Virus issue - unable to map network drives/connect to a doma

pritch86

I am having an issue with some client computers running xp, they are unable to connect to the domain or map network drives. I have ghosted these computer for a temporary solution but it has been happening to multiple computers now.

The error message that comes up when I try to map a drive or connect to the domain is "network location cannot be reached"

Any Ideas on how to resolve this problem without having to ghost these computers?

ally_uk

Have you tired this?

http://support.microsoft.com/kb/329866

Can you ping the computers remotley if so what are the results?

Lastly is Netbios over TCP/IP enabled in TCP/IP properties?

spike_tomahawk

check the bios clock..., also in the error log, may have a time error, (cant remember the exact error, but it sticks out like a sore thumb) so check there also, this is what we had and changing the clock in the bios fixed it right up.

blargoe

Is computer browser, workstation, and other Windows svchost services running? There are several issues that can cause these services to stop running, which will result in you not being able to browse the network.

Ahriakin

Have you received virus warnings (the title) if so linked to what infections? It's important to know if it is a Trojan, Virus or Worm (or mix which is a lot more common these days). Since you are chasing it around multiple machines I'm guessing Worm. If your AV is fully updated/reinstalled on previously infected clients and they are still getting reinfected (and again you have ruled our Viruses in common files) start installing or enabling software firewalls on your clients, also make sure you are patching the OS as you go. If you haven't already got some kind of IDS on your network I highly advise you to install one, you could start with SNORT as it's free (great guide that will have you up and running in half a day at www.winsnort.com) it's the single best AV tool I think we have now and I've been able to head off at least 4 major malware infections before the host AV even got a sniff something as up. It can alert you to Worm infected clients so you can hopefully get to them faster, as often by the time the AV starts warning the user and they get on to you it's already moving on.
Short of that run NETSTAT -a -n on infected hosts, or those that are throwing up warnings. If you have identified a worm and know the ports it exploits look for odd connections in the Netstat list to point you either to the attacking machine or the clients this infected machine may have compromised. Using PSEXEC (download PSTOOLS) to run this remotely helps.

blargoe

Yeah... what makes you sure it's malware related?

Netstudent

We have some applications that use mapped drives to the application server as well as normal mapped drives for file access and what not. I had a similar issue here at work a couple weeks ago...Domain started acting up and couldn't map drives or use applications, logon scripts were hanging up. Initially I thought it was a server problem. I checked the event logs and found lots of GPO and FRS errors. We came to the realization that we lost full connectivity to the PDC. Tried to RDP into our Primary DC and the session was getting hung up. Then I set the RDP property screen resolution very low and walla it went through. So then I started pinging across the MPLS with a 1500byte payload and we started dropping packets. Set the payload to 1400 and wammo no dropped packets. hmmm..MTU? Got our data provider to lower their MTU and all problems solved. So to make a long story short, if you have mulitple domain controllers, make sure you aren't experiencing connection problems. Our domain got real funky real quick when it lost the PDC. But if only a few clients are having this problem, then it's hard to say.