Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (
More info?)
OK. Well I guess that explains the odd behavior. Hope you don't have too
much of a hassle getting things sorted out. It is not entirely unusual for
one antivirus program to catch something that another does not. I would not
give up on Symantec but based often a second opinion is worth a try. The
"root kits" that are going around can be a real nightmare as they are hard
to detect and will escape normal detection means. SysInternals has a new
tool to help find root kits as shown in the link below. --- Steve
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
"Jelle" <nomail@nomail.com> wrote in message
news:OjLvdHAJFHA.3356@TK2MSFTNGP12.phx.gbl...
> Hi Steven,
>
> Well, you were right. Trend Micro found two viruses.
> (Unbelievable: As long as I've been using computers, I've sworn by
> Symantec - I'm a bit upset that NAV didn't catch this)
>
> I'll see if there's a way to restore the damage done, and if not I guess
> I'll have to reinstall.
>
> Thanks for the help!
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:elpdgj5IFHA.2136@TK2MSFTNGP14.phx.gbl...
>> Yikes. There must be something else going on here beyond a configuration
>> problem to be able to join the computer to the domain. I would be sure to
>> run a full virus scan on it using the latest virus definitions. The fact
>> that you have an unknown service called Internet Explorer and that the
>> IIS services can not be started because the module can not be found is
>> troubling. The "real" explorer.exe lives in the \winnt folder and often
>> malware will use legitimate file names but installed in a non default
>> location. You might try the free tools Process Explorer, TCPView, and
>> Autoruns from SysInternals to try and find out more information about
>> that service/process. These tools will show if a publisher name is
>> associated with the executable which can help track down what is going
>> on. No publisher name often, but not always, indicates malware. I also
>> like to use the free Sysclean tool from Trend Micro to check for malware
>> as it is a stand alone detection and removal tool for many malwares.
>>
>>
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml --- Process
>> Explorer and other utilities.
>>
http://www.trendmicro.com/download/dcs.asp --- Sysclean
>>
http://www.trendmicro.com/download/pattern.asp --- pattern file for
>> Sysclean in zip file
>>
>> The other thing you could try after checking for malwares is to run
>> System File Checker as in sfc /sacnnow to check for proper system files.
>> There can be problems with SFC if you are not at SP4. Beyond that if all
>> your problems still persist you may need to try a repair install which
>> will require that you first reinstall your service pack and then all
>> critical updates. The links below tell more. --- Steve
>>
>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;222471
>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;814510
>>
http://support.microsoft.com/kb/292175 -- requires product key and
>> install disk
>>
>> "Jelle" <nomail@nomail.com> wrote in message
>> news:e9xBf7tIFHA.3076@tk2msftngp13.phx.gbl...
>>> Hi Steven,
>>>
>>> Thanks for the further idea's. I've tried it all, including using netmon
>>> to see what happens. No results, still the same error.
>>>
>>> With Netmon capturing on both machines, I tried to join the domain
>>> again. The only frames I found that were from or to that machine were
>>> the first two line from your example. So only the Std. Query & Response
>>> where exchanged. After that: nothing.
>>>
>>> While doing all this, I noticed a few other things:
>>>
>>> I can't start services WWW, SMTP or FTP: "error 126: Module could not be
>>> found", although IIS Admin service has been started.
>>>
>>> I have a service(!) called 'Internet Explorer' on the fawlty machine. I
>>> have never seen that before. Any idea what this does?
>>> The description is 'Internet Explorer Management', the file is
>>> 'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.
>>>
>>> After rebooting this machine, a few entries in the system event log
>>> appear, which may be related:
>>>
>>> Event Source: DCOM
>>> Event ID: 10010
>>> The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with
>>> DCOM within the required timeout.
>>>
>>> Event Source: Service Control Manager
>>> Event ID: 7023
>>> The Task Scheduler service terminated with the following error:
>>> Not enough resources are available to complete this operation.
>>>
>>> Event Source: Service Control Manager
>>> Event ID: 7024
>>> The Background Intelligent Transfer Service service terminated with
>>> service-specific error 2147952506.
>>>
>>> I've lookup them up, but so far haven't found anything conclusive to
>>> solve this.
>>>
>>> Any other suggestions you may have are very welcome!
>>>
>>> Regards,
>>> Jelle
>>>
>>>
>>>
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:%23LA4iZoIFHA.2648@TK2MSFTNGP14.phx.gbl...
>>>> Yes delete the computer account and try again. If your dns is correctly
>>>> configured, you can access the sysvol share, and all the netdiag tests
>>>> passed it is puzzling that you can not join the domain. If there is any
>>>> software firewall, ipsec filtering, or any other port filtering that
>>>> could also cause problems when trying to join the domain. Reboot the
>>>> server before you try to rejoin the domain if at all possible. If you
>>>> are familiar with netmon you may want to use it on the server you are
>>>> trying to join to the domain to see what is happening at the packet
>>>> level by enabling netmon just before you try to join the computer to
>>>> the domain. If the server you are trying to join to the domain has more
>>>> than one network adapter, make sure that the internal lan network
>>>> adapter is at the top of the list in network connections,
>>>> advanced/advanced settings. You also might want to use the command line
>>>> tool netdom to join the computer to the domain as explained in the link
>>>> below. Also below is a network trace of a computer being joined to the
>>>> domain. The trace was on the domain controller which is 192.168.1.105
>>>> and the computer joining the domain is 192.168.1.53. It is not a
>>>> capture of the whole event but this shows how a successful domain join
>>>> starts. Note the first line is the computer querying for a domain
>>>> controller via a domain _srv record and the second line is the
>>>> response. You can see in this example that the computer and domain
>>>> controller are having a successful xchange. --- Steve
>>>>
>>>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;329721 --
>>>> netdom
>>>>
>>>> 192.168.1.105 DNS Standard query SRV
>>>> _ldap._tcp.dc._msdcs.test.com
>>>> 192.168.1.53 DNS Standard response SRV 0 100 389
>>>> server1.test.com
>>>> 192.168.1.105 CLDAP MsgId=1 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=1 Search Entry, 1 result
>>>> 192.168.1.105 DNS Standard query SRV
>>>> _ldap._tcp.dc._msdcs.test.com
>>>> 192.168.1.53 DNS Standard response SRV 0 100 389
>>>> server1.test.com
>>>> 192.168.1.105 CLDAP MsgId=2 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=2 Search Entry, 1 result) putline
>>>> 192.168.1.105 CLDAP MsgId=3 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=3 Search Entry, 1 result) putline
>>>> 192.168.1.105 CLDAP MsgId=4 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=4 Search Entry, 1 result) putline
>>>>
>>>>
>>>> "Jelle" <nomail@nomail.com> wrote in message
>>>> news:%23Q0ND$nIFHA.2476@TK2MSFTNGP12.phx.gbl...
>>>>> Hi Steve,
>>>>>
>>>>> I've run netdiag on both the DC and the recalcitrant machine, but the
>>>>> only results where either 'passed' or 'skipped'.
>>>>> I have also tried to access the sysvol on the DC and that works fine
>>>>> as well, altough I didn't get the request for authorization.
>>>>> Does it matter that the machine is still listed under AD Users &
>>>>> Computers? Should I delete the computer and let it create a new
>>>>> account on joining the domain?
>>>>>
>>>>> Regards,
>>>>> Jelle
>>>>>
>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>> news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
>>>>>> Make sure that it is pointing to only the domain controller as it's
>>>>>> preferred dns server [never an ISP dns server in the preferred dns
>>>>>> servers list] and then run the support tool netdiag first on the
>>>>>> domain controller first and then on the server you are trying to join
>>>>>> the domain assuming the domain controller netdiag output looks good.
>>>>>> Netdiag will do a battery of tests for network connectivity, name
>>>>>> resolution, and domain computer account integrity. When you run
>>>>>> netdiag on a non domain computer a lot of tests will be skipped
>>>>>> however since they are not pertinent but it still is a good idea
>>>>>> running it as it can report problems with related items that are
>>>>>> needed for a computer to join a domain. Another thing to try is to go
>>>>>> to My Network Places and find the domain controller and then try to
>>>>>> access the sysvol share or enter \\dcname\sysvol in the run box. You
>>>>>> will be prompted for credentials if you are logged onto the server
>>>>>> with a local user account that does not exist in the domain and then
>>>>>> you should be able to access and browse the sysvol share. That would
>>>>>> establish whether or not you have basic smb access to the domain
>>>>>> controller or not. --- Steve
>>>>>>
>>>>>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>>>>>> netdiag and how to install support tools.
>>>>>>
>>>>>>
>>>>>> "Jelle" <nomail@nomail.com> wrote in message
>>>>>> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>>>>>>> Hi Steven,
>>>>>>>
>>>>>>> Thanks for your solution. Checked everything, tried to join the
>>>>>>> domain again, but alas... no luck :-(
>>>>>>> What else could be wrong?
>>>>>>>
>>>>>>> Jelle
>>>>>>>
>>>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>>>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>>>>>>> Verify that the time is correct on the server that you are trying
>>>>>>>> to join the domain. Check day/month/year/time zone/AM & PM. Then
>>>>>>>> make sure it is pointing to only your domain controller as it's
>>>>>>>> preferred dns server in tcp/ip properties. Make sure you enter the
>>>>>>>> fully qualified domain name for the domain when you join the domain
>>>>>>>> and that you can ping the domain name as in ping mydomain.com and
>>>>>>>> that the ping response is to the correct IP address for a domain
>>>>>>>> controller. You can also use nslookup to make sure you can query
>>>>>>>> the _srv records for the domain as shown in the KB link below. Also
>>>>>>>> check Event Viewer on the server you are trying to joining to the
>>>>>>>> domain for any pertinent error messages. --- Steve
>>>>>>>>
>>>>>>>>
http://support.microsoft.com/?kbid=241515
>>>>>>>>
>>>>>>>> Using Nslookup
>>>>>>>> 1. From your DNS server, type nslookup at a command prompt.
>>>>>>>> 2. Type set type=all, and then press ENTER.
>>>>>>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is
>>>>>>>> the name of your domain), and then press ENTER.
>>>>>>>> Nslookup returns one or more SRV service location records in the
>>>>>>>> following format
>>>>>>>> hostname.domainname internet address = ipaddress
>>>>>>>>
>>>>>>>>
>>>>>>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>>>>>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>>>>>> Hi there,
>>>>>>>>>
>>>>>>>>> I have recently encountered a problem with joining a computer to
>>>>>>>>> the my
>>>>>>>>> local domain.
>>>>>>>>> The machine that needs to join the domain is a Win2K Server. The
>>>>>>>>> DC (AD
>>>>>>>>> integrated) is also a Win2K Server.
>>>>>>>>> In total, there are six machines on the LAN. All are working fine
>>>>>>>>> (network-wise), except this one.
>>>>>>>>>
>>>>>>>>> When I try to let it join the domain (domain name = 'Merrick') I
>>>>>>>>> get the
>>>>>>>>> following error:
>>>>>>>>>
>>>>>>>>> ---
>>>>>>>>> The following error occurred validating the name "Merrick".
>>>>>>>>> This condition may be caused by a DNS lookup problem. For
>>>>>>>>> information about
>>>>>>>>> troubleshooting common DNS lookup problems, please see the
>>>>>>>>> following
>>>>>>>>> Microsoft Web site:
>>>>>>>>>
http://go.microsoft.com/fwlink/?LinkID=5171
>>>>>>>>>
>>>>>>>>> The specified domain either does not exist or could not be
>>>>>>>>> contacted.
>>>>>>>>> ----
>>>>>>>>>
>>>>>>>>> Unfortunately, any solutions listed on that page have failed to
>>>>>>>>> solve this
>>>>>>>>> problem. Everything has been configured exactly as stated on that
>>>>>>>>> page, but
>>>>>>>>> I still can't join the domain.
>>>>>>>>>
>>>>>>>>> Other facts that may be of importance here:
>>>>>>>>> - the machine that has to be joined to the domain is reachable
>>>>>>>>> from other
>>>>>>>>> machines and can reach other machines.
>>>>>>>>> - i can connect to the machine using remote desktop
>>>>>>>>> - from the machine that has to be joined, i can not reach the
>>>>>>>>> internet
>>>>>>>>> - nslookup from the fawlty machine returns right results, even for
>>>>>>>>> external
>>>>>>>>> sites
>>>>>>>>> - normal local network functionality seems to be ok, except where
>>>>>>>>> AD user
>>>>>>>>> authentication is required
>>>>>>>>> - when looking up the main browser or pdc using browstat.exe
>>>>>>>>> (status/getmaster/getpdc) it returns the right results
>>>>>>>>> - the dns settings on the fawlty machine points to the PDC only
>>>>>>>>> - I have joined two other machines to the domain without any
>>>>>>>>> problems, so
>>>>>>>>> the problem does not seem to be with the PDC
>>>>>>>>> - there is only one NIC in the fawlty machine
>>>>>>>>>
>>>>>>>>> I can't think of anything else and I hope someone here can help
>>>>>>>>> me.
>>>>>>>>>
>>>>>>>>> Thanks, regards,
>>>>>>>>> Jelle
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>