Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4453
  • Last Modified:

XP machine cannot browse using UNC path by name, but can ping by name and nslookups resolve

I have 1 XP SP3 machine that cannot browse many of my servers using UNC path by name (ie:\\servername or servername.domain.com).   Returns error " \\servername  The network path was not found "

Here are my symptoms:

Can browse using UNC path by IP fine (ie:\\10.150.90.50)
Can ping by name and nslookups resolve servername to IP fine (So I don't think it's a DNS issue)
Get same result if I try browsing using " net view servername " command.  Returns error " System error 53 has occured. The network path was not found."

All 150 other XP machines on network can browse those same servers fine using UNC path by name.  All client PC's get TCP/IP configuration via DHCP
Have confirmed that the machine in question is getting the proper IP, Subnet, Gateway and DNS configuration from DHCP.
No WINS involved.  All servers are 2003 or later and all client PC run XP

Ran Combofix which made 4 deletions as follows:
c:\documents and settings\%username%\Local Settings\Application Data\emxhofoxe
c:\documents and settings\%username%\Local Settings\Application Data\emxhofoxe\xjhgcnushdw.exe
c:\documents and settings\%username%\Local Settings\Application Data\ivcocfg.dll
c:\windows\system32\nnfj.tqo

Afterwhich I ran Superantispyware which found only tracking cookies (which got removed).
Then ran Malwarebytes which found nothing.

Tried resetting TCP/IP (netsh int ip reset c:\tcpipreset.log)
Tried resetting winsock (netsh winsock reset)
Have also tried disjoining PC from domain,  renaming PC, then rejoining to domain, but still no luck.

I have tried other things, but this is all I can remember at this point.

I realised this to be a problem while trying troubleshooting why my GPO's were not being applied to this machine. In order for the machine to apply the GPO's, it needs to be able to access the policies folder in the SYSVOL share on  a domain controller via UNC path by name as shown below
(\\domainname.com\SYSVOL\domainname.com\policies), which it cannot.

Was thinking about running a registry cleaner like CCleaner or Dial-A-Fix (DAF), but have not used either of them before..... any thoughts?

I am stumpted,  please help.
0
nealgomes
Asked:
nealgomes
1 Solution
 
njxbeanCommented:
so this computer is on the domain but no policies are being pushed to the  box?  If you do a gpresult what is the result?  Tried flushing dns(ipconfig /flushdns)?

Tried using sfc /scannoow?

Is there a firewall or any different security software on this computer?  is it a different image?  

You might want to update then run malwarebytes and combofix again.  Ccleaner is also solid.

Checked the event viewer log?
0
 
ppdogsCommented:
are there any entries on the host file? or any DNS host entries under the network port properties?
0
 
racloCommented:
could be your XP firewall on the problematic machine or maybe some other all-in-one virus & anti-spyware you have on it.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
Nice-GhazaCommented:
Dear
        check by ip like that \\192.168.10.10
should be firewall off
DNS IS available

if not

you are  configure the ststic ip configuration
IP
Subnet Mask
Gateway
DNS
al DNS

AND SERVER User account  Administrator and password  remmber always click on there
0
 
phototropicCommented:
Combofix removed some infection, including c:\windows\system32\nnfj.tqo, which is added by the Bredolab.gen.o trojan. This is a password stealer:

http://vil.nai.com/vil/content/v_253732.htm

It's quite possible that you are still infected.  Try running Hitman Pro:

http://www.surfright.nl/en/downloads/

Also could you post the Combofix log?  Sometimes Combofix is unable to remove everything it finds...
0
 
net_tech_mikeCommented:
Hi,

You probably have spyware. Download Panicware's Anti-Spyware.  They were featured on CNET, USA Today, NBC, NEWSWEEK, And TIME. This  program has free technical support, and offers a 30 day moneyback  guarantee!

Click here.
 PANICWARE'S ANTI-Spyware
0
 
nealgomesAuthor Commented:
I thank you all for your comments.  But I ended up starting fresh and reloading xp.  Have spent too much time on it and we have multiple shifts using this computer 24 hrs a day, so I need to get it working quickly.  Although I will try to comment on some of your questions and commeGPnt.

njxbean - Yes, Computer was on domain. GPRESULT gave different results depending on who was logged on.  If it was a newer user who first logged on this machine recently,  GPRESULT would not even run.  If logged in a user who had been using that PC for a while, GPRESULT would show very old policies being applied.  Did try sfc /scannoow with no luck.  No firewall or security sofware and Windows firewall turned off.  Not sure about image, was installed before my time.  Malwarebytes and combofix superantspyware were all fully updated.  Event viewer gave error that it could not apply policies due to the fact that it couldn't access my domain by UNC path (\\domainname.com\sysvol\) which is how I realized what my problem was problem.

ppdogs - No entries in host file except local host 127 and no invalid host(A) records in DNS.  As mentioned in my original post,  I could ping those servers fine by name and nslookups resolve fine. Therefore name resolution was working fine.)

raclo - as mentioned above xp firewall turned off and no other security software installed.  Just Symantec AV Corp 10.2. (which sucks by the way, but were tied to it for some insane reason which I have no control over)

Nice-Ghaza - Iin my original post,  I can browse fine using UNC by IP (ie: \\10.150.90.5). and DNS is available and resolving all hostnames (servernames) just fine.  Did try giving PC Static IP configuraltion (IP, SUBNET, GATEWAY AND DNS) and just to note... all routing entries in routing table are/were correct.  Not sure what you meant by "AND SERVER User account  Administrator and password  remmber always click on there"

0
 
SCBOE HelpdeskCommented:
I have this same problem, but I would not call reinstalling XP a Solution.  I would love to know how to fix this issue without reimaging the computer.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now