server is not accessible on the network after "applying computersettings"

I have a server running Windows Server 2003 Enterprise Edition SP2.

Currently, the computer does not respond to any incoming connections
(icmp, rdp, http, smb).
However, from the server, I am able to access other machines on the
network without problems.

The machine was working fine until we installed Microsoft Office
Sharepoint Services 2007. The installation ran without incident, but
after we rebooted, the network connectivity issues began. Uninstalling
MOSS 2007 and rebooting does not resolve my issue


Windows firewall is disabled.
Routing and Remote Access is disabled.
No other firewalls (that I can see) are running on the server.

All TCP/IP network parameters have been checked and verified. I can
acces websites, and access windows shares on other machines on the
network from this server. I was able to remove the server from the
domain and rejoin the domain.

Six things to note:
(1) under Services, Windows Firewall/ICS is not running, however, if I
try to start RRAS I get an error message saying the Windows Firewall
is running and needs to be stopped before RRAS can start.

(2) I have another machine on my network running a ping -t to the ip
address of the server having the problem. All requests time out.
However, when I reboot the server, shortly after the window saying
"applying computer settings" the machine responds to 5 - 10 ping
requests, then it stops.

(3) I'm running wireshark (packet sniffer/analyzer) on the server, and
I do not see any incoming packets on my server. However, for network
traffic initiated from the server, all incoming and outgoing packets
show up normally.

(4) an nmap scan from another machine on my network shows no open
ports.

(5) I enabled debug logging of group policy and have a log file from
the last reboot, but I don't really know what the log is telling,
nothing in the log jumps out and says "I'm disabling the network
now"

(6) I don't see anything in the application or system log to indicate
a cause of this problem.

Apparently the last system backup we have was made after MOSS 2007 was
installed, so restoring from that backup had no effect on the system.

I currently have a call into Microsoft Partner Critical System
Services, I just wanted to drop a note here to see if anyone on the
list has encountered this error before and has a solution.

If I don't hear back from anyone I'll update this thread with the
solution from Microsoft (if I get one).

Thanks in advance for your time.

Billy

 

Was on the phone for 5 hours with Microsoft, and the tech finally
identified vsdatant.sys as a driver that should not be loaded. We
disabled the driver and the computer was accessible from the network
on the next reboot. I uninstalled the driver and the system was no
longer accessible from the network, and the driver had reinstalled
itself.

It appears that the system was infected with somekind of virus/trojan/
rootkit and that was causing my problems.
I am in the process of running a full system scan from
onecare.live.com and also a rootkit scan with gmer.exe from www.gmer.net.

Hopefully this post helps someone else someday.

Billy

 

Thank you for the update.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com