Solved

XP machine cannot browse using UNC path by name, but can ping by name and nslookups resolve

Posted on 2010-09-20
8
4,279 Views
Last Modified: 2013-05-01
I have 1 XP SP3 machine that cannot browse many of my servers using UNC path by name (ie:\\servername or servername.domain.com).   Returns error " \\servername  The network path was not found "

Here are my symptoms:

Can browse using UNC path by IP fine (ie:\\10.150.90.50)
Can ping by name and nslookups resolve servername to IP fine (So I don't think it's a DNS issue)
Get same result if I try browsing using " net view servername " command.  Returns error " System error 53 has occured. The network path was not found."

All 150 other XP machines on network can browse those same servers fine using UNC path by name.  All client PC's get TCP/IP configuration via DHCP
Have confirmed that the machine in question is getting the proper IP, Subnet, Gateway and DNS configuration from DHCP.
No WINS involved.  All servers are 2003 or later and all client PC run XP

Ran Combofix which made 4 deletions as follows:
c:\documents and settings\%username%\Local Settings\Application Data\emxhofoxe
c:\documents and settings\%username%\Local Settings\Application Data\emxhofoxe\xjhgcnushdw.exe
c:\documents and settings\%username%\Local Settings\Application Data\ivcocfg.dll
c:\windows\system32\nnfj.tqo

Afterwhich I ran Superantispyware which found only tracking cookies (which got removed).
Then ran Malwarebytes which found nothing.

Tried resetting TCP/IP (netsh int ip reset c:\tcpipreset.log)
Tried resetting winsock (netsh winsock reset)
Have also tried disjoining PC from domain,  renaming PC, then rejoining to domain, but still no luck.

I have tried other things, but this is all I can remember at this point.

I realised this to be a problem while trying troubleshooting why my GPO's were not being applied to this machine. In order for the machine to apply the GPO's, it needs to be able to access the policies folder in the SYSVOL share on  a domain controller via UNC path by name as shown below
(\\domainname.com\SYSVOL\domainname.com\policies), which it cannot.

Was thinking about running a registry cleaner like CCleaner or Dial-A-Fix (DAF), but have not used either of them before..... any thoughts?

I am stumpted,  please help.
0
Comment
Question by:nealgomes
8 Comments
 
LVL 7

Expert Comment

by:njxbean
ID: 33722150
so this computer is on the domain but no policies are being pushed to the  box?  If you do a gpresult what is the result?  Tried flushing dns(ipconfig /flushdns)?

Tried using sfc /scannoow?

Is there a firewall or any different security software on this computer?  is it a different image?  

You might want to update then run malwarebytes and combofix again.  Ccleaner is also solid.

Checked the event viewer log?
0
 
LVL 2

Expert Comment

by:ppdogs
ID: 33722232
are there any entries on the host file? or any DNS host entries under the network port properties?
0
 
LVL 2

Expert Comment

by:raclo
ID: 33722793
could be your XP firewall on the problematic machine or maybe some other all-in-one virus & anti-spyware you have on it.
0
 
LVL 4

Expert Comment

by:Nice-Ghaza
ID: 33723833
Dear
        check by ip like that \\192.168.10.10
should be firewall off
DNS IS available

if not

you are  configure the ststic ip configuration
IP
Subnet Mask
Gateway
DNS
al DNS

AND SERVER User account  Administrator and password  remmber always click on there
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 23

Expert Comment

by:phototropic
ID: 33723922
Combofix removed some infection, including c:\windows\system32\nnfj.tqo, which is added by the Bredolab.gen.o trojan. This is a password stealer:

http://vil.nai.com/vil/content/v_253732.htm

It's quite possible that you are still infected.  Try running Hitman Pro:

http://www.surfright.nl/en/downloads/

Also could you post the Combofix log?  Sometimes Combofix is unable to remove everything it finds...
0
 
LVL 3

Expert Comment

by:net_tech_mike
ID: 33726643
Hi,

You probably have spyware. Download Panicware's Anti-Spyware.  They were featured on CNET, USA Today, NBC, NEWSWEEK, And TIME. This  program has free technical support, and offers a 30 day moneyback  guarantee!

Click here.
 PANICWARE'S ANTI-Spyware
0
 
LVL 1

Accepted Solution

by:
nealgomes earned 0 total points
ID: 33740844
I thank you all for your comments.  But I ended up starting fresh and reloading xp.  Have spent too much time on it and we have multiple shifts using this computer 24 hrs a day, so I need to get it working quickly.  Although I will try to comment on some of your questions and commeGPnt.

njxbean - Yes, Computer was on domain. GPRESULT gave different results depending on who was logged on.  If it was a newer user who first logged on this machine recently,  GPRESULT would not even run.  If logged in a user who had been using that PC for a while, GPRESULT would show very old policies being applied.  Did try sfc /scannoow with no luck.  No firewall or security sofware and Windows firewall turned off.  Not sure about image, was installed before my time.  Malwarebytes and combofix superantspyware were all fully updated.  Event viewer gave error that it could not apply policies due to the fact that it couldn't access my domain by UNC path (\\domainname.com\sysvol\) which is how I realized what my problem was problem.

ppdogs - No entries in host file except local host 127 and no invalid host(A) records in DNS.  As mentioned in my original post,  I could ping those servers fine by name and nslookups resolve fine. Therefore name resolution was working fine.)

raclo - as mentioned above xp firewall turned off and no other security software installed.  Just Symantec AV Corp 10.2. (which sucks by the way, but were tied to it for some insane reason which I have no control over)

Nice-Ghaza - Iin my original post,  I can browse fine using UNC by IP (ie: \\10.150.90.5). and DNS is available and resolving all hostnames (servernames) just fine.  Did try giving PC Static IP configuraltion (IP, SUBNET, GATEWAY AND DNS) and just to note... all routing entries in routing table are/were correct.  Not sure what you meant by "AND SERVER User account  Administrator and password  remmber always click on there"

0
 

Expert Comment

by:SCBOE Helpdesk
ID: 39128812
I have this same problem, but I would not call reinstalling XP a Solution.  I would love to know how to fix this issue without reimaging the computer.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now