[26836] in resnet
Re: Windows 7/2008 not connecting to network...
daemon@ATHENA.MIT.EDU (Mike King)
Wed Oct 12 17:21:46 2011
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=0015174be9a69289ee04af206a9a
Message-ID: <CANtPpk470nncj2ZLJxdnDw_AG1xG+AZdtW_s_fAFW1mO+UctgQ@mail.gmail.com>
Date: Wed, 12 Oct 2011 17:07:48 -0400
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Mike King <me@mpking.com>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <04e101cc8922$0a54ba40$1efe2ec0$@edu>
--0015174be9a69289ee04af206a9a
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Adeel,
It's my opinion that Windows 7 and Server 2008 does not react well to havin=
g
the firewall service disabled, essentially cutting off all network access.
(I had a few admin's here with they're first exposure to 2008 was to
disable the firewall service, and it did not go well for them)
I would follow the group policy thread a bit more,
drop to a command prompt (with admin priv's), and type
gpresult /r
it should show a list of every policy applied to the machines. I would
check user policies as well.
Mike
On Wed, Oct 12, 2011 at 5:00 PM, Adeel Siddiqui <asiddiqui@usao.edu> wrote:
> Rob,****
>
> ** **
>
> We had originally thought along the same lines as well (and in fact we
> suspected that a variant of the Conficker worm might be the cause). But t=
his
> issue has happened on brand new installations of Windows 7/2008, and even
> after a clean re-installation of Windows 7/2008 (all of our Windows XP
> machines that are connected to the domain, seem to be immune to the issue=
).
> As soon as the Windows 7/2008 computers gets joined to the domain, the
> problem manifests itself. Running just about every
> anti-malware/spyware/virus cleanup process on the computers and/or server=
s
> has had no effect.****
>
> ** **
>
> ~ Adeel****
>
> ** **
>
> *From:* Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] *On Behalf Of *Rob
> Whalen
> *Sent:* Wednesday, October 12, 2011 3:10 PM
> *To:* RESNET-L@LISTSERV.ND.EDU
> *Subject:* Re: Windows 7/2008 not connecting to network...****
>
> ** **
>
> Adeel,****
>
> This does not sound like it was due to an update. In fact all facts point
> to a worm or virus. Windows update would not turn off the firewall, but a
> virus can. Removing RDP access delays techs from troubleshooting the issu=
e
> and perhaps indicates a takeover, so others with that account would be ab=
le
> to access the box. Modern worms can also use the domain info to direct
> attacks or even the users email. This is where I would start hunting.****
>
> Rob****
>
> ** **
>
> *From:* Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] *On Behalf Of *Ade=
el
> Siddiqui
> *Sent:* Wednesday, October 12, 2011 12:50 PM
> *To:* RESNET-L@LISTSERV.ND.EDU
> *Subject:* Windows 7/2008 not connecting to network...****
>
> ** **
>
> We have a strange issue going on our campus that=92s causing our Windows =
7
> computers and Windows 2008 servers to completely lose network connectivit=
y.
> ****
>
> ** **
>
> This is only happening to computers that are connected to the domain. ***=
*
>
> ** **
>
> The issue seems to have started a few weeks ago after the last round of
> Windows Updates were installed on those computers. As a result, the Windo=
ws
> Firewall services and its dependency services all got turned off on those
> computers and can=92t be re-enabled either. Also, RDP access to those
> computers won=92t work either. I suspected a group policy of some sort mi=
ght
> be the cause but we use little to no group policy administration on our
> campus at all. Upon further investigation, we found that there seems to b=
e
> some cause to this due to some registry permissions that seemed to have
> changed after the aforementioned Windows Updates were installed. I have a
> feeling that the problem lies with how the computers are authenticating t=
o
> the domain, but can=92t confirm that prognosis.****
>
> ** **
>
> I=92ve tried everything to fix this issue from changing group policy
> settings, to removing/re-adding the computers to the domain. Nothing seem=
s
> to have worked permanently or at least completely. We have managed to do
> some on the spot *MacGyvering* to fix the issue (i.e. manually applying
> administrative permissions to certain keys in the registry on those
> computers as suggested by a few online articles) but they are temporary
> band-aids at best. ****
>
> ** **
>
> Has anyone else run into this? Any permanent fixes/solutions that you can
> suggest?****
>
> ** **
>
>
> regards,
> *Adeel Siddiqui**
> *
> *Network Administrator <http://www.usao.edu/staff/adeel-siddiqui>
> *Information, Research and Network Services
> *University of Science and Arts of Oklahoma <http://www.usao.edu/>*
> Chickasha, OK 73018
> (405) 574-1319
> *asiddiqui@usao.edu* ****
>
> ** **
>
> ** **
>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list. ****
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html____________________________=
_______________________
> ****
>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list. ****
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html____________________________=
_______________________
> ****
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html____________________________=
_______________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--0015174be9a69289ee04af206a9a
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Adeel,<div><br></div><div>It's my opinion that Windows 7 and Server 200=
8 does not react well to having the firewall service disabled, essentially =
cutting off all network access. =A0(I had a few admin's here with they&=
#39;re first exposure to 2008 was to disable the firewall service, and it d=
id not go well for them)</div>
<div><br></div><div>I would follow the group policy thread a bit more, =A0<=
/div><div><br></div><div>drop to a command prompt (with admin priv's), =
and type=A0</div><div>gpresult /r</div><div>it should show a list of every =
policy applied to the machines. =A0 I would check user policies as well. =
=A0</div>
<div><br></div><div>Mike<br><br><div class=3D"gmail_quote">On Wed, Oct 12, =
2011 at 5:00 PM, Adeel Siddiqui <span dir=3D"ltr"><<a href=3D"mailto:asi=
ddiqui@usao.edu">asiddiqui@usao.edu</a>></span> wrote:<br><blockquote cl=
ass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;p=
adding-left:1ex;">
<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple"><div><p class=3D"MsoNorm=
al"><span style=3D"color:#1F497D">Rob,<u></u><u></u></span></p><p class=3D"=
MsoNormal"><span style=3D"color:#1F497D"><u></u>=A0<u></u></span></p><p cla=
ss=3D"MsoNormal">
<span style=3D"color:#1F497D">We had originally thought along the same line=
s as well (and in fact we suspected that a variant of the Conficker worm mi=
ght be the cause). But this issue has happened on brand new installations o=
f Windows 7/2008, and even after a clean re-installation of Windows 7/2008 =
(all of our Windows XP machines that are connected to the domain, seem to b=
e immune to the issue). As soon as the Windows 7/2008 computers gets joined=
to the domain, the problem manifests itself. Running just about every anti=
-malware/spyware/virus cleanup process on the computers and/or servers has =
had no effect.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><u></u>=A0<u></u></spa=
n></p><p class=3D"MsoNormal"><span style=3D"color:#1F497D">~ Adeel<u></u><u=
></u></span></p><p class=3D"MsoNormal"><span style=3D"color:#1F497D"><u></u=
>=A0<u></u></span></p>
<div><div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt=
0in 0in 0in"><p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt">Fr=
om:</span></b><span style=3D"font-size:10.0pt"> Resnet Forum <a href=3D"mai=
lto:[mailto:RESNET-L@LISTSERV.ND.EDU]" target=3D"_blank">[mailto:RESNET-L@L=
ISTSERV.ND.EDU]</a> <b>On Behalf Of </b>Rob Whalen<br>
<b>Sent:</b> Wednesday, October 12, 2011 3:10 PM<br><b>To:</b> <a href=3D"m=
ailto:RESNET-L@LISTSERV.ND.EDU" target=3D"_blank">RESNET-L@LISTSERV.ND.EDU<=
/a><br><b>Subject:</b> Re: Windows 7/2008 not connecting to network...<u></=
u><u></u></span></p>
</div></div><p class=3D"MsoNormal"><u></u>=A0<u></u></p><font color=3D"#888=
888"><p class=3D"MsoNormal"><span style=3D"color:#1F497D">Adeel,<u></u><u><=
/u></span></p></font><div><div></div><div class=3D"h5"><p class=3D"MsoNorma=
l"><span style=3D"color:#1F497D">This does not sound like it was due to an =
update. In fact all facts point to a worm or virus. Windows update would no=
t turn off the firewall, but a virus can. Removing RDP access delays techs =
from troubleshooting the issue and perhaps indicates a takeover, so others =
with that account would be able to access the box. Modern worms can also us=
e the domain info to direct attacks or even the users email. This is where =
I would start hunting.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Rob<u></u><u></u></spa=
n></p><p class=3D"MsoNormal"><span style=3D"color:#1F497D"><u></u>=A0<u></u=
></span></p><div><div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;p=
adding:3.0pt 0in 0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt">From:</span></b>=
<span style=3D"font-size:10.0pt"> Resnet Forum <a href=3D"mailto:[mailto:RE=
SNET-L@LISTSERV.ND.EDU]" target=3D"_blank">[mailto:RESNET-L@LISTSERV.ND.EDU=
]</a> <b>On Behalf Of </b>Adeel Siddiqui<br>
<b>Sent:</b> Wednesday, October 12, 2011 12:50 PM<br><b>To:</b> <a href=3D"=
mailto:RESNET-L@LISTSERV.ND.EDU" target=3D"_blank">RESNET-L@LISTSERV.ND.EDU=
</a><br><b>Subject:</b> Windows 7/2008 not connecting to network...<u></u><=
u></u></span></p>
</div></div><p class=3D"MsoNormal"><u></u>=A0<u></u></p><p class=3D"MsoNorm=
al">We have a strange issue going on our campus that=92s causing our Window=
s 7 computers and Windows 2008 servers to completely lose network connectiv=
ity. <u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=A0<u></u></p><p class=3D"MsoNormal">This is =
only happening to computers that are connected to the domain. <u></u><u></u=
></p><p class=3D"MsoNormal"><u></u>=A0<u></u></p><p class=3D"MsoNormal">The=
issue seems to have started a few weeks ago after the last round of Window=
s Updates were installed on those computers. As a result, the Windows Firew=
all services and its dependency services all got turned off on those comput=
ers and can=92t be re-enabled either. Also, RDP access to those computers w=
on=92t work either. I suspected a group policy of some sort might be the ca=
use but we use little to no group policy administration on our campus at al=
l. Upon further investigation, we found that there seems to be some cause t=
o this due to some registry permissions that seemed to have changed after t=
he aforementioned Windows Updates were installed. I have a feeling that the=
problem lies with how the computers are authenticating to the domain, but =
can=92t confirm that prognosis.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=A0<u></u></p><p class=3D"MsoNormal">I=92ve t=
ried everything to fix this issue from changing group policy settings, to r=
emoving/re-adding the computers to the domain. Nothing seems to have worked=
permanently or at least completely. We have managed to do some on the spot=
<i>MacGyvering</i> to fix the issue (i.e. manually applying administrative=
permissions to certain keys in the registry on those computers as suggeste=
d by a few online articles) but they are temporary band-aids at best. <u></=
u><u></u></p>
<p class=3D"MsoNormal"><u></u>=A0<u></u></p><p class=3D"MsoNormal">Has anyo=
ne else run into this? Any permanent fixes/solutions that you can suggest?<=
u></u><u></u></p><p class=3D"MsoNormal"><u></u>=A0<u></u></p><p class=3D"Ms=
oNormal">
<span style=3D"font-size:10.0pt"><br></span>regards,<span style=3D"font-siz=
e:10.0pt"><br></span><i><span style=3D"font-size:12.0pt;color:black">Adeel =
Siddiqui</span></i><b><i><span style=3D"font-size:14.0pt;color:black"><br><=
/span></i></b><span style=3D"font-size:10.0pt"><br>
</span><i><span style=3D"font-size:8.0pt"><a href=3D"http://www.usao.edu/st=
aff/adeel-siddiqui" target=3D"_blank">Network Administrator</a><br></span><=
/i><span style=3D"font-size:8.0pt">Information, Research and Network Servic=
es<br>
<b><a href=3D"http://www.usao.edu/" target=3D"_blank">University=A0of Scien=
ce and Arts of Oklahoma</a></b><br>Chickasha, OK 73018</span><span style=3D=
"font-size:8.0pt"> <span style=3D"color:#1F497D"><br></span></span><span st=
yle=3D"font-size:8.0pt"><a href=3D"tel:%28405%29%20574-1319" value=3D"+1405=
5741319" target=3D"_blank">(405) 574-1319</a><br>
<u><span style=3D"color:black"><a href=3D"mailto:asiddiqui@usao.edu" target=
=3D"_blank">asiddiqui@usao.edu</a></span></u></span><span style=3D"font-siz=
e:10.0pt"> <u></u><u></u></span></p><p class=3D"MsoNormal"><u></u>=A0<u></u=
></p><p class=3D"MsoNormal">
<u></u>=A0<u></u></p><p class=3D"MsoNormal"><span style=3D"font-size:12.0pt=
;font-family:"Times New Roman","serif"">_______________=
____________________________________ You are subscribed to the ResNet-L mai=
ling list. <u></u><u></u></span></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV=
.ND.EDU/archives/resnet-l.html</a> ________________________________________=
___________ <u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti=
mes New Roman","serif"">____________________________________=
_______________ You are subscribed to the ResNet-L mailing list. <u></u><u>=
</u></span></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV=
.ND.EDU/archives/resnet-l.html</a> ________________________________________=
___________<u></u><u></u></p>
</div></div></div></div><div><div></div><div class=3D"h5">_________________=
__________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
</p></div></div></blockquote></div><br></div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--0015174be9a69289ee04af206a9a--
