Windows 2003 Server lost his network connectivity
Hi
Ive got a Windows 2003 Server which has recently had an virus infection. Ive now removed the virus but the box now disappers off the network round about the same time the logon prompt is display.
If I start the box up in safe mode with network access, its fine so looks like the anti virus product has corrupted the ip config some how.
Whats the best way to restore normal network access to server?
Thanks
David
Ive got a Windows 2003 Server which has recently had an virus infection. Ive now removed the virus but the box now disappers off the network round about the same time the logon prompt is display.
If I start the box up in safe mode with network access, its fine so looks like the anti virus product has corrupted the ip config some how.
Whats the best way to restore normal network access to server?
Thanks
David
ASKER
Ive not got site of the server yet due to its location - Im planning a visit tomorrow to see the sick PC.
You could try to reset the ip stack according to the MS KB article:
http://support.microsoft.com/kb/317518
This resets all registry settings for the ip stack. You could also try repair the winsock setup:
netsh winsock reset (2003 sp1 needed, if you don't have it upgrade ASAP to the latest sp!)
http://support.microsoft.com/kb/317518
This resets all registry settings for the ip stack. You could also try repair the winsock setup:
netsh winsock reset (2003 sp1 needed, if you don't have it upgrade ASAP to the latest sp!)
Which AV are you using? does it have also a firewall? SEP for example?
ASKER
@ehabsalem Ive not got to site yet to find out what AV is running on the Server but it will be something I will check when I get there - thanks
A simple and very effective way of doing this is to go to the Device Management console & delete the network adapter completely. Then do a redetect (or reboot), allow the redetection & installtion of the NIC, then re-enter the necessary NIC configs.
ASKER
Ive removed and allowed windows to find the network card from the device manager but still nothing.
Interestly, when in safe mode, the machine gets network access so it looks like some service is taking out the server when running normally.
Just running sfc /scannow
Interestly, when in safe mode, the machine gets network access so it looks like some service is taking out the server when running normally.
Just running sfc /scannow
Does the server have Symantec Endpoint Protection?
ASKER
No it has eset nod32 version 4
ASKER
No it has eset nod32 version 4
Also, it has 2 nics in but only one is being used. Not sure if that would have a bearing on the situation.
Also, it has 2 nics in but only one is being used. Not sure if that would have a bearing on the situation.
try disabling the unused one. or swap the NIC
ASKER
when the box boots up, you can ping it and I get a reply. Even when its "Preparing Network Connections" is displayed prior to logon prompt appears. Its when Apply Computer Settings is when I start getting Request timed out from my ping request.
ASKER
more info, Ive looked through the services to see if there is anything which has stopped but should be started and a found an entry Ive never seen before.
Microsoft.Device.Manager is in the list of services and the description of the service is a couple of random undistinguished character, could this be something to do it?
Microsoft.Device.Manager is in the list of services and the description of the service is a couple of random undistinguished character, could this be something to do it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ive done a ipstack and winsock reset still nothing.
Clear Filters - how do I do that?
Clear Filters - how do I do that?
ASKER
weird thing, it works in safe mode. What can be the difference when running in safe mode as apposed to running in full mode when it comes to network setup?
ASKER
ive just added a new network card and this has not solved the issue either.
Uninstall the AV (no, disabling is not enough ;-)) and reboot the server. See if that makes any difference. The blocking should be done by a program that contains firewall functions. NOD32 does implement WEB filtering and therefore had firewall functionality that is activated by registering as a filter. In safe mode this filtering is not loaded.
For your information, we've had huge problems with sudden serverreboots when NOD32 v4 installed on a server. The webfilter-dll's seem to fight with microsoft. We've had ESET explain and they say it's a MS problem and we have to downgrade to v2.7 (no webfiltering function) or rename the dll in safe mode so windows can't load it in normal mode.
For your information, we've had huge problems with sudden serverreboots when NOD32 v4 installed on a server. The webfilter-dll's seem to fight with microsoft. We've had ESET explain and they say it's a MS problem and we have to downgrade to v2.7 (no webfiltering function) or rename the dll in safe mode so windows can't load it in normal mode.
ASKER
pviler
Ive removed the av and rebooted, still the same.
Ive removed the av and rebooted, still the same.
What are the firewall settings on the server? Try turning the Windows Firewall off altogether.
Also check the IP filter advanced setting on the NIC & ensure that it's set to allow all.
Also try removing the auto-negotiate setting & hard-setting the NIC to 100/Full, or 1000/full.
Can you get your Network team involved? If none of the above works then maybe try a different port on the switch.
Also check the IP filter advanced setting on the NIC & ensure that it's set to allow all.
Also try removing the auto-negotiate setting & hard-setting the NIC to 100/Full, or 1000/full.
Can you get your Network team involved? If none of the above works then maybe try a different port on the switch.
ASKER
The filter box was ticked.
Do you see any errors in the Event Viewer?