Network connection RED CROSS - not network card or virus issue!
Environment: Windows Server Std R2 x64, running Exchange, AV etc...
Four machines in the past 24 hours have been unable to connect to our network of 30 wkstns. 3 x W7 and one XP. The NIC blue circle tries to resolve but them turns into a red cross. The NIC lights are flasing, it's not the cable or a rootkit or the drivers.
When I use 'detect network problems' from the wizard I get 'Windows could not automatically detect this network's proxy settings.
Also the network logon service will not start. I get Error 10050: A socket operation encountered a dead network.
This environment was previously a 2003SBS upgraded 30 months ago. The old DC is listed in the GC, could these machines suddenly be looking for the old network???
Four PCs I can rebuild, I'm just worried about this being a server issue, not a wkstn issue...and I don't want it to spread.
Four machines in the past 24 hours have been unable to connect to our network of 30 wkstns. 3 x W7 and one XP. The NIC blue circle tries to resolve but them turns into a red cross. The NIC lights are flasing, it's not the cable or a rootkit or the drivers.
When I use 'detect network problems' from the wizard I get 'Windows could not automatically detect this network's proxy settings.
Also the network logon service will not start. I get Error 10050: A socket operation encountered a dead network.
This environment was previously a 2003SBS upgraded 30 months ago. The old DC is listed in the GC, could these machines suddenly be looking for the old network???
Four PCs I can rebuild, I'm just worried about this being a server issue, not a wkstn issue...and I don't want it to spread.
Can you get us ipconfig /all from an affected workstation please?
ASKER
hostname: (blank)
Primary DNS suffix: (blank)
Node type: hybrid
Ip routing enabled: No
WINS proxy enabled: No
Primary DNS suffix: (blank)
Node type: hybrid
Ip routing enabled: No
WINS proxy enabled: No
ASKER
I am getting this in the server event viewer though: (but these have been there for ages...)
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=transparency,DC=org,DC=
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=transparency,DC=org,DC=
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Try giving them static ip?
ASKER
I can't get into the ip4 properties. The box is ticked but it's as though the services aren't installed. I can't re-install them either...
Just tried other NIC, and same issue...seems Windows Networking based error but i can't put my finger in it!!!!
Just tried other NIC, and same issue...seems Windows Networking based error but i can't put my finger in it!!!!
ASKER
TCPIP protocol driver is missing.
Bad Windows Update???
Bad Windows Update???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's a rather harsh false positive! Good work tracking the issue and resolving mate.
ASKER
Some networks have got hundreds of machines to repair by hand! Bad one by Kaspersky.
I seen the same thing happen several times - Mcafee had a famous one where they detected and deleted svchost.exe. Sophos also recently flagged their own AV files as malicious which was a bit of a laugh... it's never pretty when this happens.
ASKER
I found the answer! Kav6 is affected, later versions dont seem to be. Right royal pain in the rear.