mjburgardAuthor Commented:
try to access the share by \\w.x.y.z\sharename, and see if that works.  Always good to rule out DNS problems first.  

Is the server & sharenames > 256 characters?  
>>NO
Have you looked at the share permissions as well as the NTFS permissions?
>>Not sure of the difference. We have looked at the Security tab as well as advanced. We have given Full Control to everyone.
Are you running DFS anywhere
>>NO
0
 
adamdrayerCommented:
Share permissions are set on the 'Sharing' tab.  There is a "permissions" button.
0
 
mjburgardAuthor Commented:
More Info:
   1) Only one Windows 2003 server does not work. The other Windows 2003 server is accessible by all the Windows 2000 server.
   2) I tried using UNC from the Run command with IP addresss - \\192.168.1.18\test share - it did not work. Same message.
   3) I copied a number of folders from the 2003 share that does not work into the second 2003 server and into a set of shares. The 2000 servers were able to access these files on the 2nd server just fine.
   4) I ran spybot on all machines; ran all Windows updates, ran anit-virus. However, the 2003 server did not install SP2 because of disk space. I am downloading separately and doubt this has any connection to the problem.
  5) We turned off the firewall to remove any firewall rules . That made no difference. Still can't access the shares.
0
 
Fatal_ExceptionCommented:
Did you take a look at those Share Permissions, as Adam mentioned?  When you copied those files to the other server, they inherit the permissions of the Share where they are housed...  Note that in addition to this, 2003 defaults to Read Only on all new Shared Folders created:

Might be a good idea to read through this:

http://www.windowsecurity.com/articles/Share-Permissions.html

With all of the confusion that old share permissions could cause, Microsoft decided to change the rules for default share permissions with the release of Windows XP Service Pack 1. With every operating system after this service pack release (including Windows Server 2003), the new default permissions for all new shared folders is Everyone having Read only access, as shown in Figure 3.

This seems like a good security setting, until you consider how many resources on your network can actually have read-only access for everyone. There are not many, due to the fact that users need to modify and alter the contents of most resources to be productive.

In almost every instance the share permissions will need to be changed from Read access. This sets up the administrator to configure detailed share permissions, which can cause the issues that we discussed before with regard to troubleshooting resource access with the old share permissions being modified. With the share permissions being changed by default, I have found that many administrators dont feel that they need to configure NTFS permissions anymore, as they rely on the share permissions to protect the resource. This is a gross error and leaves the network and resources in a very vulnerable state. Share permissions are only valid when the resource is accessed over the network, but not when it is accessed locally, using Terminal Services, etc. Also remember that share permissions are not backed up with resource, so all backed up files are vulnerable as well, without any permissions protecting them.
0
 
mjburgardAuthor Commented:
Will likely call this final input and then close question. Additional consultants have looked at the system and there is no consensus. The general thought is we have a trojan horse spamming virus on our servers and that has corrupted one of the servers. There are many indications of the trojan horse and certainty is high. However, it is very difficult to get rid of. In addition, it has been impossible to determine how that might corrupt shares. However, some shares work and others don't. All have the exact same permissions. Some can be accessed from Windows 2003 servers but not Windows 2000 servers. Some shares can be accessed from one Windows 2000 server but not another one. New shares created might work for a time and then deny access.

Appreciate any further insight.
0
 
Fatal_ExceptionCommented:
Man, that would really be the pits..  (trojan)..  but I see how they are getting to that conclusion..

 I really do not have anything else to add to this thread, but would be interested in seeing the resulting fix, if you discover the problem...
0
 
weareitCommented:
I remember a particularily a couple of particularily nasty bugs (the instances of and not the names unfortunately).

One would remove the Administrative and Domain shares on the server.  Another would not allow for a device to view the shares if the device was using a DHCP address.  In each case a good safe mode clean of the infected server(s) with a good antivirus application resolved the case.

-saige-
0
All Courses

From novice to tech pro — start learning today.