Solved

SBS 2003 Dropping mapped network drives

Posted on 2011-03-11
15
1,163 Views
Last Modified: 2012-05-11
Hey Experts!!

I have 2 machines on Windows 7 and 5 on Windows XP all connected to an SBS 2003 domain.  When we initially boot up we are fine. After 5 minutes in or so, everyone starts losing connection to the network drives.  Not entirely sure what's going on? I'm suspecting my logon.bat script, but I'm not sure.  I've attached the script below. Interestingly enough, whenever I try to access that script to edit it, the server will freeze or hang for some time.

Another problem I was having, is that I'm attaching the network printers with the script.  Would that have something to do with it? Reason being, is that when my Win7 clients boot up, they are saying they can't find a driver.  Email is fine, internet connections are fine and I can ping the server, but that's it.  

***UPDATE***
I've noticed the "Computer Browser" Service will not start at all.  Although I remember reading that this service is not needed for mapped drives.  Thoughts?
net use s: \\atidc\shared
net use p: \\atidc\peachdata
net use u: \\atidc\ups

RUNDLL32 PRINTUI.DLL,PrintUIEntry /ia /c\\atidc /f %windir%\inf\hpcu081b.inf 
RunDll32.exe printui.dll,PrintUIEntry /in /y /n \\ATIDC\HPP4010
RunDll32.exe printui.dll,PrintUIEntry /in /n \\ATIDC\HP1300
RunDll32.exe printui.dll,PrintUIEntry /in /n \\ATIDC\ColorLaser



\\ATIDC\sysvol\ati.local\scripts\SBS_LOGIN_SCRIPT.bat

Open in new window

0
Comment
Question by:LZ1
  • 8
  • 7
15 Comments
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35112864
I doubt the content of the script is at fault, though I would try copying the text, renaming the file, creating a new file, and pasting the text into it.

I'd start looking for other signs of instability though. Chkdsk, virus scans, event log errors, etc.
0
 
LVL 30

Author Comment

by:LZ1
ID: 35112872
I've run all of my scans and they are clean. I'm starting to read more about this "Computer Browser" Service as the possible culprit.  
0
 
LVL 30

Author Comment

by:LZ1
ID: 35122924
****UPDATE*****
Turns out, I may have a trojan.  I've run Wireshark, and it seems there's still a program trying to call out.  I've also noticed Malwarebytes blocking some outgoing requests.  

So now the question is, what is the best trojan removal software for a server????
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35122968
I usually use MalwareBytes Anti-Malware (http://www.malwarebytes.org/). It usually does a pretty thorough job.
I sometimes follow that up with Spybot Search & Destroy (http://www.safer-networking.org/en/index.html).
If I'm still not convinced, sometimes I'll try McAfee's Stinger standalone removal tool (http://us.mcafee.com/virusInfo/default.asp?id=stinger) and/or Trend Micro's HouseCall free online scan (http://housecall.trendmicro.com/).

Sometimes nothing beats manually looking through some common startup areas in th registry and finding stuff by eyeball that doesn't look right. See this blog post for a partial list:
http://blog.bruteforcetech.com/index.php/archives/618
0
 
LVL 30

Author Comment

by:LZ1
ID: 35122977
I was told to purchase Trojan Hunter.  Any thoughts on that one?
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35122991
No experience with it, sorry. I'd check online for reviews.
0
 
LVL 30

Author Comment

by:LZ1
ID: 35123017
Well we did buy Malwarebytes for all of the users, plus the server.  It has been blocking outgoing access, but even so our mapped drives just disconnect.  I'm extremely frustrated since I was also told this trojan or virus, may be residing inside of the script directory on the server. Therefore killing the connection after a period fo 20 minutes or so.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 4

Expert Comment

by:Scovndrel
ID: 35123179
Not sure that makes sense to me. The script is called specifically by a parameter in the user account - but only at logon, and only that specific file, which is a plain text file. Wouldn't hurt to copy the text out, rename the file, make a new one with the old name and copy the text back in. There are Group Policies in a similar area, but those are only enforced once per 24-hour period.

It does sound as if there might be something nasty on the server, and it could be hiding just about anywhere. If you have more than one DC and if the malware is in a folder that gets replicated, and you clean if from only one server, the deletion should get replicated to the other server. Wouldn't hurt to scan both anyway, if there are two.

Are there any event log entries on the server or workstations that correspond to the disconnect times? Sometimes this sort of thing can simply be bad wiring, loose connection, etc. Since it happens to multiple workstations, I'd start with swapping out the server's cable, and the switch if possible.

You mentioned that the computer browser service won't start. That's not a good thing. Do you get an event log error when you try to start it? Could be that is a symptom of a problem that is also disconnecting sessions. If you solve that problem, maybe it will lead to other problems along the way that you can also solve, and in the end the disconnect problem will simply go away.
0
 
LVL 30

Author Comment

by:LZ1
ID: 35123222
When I do try to start the Computer Browser service it says:
Error 1060: The specified service does not exist as an installed service.  The event viewer says the same for this part.  

As for the disconnection event logs, I can't find anything that directly correponds with the disconnection times.  I am currently running scans, but I know that is going to take a while.  The only other weird errors I'm getting is a DHCP error on startup saying my credentials are wrong.

0
 
LVL 30

Author Comment

by:LZ1
ID: 35123243
Actually there is another error in the event logs:

Windows cannot access the file gpt.ini for GPO CN={8B609713-E197-4724-A24B-5E4DCA91A065},CN=Policies,CN=System,DC=ati,DC=local. The file must be present at the location <\\ati.local\SysVol\ati.local\Policies\{8B609713-E197-4724-A24B-5E4DCA91A065}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

And then immediately after that error, there is this one:  
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35123248
I would start some Google searches on that Computer Browser error and see what comes up. The DHCP error is pretty standard, and it tells you how to fix it in the body of the error. It is optional but a good idea.

BTW, in your original question, the printers aren't loading because you need to add the drivers for them into the 2003 server. Do a search for  "printer drivers print management 2003 windows 7" (without the quotes) and you'll come up with instructions to use Print Management on a Windows 7 computer while logged on as administrator to load the Win7 drivers for the printers onto the 2003 server. But this is a whole new can of worms, trying to get point and print to work with disparate operating systems. This seems to go in cycles with MS OSes, and sometimes it works OK, and sometimes not. You might end up being better off manually creating TCP/IP ports on the workstations and loading the drivers locally since you have less than 10 workstations.

Are you an internal IT person, or an outsourced consultant? Given the extended difficulty you're having, it might be worth hiring someone to come in and help you out.
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35123260
That GPO error is also common and fairly innocuous. It usually means that one of your GPOs has incorrect permissions on it, and the server has been denied read access to it, instead of allowing read but denying "apply group policy" as should have been done. This is not likely to be related to your disconnects.
0
 
LVL 30

Author Comment

by:LZ1
ID: 35123276
I have done a few searches on the Computer Browser errors, but nothing of substance or relation comes up. Everything says that that service is not required for mapped drives.
As for the printers, I think I'm going to the TCP port route.  Easier and faster I believe.  :)

I was an internal IT, then I moved to web development.  I don't really do the network admin stuff I used to.  I'm thinking the next step is to hire someone honestly.  Thanks for your patience thus far Scovndrel, I appreciate it.
0
 
LVL 4

Accepted Solution

by:
Scovndrel earned 500 total points
ID: 35123300
I wasn't suggesting that the computer browser service was a direct cause of the disconnects. Computer Browser is about name resolution and making a handy list of computers to click on on My Network Places, which doesn't seem to be the problem here. But the fact that it won't start indicates an underlying problem with the OS, and where there is smoke, there is fire.

Point and print is nice when it works, but I have been having lots of problems with driver compatibility between Win7 and 2003, so I have started to swing back toward decentralized printing. There are pros and cons. Centralized printing means easier driver loads and queue management. Decentralized printing eliminates a single point of queue failure and survives a server migration without having to mess with all of the workstations to get printing working again.

It does sound like some hired help is in order. Best of luck to you.
0
 
LVL 30

Author Comment

by:LZ1
ID: 35139050
We are going to do an entire restage of the server.  We did bring someone in and it looks like we have been infected with a trojan.  

Thanks everyone for your help.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now