Network connection RED CROSS - not network card or virus issue!

Environment: Windows Server Std R2 x64, running Exchange, AV etc...

Four machines in the past 24 hours have been unable to connect to our network of 30 wkstns. 3 x W7 and one XP. The NIC blue circle tries to resolve but them turns into a red cross.  The NIC lights are flasing, it's not the cable or a rootkit or the drivers.
When I use 'detect network problems' from the wizard I get 'Windows could not automatically detect this network's proxy settings.
Also the network logon service will not start. I get Error 10050: A socket operation encountered a dead network.
This environment was previously a 2003SBS upgraded 30 months ago. The old DC is listed in the GC, could these machines suddenly be looking for the old network???
Four PCs I can rebuild, I'm just worried about this being a server issue, not a wkstn issue...and I don't want it to spread.
Who is Participating?
ljkalAuthor Commented:
Not far away. .. bloody Kaspersky labelled tcpip.sys as a trojan. Check KAV noticeboards for info.
Will award myself the points! :)
Can you get us ipconfig /all from an affected workstation please?
ljkalAuthor Commented:
hostname: (blank)
Primary DNS suffix: (blank)
Node type: hybrid
Ip routing enabled: No
WINS proxy enabled: No
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

ljkalAuthor Commented:
I am getting this in the server event viewer though: (but these have been there for ages...)

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=transparency,DC=org,DC=uk
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors.  Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Try giving them static ip?
ljkalAuthor Commented:
I can't get into the ip4 properties. The box is ticked but it's as though the services aren't installed. I can't re-install them either...

Just tried other NIC, and same issue...seems Windows Networking based error but i can't put my finger in it!!!!
ljkalAuthor Commented:
TCPIP protocol driver is missing.
Bad Windows Update???
That's a rather harsh false positive!   Good work tracking the issue and resolving mate.
ljkalAuthor Commented:
Some networks have got hundreds of machines to repair by hand! Bad one by Kaspersky.
I seen the same thing happen several times - Mcafee had a famous one where they detected and deleted svchost.exe.  Sophos also recently flagged their own AV files as malicious which was a bit of a laugh...  it's never pretty when this happens.
ljkalAuthor Commented:
I found the answer! Kav6 is affected,  later versions dont seem to be. Right royal pain in the rear.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.