Solved

XP machine cannot browse using UNC path by name, but can ping by name and nslookups resolve

Posted on 2010-09-20
8
4,356 Views
Last Modified: 2013-05-01
I have 1 XP SP3 machine that cannot browse many of my servers using UNC path by name (ie:\\servername or servername.domain.com).   Returns error " \\servername  The network path was not found "

Here are my symptoms:

Can browse using UNC path by IP fine (ie:\\10.150.90.50)
Can ping by name and nslookups resolve servername to IP fine (So I don't think it's a DNS issue)
Get same result if I try browsing using " net view servername " command.  Returns error " System error 53 has occured. The network path was not found."

All 150 other XP machines on network can browse those same servers fine using UNC path by name.  All client PC's get TCP/IP configuration via DHCP
Have confirmed that the machine in question is getting the proper IP, Subnet, Gateway and DNS configuration from DHCP.
No WINS involved.  All servers are 2003 or later and all client PC run XP

Ran Combofix which made 4 deletions as follows:
c:\documents and settings\%username%\Local Settings\Application Data\emxhofoxe
c:\documents and settings\%username%\Local Settings\Application Data\emxhofoxe\xjhgcnushdw.exe
c:\documents and settings\%username%\Local Settings\Application Data\ivcocfg.dll
c:\windows\system32\nnfj.tqo

Afterwhich I ran Superantispyware which found only tracking cookies (which got removed).
Then ran Malwarebytes which found nothing.

Tried resetting TCP/IP (netsh int ip reset c:\tcpipreset.log)
Tried resetting winsock (netsh winsock reset)
Have also tried disjoining PC from domain,  renaming PC, then rejoining to domain, but still no luck.

I have tried other things, but this is all I can remember at this point.

I realised this to be a problem while trying troubleshooting why my GPO's were not being applied to this machine. In order for the machine to apply the GPO's, it needs to be able to access the policies folder in the SYSVOL share on  a domain controller via UNC path by name as shown below
(\\domainname.com\SYSVOL\domainname.com\policies), which it cannot.

Was thinking about running a registry cleaner like CCleaner or Dial-A-Fix (DAF), but have not used either of them before..... any thoughts?

I am stumpted,  please help.
0
Comment
Question by:nealgomes
8 Comments
 
LVL 7

Expert Comment

by:njxbean
ID: 33722150
so this computer is on the domain but no policies are being pushed to the  box?  If you do a gpresult what is the result?  Tried flushing dns(ipconfig /flushdns)?

Tried using sfc /scannoow?

Is there a firewall or any different security software on this computer?  is it a different image?  

You might want to update then run malwarebytes and combofix again.  Ccleaner is also solid.

Checked the event viewer log?
0
 
LVL 2

Expert Comment

by:ppdogs
ID: 33722232
are there any entries on the host file? or any DNS host entries under the network port properties?
0
 
LVL 2

Expert Comment

by:raclo
ID: 33722793
could be your XP firewall on the problematic machine or maybe some other all-in-one virus & anti-spyware you have on it.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 4

Expert Comment

by:Nice-Ghaza
ID: 33723833
Dear
        check by ip like that \\192.168.10.10
should be firewall off
DNS IS available

if not

you are  configure the ststic ip configuration
IP
Subnet Mask
Gateway
DNS
al DNS

AND SERVER User account  Administrator and password  remmber always click on there
0
 
LVL 23

Expert Comment

by:phototropic
ID: 33723922
Combofix removed some infection, including c:\windows\system32\nnfj.tqo, which is added by the Bredolab.gen.o trojan. This is a password stealer:

http://vil.nai.com/vil/content/v_253732.htm

It's quite possible that you are still infected.  Try running Hitman Pro:

http://www.surfright.nl/en/downloads/

Also could you post the Combofix log?  Sometimes Combofix is unable to remove everything it finds...
0
 
LVL 3

Expert Comment

by:net_tech_mike
ID: 33726643
Hi,

You probably have spyware. Download Panicware's Anti-Spyware.  They were featured on CNET, USA Today, NBC, NEWSWEEK, And TIME. This  program has free technical support, and offers a 30 day moneyback  guarantee!

Click here.
 PANICWARE'S ANTI-Spyware
0
 
LVL 1

Accepted Solution

by:
nealgomes earned 0 total points
ID: 33740844
I thank you all for your comments.  But I ended up starting fresh and reloading xp.  Have spent too much time on it and we have multiple shifts using this computer 24 hrs a day, so I need to get it working quickly.  Although I will try to comment on some of your questions and commeGPnt.

njxbean - Yes, Computer was on domain. GPRESULT gave different results depending on who was logged on.  If it was a newer user who first logged on this machine recently,  GPRESULT would not even run.  If logged in a user who had been using that PC for a while, GPRESULT would show very old policies being applied.  Did try sfc /scannoow with no luck.  No firewall or security sofware and Windows firewall turned off.  Not sure about image, was installed before my time.  Malwarebytes and combofix superantspyware were all fully updated.  Event viewer gave error that it could not apply policies due to the fact that it couldn't access my domain by UNC path (\\domainname.com\sysvol\) which is how I realized what my problem was problem.

ppdogs - No entries in host file except local host 127 and no invalid host(A) records in DNS.  As mentioned in my original post,  I could ping those servers fine by name and nslookups resolve fine. Therefore name resolution was working fine.)

raclo - as mentioned above xp firewall turned off and no other security software installed.  Just Symantec AV Corp 10.2. (which sucks by the way, but were tied to it for some insane reason which I have no control over)

Nice-Ghaza - Iin my original post,  I can browse fine using UNC by IP (ie: \\10.150.90.5). and DNS is available and resolving all hostnames (servernames) just fine.  Did try giving PC Static IP configuraltion (IP, SUBNET, GATEWAY AND DNS) and just to note... all routing entries in routing table are/were correct.  Not sure what you meant by "AND SERVER User account  Administrator and password  remmber always click on there"

0
 

Expert Comment

by:SCBOE Helpdesk
ID: 39128812
I have this same problem, but I would not call reinstalling XP a Solution.  I would love to know how to fix this issue without reimaging the computer.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question