The server just suddenly disappeared from the network

My user called and said he can not see the T drive. I checked and found the mapping to that specific drive letter was gone. I thought re-mapping would do it. But no, it didn't. Getting into My Network Places/Microsoft windows network/Domain Name, I was surprised to find this specific win2003 server just totally disappeared on the network. In Windows Explorer's address column, I typed \\Server's Name, it gave me an error address saying like "the specified network is no longer available...."
But the strange thing is, I was able to sucessfully ping the server's ip address or host name without any lost or delay.
That server is a Dell PE2900 2.66 Ghz quad core with 4 HDs on a raid 5 and  is just a file sharing server without any other application loaded.
Can anyone tell me what could be wrong at that point?? -- even the server was up and running normally after a reboot.
thanks.
-Phil
 
CastlewoodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

michaelconstantCommented:
Have you checked the "Computer" OU in active directory? It may have dropped off for some reason. If it is not in there try removing the computer from the network (drop it to a workgroup) and then readding the computer to the domain.
0
CastlewoodAuthor Commented:
No, I didn't check the AD at that point.
Since the server has been up running and connections are resumed after I rebooted it, I now have no way to verify if it is the cause. I kind of think what you said makes sense. Can you elaborate more about the following questions:
1. If that is really because the computer name dropped off of AD, then a reboot can fix it ?? -- for it is what I did to fix it.
2. also, how come I still can ping ?    
0
michaelconstantCommented:
To answer your questions:
1. Every now and then I have computers just drop off my network for no apparent reason, however, usually a good reboot of the user machine will bring it right back on and if not removing it and readding it to the domain alleviates the problem. I have never been able to figure out why it does it, but it has to do with something in AD since "Pre-AD" didn't have that issue.
2. You are able to ping the machine because it is statically assigned to the machine and it is still attached to the network physically. The computer account is what would give it permissions and policies. This is why a rogue device attached to your network could be so devastating.

Side note, what network monitoring toolls do you use? I ask because since I installed the SolarWinds Orion Suite (http://www.solarwinds.com) I have a lot less of the computer drop issues, and when I do i can see them immediately. I hate when my users have to come to me and tell me my services are down.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

amichaellCommented:
Was the server not responding to requests from every user or just that one particular user?  

Check services on the server.  Perhaps the Netlogon or Server service stopped.
0
CastlewoodAuthor Commented:
The server was completely out of the network horizon. No one can see it. I will cerntainly check the netlogon and server services next time shall it happen again.

michaelconstant:
While it happened the second time after my last post, I checked AD and found the computer was in there. So it my not be the AD in my case. By the way, when you said the computer name dropped off in your case, did you mean the computer name is unseen in the AD ??
0
amichaellCommented:
The event logs should be able to tell you if the services stopped.  
0
CastlewoodAuthor Commented:
I checked the Event Log and found there was always the following Application Error occured right when the server disappeared from the network:
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Description:
Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address 0x0014e84e.
Does anyone know what cause this?
0
bad3000Commented:
Did you check that all Automatic Services are started?  Check if Server/Workstation/Netlogon are started.  If you can start this but later they stop again, check if you see patches por W32.Downadup o Conficker Virus

Do you have AV in that server?

Your comments

BADBOY
0
CastlewoodAuthor Commented:
bad3000: what did you mean "patches for W32.Downadup o Conficker Virus" ??
I do have Norton AV on that server but I did see several popups that time regarding W32.Downadup virus caught by auto protect. Did you imply virus actually stopped Server/Workstation/Netlogon services and even after I re-started them by rebooting the server? After I rebooted twice to fix the continuous same issue, I later installed Windows Update and then it's been quite and normal for almost a week.
So the patches you referred to is from the Windows Update ?
If that is the virus, how come only that server got this issue of disappearing from network and others were just fine? -- since some other servers got the same virus popups too.
 
0
bad3000Commented:
Yes. The patches are form Windows Update but you need the corresponding to the vulnerability:
http://www.securityfocus.com/bid/31874

You must run FixDownadup Fix form Symantec Portal must be run on all networked computers. http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

Normally Windows Firewall block traffic for workstations unless you permit Print and Shared Folders that open RPC ports that are vulnerable to this virus.  There are three ways of infection: shared folders, USB or Flash and Vulnerability exploit.

You will tell me which was your Windows Update Policy for servers and workstations so?

You could get infected in one form or anoher if your AV is not up to date or your systems are unpatched.  You get a popup from Symantec autoprotect from a computer in the lan writing to the system32 via RPC vulnerability.  or maybe a PC in you WAN Segment if you use this Windows Server as a Proxy without RRAS or you opened RPC ports to Internet.

Your comments

Please





0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.