Solved

Network connection RED CROSS  - not network card or virus issue!

Posted on 2013-10-29
11
912 Views
Last Modified: 2013-11-03
Environment: Windows Server Std R2 x64, running Exchange, AV etc...

Four machines in the past 24 hours have been unable to connect to our network of 30 wkstns. 3 x W7 and one XP. The NIC blue circle tries to resolve but them turns into a red cross.  The NIC lights are flasing, it's not the cable or a rootkit or the drivers.
When I use 'detect network problems' from the wizard I get 'Windows could not automatically detect this network's proxy settings.
Also the network logon service will not start. I get Error 10050: A socket operation encountered a dead network.
This environment was previously a 2003SBS upgraded 30 months ago. The old DC is listed in the GC, could these machines suddenly be looking for the old network???
Four PCs I can rebuild, I'm just worried about this being a server issue, not a wkstn issue...and I don't want it to spread.
0
Comment
Question by:ljkal
  • 7
  • 3
11 Comments
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39609122
Can you get us ipconfig /all from an affected workstation please?
0
 
LVL 1

Author Comment

by:ljkal
ID: 39609148
hostname: (blank)
Primary DNS suffix: (blank)
Node type: hybrid
Ip routing enabled: No
WINS proxy enabled: No
0
 
LVL 1

Author Comment

by:ljkal
ID: 39609164
I am getting this in the server event viewer though: (but these have been there for ages...)


This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: DC=transparency,DC=org,DC=uk
 
User Action:
 
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors.  Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
 
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
0
 
LVL 11

Expert Comment

by:BillBondo
ID: 39609248
Try giving them static ip?
0
 
LVL 1

Author Comment

by:ljkal
ID: 39609262
I can't get into the ip4 properties. The box is ticked but it's as though the services aren't installed. I can't re-install them either...

Just tried other NIC, and same issue...seems Windows Networking based error but i can't put my finger in it!!!!
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:ljkal
ID: 39609323
TCPIP protocol driver is missing.
Bad Windows Update???
0
 
LVL 1

Accepted Solution

by:
ljkal earned 0 total points
ID: 39609907
Not far away. .. bloody Kaspersky labelled tcpip.sys as a trojan. Check KAV noticeboards for info.
Will award myself the points! :)
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39610040
That's a rather harsh false positive!   Good work tracking the issue and resolving mate.
0
 
LVL 1

Author Comment

by:ljkal
ID: 39610048
Some networks have got hundreds of machines to repair by hand! Bad one by Kaspersky.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39610066
I seen the same thing happen several times - Mcafee had a famous one where they detected and deleted svchost.exe.  Sophos also recently flagged their own AV files as malicious which was a bit of a laugh...  it's never pretty when this happens.
0
 
LVL 1

Author Closing Comment

by:ljkal
ID: 39619708
I found the answer! Kav6 is affected,  later versions dont seem to be. Right royal pain in the rear.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now