weird problem - can't change workgroup name, no sound device?

I'm experiencing a very strange issue in an internet cafe environment.

There are 16 clients connected in a single workgroup.clients are running windows xp home sp3. There is also an older pc running xp home sp3, on different hardware specs.

Last week, we had no sound at one of the clients, so we tried to open the volume control from the taskbar, and we got the error dialog saying that "there is no sound device". All relevant controls in the "sounds" section of the control panel were grayed out.

At the same time , the PC was still connected to the internet via LAN.

We tried to open a UNC path to another computer's shared folder, and it wouldn't let us. In the workgroup settings, the workgroup name field was grayed out. So I tried to browse the workgroup computers from the Network Locations shortcut, and then I got the error dialog box saying that the "network is not present or hasn't been started". the local area connection properties show that all protocols are still installed on the system.

Of course the rest of the clients were able to change their sound settings and access UNC paths normally. Forgot to mention all PCs run as local admin users.

Up to now, all 16pcs have the exact  same specs. Here comes the weird part:

The single PC used to control the 16 clients through 'cafesuite' software, is older and as such its specs are completely different from the other PCs. This pc is experiencing the exact same error! It happens 2 to maybe 5 times a day, same frequency as the rest of the PCs.

The older pc is also used to transfer files between the workgroup and burn cds etc. So the computers are connecting to it a lot.

AVG 8 free edition is running on the old pc, and didn't detect any malicious software. Superantispyware didn't detect anything either.

The only piece of software common to the 16+1 PCs is "DeepFreeze" enterprise, which is restoring the system to a certain state after a reboot, deleting all files and programs installed since last reboot. The "client" software is installed at the 16 PCs, and the management console is installed on the standalone PC running Cafesuite.

After a reboot, the problem goes away! Everything is back to normal, until it happens again.

Which would make sense in the 16 PC's running deepfreeze, but it doesn't make sense on the server -- because the server is only running the deepfreeze management console and its files are not restored after a reboot.

By the way all PCs are using static IPs.
Also, when this happens, the local computer admin user is still logged in and has admin rights as far as I can tell.

Thoughts/ideas?

Thank you
george82Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mgonulluCommented:
Would you like to use combofix to scan if any root kit is present on the machine, this should be done while the deepfreeze is not active for sure.

www.bleepingcomputer.com/combofix/how-to-use-combofix
0
StyphonCommented:
Windows XP is limited to 10 PC's connected to one PC at any one time, for Pro edition, only 5 for Home edition.  Any more and you need a Small Business Server running a domain. This is hard coded into Windows by Microsoft to stop exactly what you are doing. They feel you should have a small business server above 10 PC's.
To clarify, you can have as many number of PC's connected to a workgroup, but only 9 can access your 10th PC (the server) before it starts having problems.
Your solution - buy Microsoft Small Business Server.
0
george82Author Commented:
mgonull, thanks, I'm downloading ComboFix in order to run it. will disable DeepFreeze too.

Styphon,
the tcpip.sys connection limit patch for Event ID 4226 is installed on the workstations and the server can accept >10 multiple connections
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

orangutangCommented:
Also, were there any other errors in your event viewer?
0
george82Author Commented:
Here is the dialog box that comes up right before the symptoms appear:

"generic host process for win 32 services has encountered a problem and needs to close"
0
george82Author Commented:
orangutang,

here is the event viewer screen after the problem occurs
event-viewer.JPG
0
orangutangCommented:
Also, is there anything in the System section?
0
george82Author Commented:
nope, nothing in the System section
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.