server is not accessible on the network after "applying computersettings"

Discussion in 'Windows Networking' started by thenetmonkey, Feb 8, 2008.

  1. thenetmonkey

    thenetmonkey Guest

    I have a server running Windows Server 2003 Enterprise Edition SP2.

    Currently, the computer does not respond to any incoming connections
    (icmp, rdp, http, smb).
    However, from the server, I am able to access other machines on the
    network without problems.

    The machine was working fine until we installed Microsoft Office
    Sharepoint Services 2007. The installation ran without incident, but
    after we rebooted, the network connectivity issues began. Uninstalling
    MOSS 2007 and rebooting does not resolve my issue


    Windows firewall is disabled.
    Routing and Remote Access is disabled.
    No other firewalls (that I can see) are running on the server.

    All TCP/IP network parameters have been checked and verified. I can
    acces websites, and access windows shares on other machines on the
    network from this server. I was able to remove the server from the
    domain and rejoin the domain.

    Six things to note:
    (1) under Services, Windows Firewall/ICS is not running, however, if I
    try to start RRAS I get an error message saying the Windows Firewall
    is running and needs to be stopped before RRAS can start.

    (2) I have another machine on my network running a ping -t to the ip
    address of the server having the problem. All requests time out.
    However, when I reboot the server, shortly after the window saying
    "applying computer settings" the machine responds to 5 - 10 ping
    requests, then it stops.

    (3) I'm running wireshark (packet sniffer/analyzer) on the server, and
    I do not see any incoming packets on my server. However, for network
    traffic initiated from the server, all incoming and outgoing packets
    show up normally.

    (4) an nmap scan from another machine on my network shows no open
    ports.

    (5) I enabled debug logging of group policy and have a log file from
    the last reboot, but I don't really know what the log is telling,
    nothing in the log jumps out and says "I'm disabling the network
    now" :)

    (6) I don't see anything in the application or system log to indicate
    a cause of this problem.

    Apparently the last system backup we have was made after MOSS 2007 was
    installed, so restoring from that backup had no effect on the system.

    I currently have a call into Microsoft Partner Critical System
    Services, I just wanted to drop a note here to see if anyone on the
    list has encountered this error before and has a solution.

    If I don't hear back from anyone I'll update this thread with the
    solution from Microsoft (if I get one).

    Thanks in advance for your time.

    Billy
     
    thenetmonkey, Feb 8, 2008
    #1
    1. Advertisements

  2. thenetmonkey

    thenetmonkey Guest

    Was on the phone for 5 hours with Microsoft, and the tech finally
    identified vsdatant.sys as a driver that should not be loaded. We
    disabled the driver and the computer was accessible from the network
    on the next reboot. I uninstalled the driver and the system was no
    longer accessible from the network, and the driver had reinstalled
    itself.

    It appears that the system was infected with somekind of virus/trojan/
    rootkit and that was causing my problems.
    I am in the process of running a full system scan from
    onecare.live.com and also a rootkit scan with gmer.exe from www.gmer.net.

    Hopefully this post helps someone else someday.

    Billy
     
    thenetmonkey, Feb 9, 2008
    #2
    1. Advertisements

  3. Robert L. \(MS-MVP\), Feb 9, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.