george82
asked on
weird problem - can't change workgroup name, no sound device?
I'm experiencing a very strange issue in an internet cafe environment.
There are 16 clients connected in a single workgroup.clients are running windows xp home sp3. There is also an older pc running xp home sp3, on different hardware specs.
Last week, we had no sound at one of the clients, so we tried to open the volume control from the taskbar, and we got the error dialog saying that "there is no sound device". All relevant controls in the "sounds" section of the control panel were grayed out.
At the same time , the PC was still connected to the internet via LAN.
We tried to open a UNC path to another computer's shared folder, and it wouldn't let us. In the workgroup settings, the workgroup name field was grayed out. So I tried to browse the workgroup computers from the Network Locations shortcut, and then I got the error dialog box saying that the "network is not present or hasn't been started". the local area connection properties show that all protocols are still installed on the system.
Of course the rest of the clients were able to change their sound settings and access UNC paths normally. Forgot to mention all PCs run as local admin users.
Up to now, all 16pcs have the exact same specs. Here comes the weird part:
The single PC used to control the 16 clients through 'cafesuite' software, is older and as such its specs are completely different from the other PCs. This pc is experiencing the exact same error! It happens 2 to maybe 5 times a day, same frequency as the rest of the PCs.
The older pc is also used to transfer files between the workgroup and burn cds etc. So the computers are connecting to it a lot.
AVG 8 free edition is running on the old pc, and didn't detect any malicious software. Superantispyware didn't detect anything either.
The only piece of software common to the 16+1 PCs is "DeepFreeze" enterprise, which is restoring the system to a certain state after a reboot, deleting all files and programs installed since last reboot. The "client" software is installed at the 16 PCs, and the management console is installed on the standalone PC running Cafesuite.
After a reboot, the problem goes away! Everything is back to normal, until it happens again.
Which would make sense in the 16 PC's running deepfreeze, but it doesn't make sense on the server -- because the server is only running the deepfreeze management console and its files are not restored after a reboot.
By the way all PCs are using static IPs.
Also, when this happens, the local computer admin user is still logged in and has admin rights as far as I can tell.
Thoughts/ideas?
Thank you
There are 16 clients connected in a single workgroup.clients are running windows xp home sp3. There is also an older pc running xp home sp3, on different hardware specs.
Last week, we had no sound at one of the clients, so we tried to open the volume control from the taskbar, and we got the error dialog saying that "there is no sound device". All relevant controls in the "sounds" section of the control panel were grayed out.
At the same time , the PC was still connected to the internet via LAN.
We tried to open a UNC path to another computer's shared folder, and it wouldn't let us. In the workgroup settings, the workgroup name field was grayed out. So I tried to browse the workgroup computers from the Network Locations shortcut, and then I got the error dialog box saying that the "network is not present or hasn't been started". the local area connection properties show that all protocols are still installed on the system.
Of course the rest of the clients were able to change their sound settings and access UNC paths normally. Forgot to mention all PCs run as local admin users.
Up to now, all 16pcs have the exact same specs. Here comes the weird part:
The single PC used to control the 16 clients through 'cafesuite' software, is older and as such its specs are completely different from the other PCs. This pc is experiencing the exact same error! It happens 2 to maybe 5 times a day, same frequency as the rest of the PCs.
The older pc is also used to transfer files between the workgroup and burn cds etc. So the computers are connecting to it a lot.
AVG 8 free edition is running on the old pc, and didn't detect any malicious software. Superantispyware didn't detect anything either.
The only piece of software common to the 16+1 PCs is "DeepFreeze" enterprise, which is restoring the system to a certain state after a reboot, deleting all files and programs installed since last reboot. The "client" software is installed at the 16 PCs, and the management console is installed on the standalone PC running Cafesuite.
After a reboot, the problem goes away! Everything is back to normal, until it happens again.
Which would make sense in the 16 PC's running deepfreeze, but it doesn't make sense on the server -- because the server is only running the deepfreeze management console and its files are not restored after a reboot.
By the way all PCs are using static IPs.
Also, when this happens, the local computer admin user is still logged in and has admin rights as far as I can tell.
Thoughts/ideas?
Thank you
Windows XP is limited to 10 PC's connected to one PC at any one time, for Pro edition, only 5 for Home edition. Any more and you need a Small Business Server running a domain. This is hard coded into Windows by Microsoft to stop exactly what you are doing. They feel you should have a small business server above 10 PC's.
To clarify, you can have as many number of PC's connected to a workgroup, but only 9 can access your 10th PC (the server) before it starts having problems.
Your solution - buy Microsoft Small Business Server.
To clarify, you can have as many number of PC's connected to a workgroup, but only 9 can access your 10th PC (the server) before it starts having problems.
Your solution - buy Microsoft Small Business Server.
ASKER
mgonull, thanks, I'm downloading ComboFix in order to run it. will disable DeepFreeze too.
Styphon,
the tcpip.sys connection limit patch for Event ID 4226 is installed on the workstations and the server can accept >10 multiple connections
Styphon,
the tcpip.sys connection limit patch for Event ID 4226 is installed on the workstations and the server can accept >10 multiple connections
Also, were there any other errors in your event viewer?
ASKER
Here is the dialog box that comes up right before the symptoms appear:
"generic host process for win 32 services has encountered a problem and needs to close"
"generic host process for win 32 services has encountered a problem and needs to close"
ASKER
Also, is there anything in the System section?
ASKER
nope, nothing in the System section
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
www.bleepingcomputer.com/combofix/how-to-use-combofix