Solved

Network resources and shares not available

Posted on 2011-09-26
35
377 Views
Last Modified: 2012-06-27
Hi all,
I have a Windows XP workstation that cannot access any network shares or resources. It can't browse the network.
It is online, and can ping other devices on the network. For example, it can ping the domain controller by IP but cannot ping it by name. The computer is online, and is using the domain controller for DNS.
If you enter \\192.168.0.2 (the servers IP) it returns a message saying that the network resources is unavaiable. When trying to join to a domain, an error comes up and says the domain contoller cannot be contacted.
It's as if it does not have a way to connect to other computers on the network. The computer browser service is running though.
It's a Windows XP computer attempting to join a Windows 2003 domain.

0
Comment
Question by:underIce
  • 14
  • 8
  • 5
  • +4
35 Comments
 
LVL 7

Expert Comment

by:Reece Dodds
ID: 36671821
are the computers in the same workgroup?
are the Network Locations Awareness (NLA) and Workstations services running?
is the computer being given it's IP by DHCP and in the same range and subnet as other computers on the network?
0
 

Author Comment

by:underIce
ID: 36677125
-Same workgroup
-NLA is running
-DHCP and all on the same network

-Can't find the domain controller when trying to join the domain (the workstation is using the DC as it's DNS server)
-Result of nbstat -n is Failed to access NetBT Driver - NetBT may not be loaded.

-Computer cannot ping server by name but the Internet works
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36707561
Make sure that the following is installed and checked on your NIC in the Network connections applet in the Control
Panel...

Client for MS Networks
File and Printer Sharing

Additionally, the following services should be started and set to Auto...

Workstation
Server (not mandatory, just curious if it starts)
Netlogon
0
 
LVL 5

Expert Comment

by:swap_101982
ID: 36707568
Can you check NetBT service parameters in Registry ?
if the start value is 4 change it to 2

start->run->regedit
HKLM/System/CurrentControlSet/Services/NetBT
Set "Start" tag equal to 2
0
 
LVL 8

Expert Comment

by:psychogr
ID: 36708565
Leave DC's ip as the only dns server.
Then open a command prompt and type the following two commands:

ipconfig /flushdns
ipconfig /registerdns

Then try pinging your server again and let me know of the results.

Good luck
0
 

Author Comment

by:underIce
ID: 36709406
swap_101982: Yes, during the initial troubleshooting efforts I made sure that registry entry was set at 2. Didn't seem to make a difference

johnb6767: All those services are started and set to auto, F&P sharing and Microsoft clients are both checked

psychogr: At some point I did a flushdns but that didn't help

Thanks!

0
 

Author Comment

by:underIce
ID: 36709418
psychogr: I should have added that the server is the only DNS server configured on the workstation
0
 
LVL 8

Expert Comment

by:psychogr
ID: 36709680
did you type "ipconfig /registerdns' after running /flushdns command?

The ipconfig /registerdns command provides you with a means to manually initiate dynamic registration for the DNS names and IP addresses configured at a computer. This option can assist in troubleshooting a failed DNS name registration or in resolving a dynamic update problem between a client and the DNS server..
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36709760
Rename hosts file to hosts.old on the XP and restart. Try to join Domain and check if that can fix the issue.
0
 
LVL 8

Expert Comment

by:psychogr
ID: 36710094
and check workstation clock and timezone
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36712297
Please provide and IPconfig /all of this XP computer.

Disable IPv6, and make sure it is NOT multihomed (meaning using multiple network adapters)...

On the computer's software firewall, make an exception for file and print sharing.

Lot's of things can cause this issue, including an IP conflict. The browser service does NOT need to be running in order to browse the network. The browser service is used for browser elections and can be disabled on all computers that you don't want to become a master browser, backup browser, or domain master browser. In fact, it's a good practice to disable the browser service except on the domain PDCe, and whatever backup browsers you decide to use.

However, you can't access the UNC path using the IP address. UNC stands for Universal Naming Convention, and you can use a couple different means to map to a computer share. One is by IP address, the other is by fully.qualified.domain.name, and the other is by computername. IP uses ARP resolution, FQDN uses DNS to translate to an IP, and computername uses netbios to resolve the path to the share. So, if you can ping the computer by IP, you should be able to map to the share by IP. If you can ping the fully qualified domain name, you are OK with DNS host A records. If you can ping by computername, then netbios is working. If you can't ping at all, it usually means the firewall is having problems, or the ARP table that is cached on the computer is messed up. This arp table depends upon the network configurations and that's why an IPconfig /all will help you quickly discover the real problem.
0
 

Author Comment

by:underIce
ID: 36713442
ipconfig /all

        Host Name . . . . . . . . . . . . : DCM77MG1
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :domain.local
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-1E-C9-34-32-A9
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.113
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.2
        DNS Servers . . . . . . . . . . . : 192.168.1.2
        NetBIOS over Tcpip. . . . . . . . : Disabled
        Lease Obtained. . . . . . . . . . : Monday, September 26, 2011 9:11:23 PM
        Lease Expires . . . . . . . . . . : Tuesday, October 04, 2011 9:11:23 PM
0
 

Author Comment

by:underIce
ID: 36713494
ChiefIT:
- IP6 is not enabled (not present)
- Not mutlihomed
- Firewall turned off completely
- I cannot ping any workstations (or the server) via FQDN or computername. I an ping via IP though. But I can't access any shares using the IP address. For example, if I enter \\192.168.1.2 in the run field, I get a message that says "The network location cannot be reached". If I add the share name I get the same error. For example \\192.168.1.2\share

Time and date are right and I did run the ipconfig /registerdns command.

I'll try renaming the hosts file. I'll let you know if makes any difference.
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36713724
Manually assign the IP, subnet, gateway, DNS to the system.

        IP Address. . . . . . . . . . . . : 192.168.1.113
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.2

Are you sure the DNS is 192.168.1.2 and not 192.168.1.1

In primary DNS, type the DNS used in your network and in secondary DNS type : 8.8.8.8 (Google's public DNS)

Hope this helps.
0
 

Author Comment

by:underIce
ID: 36713817
mody2579::

Yes. The DNS server is the DC server. The Internet works, it's accessing local resources that is the issue. So Google's DNS won't help.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36714386
ipconfig /displaydns

Is there anything listed?
0
 

Author Comment

by:underIce
ID: 36714405
not really....looks like this:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Kay>ipconfig /displaydns
Windows IP Configuration
         brn001ba944621c
         ----------------------------------------
         Name does not exist.


0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 100 total points
ID: 36714422
I have gotten to the point on ANY odd problem, I run this.... Seen too many odd problems from these buggers....
Especially the ones (rootkits) that failed to install properly....

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
http://support.kaspersky.com/faq/?qid=208280684
0
 

Author Comment

by:underIce
ID: 36714445
Ran it and it didn't find anything. I remember that in device manager if you show hidden devices and look you can see it there. But generally it prevents any network traffic if I remember right,

Anyway....the scan didn't find anything....
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36714453
Are there any services throwing errors in the System Log, source "Service control Manager" . If so, see the Non PnP section below....

From a cmd prompt....

set devmgr_show_nonpresent_devices=1
devmgmt.msc
Click View>Show Hidden Devices

Check under Non Plug and Play Drivers for anything remarked out....

I would remove ALL network adapters you can.

Then....

netsh int ip reset reset.log
netsh winsock reset
netsh firewall reset

Reboot, reinstall the NICs with the latest drivers, and make sure your Firewall is disabled (as it often gets enabled in the reset, based on your default profile config)....

Then cross your fingers....
0
 

Author Comment

by:underIce
ID: 36714472
Nothing in the non-pnp devices that look out of place, and nothing commented out.

I've gone through the netsh int ip reset and winsock reset with no luck.

I'll have a chance to to the nic cards tomorrow...but I'm not hopeful.

This feels like a DNS or computer browser thing to me. I can't see any network devices at all. The computer is not able to get a list of network resources. I'm not expert enough with that process to know how it breaks

But the local DC DNS service passes Internet requests on to the ISP's DNS servers but is unable to process local requests.

If I add devices to the host file ping by name works of course...but even there I can't access shares on devices on the host list.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36714523
Reason I was going that route (including the reset again) was that it seems like a service/driver is not started, causing some of your failures....
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36714727
Is IPsec enabled, or IP filtering. If you can ping by IP, but not access the mapped network drive by IP, then there is something wrong with networking. What is the EXACT context of the error you are seeing.

Is it:

Error 5: Access denied
Is it domain can not be found?
0
 
LVL 5

Expert Comment

by:swap_101982
ID: 36714812
Have you tried to enable NetBIOS Over TCP ?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36715118
LOL: I just saw that in the IPconfig:

SWAP is right, you need to enable netbios over TCP/IP.
0
 

Author Comment

by:underIce
ID: 36716678
netbios over TCP/IP is as enabled as I can make it: The proper buttons are checked in the nic properties sheet.

Is there another way to force it or to test to see if it's really working?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36719903
OK, look again at the IPCONFIG /ALL:

This is what we saw last time:
Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :domain.local
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-1E-C9-34-32-A9
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.113
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.2
        DNS Servers . . . . . . . . . . . : 192.168.1.2
*******(((((( NetBIOS over Tcpip. . . . . . . . : Disabled))))))))
        Lease Obtained. . . . . . . . . . : Monday, September 26, 2011 9:11:23 PM
        Lease Expires . . . . . . . . . . : Tuesday, October 04, 2011 9:11:23 PM

If you go into the network adapter properties>> TCP/IP properties>> WINS tab

You are saying Netbios over TCP/IP is enabled??

If so, please provide the output to this command line:

Net Config Redir
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36719966
Also, while on the WINS tab, disable LMHOST lookup, AND navigate to the DNS tab and check the two boxes to obtain a DNS suffix and register the DNS suffix,. After doing this, go to the command prompt and type: IPconfig /register DNS

If it will not register within DNS, you may have to rejoin the domain with this computer.

It appears you might have a problem with the TCP/IP stack. If all else fails, uninstall and reinstall the Service of "Client for Microsoft Networks" and "File and Printer Sharing". You may have had these enabled without having Netbios enabled and this could mess up the Netbios bind.

If all else fails, we will reset the TCP/IP stack:
0
 

Author Comment

by:underIce
ID: 36805813
ChiefIT: Yes, Netbios over TCP is enabled in the NIC properties. The output you wanted is this:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Kay>net config redir
Computer name                        \\DCM77MG1
Full Computer name                   DCM77MG1
User name                            Kay
Workstation active on
Software version                     Windows 2002
Workstation domain                   WORKGROUP
Workstation Domain DNS Name          (null)
Logon domain                         DCM77MG1

COM Open Timeout (sec)               0
COM Send Count (byte)                16
COM Send Timeout (msec)              250
The command completed successfully.


C:\Documents and Settings\Kay>
0
 

Author Comment

by:underIce
ID: 36808888
ChiefIT: I disabled LMHost lookup. The register the DNS suffix box was checked but there was no obtain a DNS suffix check box...

One of the issues here is that I can't join the domain as it can't find the DC.

After uncheckng client for MS networks and P&F sharing rebooting and re-enabling the two, the problem is still there.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 400 total points
ID: 36812732
OK, so there is your problem. This computer is not seeing the Netbios Name Server for the Netlogon service / Workstation service / Server Service / and RPC locator Service.

Let's check these services:

Go to the run line and type: Services.msc

Look at these services, that should be started and set to automatic:

Netlogon
Server
Workstation
TCP/IP Netbios Helper

And what is the status of the:
Windows Firewall Service

And is The Time more than 5 minutes out of whack of the DC?

In addition, what Antivirus and Antispyware package are we looking at for this puter? Many AV and AX packages block netbios broadcasts. This will prevent you from seeing the Domain server when trying to join?

Also, is this an imaged machine? If so, have you run Sysprep to individualize this machine from others?

Since this computer is having problems with DNS and Netbios, I think it's about time to explore resetting the TCP/IP stack. To do so, you might go to the command prompt and type this command line:
netsh int ip reset c:\resetlog.txt

When you run the reset command, it rewrites two registry keys that are used by TCP/IP. This has the same result as removing and reinstalling the protocol. The reset command rewrites the following two registry keys:

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\
                        
0
 

Author Comment

by:underIce
ID: 36812778
The netlogon service is set to manual, the others are set to automatic and are started.

The firewall service was started. Stopping it didn't help.
The time is within a minute of the server (and a couple other workstations)
AV is Symantec Endpoint client....the corp edition. It doesn't include a firewall in the package.
This is not an imaged workstation...
This is the resetlog:
reset   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{09805F14-D68C-4C45-9783-F8C18DFCA31B}\NetbiosOptions
            old REG_DWORD = 1
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09805F14-D68C-4C45-9783-F8C18DFCA31B}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09805F14-D68C-4C45-9783-F8C18DFCA31B}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09805F14-D68C-4C45-9783-F8C18DFCA31B}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset   Linkage\UpperBind for PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0.  bad value was:
            REG_MULTI_SZ =
                PSched
reset   Linkage\UpperBind for ROOT\MS_NDISWANIP\0000.  bad value was:
            REG_MULTI_SZ =
                PSched

<completed>
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36813230
After resetting the IP stack, did you get a new DHCP lease by typing:

IPconfig /release
and
IPconfig /renew

If so, let's take a look at these outputs:
IPconfig /all
Net Config Redir
Net config Server
Net Config Workstation
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36813271
symantec endpoint protection has a built in firewall. SEP will block many domain features... Disabling it doesn't help. Sometimes it has to be completely uninstalled. But, there are options to configure the firewall to permit these domain features. Netbios is one of your problems.

Symantec Configurations:
http://www.symantec.com/business/support/index?page=content&id=TECH104433

Netbios, by nature is held to the broadcast domain. DNS registration is also a broadcast, and held to the broadcast domain. So, this makes me wonder if this computer is by chance on a VLAN, off the broadcast domain, or working through a VPN/IPsec tunnel.
0
 

Author Closing Comment

by:underIce
ID: 36914513
Ended up with  a reinstall. Leaving this is the KB because there are a lot of goof troubleshooting steps here. Thanks!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now