We help IT Professionals succeed at work.

Windows 2003 Server lost his network connectivity

daiwhyte
daiwhyte asked
on
Hi

Ive got a Windows 2003 Server which has recently had an virus infection. Ive now removed the virus but the box now disappers off the network round about the same time the logon prompt is display.

If I start the box up in safe mode with network access, its fine so looks like the anti virus product has corrupted the ip config some how.

Whats the best way to restore normal network access to server?

Thanks
David
Comment
Watch Question

Commented:
I would start with running SFC /Scannow, you will need the 2003CD in drive.  It will check for damaged or missing Windows files and replace them.

Do you see any errors in the Event Viewer?

Author

Commented:
Ive not got site of the server yet due to its location - Im planning a visit tomorrow to see the sick PC.

Commented:
You could try to reset the ip stack according to the MS KB article:
http://support.microsoft.com/kb/317518

This resets all registry settings for the ip stack. You could also try repair the winsock setup:
netsh winsock reset (2003 sp1 needed, if you don't have it upgrade ASAP to the latest sp!)
Ehab SalemIT Manager
CERTIFIED EXPERT

Commented:
Which AV are you using? does it have also a firewall? SEP for example?

Author

Commented:
@ehabsalem Ive not got to site yet to find out what AV is running on the Server but it will be something I will check when I get there - thanks

Commented:
A simple and very effective way of doing this is to go to the Device Management console & delete the network adapter completely. Then do a redetect (or reboot), allow the redetection & installtion of the NIC, then re-enter the necessary NIC configs.

Author

Commented:
Ive removed and allowed windows to find the network card from the device manager but still nothing.

Interestly, when in safe mode, the machine gets network access so it looks like some service is taking out the server when running normally.

Just running sfc /scannow
Ehab SalemIT Manager
CERTIFIED EXPERT

Commented:
Does the server have Symantec Endpoint Protection?

Author

Commented:
No it has eset nod32 version 4

Author

Commented:
No it has eset nod32 version 4

Also, it has 2 nics in but only one is being used. Not sure if that would have a bearing on the situation.
Ehab SalemIT Manager
CERTIFIED EXPERT

Commented:
try disabling the unused one. or swap the NIC

Author

Commented:
when the box boots up, you can ping it and I get a reply. Even when its "Preparing Network Connections" is displayed prior to logon prompt appears. Its when Apply Computer Settings is when I start getting Request timed out from my ping request.

Author

Commented:
more info, Ive looked through the services to see if there is anything which has stopped but should be started and a found an entry Ive never seen before.

Microsoft.Device.Manager is in the list of services and the description of the service is a couple of random undistinguished character, could this be something to do it?
Commented:
did you reset ipstack and winsock as proposed? (also clear filters that could mess up your connection)

Author

Commented:
ive done a ipstack and winsock reset still nothing.

Clear Filters - how do I do that?

Author

Commented:
weird thing, it works in safe mode. What can be the difference when running in safe mode as apposed to running in full mode when it comes to network setup?

Author

Commented:
ive just added a new network card and this has not solved the issue either.

Commented:
Uninstall the AV (no, disabling is not enough ;-)) and reboot the server. See if that makes any difference. The blocking should be done by a program that contains firewall functions. NOD32 does implement WEB filtering and therefore had firewall functionality that is activated by registering as a filter. In safe mode this filtering is not loaded.

For your information, we've had huge problems with sudden serverreboots when NOD32 v4 installed on a server. The webfilter-dll's seem to fight with microsoft. We've had ESET explain and they say it's a MS problem and we have to downgrade to v2.7 (no webfiltering function) or rename the dll in safe mode so windows can't load it in normal mode.

Author

Commented:
pviler

Ive removed the av and rebooted, still the same.

Commented:
What are the firewall settings on the server? Try turning the Windows Firewall off altogether.
Also check the IP filter advanced setting on the NIC & ensure that it's set to allow all.
Also try removing the auto-negotiate setting & hard-setting the NIC to 100/Full, or 1000/full.
Can you get your Network team involved? If none of the above works then maybe try a different port on the switch.

Author

Commented:
The filter box was ticked.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.