Network dosn't work

OleD
OleD used Ask the Experts™
on
Friday, 15/9, the network worked.
After the weekend it is not possible to connect with the server!

There appears to be a problem with the network connection. On the network icon in the process line there is a red cross. But the server can communicate with the Internet.

I have updated driver for network adapter, etc.

Any suggestions?

It's an SBS 2008 with Win7 workstations.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
CESNetwork Administrator

Commented:
Have you rebooted the server, workstation and any network equipment between the two?

Can any endpoint reach the server or are they all unable to connect?  Any additional info would be helpful
Jane UpdegraffSr. Systems Administrator

Commented:
We need a bit more info as CES IT says ...

you said "On the network icon in the process line there is a red cross" ... do you mean that the network icon on the server has a red cross or is that on a client machine trying to reach the server?

If it is the first case and you are looking at the server and seeing that red line across the network icon and yet the server can reach the internet, first try pinging (from the server) something else in your network using an IP address and then later use a hostname and see if it pings back. Try several internal IP addresses and names.

If they do not ping back at all take a look at the Windows firewall on the server and make sure that it is allowing communication within your intranet (devices inside your firewall) as well as internet. Other software firewall might do this too (like those that can come with Antivirus).

If the local devices do ping back by IP but not by hostname, then you might have a DNS problem.

Can you post a screenshot of the "details" page of the NIC's properties? Let me know if you need instructions for where to find that. You might also try enabling netbios in the wins tab in the advanced properties (under the advanced button when you are looking at the ipv4 properties, which is a property under the NIC properties ... ). Let me know if that doesn't make sense ....
Distinguished Expert 2018

Commented:
Is this a problem with one or all workstations? If all (or at least multiple), have you checked the network equipment? Could be a switch issue. Try restarting the switches first. Then look at possibly either replacing a switch temporarily or checking the cable that goes between the switch and router.
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Author

Commented:
Yes I have reboot server, switch etc.
The red cross is on the server.
The problem is on server

I can ping ip-adresses and hostnames on the internet from the server
Windows firewall is not running
The antivirus is Avast

Another problem. If I try to run "Diagnose this connection" I got a error "Diagnostics Policy Service is not running". If I try to start the service I got error "Error 5: Access denied"
CESNetwork Administrator
Commented:
Try running the "connect to the Internet" wizard and see if that helps
jda

Commented:
It is the Avast software uninstall it and the connection will return, then reinstall avast.
Jackie Man IT Manager
Top Expert 2010

Commented:
Symantec Endpoint Protection (SEP) can cause the same problem and you need to uninstall SEP with its cleanwipe utility.

Author

Commented:
After running "Connect to the Internet" I got this message:

Internet connection is incomplete
Windows SBS has encountered an unknown error. For more information, contact Microsoft Product Support.

I have uninstalling Avast and install ESET, no different!
jda

Commented:
If you have two nics on the server and one of them is not disabled you will see a Red X for the one that is not connected, check your network settings. I have been running SBS on several servers for years and IMO it is best to manually configure the network connection.
Jackie Man IT Manager
Top Expert 2010

Commented:
Have you restarted the server after uninstalling Avast?

Author

Commented:
Yes I have restartet. I can try again after cleaning reg-DB.

There is only one NIC


Perhaps this info may help.

When I place the mouse pointer on the network icon in the taskbar, I get the following popup:

Connection status: unknown
The dependency service or group failed to start.
Commented:
Okay please try this process to resolve your problem


Type the following command into the elevated Command Prompt and press Enter:

net localgroup administrators localservice /add

Type the following command into the elevated Command Prompt and press Enter:

net localgroup administrators networkservice /add



Type exit into the elevated Command Prompt and press Enter to close the Command Prompt. Restart your computer.

Author

Commented:
It's works!!  The red cross disappear. Thank you very much!

But I can't ping/connect from other PC. I Think it's the Firewall. Windows firewall dosn't work. I can't start the service "Windows Firewall" . I get message
"The dependency service or group failed to start. "

Author

Commented:
Can anyone help??

Can't ping the server.
Services Base Filtering engine can't start. Error 5 acces denied.

Author

Commented:
Service Diagnostic Policy service can't start. Error 5 acces denied.
jda

Commented:
Create a new user with admin authority, restart and logon with the new credentials and it should work.

Author

Commented:
I have try  but it dosn't help.

Base Filtering Engine can't start and Windows Firewall service depends on it!!

Can anyone help???
Jane UpdegraffSr. Systems Administrator
Commented:
are you entirely sure that you don't have a malware infection of some kind?

also i found another thread that may help:

https://answers.microsoft.com/en-us/windows/forum/windows_7-security/bfe-service-wont-start-and-because-of-this-my/0390b337-eb12-4f1e-8641-6b6be147f654?auth=1

Author

Commented:
I have scan the server and no threats was fund.

I'am not sure of this account. What dos it means?

NT Service\BFE
Jane UpdegraffSr. Systems Administrator

Commented:
i would guess that that's a local base filtering engine service account.

Author

Commented:
Did account have \ (slash) ?

Do I have to reboot after permission change?

Author

Commented:
Please see attach file from event viewer.
Event.txt
Iamthecreator OMIT Manager/EE Solution Guide

Commented:
What account are the services running on? Did you change the password of the account in use.
Please go to the properties of the failed services, Connection tab and renter the account information.
Restart the service.
What did you use to scan for malware?

Author

Commented:
Rahul

Account is Local Service for "Base Filtering Engine"

Darr247
I use ESET

I have run sfc /scannow and it reported "Windows Report Protection found corrupt files but was unable to tix som of them"
See CBS log

How can I see which files are corrupted in CBS log?
Iamthecreator OMIT Manager/EE Solution Guide

Commented:
Have a look at the following post. The scenario might not be the same but I guess the problem is....
"Access is denied" when you attempt to start the Base Filtering Engine service, after upgrading from Windows Server 2003 to Windows Server 2008 R2
https://blogs.technet.microsoft.com/rspitz/2010/09/19/access-is-denied-when-you-attempt-to-start-the-base-filtering-engine-service-after-upgrading-from-windows-server-2003-to-windows-server-2008-r2/


Here's an issue that appears deceptively simple. After upgrading a Windows Server 2003 based system to Windows Server 2008 R2, ping and RDP are not working. On checking, the Windows Firewall service hasn't been started because the service on which it is dependent, the Base Filtering Engine service, has not started. The Base Filtering Engine service fails to start with an "Access is denied" error.

Log Name: System
Source: Service Control Manager
Date: 19-Sep-10 11:17:56 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Win2k8R2.contoso.com
Description:
The Base Filtering Engine service terminated with the following error:
Access is denied.

A quick web search will reveal many web pages, most of which list the cause of the issue as missing permissions on the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy" registry key.

However, in this case, a Process Monitor log captured at the time doesn't have a single event whose result is ACCESS DENIED. Is there something wrong with Process Monitor? Not at all. Why then doesn't it have an ACCESS DENIED event for the registry key mentioned above? Because the cause of this instance of the issue is not missing permissions on the registry key, rather, something else.

The reason Process Monitor doesn’t capture the Access Denied error is because the error doesn’t occur on a File or Registry operation. Rather, the Access Denied occurs when the Base Filtering Engine service attempts to query the configuration of installed services on the computer. It does so, in alphabetical order. If the Base Filtering Engine service, which runs under the Local System security context, doesn’t have permissions to query the configuration of a service, the Base Filtering Engine service errors out with the event pasted above.

Okay, so we know the cause of the issue. How do you determine which installed service has restrictive permissions? The two options available are:

· Log a call with Microsoft Support for us to debug and determine the problem service.

· Manually examine each service, starting with non-Microsoft services.

Say you’ve decided to go it on your own. Here’s what you need to do to check the Discretionary Access Control List (DACL), or permissions, of a service.

First off, you’ve got to get the names of all installed services:

sc query > servicenames.txt

Open servicenames.txt and make a note of the SERVICE_NAME property of each service.

To list the DACL of a service, run this command:

sc sdshow <service name>

Let’s start by listing the DACL of a Microsoft service, which would have the correct permissions (Unless they’ve been manually edited).

sc sdshow Audiosrv

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

The resulting string of letters and special characters is the Security Descriptor (SD) in SDDL. The characters after D: make up the DACL. The characters after S: are the SACL, which we’re not interested in.

Since the Base Filtering Engine service runs in the context of the Local System account, the part of the DACL we’re interested in is (A;;CCLCSWRPWPDTLOCRRC;;;SY)

Now it’s time to get our hands dirty. Do an sc sdshow on all non-Microsoft services and check if they have (A;;CCLCSWRPWPDTLOCRRC;;;SY). The services that are missing this Access Control Entry (ACE) are the ones that are causing the Base Filtering Engine service to terminate with “Access is denied”.

On to the most interesting part of this post. How do I fix it?

That’s easy! But first, the disclaimer.

Disclaimer: Proceed at your own risk. Incorrectly setting the DACL could result in you being locked out of modifying the service, or even accessing it.

1. Make a note of the Security Descriptor (SD) of the problem service by running this command:

sc sdshow ProblemService

D:(A;;LC;;;WD)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

2. List the SD of a Microsoft service for comparision:

sc sdshow Audiosrv
 
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

3. Identify the missing Access Control Entries (ACEs). These are:

(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)

4. Insert the missing ACEs into the DACL of the SD of the problem service, by running this command:

Sc sdset ProblemService D:(A;;LC;;;WD)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Important: Ensure that there are no spaces in the DACL string, because if there is a space in the string, the sc sdset command will only consider the portion before the space and truncate the DACL SDDL string there.

eg.

clip_image002[6]

 

5. Lather, rinse, repeat for other non-Microsoft services that are missing the ACE for Local System.

That’s it. Start the Base Filtering Engine service and then the Windows Firewall service and you’re done.

Here are a couple of links that will demystify SDDL for you:

Parsing SDDL Strings
http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx

SDDL string parser - MS Israel Community
http://blogs.microsoft.co.il/files/folders/guyt/entry70399.aspx

Author

Commented:
Thanks

Is there a tool to check/repair or only hard work?

Author

Commented:
If I make a

sc query > servicenames.txt

I only get running services! Is that right?
Iamthecreator OMIT Manager/EE Solution Guide

Commented:
Yes that is correct.
You need to specify State= Inactive to get all the services that are stopped or paused.

Check out the following article for SC syntax
Sc query
https://technet.microsoft.com/en-us/library/dd228922%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

Author

Commented:
I this the only way? :-(


I don't understand why inserting many ACE's pkt. 3 and 4 when interestet in one A;;CCLCSWRPWPDTLOCRRC;;;SY

Author

Commented:
Is their another way to get the service with problem?
Jackie Man IT Manager
Top Expert 2010

Commented:
It is risky to try the above.

Download and install autoruns from Microsoft and do a check.

There should be some leftover registry entry of your previous antivirus software. Use autoruns to stop them.

Author

Commented:
I can't find anything from Avast
Jackie Man IT Manager
Top Expert 2010

Commented:
Post print screens of all entries listed in autoruns.

Author

Commented:

Author

Commented:
And no 2
Autorun2.png

Author

Commented:
After checking/change permission on services the services start, but I couldn't ping/communicate with the server.
I have stop throubleshooting and new solution has been made.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial